From 7914a52485c29a3d64ac6f98fbd038272c55df91 Mon Sep 17 00:00:00 2001 From: Jeffrey Aven Date: Sat, 11 Jan 2025 08:47:22 +1100 Subject: [PATCH] updated aws --- providers/src/aws/v00.00.00000/provider.yaml | 108 +- .../v00.00.00000/services/accessanalyzer.yaml | 55 +- .../aws/v00.00.00000/services/amazonmq.yaml | 966 ++ .../aws/v00.00.00000/services/amplify.yaml | 19 + .../services/amplifyuibuilder.yaml | 12 +- .../aws/v00.00.00000/services/apigateway.yaml | 1772 +- .../v00.00.00000/services/apigatewayv2.yaml | 494 +- .../aws/v00.00.00000/services/appconfig.yaml | 1242 +- .../aws/v00.00.00000/services/appflow.yaml | 4 +- .../services/appintegrations.yaml | 11 + .../services/applicationautoscaling.yaml | 744 +- .../services/applicationinsights.yaml | 105 +- .../services/applicationsignals.yaml | 1290 ++ .../aws/v00.00.00000/services/appsync.yaml | 2338 ++- .../aws/v00.00.00000/services/apptest.yaml | 1362 ++ .../src/aws/v00.00.00000/services/aps.yaml | 6 +- .../v00.00.00000/services/arczonalshift.yaml | 251 +- .../v00.00.00000/services/auditmanager.yaml | 12 + .../v00.00.00000/services/autoscaling.yaml | 752 +- .../src/aws/v00.00.00000/services/b2bi.yaml | 549 +- .../src/aws/v00.00.00000/services/backup.yaml | 381 + .../src/aws/v00.00.00000/services/batch.yaml | 1289 +- .../aws/v00.00.00000/services/bedrock.yaml | 8018 +++++++-- .../aws/v00.00.00000/services/cassandra.yaml | 393 +- .../aws/v00.00.00000/services/chatbot.yaml | 522 +- .../aws/v00.00.00000/services/cleanrooms.yaml | 2937 +++- .../v00.00.00000/services/cleanroomsml.yaml | 3 + .../v00.00.00000/services/cloudformation.yaml | 1253 +- .../aws/v00.00.00000/services/cloudfront.yaml | 924 +- .../aws/v00.00.00000/services/cloudtrail.yaml | 1132 +- .../aws/v00.00.00000/services/cloudwatch.yaml | 271 +- .../v00.00.00000/services/codeartifact.yaml | 19 + .../aws/v00.00.00000/services/codebuild.yaml | 133 +- .../aws/v00.00.00000/services/codedeploy.yaml | 3 + .../services/codeguruprofiler.yaml | 15 + .../v00.00.00000/services/codepipeline.yaml | 952 + .../services/codestarconnections.yaml | 4 + .../aws/v00.00.00000/services/cognito.yaml | 1326 +- .../aws/v00.00.00000/services/comprehend.yaml | 3 + .../src/aws/v00.00.00000/services/config.yaml | 12 + .../aws/v00.00.00000/services/connect.yaml | 1865 +- .../services/connectcampaigns.yaml | 3 + .../services/connectcampaignsv2.yaml | 1431 ++ .../v00.00.00000/services/controltower.yaml | 120 +- .../services/customerprofiles.yaml | 1567 +- .../aws/v00.00.00000/services/databrew.yaml | 92 +- .../aws/v00.00.00000/services/datasync.yaml | 75 +- .../aws/v00.00.00000/services/datazone.yaml | 480 +- .../aws/v00.00.00000/services/deadline.yaml | 837 +- .../aws/v00.00.00000/services/devopsguru.yaml | 2 + .../src/aws/v00.00.00000/services/dms.yaml | 757 +- .../aws/v00.00.00000/services/dynamodb.yaml | 73 +- .../src/aws/v00.00.00000/services/ec2.yaml | 7041 ++++++-- .../src/aws/v00.00.00000/services/ecr.yaml | 26 +- .../src/aws/v00.00.00000/services/ecs.yaml | 3652 ++-- .../src/aws/v00.00.00000/services/efs.yaml | 53 +- .../src/aws/v00.00.00000/services/eks.yaml | 665 +- .../v00.00.00000/services/elasticache.yaml | 24 +- .../services/elasticbeanstalk.yaml | 15 +- .../services/elasticloadbalancingv2.yaml | 140 +- .../src/aws/v00.00.00000/services/emr.yaml | 35 +- .../v00.00.00000/services/emrcontainers.yaml | 10 + .../v00.00.00000/services/emrserverless.yaml | 131 +- .../services/entityresolution.yaml | 448 +- .../src/aws/v00.00.00000/services/events.yaml | 105 +- .../src/aws/v00.00.00000/services/fis.yaml | 71 +- .../src/aws/v00.00.00000/services/fms.yaml | 4 +- .../src/aws/v00.00.00000/services/fsx.yaml | 3 + .../aws/v00.00.00000/services/gamelift.yaml | 2410 ++- .../services/globalaccelerator.yaml | 4 +- .../src/aws/v00.00.00000/services/glue.yaml | 2700 ++- .../v00.00.00000/services/groundstation.yaml | 49 +- .../aws/v00.00.00000/services/guardduty.yaml | 485 +- .../aws/v00.00.00000/services/healthlake.yaml | 17 +- .../src/aws/v00.00.00000/services/iam.yaml | 14362 +++++++++++++--- .../v00.00.00000/services/imagebuilder.yaml | 320 +- .../v00.00.00000/services/inspectorv2.yaml | 13 +- .../services/internetmonitor.yaml | 5 + .../aws/v00.00.00000/services/invoicing.yaml | 904 + .../src/aws/v00.00.00000/services/iot.yaml | 689 +- .../services/iotcoredeviceadvisor.yaml | 14 +- .../aws/v00.00.00000/services/iotevents.yaml | 429 +- .../v00.00.00000/services/iotfleetwise.yaml | 863 +- .../v00.00.00000/services/iotsitewise.yaml | 276 +- .../v00.00.00000/services/iottwinmaker.yaml | 20 + .../v00.00.00000/services/iotwireless.yaml | 238 +- .../src/aws/v00.00.00000/services/ivs.yaml | 919 +- .../aws/v00.00.00000/services/ivschat.yaml | 4 + .../v00.00.00000/services/kafkaconnect.yaml | 13 + .../src/aws/v00.00.00000/services/kendra.yaml | 1 + .../aws/v00.00.00000/services/kinesis.yaml | 204 + .../services/kinesisanalyticsv2.yaml | 13 + .../services/kinesisfirehose.yaml | 378 +- .../src/aws/v00.00.00000/services/kms.yaml | 45 +- .../v00.00.00000/services/lakeformation.yaml | 3 +- .../src/aws/v00.00.00000/services/lambda.yaml | 1764 +- .../v00.00.00000/services/launchwizard.yaml | 1101 ++ .../src/aws/v00.00.00000/services/lex.yaml | 49 +- .../aws/v00.00.00000/services/lightsail.yaml | 76 +- .../aws/v00.00.00000/services/location.yaml | 56 +- .../src/aws/v00.00.00000/services/logs.yaml | 1331 +- .../src/aws/v00.00.00000/services/m2.yaml | 339 +- .../src/aws/v00.00.00000/services/macie.yaml | 10 + .../v00.00.00000/services/mediaconnect.yaml | 76 +- .../aws/v00.00.00000/services/medialive.yaml | 5352 +++++- .../v00.00.00000/services/mediapackage.yaml | 9 +- .../v00.00.00000/services/mediapackagev2.yaml | 162 +- .../aws/v00.00.00000/services/memorydb.yaml | 548 +- .../src/aws/v00.00.00000/services/msk.yaml | 35 +- .../src/aws/v00.00.00000/services/mwaa.yaml | 14 +- .../aws/v00.00.00000/services/neptune.yaml | 36 +- .../services/networkfirewall.yaml | 122 +- .../v00.00.00000/services/networkmanager.yaml | 723 +- .../v00.00.00000/services/nimblestudio.yaml | 2747 --- .../src/aws/v00.00.00000/services/oam.yaml | 18 + .../src/aws/v00.00.00000/services/omics.yaml | 30 + .../services/opensearchserverless.yaml | 55 + .../services/opensearchservice.yaml | 588 +- .../v00.00.00000/services/organizations.yaml | 44 +- .../src/aws/v00.00.00000/services/osis.yaml | 38 + .../aws/v00.00.00000/services/panorama.yaml | 87 +- .../services/paymentcryptography.yaml | 9 +- .../v00.00.00000/services/pcaconnectorad.yaml | 44 +- .../services/pcaconnectorscep.yaml | 1286 ++ .../src/aws/v00.00.00000/services/pcs.yaml | 2290 +++ .../aws/v00.00.00000/services/pinpoint.yaml | 12 +- .../src/aws/v00.00.00000/services/pipes.yaml | 81 +- .../src/aws/v00.00.00000/services/proton.yaml | 315 +- .../aws/v00.00.00000/services/qbusiness.yaml | 1420 +- .../aws/v00.00.00000/services/quicksight.yaml | 4507 +++-- .../src/aws/v00.00.00000/services/ram.yaml | 435 +- .../src/aws/v00.00.00000/services/rbin.yaml | 1090 ++ .../src/aws/v00.00.00000/services/rds.yaml | 6504 ++++--- .../aws/v00.00.00000/services/redshift.yaml | 441 +- .../services/redshiftserverless.yaml | 72 +- .../v00.00.00000/services/refactorspaces.yaml | 50 +- .../v00.00.00000/services/rekognition.yaml | 22 +- .../v00.00.00000/services/resiliencehub.yaml | 48 +- .../services/resourceexplorer2.yaml | 8 + .../v00.00.00000/services/resourcegroups.yaml | 352 + .../v00.00.00000/services/rolesanywhere.yaml | 44 +- .../aws/v00.00.00000/services/route53.yaml | 13 +- .../services/route53profiles.yaml | 18 +- .../services/route53recoverycontrol.yaml | 59 +- .../services/route53recoveryreadiness.yaml | 44 +- .../services/route53resolver.yaml | 353 +- .../src/aws/v00.00.00000/services/s3.yaml | 109 +- .../aws/v00.00.00000/services/s3express.yaml | 181 +- .../aws/v00.00.00000/services/s3outposts.yaml | 4 + .../aws/v00.00.00000/services/s3tables.yaml | 1073 ++ .../aws/v00.00.00000/services/sagemaker.yaml | 3722 +++- .../aws/v00.00.00000/services/scheduler.yaml | 20 +- .../v00.00.00000/services/secretsmanager.yaml | 898 +- .../v00.00.00000/services/securityhub.yaml | 345 +- .../v00.00.00000/services/securitylake.yaml | 11 +- .../src/aws/v00.00.00000/services/ses.yaml | 4634 ++++- .../src/aws/v00.00.00000/services/shield.yaml | 4 + .../src/aws/v00.00.00000/services/signer.yaml | 16 +- .../src/aws/v00.00.00000/services/sns.yaml | 87 +- .../src/aws/v00.00.00000/services/sqs.yaml | 46 +- .../src/aws/v00.00.00000/services/ssm.yaml | 2 + .../v00.00.00000/services/ssmquicksetup.yaml | 1111 ++ .../src/aws/v00.00.00000/services/sso.yaml | 1 + .../v00.00.00000/services/stepfunctions.yaml | 403 +- .../aws/v00.00.00000/services/synthetics.yaml | 74 +- .../services/systemsmanagersap.yaml | 43 +- .../aws/v00.00.00000/services/transfer.yaml | 4645 +++-- .../services/verifiedpermissions.yaml | 96 + .../aws/v00.00.00000/services/voiceid.yaml | 9 +- .../aws/v00.00.00000/services/vpclattice.yaml | 1759 +- .../src/aws/v00.00.00000/services/wafv2.yaml | 46 +- .../src/aws/v00.00.00000/services/wisdom.yaml | 5343 +++++- .../aws/v00.00.00000/services/workspaces.yaml | 458 +- .../services/workspacesthinclient.yaml | 40 +- .../v00.00.00000/services/workspacesweb.yaml | 846 +- .../src/aws/v00.00.00000/services/xray.yaml | 18 + 176 files changed, 111431 insertions(+), 26325 deletions(-) create mode 100644 providers/src/aws/v00.00.00000/services/amazonmq.yaml create mode 100644 providers/src/aws/v00.00.00000/services/applicationsignals.yaml create mode 100644 providers/src/aws/v00.00.00000/services/apptest.yaml create mode 100644 providers/src/aws/v00.00.00000/services/connectcampaignsv2.yaml create mode 100644 providers/src/aws/v00.00.00000/services/invoicing.yaml create mode 100644 providers/src/aws/v00.00.00000/services/launchwizard.yaml delete mode 100644 providers/src/aws/v00.00.00000/services/nimblestudio.yaml create mode 100644 providers/src/aws/v00.00.00000/services/pcaconnectorscep.yaml create mode 100644 providers/src/aws/v00.00.00000/services/pcs.yaml create mode 100644 providers/src/aws/v00.00.00000/services/rbin.yaml create mode 100644 providers/src/aws/v00.00.00000/services/s3tables.yaml create mode 100644 providers/src/aws/v00.00.00000/services/ssmquicksetup.yaml diff --git a/providers/src/aws/v00.00.00000/provider.yaml b/providers/src/aws/v00.00.00000/provider.yaml index 459c500e..7061fec5 100644 --- a/providers/src/aws/v00.00.00000/provider.yaml +++ b/providers/src/aws/v00.00.00000/provider.yaml @@ -20,6 +20,15 @@ providerServices: title: acmpca version: v00.00.00000 description: acmpca + amazonmq: + id: amazonmq:v00.00.00000 + name: amazonmq + preferred: true + service: + $ref: aws/v00.00.00000/services/amazonmq.yaml + title: amazonmq + version: v00.00.00000 + description: amazonmq amplify: id: amplify:v00.00.00000 name: amplify @@ -101,6 +110,15 @@ providerServices: title: applicationinsights version: v00.00.00000 description: applicationinsights + applicationsignals: + id: applicationsignals:v00.00.00000 + name: applicationsignals + preferred: true + service: + $ref: aws/v00.00.00000/services/applicationsignals.yaml + title: applicationsignals + version: v00.00.00000 + description: applicationsignals apprunner: id: apprunner:v00.00.00000 name: apprunner @@ -128,6 +146,15 @@ providerServices: title: appsync version: v00.00.00000 description: appsync + apptest: + id: apptest:v00.00.00000 + name: apptest + preferred: true + service: + $ref: aws/v00.00.00000/services/apptest.yaml + title: apptest + version: v00.00.00000 + description: apptest aps: id: aps:v00.00.00000 name: aps @@ -461,6 +488,15 @@ providerServices: title: connectcampaigns version: v00.00.00000 description: connectcampaigns + connectcampaignsv2: + id: connectcampaignsv2:v00.00.00000 + name: connectcampaignsv2 + preferred: true + service: + $ref: aws/v00.00.00000/services/connectcampaignsv2.yaml + title: connectcampaignsv2 + version: v00.00.00000 + description: connectcampaignsv2 controltower: id: controltower:v00.00.00000 name: controltower @@ -911,6 +947,15 @@ providerServices: title: internetmonitor version: v00.00.00000 description: internetmonitor + invoicing: + id: invoicing:v00.00.00000 + name: invoicing + preferred: true + service: + $ref: aws/v00.00.00000/services/invoicing.yaml + title: invoicing + version: v00.00.00000 + description: invoicing iot: id: iot:v00.00.00000 name: iot @@ -1100,6 +1145,15 @@ providerServices: title: lambda version: v00.00.00000 description: lambda + launchwizard: + id: launchwizard:v00.00.00000 + name: launchwizard + preferred: true + service: + $ref: aws/v00.00.00000/services/launchwizard.yaml + title: launchwizard + version: v00.00.00000 + description: launchwizard lex: id: lex:v00.00.00000 name: lex @@ -1307,15 +1361,6 @@ providerServices: title: networkmanager version: v00.00.00000 description: networkmanager - nimblestudio: - id: nimblestudio:v00.00.00000 - name: nimblestudio - preferred: true - service: - $ref: aws/v00.00.00000/services/nimblestudio.yaml - title: nimblestudio - version: v00.00.00000 - description: nimblestudio oam: id: oam:v00.00.00000 name: oam @@ -1406,6 +1451,24 @@ providerServices: title: pcaconnectorad version: v00.00.00000 description: pcaconnectorad + pcaconnectorscep: + id: pcaconnectorscep:v00.00.00000 + name: pcaconnectorscep + preferred: true + service: + $ref: aws/v00.00.00000/services/pcaconnectorscep.yaml + title: pcaconnectorscep + version: v00.00.00000 + description: pcaconnectorscep + pcs: + id: pcs:v00.00.00000 + name: pcs + preferred: true + service: + $ref: aws/v00.00.00000/services/pcs.yaml + title: pcs + version: v00.00.00000 + description: pcs personalize: id: personalize:v00.00.00000 name: personalize @@ -1478,6 +1541,15 @@ providerServices: title: ram version: v00.00.00000 description: ram + rbin: + id: rbin:v00.00.00000 + name: rbin + preferred: true + service: + $ref: aws/v00.00.00000/services/rbin.yaml + title: rbin + version: v00.00.00000 + description: rbin rds: id: rds:v00.00.00000 name: rds @@ -1658,6 +1730,15 @@ providerServices: title: s3outposts version: v00.00.00000 description: s3outposts + s3tables: + id: s3tables:v00.00.00000 + name: s3tables + preferred: true + service: + $ref: aws/v00.00.00000/services/s3tables.yaml + title: s3tables + version: v00.00.00000 + description: s3tables sagemaker: id: sagemaker:v00.00.00000 name: sagemaker @@ -1802,6 +1883,15 @@ providerServices: title: ssmincidents version: v00.00.00000 description: ssmincidents + ssmquicksetup: + id: ssmquicksetup:v00.00.00000 + name: ssmquicksetup + preferred: true + service: + $ref: aws/v00.00.00000/services/ssmquicksetup.yaml + title: ssmquicksetup + version: v00.00.00000 + description: ssmquicksetup sso: id: sso:v00.00.00000 name: sso diff --git a/providers/src/aws/v00.00.00000/services/accessanalyzer.yaml b/providers/src/aws/v00.00.00000/services/accessanalyzer.yaml index afd34209..2034ba14 100644 --- a/providers/src/aws/v00.00.00000/services/accessanalyzer.yaml +++ b/providers/src/aws/v00.00.00000/services/accessanalyzer.yaml @@ -438,22 +438,61 @@ components: maxLength: 127 Value: type: string - description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' - minLength: 1 + description: 'The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 maxLength: 255 required: - Key - - Value + additionalProperties: false + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + AnalysisRuleCriteria: + description: The criteria for an analysis rule for an analyzer. + type: object + properties: + AccountIds: + description: A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers. + type: array + x-insertionOrder: false + items: + type: string + ResourceTags: + description: |- + An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. + + For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:. + + For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tags' additionalProperties: false UnusedAccessConfiguration: description: The Configuration for Unused Access Analyzer type: object properties: UnusedAccessAge: - description: The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days. + description: The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days. type: integer minimum: 1 - maximum: 180 + maximum: 365 + AnalysisRule: + description: Contains information about rules for the analyzer. + type: object + properties: + Exclusions: + description: A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AnalysisRuleCriteria' + additionalProperties: false additionalProperties: false Analyzer: type: object @@ -503,6 +542,7 @@ components: x-create-only-properties: - AnalyzerName - Type + x-conditional-create-only-properties: - AnalyzerConfiguration x-read-only-properties: - Arn @@ -514,6 +554,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - access-analyzer:UntagResource + - access-analyzer:TagResource + - access-analyzer:ListTagsForResource x-required-permissions: create: - access-analyzer:CreateAnalyzer @@ -531,6 +575,7 @@ components: - access-analyzer:ListAnalyzers - access-analyzer:TagResource - access-analyzer:UntagResource + - access-analyzer:UpdateAnalyzer - access-analyzer:UpdateArchiveRule delete: - access-analyzer:DeleteAnalyzer diff --git a/providers/src/aws/v00.00.00000/services/amazonmq.yaml b/providers/src/aws/v00.00.00000/services/amazonmq.yaml new file mode 100644 index 00000000..07e729d9 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/amazonmq.yaml @@ -0,0 +1,966 @@ +openapi: 3.0.0 +info: + title: AmazonMQ + version: 2.0.0 + x-serviceName: cloudcontrolapi +servers: + - url: https://cloudcontrolapi.{region}.amazonaws.com + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The CloudControlApi multi-region endpoint + - url: https://cloudcontrolapi.{region}.amazonaws.com.cn + variables: + region: + description: The AWS region + enum: + - cn-north-1 + - cn-northwest-1 + default: cn-north-1 + description: The CloudControlApi endpoint for China (Beijing) and China (Ningxia) +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + x-cloud-control-schemas: + AlreadyExistsException: {} + CancelResourceRequestInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: CancelResourceRequestInput + type: object + CancelResourceRequestOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + ClientToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + ClientTokenConflictException: {} + ConcurrentModificationException: {} + ConcurrentOperationException: {} + CreateResourceInput: + properties: + ClientToken: + type: string + DesiredState: + allOf: + - $ref: '#/components/x-cloud-control-schemas/Properties' + - description: >- +

Structured data format representing the desired state of the resource, consisting of that resource's properties and their desired values.

Cloud Control API currently supports JSON as a structured data format.

 
 <p>Specify the desired state as one of the following:</p> <ul> <li> <p>A JSON blob</p> </li> <li> <p>A local path containing the desired state in JSON data format</p>
+                </li> </ul> <p>For more information, see <a href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-create.html#resource-operations-create-desiredstate">Composing the desired state of the resource</a> in the <i>Amazon Web Services Cloud Control API User Guide</i>.</p> <p>For more information about the properties of a specific resource, refer to the related topic for the resource in the
+                <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Resource and property types reference</a> in the <i>CloudFormation Users Guide</i>.</p>
+ RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - DesiredState + title: CreateResourceInput + type: object + CreateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + DeleteResourceInput: + properties: + ClientToken: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - Identifier + title: DeleteResourceInput + type: object + DeleteResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + GeneralServiceException: {} + GetResourceInput: + properties: + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + required: + - TypeName + - Identifier + title: GetResourceInput + type: object + GetResourceOutput: + properties: + ResourceDescription: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + TypeName: + type: string + type: object + GetResourceRequestStatusInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: GetResourceRequestStatusInput + type: object + GetResourceRequestStatusOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + HandlerErrorCode: + enum: + - NotUpdatable + - InvalidRequest + - AccessDenied + - InvalidCredentials + - AlreadyExists + - NotFound + - ResourceConflict + - Throttling + - ServiceLimitExceeded + - NotStabilized + - GeneralServiceException + - ServiceInternalError + - ServiceTimeout + - NetworkFailure + - InternalFailure + type: string + HandlerFailureException: {} + HandlerInternalFailureException: {} + HandlerNextToken: + maxLength: 2048 + minLength: 1 + pattern: .+ + type: string + Identifier: + maxLength: 1024 + minLength: 1 + pattern: .+ + type: string + InvalidCredentialsException: {} + InvalidRequestException: {} + MaxResults: + maximum: 100 + minimum: 1 + type: integer + NetworkFailureException: {} + NextToken: + maxLength: 2048 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + NotStabilizedException: {} + NotUpdatableException: {} + Operation: + enum: + - CREATE + - DELETE + - UPDATE + type: string + OperationStatus: + enum: + - PENDING + - IN_PROGRESS + - SUCCESS + - FAILED + - CANCEL_IN_PROGRESS + - CANCEL_COMPLETE + type: string + OperationStatuses: + items: + $ref: '#/components/x-cloud-control-schemas/OperationStatus' + type: array + Operations: + items: + $ref: '#/components/x-cloud-control-schemas/Operation' + type: array + PatchDocument: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + PrivateTypeException: {} + ProgressEvent: + example: + ErrorCode: string + EventTime: number + Identifier: string + Operation: string + OperationStatus: string + RequestToken: string + ResourceModel: string + RetryAfter: number + StatusMessage: string + TypeName: string + properties: + ErrorCode: + type: string + EventTime: + type: number + Identifier: + type: string + Operation: + type: string + OperationStatus: + type: string + RequestToken: + type: string + ResourceModel: + type: string + RetryAfter: + type: number + StatusMessage: + type: string + TypeName: + type: string + type: object + Properties: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + RequestToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + RequestTokenNotFoundException: {} + ResourceConflictException: {} + ResourceDescription: + description: Represents information about a provisioned resource. + properties: + Identifier: + type: string + Properties: + type: string + type: object + ResourceDescriptions: + items: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + type: array + ResourceNotFoundException: {} + ResourceRequestStatusFilter: + description: The filter criteria to use in determining the requests returned. + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/OperationStatuses' + - description: >- +

The operation statuses to include in the filter.

+ type: object + ResourceRequestStatusSummaries: + items: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: array + RoleArn: + maxLength: 2048 + minLength: 20 + pattern: arn:.+:iam::[0-9]{12}:role/.+ + type: string + ServiceInternalErrorException: {} + ServiceLimitExceededException: {} + StatusMessage: + maxLength: 1024 + minLength: 0 + pattern: '[\s\S]*' + type: string + ThrottlingException: {} + Timestamp: + format: date-time + type: string + TypeName: + maxLength: 196 + minLength: 10 + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}' + type: string + TypeNotFoundException: {} + TypeVersionId: + maxLength: 128 + minLength: 1 + pattern: '[A-Za-z0-9-]+' + type: string + UnsupportedActionException: {} + UpdateResourceInput: + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/PatchDocument' + required: + - Identifier + - PatchDocument + title: UpdateResourceInput + type: object + UpdateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + schemas: + TagsEntry: + type: object + additionalProperties: false + properties: + Value: + type: string + Key: + type: string + required: + - Value + - Key + Configuration: + type: object + properties: + Arn: + type: string + description: The Amazon Resource Name (ARN) of the Amazon MQ configuration. + AuthenticationStrategy: + type: string + description: The authentication strategy associated with the configuration. The default is SIMPLE. + EngineType: + type: string + description: 'The type of broker engine. Note: Currently, Amazon MQ only supports ACTIVEMQ for creating and editing broker configurations.' + EngineVersion: + type: string + description: The version of the broker engine. + Data: + type: string + description: The base64-encoded XML configuration. + Description: + type: string + description: The description of the configuration. + Id: + type: string + description: The ID of the Amazon MQ configuration. + Name: + type: string + description: The name of the configuration. + Revision: + type: string + description: The revision number of the configuration. + Tags: + type: array + description: Create tags when creating the configuration. + x-insertionOrder: false + items: + $ref: '#/components/schemas/TagsEntry' + required: + - EngineType + - Name + x-stackql-resource-name: configuration + description: Resource Type definition for AWS::AmazonMQ::Configuration + x-type-name: AWS::AmazonMQ::Configuration + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - AuthenticationStrategy + - EngineType + - EngineVersion + - Name + x-write-only-properties: + - Data + x-read-only-properties: + - Arn + - Id + - Revision + x-required-properties: + - EngineType + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - mq:ListTags + - mq:CreateTags + - mq:DeleteTags + x-required-permissions: + create: + - mq:CreateConfiguration + - mq:CreateTags + - mq:UpdateConfiguration + read: + - mq:DescribeConfiguration + - mq:ListTags + update: + - mq:UpdateConfiguration + - mq:CreateTags + - mq:DeleteTags + delete: + - mq:DescribeConfiguration + list: + - mq:ListConfigurations + CreateConfigurationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + description: The Amazon Resource Name (ARN) of the Amazon MQ configuration. + AuthenticationStrategy: + type: string + description: The authentication strategy associated with the configuration. The default is SIMPLE. + EngineType: + type: string + description: 'The type of broker engine. Note: Currently, Amazon MQ only supports ACTIVEMQ for creating and editing broker configurations.' + EngineVersion: + type: string + description: The version of the broker engine. + Data: + type: string + description: The base64-encoded XML configuration. + Description: + type: string + description: The description of the configuration. + Id: + type: string + description: The ID of the Amazon MQ configuration. + Name: + type: string + description: The name of the configuration. + Revision: + type: string + description: The revision number of the configuration. + Tags: + type: array + description: Create tags when creating the configuration. + x-insertionOrder: false + items: + $ref: '#/components/schemas/TagsEntry' + x-stackQL-stringOnly: true + x-title: CreateConfigurationRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + configurations: + name: configurations + id: aws.amazonmq.configurations + x-cfn-schema-name: Configuration + x-cfn-type-name: AWS::AmazonMQ::Configuration + x-identifiers: + - Id + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Configuration&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AmazonMQ::Configuration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AmazonMQ::Configuration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AmazonMQ::Configuration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/configurations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/configurations/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/configurations/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AuthenticationStrategy') as authentication_strategy, + JSON_EXTRACT(Properties, '$.EngineType') as engine_type, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.Data') as data, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Revision') as revision, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AmazonMQ::Configuration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.AuthenticationStrategy') as authentication_strategy, + JSON_EXTRACT(detail.Properties, '$.EngineType') as engine_type, + JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(detail.Properties, '$.Data') as data, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Revision') as revision, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AmazonMQ::Configuration' + AND detail.data__TypeName = 'AWS::AmazonMQ::Configuration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AuthenticationStrategy') as authentication_strategy, + json_extract_path_text(Properties, 'EngineType') as engine_type, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'Data') as data, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Revision') as revision, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AmazonMQ::Configuration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'AuthenticationStrategy') as authentication_strategy, + json_extract_path_text(detail.Properties, 'EngineType') as engine_type, + json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, + json_extract_path_text(detail.Properties, 'Data') as data, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Revision') as revision, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AmazonMQ::Configuration' + AND detail.data__TypeName = 'AWS::AmazonMQ::Configuration' + AND listing.region = 'us-east-1' + configurations_list_only: + name: configurations_list_only + id: aws.amazonmq.configurations_list_only + x-cfn-schema-name: Configuration + x-cfn-type-name: AWS::AmazonMQ::Configuration + x-identifiers: + - Id + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AmazonMQ::Configuration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AmazonMQ::Configuration' + AND region = 'us-east-1' + configuration_tags: + name: configuration_tags + id: aws.amazonmq.configuration_tags + x-cfn-schema-name: Configuration + x-cfn-type-name: AWS::AmazonMQ::Configuration + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.AuthenticationStrategy') as authentication_strategy, + JSON_EXTRACT(detail.Properties, '$.EngineType') as engine_type, + JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(detail.Properties, '$.Data') as data, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Revision') as revision + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::AmazonMQ::Configuration' + AND detail.data__TypeName = 'AWS::AmazonMQ::Configuration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'AuthenticationStrategy') as authentication_strategy, + json_extract_path_text(detail.Properties, 'EngineType') as engine_type, + json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, + json_extract_path_text(detail.Properties, 'Data') as data, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Revision') as revision + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::AmazonMQ::Configuration' + AND detail.data__TypeName = 'AWS::AmazonMQ::Configuration' + AND listing.region = 'us-east-1' +paths: + /?Action=CreateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Configuration&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateConfiguration + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateConfigurationRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success +x-stackQL-config: + requestTranslate: + algorithm: drop_double_underscore_params + pagination: + requestToken: + key: NextToken + location: body + responseToken: + key: NextToken + location: body diff --git a/providers/src/aws/v00.00.00000/services/amplify.yaml b/providers/src/aws/v00.00.00000/services/amplify.yaml index 24194628..d7ec3e78 100644 --- a/providers/src/aws/v00.00.00000/services/amplify.yaml +++ b/providers/src/aws/v00.00.00000/services/amplify.yaml @@ -448,6 +448,15 @@ components: required: - Username - Password + CacheConfig: + type: object + additionalProperties: false + properties: + Type: + type: string + enum: + - AMPLIFY_MANAGED + - AMPLIFY_MANAGED_NO_COOKIES CustomRule: type: object additionalProperties: false @@ -538,6 +547,8 @@ components: minLength: 1 maxLength: 25000 pattern: (?s).+ + CacheConfig: + $ref: '#/components/schemas/CacheConfig' CustomHeaders: type: string minLength: 0 @@ -979,6 +990,8 @@ components: minLength: 1 maxLength: 25000 pattern: (?s).+ + CacheConfig: + $ref: '#/components/schemas/CacheConfig' CustomHeaders: type: string minLength: 0 @@ -1254,6 +1267,7 @@ components: JSON_EXTRACT(Properties, '$.AutoBranchCreationConfig') as auto_branch_creation_config, JSON_EXTRACT(Properties, '$.BasicAuthConfig') as basic_auth_config, JSON_EXTRACT(Properties, '$.BuildSpec') as build_spec, + JSON_EXTRACT(Properties, '$.CacheConfig') as cache_config, JSON_EXTRACT(Properties, '$.CustomHeaders') as custom_headers, JSON_EXTRACT(Properties, '$.CustomRules') as custom_rules, JSON_EXTRACT(Properties, '$.DefaultDomain') as default_domain, @@ -1281,6 +1295,7 @@ components: JSON_EXTRACT(detail.Properties, '$.AutoBranchCreationConfig') as auto_branch_creation_config, JSON_EXTRACT(detail.Properties, '$.BasicAuthConfig') as basic_auth_config, JSON_EXTRACT(detail.Properties, '$.BuildSpec') as build_spec, + JSON_EXTRACT(detail.Properties, '$.CacheConfig') as cache_config, JSON_EXTRACT(detail.Properties, '$.CustomHeaders') as custom_headers, JSON_EXTRACT(detail.Properties, '$.CustomRules') as custom_rules, JSON_EXTRACT(detail.Properties, '$.DefaultDomain') as default_domain, @@ -1313,6 +1328,7 @@ components: json_extract_path_text(Properties, 'AutoBranchCreationConfig') as auto_branch_creation_config, json_extract_path_text(Properties, 'BasicAuthConfig') as basic_auth_config, json_extract_path_text(Properties, 'BuildSpec') as build_spec, + json_extract_path_text(Properties, 'CacheConfig') as cache_config, json_extract_path_text(Properties, 'CustomHeaders') as custom_headers, json_extract_path_text(Properties, 'CustomRules') as custom_rules, json_extract_path_text(Properties, 'DefaultDomain') as default_domain, @@ -1340,6 +1356,7 @@ components: json_extract_path_text(detail.Properties, 'AutoBranchCreationConfig') as auto_branch_creation_config, json_extract_path_text(detail.Properties, 'BasicAuthConfig') as basic_auth_config, json_extract_path_text(detail.Properties, 'BuildSpec') as build_spec, + json_extract_path_text(detail.Properties, 'CacheConfig') as cache_config, json_extract_path_text(detail.Properties, 'CustomHeaders') as custom_headers, json_extract_path_text(detail.Properties, 'CustomRules') as custom_rules, json_extract_path_text(detail.Properties, 'DefaultDomain') as default_domain, @@ -1417,6 +1434,7 @@ components: JSON_EXTRACT(detail.Properties, '$.AutoBranchCreationConfig') as auto_branch_creation_config, JSON_EXTRACT(detail.Properties, '$.BasicAuthConfig') as basic_auth_config, JSON_EXTRACT(detail.Properties, '$.BuildSpec') as build_spec, + JSON_EXTRACT(detail.Properties, '$.CacheConfig') as cache_config, JSON_EXTRACT(detail.Properties, '$.CustomHeaders') as custom_headers, JSON_EXTRACT(detail.Properties, '$.CustomRules') as custom_rules, JSON_EXTRACT(detail.Properties, '$.DefaultDomain') as default_domain, @@ -1450,6 +1468,7 @@ components: json_extract_path_text(detail.Properties, 'AutoBranchCreationConfig') as auto_branch_creation_config, json_extract_path_text(detail.Properties, 'BasicAuthConfig') as basic_auth_config, json_extract_path_text(detail.Properties, 'BuildSpec') as build_spec, + json_extract_path_text(detail.Properties, 'CacheConfig') as cache_config, json_extract_path_text(detail.Properties, 'CustomHeaders') as custom_headers, json_extract_path_text(detail.Properties, 'CustomRules') as custom_rules, json_extract_path_text(detail.Properties, 'DefaultDomain') as default_domain, diff --git a/providers/src/aws/v00.00.00000/services/amplifyuibuilder.yaml b/providers/src/aws/v00.00.00000/services/amplifyuibuilder.yaml index 8c2b53b4..2dfa6860 100644 --- a/providers/src/aws/v00.00.00000/services/amplifyuibuilder.yaml +++ b/providers/src/aws/v00.00.00000/services/amplifyuibuilder.yaml @@ -746,6 +746,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - amplifyuibuilder:TagResource + - amplifyuibuilder:UntagResource x-required-permissions: create: - amplify:GetApp @@ -1124,17 +1127,18 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - amplifyuibuilder:TagResource + - amplifyuibuilder:UntagResource x-required-permissions: create: - amplify:GetApp - amplifyuibuilder:CreateForm - amplifyuibuilder:GetForm - amplifyuibuilder:TagResource - - amplifyuibuilder:UntagResource read: - amplify:GetApp - amplifyuibuilder:GetForm - - amplifyuibuilder:TagResource update: - amplify:GetApp - amplifyuibuilder:GetForm @@ -1144,7 +1148,6 @@ components: delete: - amplify:GetApp - amplifyuibuilder:DeleteForm - - amplifyuibuilder:TagResource - amplifyuibuilder:UntagResource list: - amplify:GetApp @@ -1216,6 +1219,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - amplifyuibuilder:TagResource + - amplifyuibuilder:UntagResource x-required-permissions: create: - amplify:GetApp diff --git a/providers/src/aws/v00.00.00000/services/apigateway.yaml b/providers/src/aws/v00.00.00000/services/apigateway.yaml index 9180aac3..7043bede 100644 --- a/providers/src/aws/v00.00.00000/services/apigateway.yaml +++ b/providers/src/aws/v00.00.00000/services/apigateway.yaml @@ -392,7 +392,7 @@ components: description: '' type: string CloudWatchRoleArn: - description: The ARN of an Amazon CloudWatch role for the current Account. + description: '' type: string x-stackql-resource-name: account description: The ``AWS::ApiGateway::Account`` resource specifies the IAM role that Amazon API Gateway uses to write API logs to Amazon CloudWatch Logs. To avoid overwriting other roles, you should only have one ``AWS::ApiGateway::Account`` resource per region per account. @@ -421,10 +421,10 @@ components: additionalProperties: false properties: RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string StageName: - description: The stage name associated with the stage key. + description: '' type: string description: '``StageKey`` is a property of the [AWS::ApiGateway::ApiKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-apikey.html) resource that specifies the stage to associate with the API key. This association allows only clients with the key to make requests to methods in that stage.' Tag: @@ -446,17 +446,17 @@ components: description: '' type: string CustomerId: - description: An MKT customer identifier, when integrating with the AWS SaaS Marketplace. + description: '' type: string Description: - description: The description of the ApiKey. + description: '' type: string Enabled: - description: Specifies whether the ApiKey can be used by callers. + description: '' default: false type: boolean GenerateDistinctId: - description: Specifies whether (``true``) or not (``false``) the key identifier is distinct from the created API key value. This parameter is deprecated and should not be used. + description: '' type: boolean Name: description: |- @@ -464,19 +464,19 @@ components: If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. type: string StageKeys: - description: DEPRECATED FOR USAGE PLANS - Specifies stages associated with the API key. + description: '' type: array uniqueItems: true items: $ref: '#/components/schemas/StageKey' Tags: - description: The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with ``aws:``. The tag value can be up to 256 characters. + description: '' type: array uniqueItems: false items: $ref: '#/components/schemas/Tag' Value: - description: Specifies a value of the API key. + description: '' type: string x-stackql-resource-name: api_key description: The ``AWS::ApiGateway::ApiKey`` resource creates a unique key that you can distribute to clients who are executing API Gateway ``Method`` resources that require an API key. To specify which API key clients must use, map the API key with the ``RestApi`` and ``Stage`` resources that include the methods that require a key. @@ -522,48 +522,41 @@ components: type: object properties: RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string AuthorizerId: type: string description: '' AuthType: - description: Optional customer-defined field, used in OpenAPI imports and exports without functional impact. + description: '' type: string AuthorizerCredentials: - description: Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null. + description: '' type: string AuthorizerResultTtlInSeconds: - description: The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour. + description: '' type: integer AuthorizerUri: - description: >- - Specifies the authorizer's Uniform Resource Identifier (URI). For ``TOKEN`` or ``REQUEST`` authorizers, this must be a well-formed Lambda function URI, for example, ``arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations``. In general, the URI has this form ``arn:aws:apigateway:{region}:lambda:path/{service_api}``, where ``{region}`` is the same as the region hosting the Lambda function, - ``path`` indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial ``/``. For Lambda functions, this is usually of the form ``/2015-03-31/functions/[FunctionARN]/invocations``. + description: '' type: string IdentitySource: - description: >- - The identity source for which authorization is requested. For a ``TOKEN`` or ``COGNITO_USER_POOLS`` authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is ``Auth``, the header mapping expression is ``method.request.header.Auth``. For the ``REQUEST`` authorizer, this is required when authorization caching is enabled. The value is a - comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an ``Auth`` header, a ``Name`` query string parameter are defined as identity sources, this value is ``method.request.header.Auth, method.request.querystring.Name``. These parameters will be used to derive the authorization caching key and to perform runtime validation of the ``REQUEST`` authorizer by verifying all of the identity-related request parameters are present, not - null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional. + description: '' type: string IdentityValidationExpression: - description: >- - A validation expression for the incoming identity token. For ``TOKEN`` authorizers, this value is a regular expression. For ``COGNITO_USER_POOLS`` authorizers, API Gateway will match the ``aud`` field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to - the ``REQUEST`` authorizer. + description: '' type: string Name: - description: The name of the authorizer. + description: '' type: string ProviderARNs: - description: 'A list of the Amazon Cognito user pool ARNs for the ``COGNITO_USER_POOLS`` authorizer. Each element is of this format: ``arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}``. For a ``TOKEN`` or ``REQUEST`` authorizer, this is not defined.' + description: '' type: array uniqueItems: true items: type: string x-insertionOrder: false Type: - description: The authorizer type. Valid values are ``TOKEN`` for a Lambda function using a single authorization token submitted in a custom header, ``REQUEST`` for a Lambda function using incoming request parameters, and ``COGNITO_USER_POOLS`` for using an Amazon Cognito user pool. + description: '' type: string required: - RestApiId @@ -607,16 +600,16 @@ components: properties: BasePath: type: string - description: The base path name that callers of the API must provide as part of the URL after the domain name. + description: '' DomainName: type: string - description: The domain name of the BasePathMapping resource to be described. + description: '' RestApiId: type: string - description: The string identifier of the associated RestApi. + description: '' Stage: type: string - description: The name of the associated stage. + description: '' required: - DomainName x-stackql-resource-name: base_path_mapping @@ -649,6 +642,59 @@ components: - apigateway:DELETE list: - apigateway:GET + BasePathMappingV2: + type: object + properties: + BasePath: + type: string + description: The base path name that callers of the API must provide in the URL after the domain name. + DomainNameArn: + type: string + description: The Arn of an AWS::ApiGateway::DomainNameV2 resource. + RestApiId: + type: string + description: The ID of the API. + Stage: + type: string + description: The name of the API's stage. + BasePathMappingArn: + type: string + description: Amazon Resource Name (ARN) of the resource. + required: + - DomainNameArn + - RestApiId + x-stackql-resource-name: base_path_mapping_v2 + description: Resource Type definition for AWS::ApiGateway::BasePathMappingV2 + x-type-name: AWS::ApiGateway::BasePathMappingV2 + x-stackql-primary-identifier: + - BasePathMappingArn + x-create-only-properties: + - DomainNameArn + - BasePath + x-read-only-properties: + - BasePathMappingArn + x-required-properties: + - DomainNameArn + - RestApiId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - apigateway:POST + - apigateway:GET + read: + - apigateway:GET + update: + - apigateway:GET + - apigateway:DELETE + - apigateway:PATCH + delete: + - apigateway:DELETE + list: + - apigateway:GET ClientCertificate: type: object properties: @@ -656,10 +702,10 @@ components: description: '' type: string Description: - description: The description of the client certificate. + description: '' type: string Tags: - description: The collection of tags. Each tag element is associated with a given resource. + description: '' type: array uniqueItems: false items: @@ -705,25 +751,25 @@ components: additionalProperties: false properties: CacheDataEncrypted: - description: Specifies whether the cached responses are encrypted. + description: '' type: boolean CacheTtlInSeconds: - description: Specifies the time to live (TTL), in seconds, for cached responses. The higher the TTL, the longer the response will be cached. + description: '' type: integer CachingEnabled: - description: Specifies whether responses should be cached and returned for requests. A cache cluster must be enabled on the stage for responses to be cached. + description: '' type: boolean DataTraceEnabled: - description: Specifies whether data trace logging is enabled for this method, which affects the log entries pushed to Amazon CloudWatch Logs. This can be useful to troubleshoot APIs, but can result in logging sensitive data. We recommend that you don't enable this option for production APIs. + description: '' type: boolean HttpMethod: description: The HTTP method. To apply settings to multiple resources and methods, specify an asterisk (``*``) for the ``HttpMethod`` and ``/*`` for the ``ResourcePath``. This parameter is required when you specify a ``MethodSetting``. type: string LoggingLevel: - description: Specifies the logging level for this method, which affects the log entries pushed to Amazon CloudWatch Logs. Valid values are ``OFF``, ``ERROR``, and ``INFO``. Choose ``ERROR`` to write only error-level entries to CloudWatch Logs, or choose ``INFO`` to include all ``ERROR`` events as well as extra informational events. + description: '' type: string MetricsEnabled: - description: Specifies whether Amazon CloudWatch metrics are enabled for this method. + description: '' type: boolean ResourcePath: description: >- @@ -731,11 +777,11 @@ components: ``MethodSetting``. type: string ThrottlingBurstLimit: - description: Specifies the throttling burst limit. + description: '' type: integer minimum: 0 ThrottlingRateLimit: - description: Specifies the throttling rate limit. + description: '' type: number minimum: 0 StageDescription: @@ -812,30 +858,30 @@ components: items: $ref: '#/components/schemas/Tag' CacheClusterEnabled: - description: Specifies whether a cache cluster is enabled for the stage. + description: '' type: boolean CanarySetting: - description: Configuration settings of a canary deployment. + description: '' type: object additionalProperties: false properties: DeploymentId: - description: The ID of the canary deployment. + description: '' type: string PercentTraffic: - description: The percent (0-100) of traffic diverted to a canary deployment. + description: '' type: number minimum: 0 maximum: 100 StageVariableOverrides: - description: Stage variables overridden for a canary release deployment, including new stage variables introduced in the canary. These stage variables are represented as a string-to-string map between stage variable names and their values. + description: '' type: object additionalProperties: false x-patternProperties: '[a-zA-Z0-9]+': type: string UseStageCache: - description: A Boolean flag to indicate whether the canary deployment uses the stage cache or not. + description: '' type: boolean DeploymentCanarySettings: description: The ``DeploymentCanarySettings`` property type specifies settings for the canary deployment. @@ -846,14 +892,14 @@ components: x-patternProperties: '[a-zA-Z0-9]+': type: string - description: A stage variable overrides used for the canary release deployment. They can override existing stage variables or add new stage variables for the canary release deployment. These stage variables are represented as a string-to-string map between stage variable names and their values. + description: '' additionalProperties: false type: object PercentTraffic: - description: The percentage (0.0-100.0) of traffic routed to the canary deployment. + description: '' type: number UseStageCache: - description: A Boolean flag to indicate whether the canary release deployment uses the stage cache or not. + description: '' type: boolean AccessLogSetting: description: |- @@ -875,19 +921,19 @@ components: description: '' type: string Description: - description: The description for the Deployment resource to create. + description: '' type: string StageDescription: description: The description of the Stage resource for the Deployment resource to create. To specify a stage description, you must also provide a stage name. $ref: '#/components/schemas/StageDescription' StageName: - description: The name of the Stage resource for the Deployment resource to create. + description: '' type: string RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string DeploymentCanarySettings: - description: The input configuration for a canary deployment. + description: '' $ref: '#/components/schemas/DeploymentCanarySettings' required: - RestApiId @@ -933,23 +979,19 @@ components: additionalProperties: false properties: Method: - description: >- - The HTTP verb of a method. It is a valid field for the API entity types of ``METHOD``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY``, ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. The default value is ``*`` for any method. When an applicable child entity inherits the content of an entity of the same type with more general specifications of the other ``location`` attributes, the child entity's ``method`` attribute must match that of the - parent entity exactly. + description: '' type: string Name: - description: The name of the targeted API entity. It is a valid and required field for the API entity types of ``AUTHORIZER``, ``MODEL``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY`` and ``RESPONSE_HEADER``. It is an invalid field for any other entity type. + description: '' type: string Path: - description: >- - The URL path of the target. It is a valid field for the API entity types of ``RESOURCE``, ``METHOD``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY``, ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. The default value is ``/`` for the root resource. When an applicable child entity inherits the content of another entity of the same type with more general specifications of the other ``location`` attributes, the child entity's ``path`` attribute - must match that of the parent entity as a prefix. + description: '' type: string StatusCode: - description: The HTTP status code of a response. It is a valid field for the API entity types of ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. The default value is ``*`` for any status code. When an applicable child entity inherits the content of an entity of the same type with more general specifications of the other ``location`` attributes, the child entity's ``statusCode`` attribute must match that of the parent entity exactly. + description: '' type: string Type: - description: The type of API entity to which the documentation content applies. Valid values are ``API``, ``AUTHORIZER``, ``MODEL``, ``RESOURCE``, ``METHOD``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY``, ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. Content inheritance does not apply to any entity of the ``API``, ``AUTHORIZER``, ``METHOD``, ``MODEL``, ``REQUEST_BODY``, or ``RESOURCE`` type. + description: '' type: string enum: - API @@ -974,13 +1016,13 @@ components: description: '' type: string Location: - description: The location of the targeted API entity of the to-be-created documentation part. + description: '' $ref: '#/components/schemas/Location' Properties: - description: The new documentation content map of the targeted API entity. Enclosed key-value pairs are API-specific, but only OpenAPI-compliant key-value pairs can be exported and, hence, published. + description: '' type: string RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string required: - Location @@ -1020,14 +1062,14 @@ components: type: object properties: Description: - description: A description about the new documentation snapshot. + description: '' type: string DocumentationVersion: - description: The version identifier of the to-be-updated documentation version. + description: '' type: string minLength: 1 RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string minLength: 1 required: @@ -1060,6 +1102,14 @@ components: - apigateway:DELETE list: - apigateway:GET + MutualTlsAuthentication: + additionalProperties: false + type: object + properties: + TruststoreVersion: + type: string + TruststoreUri: + type: string EndpointConfiguration: description: |- The ``EndpointConfiguration`` property type specifies the endpoint types of a REST API. @@ -1069,56 +1119,48 @@ components: properties: Types: uniqueItems: true - description: A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is ``"EDGE"``. For a regional API and its custom domain name, the endpoint type is ``REGIONAL``. For a private API, the endpoint type is ``PRIVATE``. + description: '' type: array items: type: string VpcEndpointIds: uniqueItems: true - description: A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for ``PRIVATE`` endpoint type. + description: '' type: array items: relationshipRef: typeName: AWS::EC2::VPCEndpoint propertyPath: /properties/Id type: string - MutualTlsAuthentication: + DomainName: type: object properties: - TruststoreUri: + MutualTlsAuthentication: + $ref: '#/components/schemas/MutualTlsAuthentication' + OwnershipVerificationCertificateArn: type: string - TruststoreVersion: + RegionalHostedZoneId: + type: string + RegionalDomainName: type: string - additionalProperties: false - DomainName: - type: object - properties: DomainName: type: string - DistributionDomainName: + SecurityPolicy: type: string DistributionHostedZoneId: type: string EndpointConfiguration: $ref: '#/components/schemas/EndpointConfiguration' - MutualTlsAuthentication: - $ref: '#/components/schemas/MutualTlsAuthentication' - RegionalDomainName: - type: string - RegionalHostedZoneId: - type: string - CertificateArn: + DistributionDomainName: type: string RegionalCertificateArn: type: string - OwnershipVerificationCertificateArn: - type: string - SecurityPolicy: - type: string Tags: type: array items: $ref: '#/components/schemas/Tag' + CertificateArn: + type: string x-stackql-resource-name: domain_name description: Resource Type definition for AWS::ApiGateway::DomainName. x-type-name: AWS::ApiGateway::DomainName @@ -1131,17 +1173,151 @@ components: - DistributionDomainName - RegionalDomainName - DistributionHostedZoneId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true x-required-permissions: - create: - - apigateway:* read: - apigateway:* + create: + - apigateway:* update: - apigateway:* + list: + - apigateway:* delete: - apigateway:* + DomainNameAccessAssociation: + type: object + properties: + DomainNameAccessAssociationArn: + type: string + description: The amazon resource name (ARN) of the domain name access association resource. + DomainNameArn: + type: string + description: The amazon resource name (ARN) of the domain name resource. + AccessAssociationSource: + type: string + description: The source of the domain name access association resource. + AccessAssociationSourceType: + type: string + description: The source type of the domain name access association resource. + enum: + - VPCE + Tags: + description: An array of arbitrary tags (key-value pairs) to associate with the domainname access association. + uniqueItems: false + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - DomainNameArn + - AccessAssociationSource + - AccessAssociationSourceType + x-stackql-resource-name: domain_name_access_association + description: Resource Type definition for AWS::ApiGateway::DomainNameAccessAssociation. + x-type-name: AWS::ApiGateway::DomainNameAccessAssociation + x-stackql-primary-identifier: + - DomainNameAccessAssociationArn + x-create-only-properties: + - DomainNameArn + - AccessAssociationSource + - AccessAssociationSourceType + - Tags + x-read-only-properties: + - DomainNameAccessAssociationArn + x-required-properties: + - DomainNameArn + - AccessAssociationSource + - AccessAssociationSourceType + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - apigateway:POST + - apigateway:DELETE + - apigateway:GET + x-required-permissions: + create: + - apigateway:POST + - apigateway:GET + read: + - apigateway:GET + delete: + - apigateway:DELETE + - apigateway:GET list: - - apigateway:* + - apigateway:GET + DomainNameV2: + type: object + properties: + CertificateArn: + type: string + DomainName: + type: string + EndpointConfiguration: + $ref: '#/components/schemas/EndpointConfiguration' + SecurityPolicy: + type: string + Policy: + type: object + DomainNameId: + type: string + DomainNameArn: + type: string + description: The amazon resource name (ARN) of the domain name resource. + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: domain_name_v2 + description: Resource Type definition for AWS::ApiGateway::DomainNameV2. + x-type-name: AWS::ApiGateway::DomainNameV2 + x-stackql-primary-identifier: + - DomainNameArn + x-create-only-properties: + - DomainName + - SecurityPolicy + - EndpointConfiguration + x-read-only-properties: + - DomainNameId + - DomainNameArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - apigateway:PUT + - apigateway:PATCH + - apigateway:DELETE + - apigateway:GET + - apigateway:POST + x-required-permissions: + create: + - apigateway:POST + - apigateway:GET + - apigateway:UpdateDomainNamePolicy + read: + - apigateway:GET + update: + - apigateway:GET + - apigateway:PUT + - apigateway:PATCH + - apigateway:UpdateDomainNamePolicy + delete: + - apigateway:DELETE + - apigateway:GET + - apigateway:UpdateDomainNamePolicy + list: + - apigateway:GET GatewayResponse: type: object properties: @@ -1149,23 +1325,23 @@ components: description: '' type: string RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string ResponseType: - description: The response type of the associated GatewayResponse. + description: '' type: string StatusCode: - description: The HTTP status code for this GatewayResponse. + description: '' type: string ResponseParameters: - description: Response parameters (paths, query strings and headers) of the GatewayResponse as a string-to-string map of key-value pairs. + description: '' type: object additionalProperties: false x-patternProperties: '[a-zA-Z0-9]+': type: string ResponseTemplates: - description: Response templates of the GatewayResponse as a string-to-string map of key-value pairs. + description: '' type: object additionalProperties: false x-patternProperties: @@ -1204,7 +1380,7 @@ components: list: - apigateway:GET MethodResponse: - description: Represents a method response of a given HTTP status code returned to the client. The method response is passed from the back end through the associated integration response that can be transformed using a mapping template. + description: '' additionalProperties: false type: object properties: @@ -1212,19 +1388,17 @@ components: x-patternProperties: '[a-zA-Z0-9]+': type: boolean - description: >- - A key-value map specifying required or optional response parameters that API Gateway can send back to the caller. A key defines a method response header and the value specifies whether the associated method response header is required or not. The expression of the key must match the pattern ``method.response.header.{name}``, where ``name`` is a valid and unique header name. API Gateway passes certain integration response data to the method response headers specified here according to - the mapping you prescribe in the API's IntegrationResponse. The integration response data that can be mapped include an integration response header expressed in ``integration.response.header.{name}``, a static value enclosed within a pair of single quotes (e.g., ``'application/json'``), or a JSON expression from the back-end response payload in the form of ``integration.response.body.{JSON-expression}``, where ``JSON-expression`` is a valid JSON expression without the ``$`` prefix.) + description: '' additionalProperties: false type: object StatusCode: - description: The method response's status code. + description: '' type: string ResponseModels: x-patternProperties: '[a-zA-Z0-9]+': type: string - description: Specifies the Model resources used for the response's content-type. Response models are represented as a key/value map, with a content-type as the key and a Model name as the value. + description: '' additionalProperties: false type: object required: @@ -1235,33 +1409,28 @@ components: type: object properties: CacheNamespace: - description: Specifies a group of related cached parameters. By default, API Gateway uses the resource ID as the ``cacheNamespace``. You can specify the same ``cacheNamespace`` across resources to return the same cached data for requests to different resources. + description: '' type: string ConnectionType: - description: The type of the network connection to the integration endpoint. The valid value is ``INTERNET`` for connections through the public routable internet or ``VPC_LINK`` for private connections between API Gateway and a network load balancer in a VPC. The default value is ``INTERNET``. + description: '' type: string enum: - INTERNET - VPC_LINK IntegrationResponses: uniqueItems: true - description: Specifies the integration's responses. + description: '' type: array items: $ref: '#/components/schemas/IntegrationResponse' IntegrationHttpMethod: - description: Specifies the integration's HTTP method type. For the Type property, if you specify ``MOCK``, this property is optional. For Lambda integrations, you must set the integration method to ``POST``. For all other types, you must specify this property. + description: '' type: string Uri: - description: |- - Specifies Uniform Resource Identifier (URI) of the integration endpoint. - For ``HTTP`` or ``HTTP_PROXY`` integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification for standard integrations. If ``connectionType`` is ``VPC_LINK`` specify the Network Load Balancer DNS name. For ``AWS`` or ``AWS_PROXY`` integrations, the URI is of the form ``arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}``. Here, {Region} is the API Gateway region (e.g., us-east-1); {service} is the name of the integrated AWS service (e.g., s3); and {subdomain} is a designated subdomain supported by certain AWS service for fast host-name lookup. action can be used for an AWS service action-based API, using an Action={name}&{p1}={v1}&p2={v2}... query string. The ensuing {service_api} refers to a supported action {name} plus any required input parameters. Alternatively, path can be used for an AWS service path-based API. The ensuing service_api refers to the path to an AWS service resource, including the region of the integrated AWS service, if applicable. For example, for integration with the S3 API of GetObject, the uri can be either ``arn:aws:apigateway:us-west-2:s3:action/GetObject&Bucket={bucket}&Key={key}`` or ``arn:aws:apigateway:us-west-2:s3:path/{bucket}/{key}`` + description: '' type: string PassthroughBehavior: - description: >- - Specifies how the method request body of an unmapped content type will be passed through the integration request to the back end without transformation. A content type is unmapped if no mapping template is defined in the integration or the content type does not match any of the mapped content types, as specified in ``requestTemplates``. The valid value is one of the following: ``WHEN_NO_MATCH``: passes the method request body through the integration request to the back end without - transformation when the method request content type does not match any content type associated with the mapping templates defined in the integration request. ``WHEN_NO_TEMPLATES``: passes the method request body through the integration request to the back end without transformation when no mapping template is defined in the integration request. If a template is defined when this option is selected, the method request of an unmapped content-type will be rejected with an HTTP 415 - Unsupported Media Type response. ``NEVER``: rejects the method request with an HTTP 415 Unsupported Media Type response when either the method request content type does not match any content type associated with the mapping templates defined in the integration request or no mapping template is defined in the integration request. + description: '' type: string enum: - WHEN_NO_MATCH @@ -1271,18 +1440,14 @@ components: x-patternProperties: '[a-zA-Z0-9]+': type: string - description: >- - A key-value map specifying request parameters that are passed from the method request to the back end. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the back end. The method request parameter value must match the pattern of ``method.request.{location}.{name}``, where ``location`` is ``querystring``, ``path``, or ``header`` and - ``name`` must be a valid and unique method request parameter name. + description: '' additionalProperties: false type: object ConnectionId: - description: The ID of the VpcLink used for the integration when ``connectionType=VPC_LINK`` and undefined, otherwise. + description: '' type: string Type: - description: |- - Specifies an API method integration type. The valid value is one of the following: - For the HTTP and HTTP proxy integrations, each integration can specify a protocol (``http/https``), port and path. Standard 80 and 443 ports are supported as well as custom ports above 1024. An HTTP or HTTP proxy integration with a ``connectionType`` of ``VPC_LINK`` is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC. + description: '' type: string enum: - AWS @@ -1292,14 +1457,12 @@ components: - MOCK CacheKeyParameters: uniqueItems: true - description: A list of request parameters whose values API Gateway caches. To be valid values for ``cacheKeyParameters``, these parameters must also be specified for Method ``requestParameters``. + description: '' type: array items: type: string ContentHandling: - description: |- - Specifies how to handle request payload content type conversions. Supported values are ``CONVERT_TO_BINARY`` and ``CONVERT_TO_TEXT``, with the following behaviors: - If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the ``passthroughBehavior`` is configured to support payload pass-through. + description: '' type: string enum: - CONVERT_TO_BINARY @@ -1308,15 +1471,15 @@ components: x-patternProperties: '[a-zA-Z0-9]+': type: string - description: Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. + description: '' additionalProperties: false type: object TimeoutInMillis: - description: Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds or 29 seconds. + description: '' type: integer minimum: 50 Credentials: - description: Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string ``arn:aws:iam::\*:user/\*``. To use resource-based permissions on supported AWS services, specify null. + description: '' type: string required: - Type @@ -1329,18 +1492,14 @@ components: x-patternProperties: '[a-zA-Z0-9]+': type: string - description: Specifies the templates used to transform the integration response body. Response templates are represented as a key/value map, with a content-type as the key and a template as the value. + description: '' additionalProperties: false type: object SelectionPattern: - description: >- - Specifies the regular expression (regex) pattern used to choose an integration response based on the response from the back end. For example, if the success response returns nothing and the error response returns some string, you could use the ``.+`` regex to match error response. However, make sure that the error response does not contain any newline (``\n``) character in such cases. If the back end is an LAMlong function, the LAMlong function error header is matched. For all other - HTTP and AWS back ends, the HTTP status code is matched. + description: '' type: string ContentHandling: - description: |- - Specifies how to handle response payload content type conversions. Supported values are ``CONVERT_TO_BINARY`` and ``CONVERT_TO_TEXT``, with the following behaviors: - If this property is not defined, the response payload will be passed through from the integration response to the method response without modification. + description: '' type: string enum: - CONVERT_TO_BINARY @@ -1349,13 +1508,11 @@ components: x-patternProperties: '[a-zA-Z0-9]+': type: string - description: >- - A key-value map specifying response parameters that are passed to the method response from the back end. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of ``method.response.header.{name}``, where ``name`` is a valid and unique header name. The mapped non-static value - must match the pattern of ``integration.response.header.{name}`` or ``integration.response.body.{JSON-expression}``, where ``name`` is a valid and unique response header name and ``JSON-expression`` is a valid JSON expression without the ``$`` prefix. + description: '' additionalProperties: false type: object StatusCode: - description: Specifies the status code that is used to map the integration response to an existing MethodResponse. + description: '' type: string required: - StatusCode @@ -1363,54 +1520,50 @@ components: type: object properties: Integration: - description: Represents an ``HTTP``, ``HTTP_PROXY``, ``AWS``, ``AWS_PROXY``, or Mock integration. + description: '' $ref: '#/components/schemas/Integration' OperationName: - description: A human-friendly operation identifier for the method. For example, you can assign the ``operationName`` of ``ListPets`` for the ``GET /pets`` method in the ``PetStore`` example. + description: '' type: string RequestModels: x-patternProperties: '[a-zA-Z0-9]+': type: string - description: A key-value map specifying data schemas, represented by Model resources, (as the mapped value) of the request payloads of given content types (as the mapping key). + description: '' additionalProperties: false type: object RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string AuthorizationScopes: - description: >- - A list of authorization scopes configured on the method. The scopes are used with a ``COGNITO_USER_POOLS`` authorizer to authorize the method invocation. The authorization works by matching the method scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any method scopes matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the method scope is configured, the client must provide - an access token instead of an identity token for authorization purposes. + description: '' type: array items: type: string RequestValidatorId: - description: The identifier of a RequestValidator for request validation. + description: '' type: string RequestParameters: x-patternProperties: '[a-zA-Z0-9]+': type: boolean - description: >- - A key-value map defining required or optional method request parameters that can be accepted by API Gateway. A key is a method request parameter name matching the pattern of ``method.request.{location}.{name}``, where ``location`` is ``querystring``, ``path``, or ``header`` and ``name`` is a valid and unique parameter name. The value associated with the key is a Boolean flag indicating whether the parameter is required (``true``) or optional (``false``). The method request parameter - names defined here are available in Integration to be mapped to integration request parameters or templates. + description: '' additionalProperties: false type: object MethodResponses: uniqueItems: true - description: Gets a method response associated with a given HTTP status code. + description: '' type: array items: $ref: '#/components/schemas/MethodResponse' AuthorizerId: - description: The identifier of an authorizer to use on this method. The method's authorization type must be ``CUSTOM`` or ``COGNITO_USER_POOLS``. + description: '' type: string ResourceId: - description: The Resource identifier for the MethodResponse resource. + description: '' type: string ApiKeyRequired: - description: A boolean flag specifying whether a valid ApiKey is required to invoke this method. + description: '' type: boolean AuthorizationType: description: |- @@ -1418,7 +1571,7 @@ components: If you specify the ``AuthorizerId`` property, specify ``CUSTOM`` or ``COGNITO_USER_POOLS`` for this property. type: string HttpMethod: - description: The method's HTTP verb. + description: '' type: string required: - RestApiId @@ -1463,10 +1616,10 @@ components: properties: ContentType: type: string - description: The content-type for the model. + description: '' Description: type: string - description: The description of the model. + description: '' Name: type: string description: |- @@ -1474,9 +1627,9 @@ components: If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. RestApiId: type: string - description: The string identifier of the associated RestApi. + description: '' Schema: - description: The schema for the model. For ``application/json`` models, this should be JSON schema draft 4 model. Do not include "\*/" characters in the description of any properties because such "\*/" characters may be interpreted as the closing marker for comments in some languages, such as Java or JavaScript, causing the installation of your API's SDK generated by API Gateway to fail. + description: '' type: object required: - RestApiId @@ -1515,16 +1668,16 @@ components: description: '' type: string Name: - description: The name of this RequestValidator + description: '' type: string RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string ValidateRequestBody: - description: A Boolean flag to indicate whether to validate a request body according to the configured Model schema. + description: '' type: boolean ValidateRequestParameters: - description: A Boolean flag to indicate whether to validate request parameters (``true``) or not (``false``). + description: '' type: boolean required: - RestApiId @@ -1560,16 +1713,16 @@ components: type: object properties: ParentId: - description: The parent resource's identifier. + description: '' type: string PathPart: - description: The last path segment for this resource. + description: '' type: string ResourceId: description: '' type: string RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string required: - ParentId @@ -1637,20 +1790,20 @@ components: description: The Amazon Simple Storage Service (Amazon S3) location that points to an OpenAPI file, which defines a set of RESTful APIs in JSON or YAML format. $ref: '#/components/schemas/S3Location' Description: - description: The description of the RestApi. + description: '' type: string MinimumCompressionSize: - description: A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size. + description: '' type: integer Parameters: x-patternProperties: '[a-zA-Z0-9]+': type: string - description: Custom header parameters as part of the request. For example, to exclude DocumentationParts from an imported API, set ``ignore=documentation`` as a ``parameters`` value, as in the AWS CLI command of ``aws apigateway import-rest-api --parameters ignore=documentation --body 'file:///path/to/imported-api-body.json'``. + description: '' additionalProperties: false type: object CloneFrom: - description: The ID of the RestApi that you want to clone from. + description: '' type: string Mode: description: |- @@ -1665,14 +1818,14 @@ components: description: '' type: string DisableExecuteApiEndpoint: - description: Specifies whether clients can invoke your API by using the default ``execute-api`` endpoint. By default, clients can invoke your API with the default ``https://{api_id}.execute-api.{region}.amazonaws.com`` endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint + description: '' type: boolean FailOnWarnings: - description: A query parameter to indicate whether to rollback the API update (``true``) or not (``false``) when a warning is encountered. The default value is ``false``. + description: '' type: boolean BinaryMediaTypes: uniqueItems: true - description: The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads. + description: '' type: array items: type: string @@ -1683,7 +1836,7 @@ components: description: '' type: string ApiKeySourceType: - description: 'The source of the API key for metering requests according to a usage plan. Valid values are: ``HEADER`` to read the API key from the ``X-API-Key`` header of a request. ``AUTHORIZER`` to read the API key from the ``UsageIdentifierKey`` from a custom authorizer.' + description: '' type: string EndpointConfiguration: description: A list of the endpoint types of the API. Use this property when creating an API. When importing an existing API, specify the endpoint configuration types using the ``Parameters`` property. @@ -1693,7 +1846,7 @@ components: type: object Tags: uniqueItems: false - description: The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with ``aws:``. The tag value can be up to 256 characters. + description: '' type: array items: $ref: '#/components/schemas/Tag' @@ -1751,51 +1904,51 @@ components: type: object properties: AccessLogSetting: - description: Access log settings, including the access log format and access log destination ARN. + description: '' $ref: '#/components/schemas/AccessLogSetting' CacheClusterEnabled: - description: Specifies whether a cache cluster is enabled for the stage. + description: '' type: boolean CacheClusterSize: - description: The stage's cache capacity in GB. For more information about choosing a cache size, see [Enabling API caching to enhance responsiveness](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html). + description: '' type: string CanarySetting: - description: Settings for the canary deployment in this stage. + description: '' $ref: '#/components/schemas/CanarySetting' ClientCertificateId: - description: The identifier of a client certificate for an API stage. + description: '' type: string DeploymentId: - description: The identifier of the Deployment that the stage points to. + description: '' type: string Description: - description: The stage's description. + description: '' type: string DocumentationVersion: - description: The version of the associated API documentation. + description: '' type: string MethodSettings: - description: A map that defines the method settings for a Stage resource. Keys (designated as ``/{method_setting_key`` below) are method paths defined as ``{resource_path}/{http_method}`` for an individual method override, or ``/\*/\*`` for overriding all methods in the stage. + description: '' type: array uniqueItems: true x-insertionOrder: false items: $ref: '#/components/schemas/MethodSetting' RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string StageName: - description: The name of the stage is the first path segment in the Uniform Resource Identifier (URI) of a call to API Gateway. Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters. + description: '' type: string Tags: - description: The collection of tags. Each tag element is associated with a given resource. + description: '' type: array uniqueItems: false x-insertionOrder: false items: $ref: '#/components/schemas/Tag' TracingEnabled: - description: Specifies whether active tracing with X-ray is enabled for the Stage. + description: '' type: boolean Variables: description: 'A map (string-to-string map) that defines the stage variables, where the variable name is the key and the variable value is the value. Variable names are limited to alphanumeric characters. Values must match the following regular expression: ``[A-Za-z0-9-._~:/?#&=,]+``.' @@ -1850,18 +2003,18 @@ components: properties: ApiId: type: string - description: API Id of the associated API stage in a usage plan. + description: '' Stage: type: string - description: API stage name of the associated API stage in a usage plan. + description: '' Throttle: type: object - description: Map containing method level throttling information for API stage in a usage plan. + description: '' additionalProperties: false x-patternProperties: .*: $ref: '#/components/schemas/ThrottleSettings' - description: API stage name of the associated API stage in a usage plan. + description: '' ThrottleSettings: type: object additionalProperties: false @@ -1869,11 +2022,11 @@ components: BurstLimit: type: integer minimum: 0 - description: The API target request burst rate limit. This allows more requests through for a period of time than the target rate limit. + description: '' RateLimit: type: number minimum: 0 - description: The API target request rate limit. + description: '' description: '``ThrottleSettings`` is a property of the [AWS::ApiGateway::UsagePlan](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html) resource that specifies the overall request rate (average requests per second) and burst capacity when users call your REST APIs.' QuotaSettings: type: object @@ -1882,14 +2035,14 @@ components: Limit: type: integer minimum: 0 - description: The target maximum number of requests that can be made in a given time period. + description: '' Offset: type: integer minimum: 0 - description: The number of requests subtracted from the given limit in the initial time period. + description: '' Period: type: string - description: The time period in which the limit applies. Valid values are "DAY", "WEEK" or "MONTH". + description: '' description: |- ``QuotaSettings`` is a property of the [AWS::ApiGateway::UsagePlan](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html) resource that specifies a target for the maximum number of requests users can make to your REST APIs. In some cases clients can exceed the targets that you set. Don’t rely on usage plans to control costs. Consider using [](https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-managing-costs.html) to monitor costs and [](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) to manage API requests. @@ -1901,29 +2054,29 @@ components: description: '' ApiStages: type: array - description: The associated API stages of a usage plan. + description: '' uniqueItems: true items: $ref: '#/components/schemas/ApiStage' Description: type: string - description: The description of a usage plan. + description: '' Quota: $ref: '#/components/schemas/QuotaSettings' - description: The target maximum number of permitted requests per a given unit time interval. + description: '' Tags: type: array - description: The collection of tags. Each tag element is associated with a given resource. + description: '' x-insertionOrder: false uniqueItems: false items: $ref: '#/components/schemas/Tag' Throttle: $ref: '#/components/schemas/ThrottleSettings' - description: A map containing method level throttling information for API stage in a usage plan. + description: '' UsagePlanName: type: string - description: The name of a usage plan. + description: '' x-stackql-resource-name: usage_plan description: |- The ``AWS::ApiGateway::UsagePlan`` resource creates a usage plan for deployed APIs. A usage plan sets a target for the throttling and quota limits on individual client API keys. For more information, see [Creating and Using API Usage Plans in Amazon API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html) in the *API Gateway Developer Guide*. @@ -1968,7 +2121,7 @@ components: description: The Id of the UsagePlanKey resource. type: string KeyType: - description: The type of a UsagePlanKey resource for a plan customer. + description: '' type: string enum: - API_KEY @@ -2014,10 +2167,10 @@ components: type: object properties: Name: - description: The name used to label and identify the VPC link. + description: '' type: string Description: - description: The description of the VPC link. + description: '' type: string Tags: description: An array of arbitrary tags (key-value pairs) to associate with the VPC link. @@ -2027,7 +2180,7 @@ components: items: $ref: '#/components/schemas/Tag' TargetArns: - description: The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + description: '' type: array uniqueItems: false x-insertionOrder: false @@ -2111,7 +2264,7 @@ components: description: '' type: string CloudWatchRoleArn: - description: The ARN of an Amazon CloudWatch role for the current Account. + description: '' type: string x-stackQL-stringOnly: true x-title: CreateAccountRequest @@ -2134,17 +2287,17 @@ components: description: '' type: string CustomerId: - description: An MKT customer identifier, when integrating with the AWS SaaS Marketplace. + description: '' type: string Description: - description: The description of the ApiKey. + description: '' type: string Enabled: - description: Specifies whether the ApiKey can be used by callers. + description: '' default: false type: boolean GenerateDistinctId: - description: Specifies whether (``true``) or not (``false``) the key identifier is distinct from the created API key value. This parameter is deprecated and should not be used. + description: '' type: boolean Name: description: |- @@ -2152,19 +2305,19 @@ components: If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. type: string StageKeys: - description: DEPRECATED FOR USAGE PLANS - Specifies stages associated with the API key. + description: '' type: array uniqueItems: true items: $ref: '#/components/schemas/StageKey' Tags: - description: The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with ``aws:``. The tag value can be up to 256 characters. + description: '' type: array uniqueItems: false items: $ref: '#/components/schemas/Tag' Value: - description: Specifies a value of the API key. + description: '' type: string x-stackQL-stringOnly: true x-title: CreateApiKeyRequest @@ -2184,48 +2337,41 @@ components: type: object properties: RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string AuthorizerId: type: string description: '' AuthType: - description: Optional customer-defined field, used in OpenAPI imports and exports without functional impact. + description: '' type: string AuthorizerCredentials: - description: Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null. + description: '' type: string AuthorizerResultTtlInSeconds: - description: The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour. + description: '' type: integer AuthorizerUri: - description: >- - Specifies the authorizer's Uniform Resource Identifier (URI). For ``TOKEN`` or ``REQUEST`` authorizers, this must be a well-formed Lambda function URI, for example, ``arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations``. In general, the URI has this form ``arn:aws:apigateway:{region}:lambda:path/{service_api}``, where ``{region}`` is the same as the region hosting the Lambda function, - ``path`` indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial ``/``. For Lambda functions, this is usually of the form ``/2015-03-31/functions/[FunctionARN]/invocations``. + description: '' type: string IdentitySource: - description: >- - The identity source for which authorization is requested. For a ``TOKEN`` or ``COGNITO_USER_POOLS`` authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is ``Auth``, the header mapping expression is ``method.request.header.Auth``. For the ``REQUEST`` authorizer, this is required when authorization caching is enabled. The value is a - comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an ``Auth`` header, a ``Name`` query string parameter are defined as identity sources, this value is ``method.request.header.Auth, method.request.querystring.Name``. These parameters will be used to derive the authorization caching key and to perform runtime validation of the ``REQUEST`` authorizer by verifying all of the identity-related request parameters are present, - not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional. + description: '' type: string IdentityValidationExpression: - description: >- - A validation expression for the incoming identity token. For ``TOKEN`` authorizers, this value is a regular expression. For ``COGNITO_USER_POOLS`` authorizers, API Gateway will match the ``aud`` field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply - to the ``REQUEST`` authorizer. + description: '' type: string Name: - description: The name of the authorizer. + description: '' type: string ProviderARNs: - description: 'A list of the Amazon Cognito user pool ARNs for the ``COGNITO_USER_POOLS`` authorizer. Each element is of this format: ``arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}``. For a ``TOKEN`` or ``REQUEST`` authorizer, this is not defined.' + description: '' type: array uniqueItems: true items: type: string x-insertionOrder: false Type: - description: The authorizer type. Valid values are ``TOKEN`` for a Lambda function using a single authorization token submitted in a custom header, ``REQUEST`` for a Lambda function using incoming request parameters, and ``COGNITO_USER_POOLS`` for using an Amazon Cognito user pool. + description: '' type: string x-stackQL-stringOnly: true x-title: CreateAuthorizerRequest @@ -2246,20 +2392,52 @@ components: properties: BasePath: type: string - description: The base path name that callers of the API must provide as part of the URL after the domain name. + description: '' DomainName: type: string - description: The domain name of the BasePathMapping resource to be described. + description: '' RestApiId: type: string - description: The string identifier of the associated RestApi. + description: '' Stage: type: string - description: The name of the associated stage. + description: '' x-stackQL-stringOnly: true x-title: CreateBasePathMappingRequest type: object required: [] + CreateBasePathMappingV2Request: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + BasePath: + type: string + description: The base path name that callers of the API must provide in the URL after the domain name. + DomainNameArn: + type: string + description: The Arn of an AWS::ApiGateway::DomainNameV2 resource. + RestApiId: + type: string + description: The ID of the API. + Stage: + type: string + description: The name of the API's stage. + BasePathMappingArn: + type: string + description: Amazon Resource Name (ARN) of the resource. + x-stackQL-stringOnly: true + x-title: CreateBasePathMappingV2Request + type: object + required: [] CreateClientCertificateRequest: properties: ClientToken: @@ -2277,10 +2455,10 @@ components: description: '' type: string Description: - description: The description of the client certificate. + description: '' type: string Tags: - description: The collection of tags. Each tag element is associated with a given resource. + description: '' type: array uniqueItems: false items: @@ -2306,19 +2484,19 @@ components: description: '' type: string Description: - description: The description for the Deployment resource to create. + description: '' type: string StageDescription: description: The description of the Stage resource for the Deployment resource to create. To specify a stage description, you must also provide a stage name. $ref: '#/components/schemas/StageDescription' StageName: - description: The name of the Stage resource for the Deployment resource to create. + description: '' type: string RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string DeploymentCanarySettings: - description: The input configuration for a canary deployment. + description: '' $ref: '#/components/schemas/DeploymentCanarySettings' x-stackQL-stringOnly: true x-title: CreateDeploymentRequest @@ -2341,13 +2519,13 @@ components: description: '' type: string Location: - description: The location of the targeted API entity of the to-be-created documentation part. + description: '' $ref: '#/components/schemas/Location' Properties: - description: The new documentation content map of the targeted API entity. Enclosed key-value pairs are API-specific, but only OpenAPI-compliant key-value pairs can be exported and, hence, published. + description: '' type: string RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string x-stackQL-stringOnly: true x-title: CreateDocumentationPartRequest @@ -2367,14 +2545,14 @@ components: type: object properties: Description: - description: A description about the new documentation snapshot. + description: '' type: string DocumentationVersion: - description: The version identifier of the to-be-updated documentation version. + description: '' type: string minLength: 1 RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string minLength: 1 x-stackQL-stringOnly: true @@ -2394,34 +2572,107 @@ components: DesiredState: type: object properties: + MutualTlsAuthentication: + $ref: '#/components/schemas/MutualTlsAuthentication' + OwnershipVerificationCertificateArn: + type: string + RegionalHostedZoneId: + type: string + RegionalDomainName: + type: string DomainName: type: string - DistributionDomainName: + SecurityPolicy: type: string DistributionHostedZoneId: type: string EndpointConfiguration: $ref: '#/components/schemas/EndpointConfiguration' - MutualTlsAuthentication: - $ref: '#/components/schemas/MutualTlsAuthentication' - RegionalDomainName: + DistributionDomainName: type: string - RegionalHostedZoneId: + RegionalCertificateArn: type: string + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' CertificateArn: type: string - RegionalCertificateArn: + x-stackQL-stringOnly: true + x-title: CreateDomainNameRequest + type: object + required: [] + CreateDomainNameAccessAssociationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DomainNameAccessAssociationArn: type: string - OwnershipVerificationCertificateArn: + description: The amazon resource name (ARN) of the domain name access association resource. + DomainNameArn: + type: string + description: The amazon resource name (ARN) of the domain name resource. + AccessAssociationSource: + type: string + description: The source of the domain name access association resource. + AccessAssociationSourceType: + type: string + description: The source type of the domain name access association resource. + enum: + - VPCE + Tags: + description: An array of arbitrary tags (key-value pairs) to associate with the domainname access association. + uniqueItems: false + type: array + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateDomainNameAccessAssociationRequest + type: object + required: [] + CreateDomainNameV2Request: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + CertificateArn: + type: string + DomainName: type: string + EndpointConfiguration: + $ref: '#/components/schemas/EndpointConfiguration' SecurityPolicy: type: string + Policy: + type: object + DomainNameId: + type: string + DomainNameArn: + type: string + description: The amazon resource name (ARN) of the domain name resource. Tags: type: array items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true - x-title: CreateDomainNameRequest + x-title: CreateDomainNameV2Request type: object required: [] CreateGatewayResponseRequest: @@ -2441,23 +2692,23 @@ components: description: '' type: string RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string ResponseType: - description: The response type of the associated GatewayResponse. + description: '' type: string StatusCode: - description: The HTTP status code for this GatewayResponse. + description: '' type: string ResponseParameters: - description: Response parameters (paths, query strings and headers) of the GatewayResponse as a string-to-string map of key-value pairs. + description: '' type: object additionalProperties: false x-patternProperties: '[a-zA-Z0-9]+': type: string ResponseTemplates: - description: Response templates of the GatewayResponse as a string-to-string map of key-value pairs. + description: '' type: object additionalProperties: false x-patternProperties: @@ -2481,54 +2732,50 @@ components: type: object properties: Integration: - description: Represents an ``HTTP``, ``HTTP_PROXY``, ``AWS``, ``AWS_PROXY``, or Mock integration. + description: '' $ref: '#/components/schemas/Integration' OperationName: - description: A human-friendly operation identifier for the method. For example, you can assign the ``operationName`` of ``ListPets`` for the ``GET /pets`` method in the ``PetStore`` example. + description: '' type: string RequestModels: x-patternProperties: '[a-zA-Z0-9]+': type: string - description: A key-value map specifying data schemas, represented by Model resources, (as the mapped value) of the request payloads of given content types (as the mapping key). + description: '' additionalProperties: false type: object RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string AuthorizationScopes: - description: >- - A list of authorization scopes configured on the method. The scopes are used with a ``COGNITO_USER_POOLS`` authorizer to authorize the method invocation. The authorization works by matching the method scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any method scopes matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the method scope is configured, the client must - provide an access token instead of an identity token for authorization purposes. + description: '' type: array items: type: string RequestValidatorId: - description: The identifier of a RequestValidator for request validation. + description: '' type: string RequestParameters: x-patternProperties: '[a-zA-Z0-9]+': type: boolean - description: >- - A key-value map defining required or optional method request parameters that can be accepted by API Gateway. A key is a method request parameter name matching the pattern of ``method.request.{location}.{name}``, where ``location`` is ``querystring``, ``path``, or ``header`` and ``name`` is a valid and unique parameter name. The value associated with the key is a Boolean flag indicating whether the parameter is required (``true``) or optional (``false``). The method request - parameter names defined here are available in Integration to be mapped to integration request parameters or templates. + description: '' additionalProperties: false type: object MethodResponses: uniqueItems: true - description: Gets a method response associated with a given HTTP status code. + description: '' type: array items: $ref: '#/components/schemas/MethodResponse' AuthorizerId: - description: The identifier of an authorizer to use on this method. The method's authorization type must be ``CUSTOM`` or ``COGNITO_USER_POOLS``. + description: '' type: string ResourceId: - description: The Resource identifier for the MethodResponse resource. + description: '' type: string ApiKeyRequired: - description: A boolean flag specifying whether a valid ApiKey is required to invoke this method. + description: '' type: boolean AuthorizationType: description: |- @@ -2536,7 +2783,7 @@ components: If you specify the ``AuthorizerId`` property, specify ``CUSTOM`` or ``COGNITO_USER_POOLS`` for this property. type: string HttpMethod: - description: The method's HTTP verb. + description: '' type: string x-stackQL-stringOnly: true x-title: CreateMethodRequest @@ -2557,10 +2804,10 @@ components: properties: ContentType: type: string - description: The content-type for the model. + description: '' Description: type: string - description: The description of the model. + description: '' Name: type: string description: |- @@ -2568,9 +2815,9 @@ components: If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. RestApiId: type: string - description: The string identifier of the associated RestApi. + description: '' Schema: - description: The schema for the model. For ``application/json`` models, this should be JSON schema draft 4 model. Do not include "\*/" characters in the description of any properties because such "\*/" characters may be interpreted as the closing marker for comments in some languages, such as Java or JavaScript, causing the installation of your API's SDK generated by API Gateway to fail. + description: '' type: object x-stackQL-stringOnly: true x-title: CreateModelRequest @@ -2593,16 +2840,16 @@ components: description: '' type: string Name: - description: The name of this RequestValidator + description: '' type: string RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string ValidateRequestBody: - description: A Boolean flag to indicate whether to validate a request body according to the configured Model schema. + description: '' type: boolean ValidateRequestParameters: - description: A Boolean flag to indicate whether to validate request parameters (``true``) or not (``false``). + description: '' type: boolean x-stackQL-stringOnly: true x-title: CreateRequestValidatorRequest @@ -2622,16 +2869,16 @@ components: type: object properties: ParentId: - description: The parent resource's identifier. + description: '' type: string PathPart: - description: The last path segment for this resource. + description: '' type: string ResourceId: description: '' type: string RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string x-stackQL-stringOnly: true x-title: CreateResourceRequest @@ -2657,20 +2904,20 @@ components: description: The Amazon Simple Storage Service (Amazon S3) location that points to an OpenAPI file, which defines a set of RESTful APIs in JSON or YAML format. $ref: '#/components/schemas/S3Location' Description: - description: The description of the RestApi. + description: '' type: string MinimumCompressionSize: - description: A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size. + description: '' type: integer Parameters: x-patternProperties: '[a-zA-Z0-9]+': type: string - description: Custom header parameters as part of the request. For example, to exclude DocumentationParts from an imported API, set ``ignore=documentation`` as a ``parameters`` value, as in the AWS CLI command of ``aws apigateway import-rest-api --parameters ignore=documentation --body 'file:///path/to/imported-api-body.json'``. + description: '' additionalProperties: false type: object CloneFrom: - description: The ID of the RestApi that you want to clone from. + description: '' type: string Mode: description: |- @@ -2685,14 +2932,14 @@ components: description: '' type: string DisableExecuteApiEndpoint: - description: Specifies whether clients can invoke your API by using the default ``execute-api`` endpoint. By default, clients can invoke your API with the default ``https://{api_id}.execute-api.{region}.amazonaws.com`` endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint + description: '' type: boolean FailOnWarnings: - description: A query parameter to indicate whether to rollback the API update (``true``) or not (``false``) when a warning is encountered. The default value is ``false``. + description: '' type: boolean BinaryMediaTypes: uniqueItems: true - description: The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads. + description: '' type: array items: type: string @@ -2703,7 +2950,7 @@ components: description: '' type: string ApiKeySourceType: - description: 'The source of the API key for metering requests according to a usage plan. Valid values are: ``HEADER`` to read the API key from the ``X-API-Key`` header of a request. ``AUTHORIZER`` to read the API key from the ``UsageIdentifierKey`` from a custom authorizer.' + description: '' type: string EndpointConfiguration: description: A list of the endpoint types of the API. Use this property when creating an API. When importing an existing API, specify the endpoint configuration types using the ``Parameters`` property. @@ -2713,7 +2960,7 @@ components: type: object Tags: uniqueItems: false - description: The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with ``aws:``. The tag value can be up to 256 characters. + description: '' type: array items: $ref: '#/components/schemas/Tag' @@ -2735,51 +2982,51 @@ components: type: object properties: AccessLogSetting: - description: Access log settings, including the access log format and access log destination ARN. + description: '' $ref: '#/components/schemas/AccessLogSetting' CacheClusterEnabled: - description: Specifies whether a cache cluster is enabled for the stage. + description: '' type: boolean CacheClusterSize: - description: The stage's cache capacity in GB. For more information about choosing a cache size, see [Enabling API caching to enhance responsiveness](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html). + description: '' type: string CanarySetting: - description: Settings for the canary deployment in this stage. + description: '' $ref: '#/components/schemas/CanarySetting' ClientCertificateId: - description: The identifier of a client certificate for an API stage. + description: '' type: string DeploymentId: - description: The identifier of the Deployment that the stage points to. + description: '' type: string Description: - description: The stage's description. + description: '' type: string DocumentationVersion: - description: The version of the associated API documentation. + description: '' type: string MethodSettings: - description: A map that defines the method settings for a Stage resource. Keys (designated as ``/{method_setting_key`` below) are method paths defined as ``{resource_path}/{http_method}`` for an individual method override, or ``/\*/\*`` for overriding all methods in the stage. + description: '' type: array uniqueItems: true x-insertionOrder: false items: $ref: '#/components/schemas/MethodSetting' RestApiId: - description: The string identifier of the associated RestApi. + description: '' type: string StageName: - description: The name of the stage is the first path segment in the Uniform Resource Identifier (URI) of a call to API Gateway. Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters. + description: '' type: string Tags: - description: The collection of tags. Each tag element is associated with a given resource. + description: '' type: array uniqueItems: false x-insertionOrder: false items: $ref: '#/components/schemas/Tag' TracingEnabled: - description: Specifies whether active tracing with X-ray is enabled for the Stage. + description: '' type: boolean Variables: description: 'A map (string-to-string map) that defines the stage variables, where the variable name is the key and the variable value is the value. Variable names are limited to alphanumeric characters. Values must match the following regular expression: ``[A-Za-z0-9-._~:/?#&=,]+``.' @@ -2810,29 +3057,29 @@ components: description: '' ApiStages: type: array - description: The associated API stages of a usage plan. + description: '' uniqueItems: true items: $ref: '#/components/schemas/ApiStage' Description: type: string - description: The description of a usage plan. + description: '' Quota: $ref: '#/components/schemas/QuotaSettings' - description: The target maximum number of permitted requests per a given unit time interval. + description: '' Tags: type: array - description: The collection of tags. Each tag element is associated with a given resource. + description: '' x-insertionOrder: false uniqueItems: false items: $ref: '#/components/schemas/Tag' Throttle: $ref: '#/components/schemas/ThrottleSettings' - description: A map containing method level throttling information for API stage in a usage plan. + description: '' UsagePlanName: type: string - description: The name of a usage plan. + description: '' x-stackQL-stringOnly: true x-title: CreateUsagePlanRequest type: object @@ -2854,7 +3101,7 @@ components: description: The Id of the UsagePlanKey resource. type: string KeyType: - description: The type of a UsagePlanKey resource for a plan customer. + description: '' type: string enum: - API_KEY @@ -2882,10 +3129,10 @@ components: type: object properties: Name: - description: The name used to label and identify the VPC link. + description: '' type: string Description: - description: The description of the VPC link. + description: '' type: string Tags: description: An array of arbitrary tags (key-value pairs) to associate with the VPC link. @@ -2895,7 +3142,7 @@ components: items: $ref: '#/components/schemas/Tag' TargetArns: - description: The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + description: '' type: array uniqueItems: false x-insertionOrder: false @@ -3548,6 +3795,156 @@ components: json_extract_path_text(Properties, 'BasePath') as base_path FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::BasePathMapping' AND region = 'us-east-1' + base_path_mapping_v2s: + name: base_path_mapping_v2s + id: aws.apigateway.base_path_mapping_v2s + x-cfn-schema-name: BasePathMappingV2 + x-cfn-type-name: AWS::ApiGateway::BasePathMappingV2 + x-identifiers: + - BasePathMappingArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__BasePathMappingV2&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApiGateway::BasePathMappingV2" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApiGateway::BasePathMappingV2" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApiGateway::BasePathMappingV2" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/base_path_mapping_v2s/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/base_path_mapping_v2s/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/base_path_mapping_v2s/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.BasePath') as base_path, + JSON_EXTRACT(Properties, '$.DomainNameArn') as domain_name_arn, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(Properties, '$.Stage') as stage, + JSON_EXTRACT(Properties, '$.BasePathMappingArn') as base_path_mapping_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::BasePathMappingV2' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.BasePath') as base_path, + JSON_EXTRACT(detail.Properties, '$.DomainNameArn') as domain_name_arn, + JSON_EXTRACT(detail.Properties, '$.RestApiId') as rest_api_id, + JSON_EXTRACT(detail.Properties, '$.Stage') as stage, + JSON_EXTRACT(detail.Properties, '$.BasePathMappingArn') as base_path_mapping_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ApiGateway::BasePathMappingV2' + AND detail.data__TypeName = 'AWS::ApiGateway::BasePathMappingV2' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'BasePath') as base_path, + json_extract_path_text(Properties, 'DomainNameArn') as domain_name_arn, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(Properties, 'Stage') as stage, + json_extract_path_text(Properties, 'BasePathMappingArn') as base_path_mapping_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::BasePathMappingV2' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'BasePath') as base_path, + json_extract_path_text(detail.Properties, 'DomainNameArn') as domain_name_arn, + json_extract_path_text(detail.Properties, 'RestApiId') as rest_api_id, + json_extract_path_text(detail.Properties, 'Stage') as stage, + json_extract_path_text(detail.Properties, 'BasePathMappingArn') as base_path_mapping_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ApiGateway::BasePathMappingV2' + AND detail.data__TypeName = 'AWS::ApiGateway::BasePathMappingV2' + AND listing.region = 'us-east-1' + base_path_mapping_v2s_list_only: + name: base_path_mapping_v2s_list_only + id: aws.apigateway.base_path_mapping_v2s_list_only + x-cfn-schema-name: BasePathMappingV2 + x-cfn-type-name: AWS::ApiGateway::BasePathMappingV2 + x-identifiers: + - BasePathMappingArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BasePathMappingArn') as base_path_mapping_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::BasePathMappingV2' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BasePathMappingArn') as base_path_mapping_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::BasePathMappingV2' + AND region = 'us-east-1' client_certificates: name: client_certificates id: aws.apigateway.client_certificates @@ -4177,27 +4574,458 @@ components: predicate: sqlDialect == "sqlite3" ddl: |- SELECT - region, - JSON_EXTRACT(Properties, '$.DocumentationVersion') as documentation_version, - JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DocumentationVersion' - AND region = 'us-east-1' + region, + JSON_EXTRACT(Properties, '$.DocumentationVersion') as documentation_version, + JSON_EXTRACT(Properties, '$.RestApiId') as rest_api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DocumentationVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DocumentationVersion') as documentation_version, + json_extract_path_text(Properties, 'RestApiId') as rest_api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DocumentationVersion' + AND region = 'us-east-1' + domain_names: + name: domain_names + id: aws.apigateway.domain_names + x-cfn-schema-name: DomainName + x-cfn-type-name: AWS::ApiGateway::DomainName + x-identifiers: + - DomainName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DomainName&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApiGateway::DomainName" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApiGateway::DomainName" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApiGateway::DomainName" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/domain_names/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/domain_names/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/domain_names/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MutualTlsAuthentication') as mutual_tls_authentication, + JSON_EXTRACT(Properties, '$.OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, + JSON_EXTRACT(Properties, '$.RegionalHostedZoneId') as regional_hosted_zone_id, + JSON_EXTRACT(Properties, '$.RegionalDomainName') as regional_domain_name, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.SecurityPolicy') as security_policy, + JSON_EXTRACT(Properties, '$.DistributionHostedZoneId') as distribution_hosted_zone_id, + JSON_EXTRACT(Properties, '$.EndpointConfiguration') as endpoint_configuration, + JSON_EXTRACT(Properties, '$.DistributionDomainName') as distribution_domain_name, + JSON_EXTRACT(Properties, '$.RegionalCertificateArn') as regional_certificate_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CertificateArn') as certificate_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DomainName' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.MutualTlsAuthentication') as mutual_tls_authentication, + JSON_EXTRACT(detail.Properties, '$.OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, + JSON_EXTRACT(detail.Properties, '$.RegionalHostedZoneId') as regional_hosted_zone_id, + JSON_EXTRACT(detail.Properties, '$.RegionalDomainName') as regional_domain_name, + JSON_EXTRACT(detail.Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(detail.Properties, '$.SecurityPolicy') as security_policy, + JSON_EXTRACT(detail.Properties, '$.DistributionHostedZoneId') as distribution_hosted_zone_id, + JSON_EXTRACT(detail.Properties, '$.EndpointConfiguration') as endpoint_configuration, + JSON_EXTRACT(detail.Properties, '$.DistributionDomainName') as distribution_domain_name, + JSON_EXTRACT(detail.Properties, '$.RegionalCertificateArn') as regional_certificate_arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.CertificateArn') as certificate_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainName' + AND detail.data__TypeName = 'AWS::ApiGateway::DomainName' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MutualTlsAuthentication') as mutual_tls_authentication, + json_extract_path_text(Properties, 'OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, + json_extract_path_text(Properties, 'RegionalHostedZoneId') as regional_hosted_zone_id, + json_extract_path_text(Properties, 'RegionalDomainName') as regional_domain_name, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'SecurityPolicy') as security_policy, + json_extract_path_text(Properties, 'DistributionHostedZoneId') as distribution_hosted_zone_id, + json_extract_path_text(Properties, 'EndpointConfiguration') as endpoint_configuration, + json_extract_path_text(Properties, 'DistributionDomainName') as distribution_domain_name, + json_extract_path_text(Properties, 'RegionalCertificateArn') as regional_certificate_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CertificateArn') as certificate_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DomainName' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'MutualTlsAuthentication') as mutual_tls_authentication, + json_extract_path_text(detail.Properties, 'OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, + json_extract_path_text(detail.Properties, 'RegionalHostedZoneId') as regional_hosted_zone_id, + json_extract_path_text(detail.Properties, 'RegionalDomainName') as regional_domain_name, + json_extract_path_text(detail.Properties, 'DomainName') as domain_name, + json_extract_path_text(detail.Properties, 'SecurityPolicy') as security_policy, + json_extract_path_text(detail.Properties, 'DistributionHostedZoneId') as distribution_hosted_zone_id, + json_extract_path_text(detail.Properties, 'EndpointConfiguration') as endpoint_configuration, + json_extract_path_text(detail.Properties, 'DistributionDomainName') as distribution_domain_name, + json_extract_path_text(detail.Properties, 'RegionalCertificateArn') as regional_certificate_arn, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'CertificateArn') as certificate_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainName' + AND detail.data__TypeName = 'AWS::ApiGateway::DomainName' + AND listing.region = 'us-east-1' + domain_names_list_only: + name: domain_names_list_only + id: aws.apigateway.domain_names_list_only + x-cfn-schema-name: DomainName + x-cfn-type-name: AWS::ApiGateway::DomainName + x-identifiers: + - DomainName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DomainName' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainName') as domain_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DomainName' + AND region = 'us-east-1' + domain_name_tags: + name: domain_name_tags + id: aws.apigateway.domain_name_tags + x-cfn-schema-name: DomainName + x-cfn-type-name: AWS::ApiGateway::DomainName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.MutualTlsAuthentication') as mutual_tls_authentication, + JSON_EXTRACT(detail.Properties, '$.OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, + JSON_EXTRACT(detail.Properties, '$.RegionalHostedZoneId') as regional_hosted_zone_id, + JSON_EXTRACT(detail.Properties, '$.RegionalDomainName') as regional_domain_name, + JSON_EXTRACT(detail.Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(detail.Properties, '$.SecurityPolicy') as security_policy, + JSON_EXTRACT(detail.Properties, '$.DistributionHostedZoneId') as distribution_hosted_zone_id, + JSON_EXTRACT(detail.Properties, '$.EndpointConfiguration') as endpoint_configuration, + JSON_EXTRACT(detail.Properties, '$.DistributionDomainName') as distribution_domain_name, + JSON_EXTRACT(detail.Properties, '$.RegionalCertificateArn') as regional_certificate_arn, + JSON_EXTRACT(detail.Properties, '$.CertificateArn') as certificate_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainName' + AND detail.data__TypeName = 'AWS::ApiGateway::DomainName' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'MutualTlsAuthentication') as mutual_tls_authentication, + json_extract_path_text(detail.Properties, 'OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, + json_extract_path_text(detail.Properties, 'RegionalHostedZoneId') as regional_hosted_zone_id, + json_extract_path_text(detail.Properties, 'RegionalDomainName') as regional_domain_name, + json_extract_path_text(detail.Properties, 'DomainName') as domain_name, + json_extract_path_text(detail.Properties, 'SecurityPolicy') as security_policy, + json_extract_path_text(detail.Properties, 'DistributionHostedZoneId') as distribution_hosted_zone_id, + json_extract_path_text(detail.Properties, 'EndpointConfiguration') as endpoint_configuration, + json_extract_path_text(detail.Properties, 'DistributionDomainName') as distribution_domain_name, + json_extract_path_text(detail.Properties, 'RegionalCertificateArn') as regional_certificate_arn, + json_extract_path_text(detail.Properties, 'CertificateArn') as certificate_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainName' + AND detail.data__TypeName = 'AWS::ApiGateway::DomainName' + AND listing.region = 'us-east-1' + domain_name_access_associations: + name: domain_name_access_associations + id: aws.apigateway.domain_name_access_associations + x-cfn-schema-name: DomainNameAccessAssociation + x-cfn-type-name: AWS::ApiGateway::DomainNameAccessAssociation + x-identifiers: + - DomainNameAccessAssociationArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DomainNameAccessAssociation&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApiGateway::DomainNameAccessAssociation" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApiGateway::DomainNameAccessAssociation" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/domain_name_access_associations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/domain_name_access_associations/methods/delete_resource' + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainNameAccessAssociationArn') as domain_name_access_association_arn, + JSON_EXTRACT(Properties, '$.DomainNameArn') as domain_name_arn, + JSON_EXTRACT(Properties, '$.AccessAssociationSource') as access_association_source, + JSON_EXTRACT(Properties, '$.AccessAssociationSourceType') as access_association_source_type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DomainNameAccessAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.DomainNameAccessAssociationArn') as domain_name_access_association_arn, + JSON_EXTRACT(detail.Properties, '$.DomainNameArn') as domain_name_arn, + JSON_EXTRACT(detail.Properties, '$.AccessAssociationSource') as access_association_source, + JSON_EXTRACT(detail.Properties, '$.AccessAssociationSourceType') as access_association_source_type, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainNameAccessAssociation' + AND detail.data__TypeName = 'AWS::ApiGateway::DomainNameAccessAssociation' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainNameAccessAssociationArn') as domain_name_access_association_arn, + json_extract_path_text(Properties, 'DomainNameArn') as domain_name_arn, + json_extract_path_text(Properties, 'AccessAssociationSource') as access_association_source, + json_extract_path_text(Properties, 'AccessAssociationSourceType') as access_association_source_type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DomainNameAccessAssociation' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'DomainNameAccessAssociationArn') as domain_name_access_association_arn, + json_extract_path_text(detail.Properties, 'DomainNameArn') as domain_name_arn, + json_extract_path_text(detail.Properties, 'AccessAssociationSource') as access_association_source, + json_extract_path_text(detail.Properties, 'AccessAssociationSourceType') as access_association_source_type, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainNameAccessAssociation' + AND detail.data__TypeName = 'AWS::ApiGateway::DomainNameAccessAssociation' + AND listing.region = 'us-east-1' + domain_name_access_associations_list_only: + name: domain_name_access_associations_list_only + id: aws.apigateway.domain_name_access_associations_list_only + x-cfn-schema-name: DomainNameAccessAssociation + x-cfn-type-name: AWS::ApiGateway::DomainNameAccessAssociation + x-identifiers: + - DomainNameAccessAssociationArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainNameAccessAssociationArn') as domain_name_access_association_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DomainNameAccessAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainNameAccessAssociationArn') as domain_name_access_association_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DomainNameAccessAssociation' + AND region = 'us-east-1' + domain_name_access_association_tags: + name: domain_name_access_association_tags + id: aws.apigateway.domain_name_access_association_tags + x-cfn-schema-name: DomainNameAccessAssociation + x-cfn-type-name: AWS::ApiGateway::DomainNameAccessAssociation + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.DomainNameAccessAssociationArn') as domain_name_access_association_arn, + JSON_EXTRACT(detail.Properties, '$.DomainNameArn') as domain_name_arn, + JSON_EXTRACT(detail.Properties, '$.AccessAssociationSource') as access_association_source, + JSON_EXTRACT(detail.Properties, '$.AccessAssociationSourceType') as access_association_source_type + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainNameAccessAssociation' + AND detail.data__TypeName = 'AWS::ApiGateway::DomainNameAccessAssociation' + AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT - region, - json_extract_path_text(Properties, 'DocumentationVersion') as documentation_version, - json_extract_path_text(Properties, 'RestApiId') as rest_api_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DocumentationVersion' - AND region = 'us-east-1' - domain_names: - name: domain_names - id: aws.apigateway.domain_names - x-cfn-schema-name: DomainName - x-cfn-type-name: AWS::ApiGateway::DomainName + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'DomainNameAccessAssociationArn') as domain_name_access_association_arn, + json_extract_path_text(detail.Properties, 'DomainNameArn') as domain_name_arn, + json_extract_path_text(detail.Properties, 'AccessAssociationSource') as access_association_source, + json_extract_path_text(detail.Properties, 'AccessAssociationSourceType') as access_association_source_type + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainNameAccessAssociation' + AND detail.data__TypeName = 'AWS::ApiGateway::DomainNameAccessAssociation' + AND listing.region = 'us-east-1' + domain_name_v2s: + name: domain_name_v2s + id: aws.apigateway.domain_name_v2s + x-cfn-schema-name: DomainNameV2 + x-cfn-type-name: AWS::ApiGateway::DomainNameV2 x-identifiers: - - DomainName + - DomainNameArn x-type: cloud_control methods: create_resource: @@ -4205,12 +5033,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DomainName&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DomainNameV2&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::ApiGateway::DomainName" + "TypeName": "AWS::ApiGateway::DomainNameV2" } response: mediaType: application/json @@ -4222,7 +5050,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::ApiGateway::DomainName" + "TypeName": "AWS::ApiGateway::DomainNameV2" } response: mediaType: application/json @@ -4234,18 +5062,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::ApiGateway::DomainName" + "TypeName": "AWS::ApiGateway::DomainNameV2" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/domain_names/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/domain_name_v2s/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/domain_names/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/domain_name_v2s/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/domain_names/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/domain_name_v2s/methods/update_resource' config: views: select: @@ -4254,44 +5082,36 @@ components: SELECT region, data__Identifier, + JSON_EXTRACT(Properties, '$.CertificateArn') as certificate_arn, JSON_EXTRACT(Properties, '$.DomainName') as domain_name, - JSON_EXTRACT(Properties, '$.DistributionDomainName') as distribution_domain_name, - JSON_EXTRACT(Properties, '$.DistributionHostedZoneId') as distribution_hosted_zone_id, JSON_EXTRACT(Properties, '$.EndpointConfiguration') as endpoint_configuration, - JSON_EXTRACT(Properties, '$.MutualTlsAuthentication') as mutual_tls_authentication, - JSON_EXTRACT(Properties, '$.RegionalDomainName') as regional_domain_name, - JSON_EXTRACT(Properties, '$.RegionalHostedZoneId') as regional_hosted_zone_id, - JSON_EXTRACT(Properties, '$.CertificateArn') as certificate_arn, - JSON_EXTRACT(Properties, '$.RegionalCertificateArn') as regional_certificate_arn, - JSON_EXTRACT(Properties, '$.OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, JSON_EXTRACT(Properties, '$.SecurityPolicy') as security_policy, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.DomainNameId') as domain_name_id, + JSON_EXTRACT(Properties, '$.DomainNameArn') as domain_name_arn, JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DomainName' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DomainNameV2' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, + JSON_EXTRACT(detail.Properties, '$.CertificateArn') as certificate_arn, JSON_EXTRACT(detail.Properties, '$.DomainName') as domain_name, - JSON_EXTRACT(detail.Properties, '$.DistributionDomainName') as distribution_domain_name, - JSON_EXTRACT(detail.Properties, '$.DistributionHostedZoneId') as distribution_hosted_zone_id, JSON_EXTRACT(detail.Properties, '$.EndpointConfiguration') as endpoint_configuration, - JSON_EXTRACT(detail.Properties, '$.MutualTlsAuthentication') as mutual_tls_authentication, - JSON_EXTRACT(detail.Properties, '$.RegionalDomainName') as regional_domain_name, - JSON_EXTRACT(detail.Properties, '$.RegionalHostedZoneId') as regional_hosted_zone_id, - JSON_EXTRACT(detail.Properties, '$.CertificateArn') as certificate_arn, - JSON_EXTRACT(detail.Properties, '$.RegionalCertificateArn') as regional_certificate_arn, - JSON_EXTRACT(detail.Properties, '$.OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, JSON_EXTRACT(detail.Properties, '$.SecurityPolicy') as security_policy, + JSON_EXTRACT(detail.Properties, '$.Policy') as policy, + JSON_EXTRACT(detail.Properties, '$.DomainNameId') as domain_name_id, + JSON_EXTRACT(detail.Properties, '$.DomainNameArn') as domain_name_arn, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainName' - AND detail.data__TypeName = 'AWS::ApiGateway::DomainName' + WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainNameV2' + AND detail.data__TypeName = 'AWS::ApiGateway::DomainNameV2' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -4299,52 +5119,44 @@ components: SELECT region, data__Identifier, + json_extract_path_text(Properties, 'CertificateArn') as certificate_arn, json_extract_path_text(Properties, 'DomainName') as domain_name, - json_extract_path_text(Properties, 'DistributionDomainName') as distribution_domain_name, - json_extract_path_text(Properties, 'DistributionHostedZoneId') as distribution_hosted_zone_id, json_extract_path_text(Properties, 'EndpointConfiguration') as endpoint_configuration, - json_extract_path_text(Properties, 'MutualTlsAuthentication') as mutual_tls_authentication, - json_extract_path_text(Properties, 'RegionalDomainName') as regional_domain_name, - json_extract_path_text(Properties, 'RegionalHostedZoneId') as regional_hosted_zone_id, - json_extract_path_text(Properties, 'CertificateArn') as certificate_arn, - json_extract_path_text(Properties, 'RegionalCertificateArn') as regional_certificate_arn, - json_extract_path_text(Properties, 'OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, json_extract_path_text(Properties, 'SecurityPolicy') as security_policy, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'DomainNameId') as domain_name_id, + json_extract_path_text(Properties, 'DomainNameArn') as domain_name_arn, json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DomainName' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGateway::DomainNameV2' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, + json_extract_path_text(detail.Properties, 'CertificateArn') as certificate_arn, json_extract_path_text(detail.Properties, 'DomainName') as domain_name, - json_extract_path_text(detail.Properties, 'DistributionDomainName') as distribution_domain_name, - json_extract_path_text(detail.Properties, 'DistributionHostedZoneId') as distribution_hosted_zone_id, json_extract_path_text(detail.Properties, 'EndpointConfiguration') as endpoint_configuration, - json_extract_path_text(detail.Properties, 'MutualTlsAuthentication') as mutual_tls_authentication, - json_extract_path_text(detail.Properties, 'RegionalDomainName') as regional_domain_name, - json_extract_path_text(detail.Properties, 'RegionalHostedZoneId') as regional_hosted_zone_id, - json_extract_path_text(detail.Properties, 'CertificateArn') as certificate_arn, - json_extract_path_text(detail.Properties, 'RegionalCertificateArn') as regional_certificate_arn, - json_extract_path_text(detail.Properties, 'OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, json_extract_path_text(detail.Properties, 'SecurityPolicy') as security_policy, + json_extract_path_text(detail.Properties, 'Policy') as policy, + json_extract_path_text(detail.Properties, 'DomainNameId') as domain_name_id, + json_extract_path_text(detail.Properties, 'DomainNameArn') as domain_name_arn, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainName' - AND detail.data__TypeName = 'AWS::ApiGateway::DomainName' + WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainNameV2' + AND detail.data__TypeName = 'AWS::ApiGateway::DomainNameV2' AND listing.region = 'us-east-1' - domain_names_list_only: - name: domain_names_list_only - id: aws.apigateway.domain_names_list_only - x-cfn-schema-name: DomainName - x-cfn-type-name: AWS::ApiGateway::DomainName + domain_name_v2s_list_only: + name: domain_name_v2s_list_only + id: aws.apigateway.domain_name_v2s_list_only + x-cfn-schema-name: DomainNameV2 + x-cfn-type-name: AWS::ApiGateway::DomainNameV2 x-identifiers: - - DomainName + - DomainNameArn x-type: cloud_control_view methods: {} sqlVerbs: @@ -4358,22 +5170,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.DomainName') as domain_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DomainName' + JSON_EXTRACT(Properties, '$.DomainNameArn') as domain_name_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DomainNameV2' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'DomainName') as domain_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DomainName' + json_extract_path_text(Properties, 'DomainNameArn') as domain_name_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGateway::DomainNameV2' AND region = 'us-east-1' - domain_name_tags: - name: domain_name_tags - id: aws.apigateway.domain_name_tags - x-cfn-schema-name: DomainName - x-cfn-type-name: AWS::ApiGateway::DomainName + domain_name_v2_tags: + name: domain_name_v2_tags + id: aws.apigateway.domain_name_v2_tags + x-cfn-schema-name: DomainNameV2 + x-cfn-type-name: AWS::ApiGateway::DomainNameV2 x-type: cloud_control_view methods: {} sqlVerbs: @@ -4389,24 +5201,20 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.CertificateArn') as certificate_arn, JSON_EXTRACT(detail.Properties, '$.DomainName') as domain_name, - JSON_EXTRACT(detail.Properties, '$.DistributionDomainName') as distribution_domain_name, - JSON_EXTRACT(detail.Properties, '$.DistributionHostedZoneId') as distribution_hosted_zone_id, JSON_EXTRACT(detail.Properties, '$.EndpointConfiguration') as endpoint_configuration, - JSON_EXTRACT(detail.Properties, '$.MutualTlsAuthentication') as mutual_tls_authentication, - JSON_EXTRACT(detail.Properties, '$.RegionalDomainName') as regional_domain_name, - JSON_EXTRACT(detail.Properties, '$.RegionalHostedZoneId') as regional_hosted_zone_id, - JSON_EXTRACT(detail.Properties, '$.CertificateArn') as certificate_arn, - JSON_EXTRACT(detail.Properties, '$.RegionalCertificateArn') as regional_certificate_arn, - JSON_EXTRACT(detail.Properties, '$.OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, - JSON_EXTRACT(detail.Properties, '$.SecurityPolicy') as security_policy + JSON_EXTRACT(detail.Properties, '$.SecurityPolicy') as security_policy, + JSON_EXTRACT(detail.Properties, '$.Policy') as policy, + JSON_EXTRACT(detail.Properties, '$.DomainNameId') as domain_name_id, + JSON_EXTRACT(detail.Properties, '$.DomainNameArn') as domain_name_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainName' - AND detail.data__TypeName = 'AWS::ApiGateway::DomainName' + WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainNameV2' + AND detail.data__TypeName = 'AWS::ApiGateway::DomainNameV2' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -4415,24 +5223,20 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'CertificateArn') as certificate_arn, json_extract_path_text(detail.Properties, 'DomainName') as domain_name, - json_extract_path_text(detail.Properties, 'DistributionDomainName') as distribution_domain_name, - json_extract_path_text(detail.Properties, 'DistributionHostedZoneId') as distribution_hosted_zone_id, json_extract_path_text(detail.Properties, 'EndpointConfiguration') as endpoint_configuration, - json_extract_path_text(detail.Properties, 'MutualTlsAuthentication') as mutual_tls_authentication, - json_extract_path_text(detail.Properties, 'RegionalDomainName') as regional_domain_name, - json_extract_path_text(detail.Properties, 'RegionalHostedZoneId') as regional_hosted_zone_id, - json_extract_path_text(detail.Properties, 'CertificateArn') as certificate_arn, - json_extract_path_text(detail.Properties, 'RegionalCertificateArn') as regional_certificate_arn, - json_extract_path_text(detail.Properties, 'OwnershipVerificationCertificateArn') as ownership_verification_certificate_arn, - json_extract_path_text(detail.Properties, 'SecurityPolicy') as security_policy + json_extract_path_text(detail.Properties, 'SecurityPolicy') as security_policy, + json_extract_path_text(detail.Properties, 'Policy') as policy, + json_extract_path_text(detail.Properties, 'DomainNameId') as domain_name_id, + json_extract_path_text(detail.Properties, 'DomainNameArn') as domain_name_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainName' - AND detail.data__TypeName = 'AWS::ApiGateway::DomainName' + WHERE listing.data__TypeName = 'AWS::ApiGateway::DomainNameV2' + AND detail.data__TypeName = 'AWS::ApiGateway::DomainNameV2' AND listing.region = 'us-east-1' gateway_responses: name: gateway_responses @@ -6539,6 +7343,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__BasePathMappingV2&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateBasePathMappingV2 + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateBasePathMappingV2Request' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__ClientCertificate&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -6749,6 +7595,90 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__DomainNameAccessAssociation&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDomainNameAccessAssociation + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDomainNameAccessAssociationRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__DomainNameV2&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDomainNameV2 + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDomainNameV2Request' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__GatewayResponse&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/apigatewayv2.yaml b/providers/src/aws/v00.00.00000/services/apigatewayv2.yaml index 2e2e5115..c862417e 100644 --- a/providers/src/aws/v00.00.00000/services/apigatewayv2.yaml +++ b/providers/src/aws/v00.00.00000/services/apigatewayv2.yaml @@ -794,7 +794,7 @@ components: description: An AWS-managed certificate that will be used by the edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source. description: |- The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name. - ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. + ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. DomainName: type: object properties: @@ -808,7 +808,7 @@ components: description: '' type: string DomainName: - description: The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + description: The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. type: string DomainNameConfigurations: description: The domain name configurations. @@ -861,6 +861,156 @@ components: - apigateway:DELETE list: - apigateway:GET + ResponseParameter: + description: response parameter + type: object + additionalProperties: false + properties: + Destination: + type: string + Source: + type: string + ResponseParameterList: + description: list of response parameters + type: array + items: + $ref: '#/components/schemas/ResponseParameter' + ResponseParameterMap: + description: map of response parameter lists + type: object + additionalProperties: false + properties: + ResponseParameters: + $ref: '#/components/schemas/ResponseParameterList' + TlsConfig: + description: The TlsConfig property specifies the TLS configuration for a private integration. Supported only for HTTP APIs. + type: object + additionalProperties: false + properties: + ServerNameToVerify: + type: string + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + Integration: + type: object + properties: + ApiId: + description: The API identifier. + type: string + ConnectionId: + description: The ID of the VPC link for a private integration. Supported only for HTTP APIs. + type: string + ConnectionType: + description: The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET. + type: string + ContentHandlingStrategy: + description: Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT. + type: string + CredentialsArn: + description: Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, don't specify this parameter. + type: string + Description: + description: The description of the integration. + type: string + IntegrationMethod: + description: Specifies the integration's HTTP method type. + type: string + IntegrationSubtype: + description: Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. + type: string + IntegrationId: + description: The integration ID. + type: string + IntegrationType: + description: The integration type of an integration. + type: string + IntegrationUri: + description: For a Lambda integration, specify the URI of a Lambda function. For an HTTP integration, specify a fully-qualified URL. For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. + type: string + PassthroughBehavior: + description: 'Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.' + type: string + PayloadFormatVersion: + description: Specifies the format of the payload sent to an integration. Required for HTTP APIs. For HTTP APIs, supported values for Lambda proxy integrations are 1.0 and 2.0 For all other integrations, 1.0 is the only supported value. + type: string + RequestParameters: + description: A key-value map specifying parameters. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + RequestTemplates: + description: A map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + ResponseParameters: + description: Parameters that transform the HTTP response from a backend integration before returning the response to clients. Supported only for HTTP APIs. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + $ref: '#/components/schemas/ResponseParameterMap' + TemplateSelectionExpression: + description: The template selection expression for the integration. Supported only for WebSocket APIs. + type: string + TimeoutInMillis: + description: Custom timeout between 50 and 29000 milliseconds for WebSocket APIs and between 50 and 30000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs. + type: integer + TlsConfig: + description: The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs. + $ref: '#/components/schemas/TlsConfig' + required: + - ApiId + - IntegrationType + x-stackql-resource-name: integration + description: An example resource schema demonstrating some basic constructs and validation rules. + x-type-name: AWS::ApiGatewayV2::Integration + x-stackql-primary-identifier: + - ApiId + - IntegrationId + x-create-only-properties: + - ApiId + x-read-only-properties: + - IntegrationId + x-required-properties: + - ApiId + - IntegrationType + x-tagging: + taggable: false + x-required-permissions: + create: + - apigateway:POST + update: + - apigateway:PATCH + - apigateway:GET + - apigateway:PUT + read: + - apigateway:GET + delete: + - apigateway:GET + - apigateway:DELETE + list: + - apigateway:GET IntegrationResponse: type: object properties: @@ -1452,7 +1602,7 @@ components: description: '' type: string DomainName: - description: The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + description: The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. type: string DomainNameConfigurations: description: The domain name configurations. @@ -1471,6 +1621,92 @@ components: x-title: CreateDomainNameRequest type: object required: [] + CreateIntegrationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ApiId: + description: The API identifier. + type: string + ConnectionId: + description: The ID of the VPC link for a private integration. Supported only for HTTP APIs. + type: string + ConnectionType: + description: The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET. + type: string + ContentHandlingStrategy: + description: Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT. + type: string + CredentialsArn: + description: Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, don't specify this parameter. + type: string + Description: + description: The description of the integration. + type: string + IntegrationMethod: + description: Specifies the integration's HTTP method type. + type: string + IntegrationSubtype: + description: Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. + type: string + IntegrationId: + description: The integration ID. + type: string + IntegrationType: + description: The integration type of an integration. + type: string + IntegrationUri: + description: For a Lambda integration, specify the URI of a Lambda function. For an HTTP integration, specify a fully-qualified URL. For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. + type: string + PassthroughBehavior: + description: 'Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.' + type: string + PayloadFormatVersion: + description: Specifies the format of the payload sent to an integration. Required for HTTP APIs. For HTTP APIs, supported values for Lambda proxy integrations are 1.0 and 2.0 For all other integrations, 1.0 is the only supported value. + type: string + RequestParameters: + description: A key-value map specifying parameters. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + RequestTemplates: + description: A map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + type: string + ResponseParameters: + description: Parameters that transform the HTTP response from a backend integration before returning the response to clients. Supported only for HTTP APIs. + type: object + additionalProperties: false + x-patternProperties: + '[a-zA-Z0-9]+': + $ref: '#/components/schemas/ResponseParameterMap' + TemplateSelectionExpression: + description: The template selection expression for the integration. Supported only for WebSocket APIs. + type: string + TimeoutInMillis: + description: Custom timeout between 50 and 29000 milliseconds for WebSocket APIs and between 50 and 30000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs. + type: integer + TlsConfig: + description: The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs. + $ref: '#/components/schemas/TlsConfig' + x-stackQL-stringOnly: true + x-title: CreateIntegrationRequest + type: object + required: [] CreateIntegrationResponseRequest: properties: ClientToken: @@ -2680,6 +2916,216 @@ components: WHERE listing.data__TypeName = 'AWS::ApiGatewayV2::DomainName' AND detail.data__TypeName = 'AWS::ApiGatewayV2::DomainName' AND listing.region = 'us-east-1' + integrations: + name: integrations + id: aws.apigatewayv2.integrations + x-cfn-schema-name: Integration + x-cfn-type-name: AWS::ApiGatewayV2::Integration + x-identifiers: + - ApiId + - IntegrationId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Integration&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApiGatewayV2::Integration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApiGatewayV2::Integration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApiGatewayV2::Integration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/integrations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/integrations/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/integrations/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.ConnectionId') as connection_id, + JSON_EXTRACT(Properties, '$.ConnectionType') as connection_type, + JSON_EXTRACT(Properties, '$.ContentHandlingStrategy') as content_handling_strategy, + JSON_EXTRACT(Properties, '$.CredentialsArn') as credentials_arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.IntegrationMethod') as integration_method, + JSON_EXTRACT(Properties, '$.IntegrationSubtype') as integration_subtype, + JSON_EXTRACT(Properties, '$.IntegrationId') as integration_id, + JSON_EXTRACT(Properties, '$.IntegrationType') as integration_type, + JSON_EXTRACT(Properties, '$.IntegrationUri') as integration_uri, + JSON_EXTRACT(Properties, '$.PassthroughBehavior') as passthrough_behavior, + JSON_EXTRACT(Properties, '$.PayloadFormatVersion') as payload_format_version, + JSON_EXTRACT(Properties, '$.RequestParameters') as request_parameters, + JSON_EXTRACT(Properties, '$.RequestTemplates') as request_templates, + JSON_EXTRACT(Properties, '$.ResponseParameters') as response_parameters, + JSON_EXTRACT(Properties, '$.TemplateSelectionExpression') as template_selection_expression, + JSON_EXTRACT(Properties, '$.TimeoutInMillis') as timeout_in_millis, + JSON_EXTRACT(Properties, '$.TlsConfig') as tls_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::Integration' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ApiId') as api_id, + JSON_EXTRACT(detail.Properties, '$.ConnectionId') as connection_id, + JSON_EXTRACT(detail.Properties, '$.ConnectionType') as connection_type, + JSON_EXTRACT(detail.Properties, '$.ContentHandlingStrategy') as content_handling_strategy, + JSON_EXTRACT(detail.Properties, '$.CredentialsArn') as credentials_arn, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.IntegrationMethod') as integration_method, + JSON_EXTRACT(detail.Properties, '$.IntegrationSubtype') as integration_subtype, + JSON_EXTRACT(detail.Properties, '$.IntegrationId') as integration_id, + JSON_EXTRACT(detail.Properties, '$.IntegrationType') as integration_type, + JSON_EXTRACT(detail.Properties, '$.IntegrationUri') as integration_uri, + JSON_EXTRACT(detail.Properties, '$.PassthroughBehavior') as passthrough_behavior, + JSON_EXTRACT(detail.Properties, '$.PayloadFormatVersion') as payload_format_version, + JSON_EXTRACT(detail.Properties, '$.RequestParameters') as request_parameters, + JSON_EXTRACT(detail.Properties, '$.RequestTemplates') as request_templates, + JSON_EXTRACT(detail.Properties, '$.ResponseParameters') as response_parameters, + JSON_EXTRACT(detail.Properties, '$.TemplateSelectionExpression') as template_selection_expression, + JSON_EXTRACT(detail.Properties, '$.TimeoutInMillis') as timeout_in_millis, + JSON_EXTRACT(detail.Properties, '$.TlsConfig') as tls_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ApiGatewayV2::Integration' + AND detail.data__TypeName = 'AWS::ApiGatewayV2::Integration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'ConnectionId') as connection_id, + json_extract_path_text(Properties, 'ConnectionType') as connection_type, + json_extract_path_text(Properties, 'ContentHandlingStrategy') as content_handling_strategy, + json_extract_path_text(Properties, 'CredentialsArn') as credentials_arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'IntegrationMethod') as integration_method, + json_extract_path_text(Properties, 'IntegrationSubtype') as integration_subtype, + json_extract_path_text(Properties, 'IntegrationId') as integration_id, + json_extract_path_text(Properties, 'IntegrationType') as integration_type, + json_extract_path_text(Properties, 'IntegrationUri') as integration_uri, + json_extract_path_text(Properties, 'PassthroughBehavior') as passthrough_behavior, + json_extract_path_text(Properties, 'PayloadFormatVersion') as payload_format_version, + json_extract_path_text(Properties, 'RequestParameters') as request_parameters, + json_extract_path_text(Properties, 'RequestTemplates') as request_templates, + json_extract_path_text(Properties, 'ResponseParameters') as response_parameters, + json_extract_path_text(Properties, 'TemplateSelectionExpression') as template_selection_expression, + json_extract_path_text(Properties, 'TimeoutInMillis') as timeout_in_millis, + json_extract_path_text(Properties, 'TlsConfig') as tls_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApiGatewayV2::Integration' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ApiId') as api_id, + json_extract_path_text(detail.Properties, 'ConnectionId') as connection_id, + json_extract_path_text(detail.Properties, 'ConnectionType') as connection_type, + json_extract_path_text(detail.Properties, 'ContentHandlingStrategy') as content_handling_strategy, + json_extract_path_text(detail.Properties, 'CredentialsArn') as credentials_arn, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'IntegrationMethod') as integration_method, + json_extract_path_text(detail.Properties, 'IntegrationSubtype') as integration_subtype, + json_extract_path_text(detail.Properties, 'IntegrationId') as integration_id, + json_extract_path_text(detail.Properties, 'IntegrationType') as integration_type, + json_extract_path_text(detail.Properties, 'IntegrationUri') as integration_uri, + json_extract_path_text(detail.Properties, 'PassthroughBehavior') as passthrough_behavior, + json_extract_path_text(detail.Properties, 'PayloadFormatVersion') as payload_format_version, + json_extract_path_text(detail.Properties, 'RequestParameters') as request_parameters, + json_extract_path_text(detail.Properties, 'RequestTemplates') as request_templates, + json_extract_path_text(detail.Properties, 'ResponseParameters') as response_parameters, + json_extract_path_text(detail.Properties, 'TemplateSelectionExpression') as template_selection_expression, + json_extract_path_text(detail.Properties, 'TimeoutInMillis') as timeout_in_millis, + json_extract_path_text(detail.Properties, 'TlsConfig') as tls_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ApiGatewayV2::Integration' + AND detail.data__TypeName = 'AWS::ApiGatewayV2::Integration' + AND listing.region = 'us-east-1' + integrations_list_only: + name: integrations_list_only + id: aws.apigatewayv2.integrations_list_only + x-cfn-schema-name: Integration + x-cfn-type-name: AWS::ApiGatewayV2::Integration + x-identifiers: + - ApiId + - IntegrationId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.IntegrationId') as integration_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::Integration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'IntegrationId') as integration_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApiGatewayV2::Integration' + AND region = 'us-east-1' integration_responses: name: integration_responses id: aws.apigatewayv2.integration_responses @@ -3914,6 +4360,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Integration&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateIntegration + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateIntegrationRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__IntegrationResponse&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/appconfig.yaml b/providers/src/aws/v00.00.00000/services/appconfig.yaml index b07958c2..7843f105 100644 --- a/providers/src/aws/v00.00.00000/services/appconfig.yaml +++ b/providers/src/aws/v00.00.00000/services/appconfig.yaml @@ -397,7 +397,6 @@ components: maxLength: 256 Key: minLength: 1 - pattern: ^(?!aws:.)[a-zA-Z0-9 +=._:/-]*$ description: The key-value string map. The tag key can be up to 128 characters and must not start with aws:. type: string maxLength: 128 @@ -437,6 +436,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - appconfig:TagResource + - appconfig:UntagResource + - appconfig:ListTagsForResource x-required-permissions: create: - appconfig:CreateApplication @@ -512,6 +515,13 @@ components: description: The ARN of an IAM role with permission to access the configuration at the specified LocationUri. type: string maxLength: 2048 + DeletionProtectionCheck: + description: On resource deletion this controls whether the Deletion Protection check should be applied, bypassed, or (the default) whether the behavior should be controlled by the account-level Deletion Protection setting. See https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html + type: string + enum: + - ACCOUNT_DEFAULT + - APPLY + - BYPASS ApplicationId: pattern: '[a-z0-9]{4,7}' description: The application ID. @@ -542,6 +552,8 @@ components: - LocationUri - Type - ApplicationId + x-write-only-properties: + - DeletionProtectionCheck x-read-only-properties: - ConfigurationProfileId - KmsKeyArn @@ -550,6 +562,10 @@ components: - ApplicationId - Name x-tagging: + permissions: + - appconfig:TagResource + - appconfig:UntagResource + - appconfig:ListTagsForResource taggable: true tagOnCreate: true tagUpdatable: true @@ -574,6 +590,231 @@ components: - appconfig:ListConfigurationProfiles delete: - appconfig:DeleteConfigurationProfile + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + DynamicExtensionParameters: + additionalProperties: false + type: object + properties: + ParameterValue: + type: string + ExtensionReference: + type: string + ParameterName: + type: string + Deployment: + type: object + properties: + DeploymentStrategyId: + description: The deployment strategy ID. + type: string + ConfigurationProfileId: + description: The configuration profile ID. + type: string + EnvironmentId: + description: The environment ID. + type: string + KmsKeyIdentifier: + pattern: ^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}|alias/[a-zA-Z0-9/_-]{1,250}|arn:aws[a-zA-Z-]*:kms:[a-z]{2}(-gov|-iso(b?))?-[a-z]+-\d{1}:\d{12}:(key/[0-9a-f-]{36}|alias/[a-zA-Z0-9/_-]{1,250})$ + description: The AWS Key Management Service key identifier (key ID, key alias, or key ARN) provided when the resource was created or updated. + type: string + Description: + description: A description of the deployment. + type: string + ConfigurationVersion: + description: The configuration version to deploy. If deploying an AWS AppConfig hosted configuration version, you can specify either the version number or version label. For all other configurations, you must specify the version number. + type: string + DeploymentNumber: + description: The sequence number of the deployment. + type: string + ApplicationId: + description: The application ID. + type: string + DynamicExtensionParameters: + uniqueItems: false + type: array + items: + $ref: '#/components/schemas/DynamicExtensionParameters' + Tags: + uniqueItems: true + description: An array of key-value pairs to apply to this resource. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - ApplicationId + - ConfigurationProfileId + - DeploymentStrategyId + - EnvironmentId + - ConfigurationVersion + x-stackql-resource-name: deployment + description: Resource Type definition for AWS::AppConfig::Deployment + x-type-name: AWS::AppConfig::Deployment + x-stackql-primary-identifier: + - ApplicationId + - EnvironmentId + - DeploymentNumber + x-create-only-properties: + - ApplicationId + - ConfigurationProfileId + - DeploymentStrategyId + - EnvironmentId + - Description + - ConfigurationVersion + - KmsKeyIdentifier + - DynamicExtensionParameters + - Tags + x-write-only-properties: + - DynamicExtensionParameters + x-read-only-properties: + - DeploymentNumber + x-required-properties: + - ApplicationId + - ConfigurationProfileId + - DeploymentStrategyId + - EnvironmentId + - ConfigurationVersion + x-tagging: + permissions: + - appconfig:TagResource + - appconfig:UntagResource + - appconfig:ListTagsForResource + taggable: true + tagOnCreate: true + tagUpdatable: false + tagProperty: /properties/Tags + cloudFormationSystemTags: true + x-required-permissions: + read: + - appconfig:GetDeployment + - appconfig:ListTagsForResource + create: + - appconfig:StartDeployment + - appconfig:GetDeployment + - appconfig:TagResource + - appconfig:ListTagsForResource + - kms:GenerateDataKey + list: + - appconfig:ListDeployments + delete: + - appconfig:StopDeployment + DeploymentStrategy: + type: object + properties: + DeploymentDurationInMinutes: + type: number + description: Total amount of time for a deployment to last. + Description: + type: string + description: A description of the deployment strategy. + FinalBakeTimeInMinutes: + type: number + description: >- + Specifies the amount of time AWS AppConfig monitors for Amazon CloudWatch alarms after the configuration has been deployed to 100% of its targets, before considering the deployment to be complete. If an alarm is triggered during this time, AWS AppConfig rolls back the deployment. You must configure permissions for AWS AppConfig to roll back based on CloudWatch alarms. For more information, see Configuring permissions for rollback based on Amazon CloudWatch alarms in the AWS AppConfig + User Guide. + GrowthFactor: + type: number + description: The percentage of targets to receive a deployed configuration during each interval. + GrowthType: + type: string + description: |- + The algorithm used to define how percentage grows over time. AWS AppConfig supports the following growth types: + + Linear: For this type, AWS AppConfig processes the deployment by dividing the total number of targets by the value specified for Step percentage. For example, a linear deployment that uses a Step percentage of 10 deploys the configuration to 10 percent of the hosts. After those deployments are complete, the system deploys the configuration to the next 10 percent. This continues until 100% of the targets have successfully received the configuration. + + Exponential: For this type, AWS AppConfig processes the deployment exponentially using the following formula: G*(2^N). In this formula, G is the growth factor specified by the user and N is the number of steps until the configuration is deployed to all targets. For example, if you specify a growth factor of 2, then the system rolls out the configuration as follows: + + 2*(2^0) + + 2*(2^1) + + 2*(2^2) + + Expressed numerically, the deployment rolls out as follows: 2% of the targets, 4% of the targets, 8% of the targets, and continues until the configuration has been deployed to all targets. + enum: + - EXPONENTIAL + - LINEAR + Name: + type: string + description: A name for the deployment strategy. + ReplicateTo: + type: string + description: Save the deployment strategy to a Systems Manager (SSM) document. + enum: + - NONE + - SSM_DOCUMENT + Tags: + type: array + description: Assigns metadata to an AWS AppConfig resource. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define. You can specify a maximum of 50 tags for a resource. + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Id: + type: string + description: The deployment strategy ID. + required: + - DeploymentDurationInMinutes + - GrowthFactor + - Name + - ReplicateTo + x-stackql-resource-name: deployment_strategy + description: Resource Type definition for AWS::AppConfig::DeploymentStrategy + x-type-name: AWS::AppConfig::DeploymentStrategy + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Name + - ReplicateTo + x-read-only-properties: + - Id + x-required-properties: + - DeploymentDurationInMinutes + - GrowthFactor + - Name + - ReplicateTo + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - appconfig:TagResource + - appconfig:UntagResource + - appconfig:ListTagsForResource + x-required-permissions: + create: + - appconfig:CreateDeploymentStrategy + - appconfig:TagResource + read: + - appconfig:GetDeploymentStrategy + - appconfig:ListTagsForResource + update: + - appconfig:UpdateDeploymentStrategy + - appconfig:TagResource + - appconfig:UntagResource + delete: + - appconfig:DeleteDeploymentStrategy + list: + - appconfig:ListDeploymentStrategies Monitor: description: Amazon CloudWatch alarm to monitor during the deployment process. additionalProperties: false @@ -598,24 +839,6 @@ components: maxLength: 2048 required: - AlarmArn - Tag: - description: A key-value pair to associate with a resource. - type: object - properties: - Key: - type: string - description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' - minLength: 1 - maxLength: 128 - Value: - type: string - description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' - minLength: 0 - maxLength: 256 - required: - - Key - - Value - additionalProperties: false Environment: type: object properties: @@ -636,6 +859,13 @@ components: type: array items: $ref: '#/components/schemas/Monitor' + DeletionProtectionCheck: + description: On resource deletion this controls whether the Deletion Protection check should be applied, bypassed, or (the default) whether the behavior should be controlled by the account-level Deletion Protection setting. See https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html + type: string + enum: + - ACCOUNT_DEFAULT + - APPLY + - BYPASS ApplicationId: pattern: '[a-z0-9]{4,7}' description: The application ID. @@ -663,12 +893,18 @@ components: - EnvironmentId x-create-only-properties: - ApplicationId + x-write-only-properties: + - DeletionProtectionCheck x-read-only-properties: - EnvironmentId x-required-properties: - Name - ApplicationId x-tagging: + permissions: + - appconfig:TagResource + - appconfig:UntagResource + - appconfig:ListTagsForResource taggable: true tagOnCreate: true tagUpdatable: true @@ -812,6 +1048,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - appconfig:TagResource + - appconfig:UntagResource + - appconfig:ListTagsForResource x-required-permissions: create: - appconfig:CreateExtension @@ -887,6 +1127,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - appconfig:TagResource + - appconfig:UntagResource + - appconfig:ListTagsForResource x-required-permissions: create: - appconfig:CreateExtensionAssociation @@ -1068,6 +1312,13 @@ components: description: The ARN of an IAM role with permission to access the configuration at the specified LocationUri. type: string maxLength: 2048 + DeletionProtectionCheck: + description: On resource deletion this controls whether the Deletion Protection check should be applied, bypassed, or (the default) whether the behavior should be controlled by the account-level Deletion Protection setting. See https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html + type: string + enum: + - ACCOUNT_DEFAULT + - APPLY + - BYPASS ApplicationId: pattern: '[a-z0-9]{4,7}' description: The application ID. @@ -1088,6 +1339,129 @@ components: x-title: CreateConfigurationProfileRequest type: object required: [] + CreateDeploymentRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DeploymentStrategyId: + description: The deployment strategy ID. + type: string + ConfigurationProfileId: + description: The configuration profile ID. + type: string + EnvironmentId: + description: The environment ID. + type: string + KmsKeyIdentifier: + pattern: ^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}|alias/[a-zA-Z0-9/_-]{1,250}|arn:aws[a-zA-Z-]*:kms:[a-z]{2}(-gov|-iso(b?))?-[a-z]+-\d{1}:\d{12}:(key/[0-9a-f-]{36}|alias/[a-zA-Z0-9/_-]{1,250})$ + description: The AWS Key Management Service key identifier (key ID, key alias, or key ARN) provided when the resource was created or updated. + type: string + Description: + description: A description of the deployment. + type: string + ConfigurationVersion: + description: The configuration version to deploy. If deploying an AWS AppConfig hosted configuration version, you can specify either the version number or version label. For all other configurations, you must specify the version number. + type: string + DeploymentNumber: + description: The sequence number of the deployment. + type: string + ApplicationId: + description: The application ID. + type: string + DynamicExtensionParameters: + uniqueItems: false + type: array + items: + $ref: '#/components/schemas/DynamicExtensionParameters' + Tags: + uniqueItems: true + description: An array of key-value pairs to apply to this resource. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateDeploymentRequest + type: object + required: [] + CreateDeploymentStrategyRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DeploymentDurationInMinutes: + type: number + description: Total amount of time for a deployment to last. + Description: + type: string + description: A description of the deployment strategy. + FinalBakeTimeInMinutes: + type: number + description: >- + Specifies the amount of time AWS AppConfig monitors for Amazon CloudWatch alarms after the configuration has been deployed to 100% of its targets, before considering the deployment to be complete. If an alarm is triggered during this time, AWS AppConfig rolls back the deployment. You must configure permissions for AWS AppConfig to roll back based on CloudWatch alarms. For more information, see Configuring permissions for rollback based on Amazon CloudWatch alarms in the AWS + AppConfig User Guide. + GrowthFactor: + type: number + description: The percentage of targets to receive a deployed configuration during each interval. + GrowthType: + type: string + description: |- + The algorithm used to define how percentage grows over time. AWS AppConfig supports the following growth types: + + Linear: For this type, AWS AppConfig processes the deployment by dividing the total number of targets by the value specified for Step percentage. For example, a linear deployment that uses a Step percentage of 10 deploys the configuration to 10 percent of the hosts. After those deployments are complete, the system deploys the configuration to the next 10 percent. This continues until 100% of the targets have successfully received the configuration. + + Exponential: For this type, AWS AppConfig processes the deployment exponentially using the following formula: G*(2^N). In this formula, G is the growth factor specified by the user and N is the number of steps until the configuration is deployed to all targets. For example, if you specify a growth factor of 2, then the system rolls out the configuration as follows: + + 2*(2^0) + + 2*(2^1) + + 2*(2^2) + + Expressed numerically, the deployment rolls out as follows: 2% of the targets, 4% of the targets, 8% of the targets, and continues until the configuration has been deployed to all targets. + enum: + - EXPONENTIAL + - LINEAR + Name: + type: string + description: A name for the deployment strategy. + ReplicateTo: + type: string + description: Save the deployment strategy to a Systems Manager (SSM) document. + enum: + - NONE + - SSM_DOCUMENT + Tags: + type: array + description: Assigns metadata to an AWS AppConfig resource. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define. You can specify a maximum of 50 tags for a resource. + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Id: + type: string + description: The deployment strategy ID. + x-stackQL-stringOnly: true + x-title: CreateDeploymentStrategyRequest + type: object + required: [] CreateEnvironmentRequest: properties: ClientToken: @@ -1118,6 +1492,13 @@ components: type: array items: $ref: '#/components/schemas/Monitor' + DeletionProtectionCheck: + description: On resource deletion this controls whether the Deletion Protection check should be applied, bypassed, or (the default) whether the behavior should be controlled by the account-level Deletion Protection setting. See https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html + type: string + enum: + - ACCOUNT_DEFAULT + - APPLY + - BYPASS ApplicationId: pattern: '[a-z0-9]{4,7}' description: The application ID. @@ -1340,11 +1721,442 @@ components: openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/applications/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/applications/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/applications/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/applications/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppConfig::Application' + AND detail.data__TypeName = 'AWS::AppConfig::Application' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppConfig::Application' + AND detail.data__TypeName = 'AWS::AppConfig::Application' + AND listing.region = 'us-east-1' + applications_list_only: + name: applications_list_only + id: aws.appconfig.applications_list_only + x-cfn-schema-name: Application + x-cfn-type-name: AWS::AppConfig::Application + x-identifiers: + - ApplicationId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationId') as application_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::Application' + AND region = 'us-east-1' + application_tags: + name: application_tags + id: aws.appconfig.application_tags + x-cfn-schema-name: Application + x-cfn-type-name: AWS::AppConfig::Application + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::AppConfig::Application' + AND detail.data__TypeName = 'AWS::AppConfig::Application' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::AppConfig::Application' + AND detail.data__TypeName = 'AWS::AppConfig::Application' + AND listing.region = 'us-east-1' + configuration_profiles: + name: configuration_profiles + id: aws.appconfig.configuration_profiles + x-cfn-schema-name: ConfigurationProfile + x-cfn-type-name: AWS::AppConfig::ConfigurationProfile + x-identifiers: + - ApplicationId + - ConfigurationProfileId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ConfigurationProfile&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppConfig::ConfigurationProfile" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppConfig::ConfigurationProfile" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppConfig::ConfigurationProfile" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/configuration_profiles/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/configuration_profiles/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/configuration_profiles/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConfigurationProfileId') as configuration_profile_id, + JSON_EXTRACT(Properties, '$.LocationUri') as location_uri, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.KmsKeyIdentifier') as kms_key_identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.Validators') as validators, + JSON_EXTRACT(Properties, '$.RetrievalRoleArn') as retrieval_role_arn, + JSON_EXTRACT(Properties, '$.DeletionProtectionCheck') as deletion_protection_check, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ConfigurationProfileId') as configuration_profile_id, + JSON_EXTRACT(detail.Properties, '$.LocationUri') as location_uri, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.KmsKeyIdentifier') as kms_key_identifier, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(detail.Properties, '$.Validators') as validators, + JSON_EXTRACT(detail.Properties, '$.RetrievalRoleArn') as retrieval_role_arn, + JSON_EXTRACT(detail.Properties, '$.DeletionProtectionCheck') as deletion_protection_check, + JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND detail.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConfigurationProfileId') as configuration_profile_id, + json_extract_path_text(Properties, 'LocationUri') as location_uri, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'KmsKeyIdentifier') as kms_key_identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'Validators') as validators, + json_extract_path_text(Properties, 'RetrievalRoleArn') as retrieval_role_arn, + json_extract_path_text(Properties, 'DeletionProtectionCheck') as deletion_protection_check, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ConfigurationProfileId') as configuration_profile_id, + json_extract_path_text(detail.Properties, 'LocationUri') as location_uri, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'KmsKeyIdentifier') as kms_key_identifier, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(detail.Properties, 'Validators') as validators, + json_extract_path_text(detail.Properties, 'RetrievalRoleArn') as retrieval_role_arn, + json_extract_path_text(detail.Properties, 'DeletionProtectionCheck') as deletion_protection_check, + json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND detail.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND listing.region = 'us-east-1' + configuration_profiles_list_only: + name: configuration_profiles_list_only + id: aws.appconfig.configuration_profiles_list_only + x-cfn-schema-name: ConfigurationProfile + x-cfn-type-name: AWS::AppConfig::ConfigurationProfile + x-identifiers: + - ApplicationId + - ConfigurationProfileId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.ConfigurationProfileId') as configuration_profile_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'ConfigurationProfileId') as configuration_profile_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND region = 'us-east-1' + configuration_profile_tags: + name: configuration_profile_tags + id: aws.appconfig.configuration_profile_tags + x-cfn-schema-name: ConfigurationProfile + x-cfn-type-name: AWS::AppConfig::ConfigurationProfile + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ConfigurationProfileId') as configuration_profile_id, + JSON_EXTRACT(detail.Properties, '$.LocationUri') as location_uri, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.KmsKeyIdentifier') as kms_key_identifier, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(detail.Properties, '$.Validators') as validators, + JSON_EXTRACT(detail.Properties, '$.RetrievalRoleArn') as retrieval_role_arn, + JSON_EXTRACT(detail.Properties, '$.DeletionProtectionCheck') as deletion_protection_check, + JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND detail.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ConfigurationProfileId') as configuration_profile_id, + json_extract_path_text(detail.Properties, 'LocationUri') as location_uri, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'KmsKeyIdentifier') as kms_key_identifier, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(detail.Properties, 'Validators') as validators, + json_extract_path_text(detail.Properties, 'RetrievalRoleArn') as retrieval_role_arn, + json_extract_path_text(detail.Properties, 'DeletionProtectionCheck') as deletion_protection_check, + json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND detail.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + AND listing.region = 'us-east-1' + deployments: + name: deployments + id: aws.appconfig.deployments + x-cfn-schema-name: Deployment + x-cfn-type-name: AWS::AppConfig::Deployment + x-identifiers: + - ApplicationId + - EnvironmentId + - DeploymentNumber + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Deployment&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppConfig::Deployment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppConfig::Deployment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/deployments/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/applications/methods/delete_resource' - update: - - $ref: '#/components/x-stackQL-resources/applications/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/deployments/methods/delete_resource' + update: [] config: views: select: @@ -1353,28 +2165,40 @@ components: SELECT region, data__Identifier, + JSON_EXTRACT(Properties, '$.DeploymentStrategyId') as deployment_strategy_id, + JSON_EXTRACT(Properties, '$.ConfigurationProfileId') as configuration_profile_id, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(Properties, '$.KmsKeyIdentifier') as kms_key_identifier, JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ConfigurationVersion') as configuration_version, + JSON_EXTRACT(Properties, '$.DeploymentNumber') as deployment_number, JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.Name') as name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::Application' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.DynamicExtensionParameters') as dynamic_extension_parameters, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::Deployment' + AND data__Identifier = '||' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, + JSON_EXTRACT(detail.Properties, '$.DeploymentStrategyId') as deployment_strategy_id, + JSON_EXTRACT(detail.Properties, '$.ConfigurationProfileId') as configuration_profile_id, + JSON_EXTRACT(detail.Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(detail.Properties, '$.KmsKeyIdentifier') as kms_key_identifier, JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.ConfigurationVersion') as configuration_version, + JSON_EXTRACT(detail.Properties, '$.DeploymentNumber') as deployment_number, JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.Name') as name + JSON_EXTRACT(detail.Properties, '$.DynamicExtensionParameters') as dynamic_extension_parameters, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::AppConfig::Application' - AND detail.data__TypeName = 'AWS::AppConfig::Application' + WHERE listing.data__TypeName = 'AWS::AppConfig::Deployment' + AND detail.data__TypeName = 'AWS::AppConfig::Deployment' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -1382,36 +2206,50 @@ components: SELECT region, data__Identifier, + json_extract_path_text(Properties, 'DeploymentStrategyId') as deployment_strategy_id, + json_extract_path_text(Properties, 'ConfigurationProfileId') as configuration_profile_id, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(Properties, 'KmsKeyIdentifier') as kms_key_identifier, json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ConfigurationVersion') as configuration_version, + json_extract_path_text(Properties, 'DeploymentNumber') as deployment_number, json_extract_path_text(Properties, 'ApplicationId') as application_id, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'Name') as name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::Application' - AND data__Identifier = '' + json_extract_path_text(Properties, 'DynamicExtensionParameters') as dynamic_extension_parameters, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::Deployment' + AND data__Identifier = '||' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, + json_extract_path_text(detail.Properties, 'DeploymentStrategyId') as deployment_strategy_id, + json_extract_path_text(detail.Properties, 'ConfigurationProfileId') as configuration_profile_id, + json_extract_path_text(detail.Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(detail.Properties, 'KmsKeyIdentifier') as kms_key_identifier, json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'ConfigurationVersion') as configuration_version, + json_extract_path_text(detail.Properties, 'DeploymentNumber') as deployment_number, json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'Name') as name + json_extract_path_text(detail.Properties, 'DynamicExtensionParameters') as dynamic_extension_parameters, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::AppConfig::Application' - AND detail.data__TypeName = 'AWS::AppConfig::Application' + WHERE listing.data__TypeName = 'AWS::AppConfig::Deployment' + AND detail.data__TypeName = 'AWS::AppConfig::Deployment' AND listing.region = 'us-east-1' - applications_list_only: - name: applications_list_only - id: aws.appconfig.applications_list_only - x-cfn-schema-name: Application - x-cfn-type-name: AWS::AppConfig::Application + deployments_list_only: + name: deployments_list_only + id: aws.appconfig.deployments_list_only + x-cfn-schema-name: Deployment + x-cfn-type-name: AWS::AppConfig::Deployment x-identifiers: - ApplicationId + - EnvironmentId + - DeploymentNumber x-type: cloud_control_view methods: {} sqlVerbs: @@ -1425,22 +2263,26 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.ApplicationId') as application_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::Application' + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(Properties, '$.DeploymentNumber') as deployment_number + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::Deployment' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'ApplicationId') as application_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::Application' + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(Properties, 'DeploymentNumber') as deployment_number + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::Deployment' AND region = 'us-east-1' - application_tags: - name: application_tags - id: aws.appconfig.application_tags - x-cfn-schema-name: Application - x-cfn-type-name: AWS::AppConfig::Application + deployment_tags: + name: deployment_tags + id: aws.appconfig.deployment_tags + x-cfn-schema-name: Deployment + x-cfn-type-name: AWS::AppConfig::Deployment x-type: cloud_control_view methods: {} sqlVerbs: @@ -1456,16 +2298,22 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.DeploymentStrategyId') as deployment_strategy_id, + JSON_EXTRACT(detail.Properties, '$.ConfigurationProfileId') as configuration_profile_id, + JSON_EXTRACT(detail.Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(detail.Properties, '$.KmsKeyIdentifier') as kms_key_identifier, JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.ConfigurationVersion') as configuration_version, + JSON_EXTRACT(detail.Properties, '$.DeploymentNumber') as deployment_number, JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, - JSON_EXTRACT(detail.Properties, '$.Name') as name + JSON_EXTRACT(detail.Properties, '$.DynamicExtensionParameters') as dynamic_extension_parameters FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::AppConfig::Application' - AND detail.data__TypeName = 'AWS::AppConfig::Application' + WHERE listing.data__TypeName = 'AWS::AppConfig::Deployment' + AND detail.data__TypeName = 'AWS::AppConfig::Deployment' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -1474,25 +2322,30 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'DeploymentStrategyId') as deployment_strategy_id, + json_extract_path_text(detail.Properties, 'ConfigurationProfileId') as configuration_profile_id, + json_extract_path_text(detail.Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(detail.Properties, 'KmsKeyIdentifier') as kms_key_identifier, json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'ConfigurationVersion') as configuration_version, + json_extract_path_text(detail.Properties, 'DeploymentNumber') as deployment_number, json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, - json_extract_path_text(detail.Properties, 'Name') as name + json_extract_path_text(detail.Properties, 'DynamicExtensionParameters') as dynamic_extension_parameters FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::AppConfig::Application' - AND detail.data__TypeName = 'AWS::AppConfig::Application' + WHERE listing.data__TypeName = 'AWS::AppConfig::Deployment' + AND detail.data__TypeName = 'AWS::AppConfig::Deployment' AND listing.region = 'us-east-1' - configuration_profiles: - name: configuration_profiles - id: aws.appconfig.configuration_profiles - x-cfn-schema-name: ConfigurationProfile - x-cfn-type-name: AWS::AppConfig::ConfigurationProfile + deployment_strategies: + name: deployment_strategies + id: aws.appconfig.deployment_strategies + x-cfn-schema-name: DeploymentStrategy + x-cfn-type-name: AWS::AppConfig::DeploymentStrategy x-identifiers: - - ApplicationId - - ConfigurationProfileId + - Id x-type: cloud_control methods: create_resource: @@ -1500,12 +2353,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ConfigurationProfile&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DeploymentStrategy&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::AppConfig::ConfigurationProfile" + "TypeName": "AWS::AppConfig::DeploymentStrategy" } response: mediaType: application/json @@ -1517,7 +2370,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::AppConfig::ConfigurationProfile" + "TypeName": "AWS::AppConfig::DeploymentStrategy" } response: mediaType: application/json @@ -1529,18 +2382,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::AppConfig::ConfigurationProfile" + "TypeName": "AWS::AppConfig::DeploymentStrategy" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/configuration_profiles/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/deployment_strategies/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/configuration_profiles/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/deployment_strategies/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/configuration_profiles/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/deployment_strategies/methods/update_resource' config: views: select: @@ -1549,42 +2402,38 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.ConfigurationProfileId') as configuration_profile_id, - JSON_EXTRACT(Properties, '$.LocationUri') as location_uri, - JSON_EXTRACT(Properties, '$.Type') as type, - JSON_EXTRACT(Properties, '$.KmsKeyIdentifier') as kms_key_identifier, + JSON_EXTRACT(Properties, '$.DeploymentDurationInMinutes') as deployment_duration_in_minutes, JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, - JSON_EXTRACT(Properties, '$.Validators') as validators, - JSON_EXTRACT(Properties, '$.RetrievalRoleArn') as retrieval_role_arn, - JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.FinalBakeTimeInMinutes') as final_bake_time_in_minutes, + JSON_EXTRACT(Properties, '$.GrowthFactor') as growth_factor, + JSON_EXTRACT(Properties, '$.GrowthType') as growth_type, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ReplicateTo') as replicate_to, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.Name') as name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::ConfigurationProfile' - AND data__Identifier = '|' + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::DeploymentStrategy' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.ConfigurationProfileId') as configuration_profile_id, - JSON_EXTRACT(detail.Properties, '$.LocationUri') as location_uri, - JSON_EXTRACT(detail.Properties, '$.Type') as type, - JSON_EXTRACT(detail.Properties, '$.KmsKeyIdentifier') as kms_key_identifier, + JSON_EXTRACT(detail.Properties, '$.DeploymentDurationInMinutes') as deployment_duration_in_minutes, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, - JSON_EXTRACT(detail.Properties, '$.Validators') as validators, - JSON_EXTRACT(detail.Properties, '$.RetrievalRoleArn') as retrieval_role_arn, - JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(detail.Properties, '$.FinalBakeTimeInMinutes') as final_bake_time_in_minutes, + JSON_EXTRACT(detail.Properties, '$.GrowthFactor') as growth_factor, + JSON_EXTRACT(detail.Properties, '$.GrowthType') as growth_type, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ReplicateTo') as replicate_to, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.Name') as name + JSON_EXTRACT(detail.Properties, '$.Id') as id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' - AND detail.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + WHERE listing.data__TypeName = 'AWS::AppConfig::DeploymentStrategy' + AND detail.data__TypeName = 'AWS::AppConfig::DeploymentStrategy' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -1592,51 +2441,46 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'ConfigurationProfileId') as configuration_profile_id, - json_extract_path_text(Properties, 'LocationUri') as location_uri, - json_extract_path_text(Properties, 'Type') as type, - json_extract_path_text(Properties, 'KmsKeyIdentifier') as kms_key_identifier, + json_extract_path_text(Properties, 'DeploymentDurationInMinutes') as deployment_duration_in_minutes, json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, - json_extract_path_text(Properties, 'Validators') as validators, - json_extract_path_text(Properties, 'RetrievalRoleArn') as retrieval_role_arn, - json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'FinalBakeTimeInMinutes') as final_bake_time_in_minutes, + json_extract_path_text(Properties, 'GrowthFactor') as growth_factor, + json_extract_path_text(Properties, 'GrowthType') as growth_type, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ReplicateTo') as replicate_to, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'Name') as name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::ConfigurationProfile' - AND data__Identifier = '|' + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppConfig::DeploymentStrategy' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'ConfigurationProfileId') as configuration_profile_id, - json_extract_path_text(detail.Properties, 'LocationUri') as location_uri, - json_extract_path_text(detail.Properties, 'Type') as type, - json_extract_path_text(detail.Properties, 'KmsKeyIdentifier') as kms_key_identifier, + json_extract_path_text(detail.Properties, 'DeploymentDurationInMinutes') as deployment_duration_in_minutes, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, - json_extract_path_text(detail.Properties, 'Validators') as validators, - json_extract_path_text(detail.Properties, 'RetrievalRoleArn') as retrieval_role_arn, - json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, + json_extract_path_text(detail.Properties, 'FinalBakeTimeInMinutes') as final_bake_time_in_minutes, + json_extract_path_text(detail.Properties, 'GrowthFactor') as growth_factor, + json_extract_path_text(detail.Properties, 'GrowthType') as growth_type, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ReplicateTo') as replicate_to, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'Name') as name + json_extract_path_text(detail.Properties, 'Id') as id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' - AND detail.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + WHERE listing.data__TypeName = 'AWS::AppConfig::DeploymentStrategy' + AND detail.data__TypeName = 'AWS::AppConfig::DeploymentStrategy' AND listing.region = 'us-east-1' - configuration_profiles_list_only: - name: configuration_profiles_list_only - id: aws.appconfig.configuration_profiles_list_only - x-cfn-schema-name: ConfigurationProfile - x-cfn-type-name: AWS::AppConfig::ConfigurationProfile + deployment_strategies_list_only: + name: deployment_strategies_list_only + id: aws.appconfig.deployment_strategies_list_only + x-cfn-schema-name: DeploymentStrategy + x-cfn-type-name: AWS::AppConfig::DeploymentStrategy x-identifiers: - - ApplicationId - - ConfigurationProfileId + - Id x-type: cloud_control_view methods: {} sqlVerbs: @@ -1650,24 +2494,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, - JSON_EXTRACT(Properties, '$.ConfigurationProfileId') as configuration_profile_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::DeploymentStrategy' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'ApplicationId') as application_id, - json_extract_path_text(Properties, 'ConfigurationProfileId') as configuration_profile_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppConfig::DeploymentStrategy' AND region = 'us-east-1' - configuration_profile_tags: - name: configuration_profile_tags - id: aws.appconfig.configuration_profile_tags - x-cfn-schema-name: ConfigurationProfile - x-cfn-type-name: AWS::AppConfig::ConfigurationProfile + deployment_strategy_tags: + name: deployment_strategy_tags + id: aws.appconfig.deployment_strategy_tags + x-cfn-schema-name: DeploymentStrategy + x-cfn-type-name: AWS::AppConfig::DeploymentStrategy x-type: cloud_control_view methods: {} sqlVerbs: @@ -1683,23 +2525,21 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.ConfigurationProfileId') as configuration_profile_id, - JSON_EXTRACT(detail.Properties, '$.LocationUri') as location_uri, - JSON_EXTRACT(detail.Properties, '$.Type') as type, - JSON_EXTRACT(detail.Properties, '$.KmsKeyIdentifier') as kms_key_identifier, + JSON_EXTRACT(detail.Properties, '$.DeploymentDurationInMinutes') as deployment_duration_in_minutes, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, - JSON_EXTRACT(detail.Properties, '$.Validators') as validators, - JSON_EXTRACT(detail.Properties, '$.RetrievalRoleArn') as retrieval_role_arn, - JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, - JSON_EXTRACT(detail.Properties, '$.Name') as name + JSON_EXTRACT(detail.Properties, '$.FinalBakeTimeInMinutes') as final_bake_time_in_minutes, + JSON_EXTRACT(detail.Properties, '$.GrowthFactor') as growth_factor, + JSON_EXTRACT(detail.Properties, '$.GrowthType') as growth_type, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ReplicateTo') as replicate_to, + JSON_EXTRACT(detail.Properties, '$.Id') as id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' - AND detail.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + WHERE listing.data__TypeName = 'AWS::AppConfig::DeploymentStrategy' + AND detail.data__TypeName = 'AWS::AppConfig::DeploymentStrategy' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -1708,23 +2548,21 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'ConfigurationProfileId') as configuration_profile_id, - json_extract_path_text(detail.Properties, 'LocationUri') as location_uri, - json_extract_path_text(detail.Properties, 'Type') as type, - json_extract_path_text(detail.Properties, 'KmsKeyIdentifier') as kms_key_identifier, + json_extract_path_text(detail.Properties, 'DeploymentDurationInMinutes') as deployment_duration_in_minutes, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, - json_extract_path_text(detail.Properties, 'Validators') as validators, - json_extract_path_text(detail.Properties, 'RetrievalRoleArn') as retrieval_role_arn, - json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, - json_extract_path_text(detail.Properties, 'Name') as name + json_extract_path_text(detail.Properties, 'FinalBakeTimeInMinutes') as final_bake_time_in_minutes, + json_extract_path_text(detail.Properties, 'GrowthFactor') as growth_factor, + json_extract_path_text(detail.Properties, 'GrowthType') as growth_type, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ReplicateTo') as replicate_to, + json_extract_path_text(detail.Properties, 'Id') as id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' - AND detail.data__TypeName = 'AWS::AppConfig::ConfigurationProfile' + WHERE listing.data__TypeName = 'AWS::AppConfig::DeploymentStrategy' + AND detail.data__TypeName = 'AWS::AppConfig::DeploymentStrategy' AND listing.region = 'us-east-1' environments: name: environments @@ -1793,6 +2631,7 @@ components: JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.Monitors') as monitors, + JSON_EXTRACT(Properties, '$.DeletionProtectionCheck') as deletion_protection_check, JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.Name') as name @@ -1807,6 +2646,7 @@ components: JSON_EXTRACT(detail.Properties, '$.EnvironmentId') as environment_id, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.Monitors') as monitors, + JSON_EXTRACT(detail.Properties, '$.DeletionProtectionCheck') as deletion_protection_check, JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.Name') as name @@ -1826,6 +2666,7 @@ components: json_extract_path_text(Properties, 'EnvironmentId') as environment_id, json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'Monitors') as monitors, + json_extract_path_text(Properties, 'DeletionProtectionCheck') as deletion_protection_check, json_extract_path_text(Properties, 'ApplicationId') as application_id, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'Name') as name @@ -1840,6 +2681,7 @@ components: json_extract_path_text(detail.Properties, 'EnvironmentId') as environment_id, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'Monitors') as monitors, + json_extract_path_text(detail.Properties, 'DeletionProtectionCheck') as deletion_protection_check, json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'Name') as name @@ -1907,6 +2749,7 @@ components: JSON_EXTRACT(detail.Properties, '$.EnvironmentId') as environment_id, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.Monitors') as monitors, + JSON_EXTRACT(detail.Properties, '$.DeletionProtectionCheck') as deletion_protection_check, JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, JSON_EXTRACT(detail.Properties, '$.Name') as name FROM aws.cloud_control.resources listing @@ -1927,6 +2770,7 @@ components: json_extract_path_text(detail.Properties, 'EnvironmentId') as environment_id, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'Monitors') as monitors, + json_extract_path_text(detail.Properties, 'DeletionProtectionCheck') as deletion_protection_check, json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, json_extract_path_text(detail.Properties, 'Name') as name FROM aws.cloud_control.resources listing @@ -2771,6 +3615,90 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Deployment&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDeployment + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDeploymentRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__DeploymentStrategy&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDeploymentStrategy + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDeploymentStrategyRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Environment&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/appflow.yaml b/providers/src/aws/v00.00.00000/services/appflow.yaml index 3b9f361c..314a419e 100644 --- a/providers/src/aws/v00.00.00000/services/appflow.yaml +++ b/providers/src/aws/v00.00.00000/services/appflow.yaml @@ -416,7 +416,7 @@ components: ConnectorArn: description: ' The arn of the connector. The arn is unique for each ConnectorRegistration in your AWS account.' type: string - pattern: arn:*:appflow:.*:[0-9]+:.* + pattern: arn:.*:appflow:.*:[0-9]+:.* maxLength: 512 ConnectorProvisioningType: description: 'The provisioning type of the connector. Currently the only supported value is LAMBDA. ' @@ -2716,7 +2716,7 @@ components: ConnectorArn: description: ' The arn of the connector. The arn is unique for each ConnectorRegistration in your AWS account.' type: string - pattern: arn:*:appflow:.*:[0-9]+:.* + pattern: arn:.*:appflow:.*:[0-9]+:.* maxLength: 512 ConnectorProvisioningType: description: 'The provisioning type of the connector. Currently the only supported value is LAMBDA. ' diff --git a/providers/src/aws/v00.00.00000/services/appintegrations.yaml b/providers/src/aws/v00.00.00000/services/appintegrations.yaml index eaf634f6..dbc9b87e 100644 --- a/providers/src/aws/v00.00.00000/services/appintegrations.yaml +++ b/providers/src/aws/v00.00.00000/services/appintegrations.yaml @@ -489,6 +489,7 @@ components: maxItems: 200 required: - Name + - Namespace - Description - ApplicationSourceConfig x-stackql-resource-name: application @@ -501,6 +502,7 @@ components: - Id x-required-properties: - Name + - Namespace - Description - ApplicationSourceConfig x-tagging: @@ -509,6 +511,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - app-integrations:TagResource + - app-integrations:UntagResource x-required-permissions: create: - app-integrations:CreateApplication @@ -676,6 +681,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - app-integrations:TagResource + - app-integrations:UntagResource x-required-permissions: create: - app-integrations:CreateDataIntegration @@ -822,6 +830,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - app-integrations:TagResource + - app-integrations:UntagResource x-required-permissions: create: - app-integrations:CreateEventIntegration diff --git a/providers/src/aws/v00.00.00000/services/applicationautoscaling.yaml b/providers/src/aws/v00.00.00000/services/applicationautoscaling.yaml index 1e4a9fae..df87dc78 100644 --- a/providers/src/aws/v00.00.00000/services/applicationautoscaling.yaml +++ b/providers/src/aws/v00.00.00000/services/applicationautoscaling.yaml @@ -608,237 +608,562 @@ components: - application-autoscaling:DescribeScalableTargets delete: - application-autoscaling:DeregisterScalableTarget - StepScalingPolicyConfiguration: - description: A step scaling policy. + PredictiveScalingMetricDataQuery: + description: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. + additionalProperties: false type: object + properties: + ReturnData: + description: |- + Indicates whether to return the timestamps and raw data values of this metric. + If you use any math expressions, specify ``true`` for this value for only the final math expression that the metric specification is based on. You must specify ``false`` for ``ReturnData`` for all the other metrics and expressions used in the metric specification. + If you are only retrieving metrics and not performing any math expressions, do not specify anything for ``ReturnData``. This sets it to its default (``true``). + type: boolean + Expression: + description: |- + The math expression to perform on the returned data, if this object is performing a math expression. This expression can use the ``Id`` of the other metrics to refer to those metrics, and can also use the ``Id`` of other expressions to use the result of those expressions. + Conditional: Within each ``MetricDataQuery`` object, you must specify either ``Expression`` or ``MetricStat``, but not both. + type: string + Label: + description: A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents. + type: string + MetricStat: + description: |- + Information about the metric data to return. + Conditional: Within each ``MetricDataQuery`` object, you must specify either ``Expression`` or ``MetricStat``, but not both. + $ref: '#/components/schemas/PredictiveScalingMetricStat' + Id: + description: A short name that identifies the object's results in the response. This name must be unique among all ``MetricDataQuery`` objects specified for a single scaling policy. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscores. The first character must be a lowercase letter. + type: string + TargetTrackingMetricStat: + description: |- + This structure defines the CloudWatch metric to return, along with the statistic and unit. + ``TargetTrackingMetricStat`` is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricDataQuery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-targettrackingmetricdataquery.html) property type. + For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide*. additionalProperties: false + type: object properties: - AdjustmentType: - description: Specifies how the ScalingAdjustment value in a StepAdjustment is interpreted. + Stat: + description: |- + The statistic to return. It can include any CloudWatch statistic or extended statistic. For a list of valid values, see the table in [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the *Amazon CloudWatch User Guide*. + The most commonly used metric for scaling is ``Average``. type: string - Cooldown: - description: The amount of time, in seconds, to wait for a previous scaling activity to take effect. - type: integer - MetricAggregationType: - description: The aggregation type for the CloudWatch metrics. Valid values are Minimum, Maximum, and Average. If the aggregation type is null, the value is treated as Average + Metric: + description: The CloudWatch metric to return, including the metric name, namespace, and dimensions. To get the exact metric name, namespace, and dimensions, inspect the [Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) object that is returned by a call to [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html). + $ref: '#/components/schemas/TargetTrackingMetric' + Unit: + description: The unit to use for the returned data points. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference*. type: string - MinAdjustmentMagnitude: - description: The minimum value to scale by when the adjustment type is PercentChangeInCapacity. - type: integer - StepAdjustments: - description: A set of adjustments that enable you to scale based on the size of the alarm breach. + PredictiveScalingMetricDimension: + description: Describes the dimension of a metric. + additionalProperties: false + type: object + properties: + Value: + description: The value of the dimension. + type: string + Name: + description: The name of the dimension. + type: string + TargetTrackingMetricDimension: + description: '``TargetTrackingMetricDimension`` specifies a name/value pair that is part of the identity of a CloudWatch metric for the ``Dimensions`` property of the [AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetric](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-targettrackingmetric.html) property type. Duplicate dimensions are not allowed.' + additionalProperties: false + type: object + properties: + Value: + description: The value of the dimension. + type: string + Name: + description: The name of the dimension. + type: string + PredictiveScalingCustomizedCapacityMetric: + description: Represents a CloudWatch metric of your choosing for a predictive scaling policy. + additionalProperties: false + type: object + properties: + MetricDataQueries: + uniqueItems: true + description: One or more metric data queries to provide data points for a metric specification. + x-insertionOrder: false type: array + items: + $ref: '#/components/schemas/PredictiveScalingMetricDataQuery' + required: + - MetricDataQueries + TargetTrackingMetricDataQuery: + description: |- + The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. + You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series. + For more information and examples, see [Create a target tracking scaling policy for Application Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking-metric-math.html) in the *Application Auto Scaling User Guide*. + ``TargetTrackingMetricDataQuery`` is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy CustomizedMetricSpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-customizedmetricspecification.html) property type. + additionalProperties: false + type: object + properties: + ReturnData: + description: |- + Indicates whether to return the timestamps and raw data values of this metric. + If you use any math expressions, specify ``true`` for this value for only the final math expression that the metric specification is based on. You must specify ``false`` for ``ReturnData`` for all the other metrics and expressions used in the metric specification. + If you are only retrieving metrics and not performing any math expressions, do not specify anything for ``ReturnData``. This sets it to its default (``true``). + type: boolean + Expression: + description: |- + The math expression to perform on the returned data, if this object is performing a math expression. This expression can use the ``Id`` of the other metrics to refer to those metrics, and can also use the ``Id`` of other expressions to use the result of those expressions. + Conditional: Within each ``TargetTrackingMetricDataQuery`` object, you must specify either ``Expression`` or ``MetricStat``, but not both. + type: string + Label: + description: A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents. + type: string + MetricStat: + description: |- + Information about the metric data to return. + Conditional: Within each ``MetricDataQuery`` object, you must specify either ``Expression`` or ``MetricStat``, but not both. + $ref: '#/components/schemas/TargetTrackingMetricStat' + Id: + description: A short name that identifies the object's results in the response. This name must be unique among all ``MetricDataQuery`` objects specified for a single scaling policy. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscores. The first character must be a lowercase letter. + type: string + PredictiveScalingCustomizedScalingMetric: + description: One or more metric data queries to provide data points for a metric specification. + additionalProperties: false + type: object + properties: + MetricDataQueries: uniqueItems: true + description: One or more metric data queries to provide data points for a metric specification. x-insertionOrder: false + type: array items: - $ref: '#/components/schemas/StepAdjustment' - TargetTrackingScalingPolicyConfiguration: - description: A target tracking scaling policy. + $ref: '#/components/schemas/PredictiveScalingMetricDataQuery' + required: + - MetricDataQueries + CustomizedMetricSpecification: + description: |- + Contains customized metric specification information for a target tracking scaling policy for Application Auto Scaling. + For information about the available metrics for a service, see [services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) in the *Amazon CloudWatch User Guide*. + To create your customized metric specification: + + Add values for each required parameter from CloudWatch. You can use an existing metric, or a new metric that you create. To use your own metric, you must first publish the metric to CloudWatch. For more information, see [Publish custom metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html) in the *Amazon CloudWatch User Guide*. + + Choose a metric that changes proportionally with capacity. The value of the metric should increase or decrease in inverse proportion to the number of capacity units. That is, the value of the metric should decrease when capacity increases, and increase when capacity decreases. + + For an example of how creating new metrics can be useful, see [Scaling based on Amazon SQS](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-using-sqs-queue.html) in the *Amazon EC2 Auto Scaling User Guide*. This topic mentions Auto Scaling groups, but the same scenario for Amazon SQS can apply to the target tracking scaling policies that you create for a Spot Fleet by using Application Auto Scaling. + For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html). + ``CustomizedMetricSpecification`` is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingScalingPolicyConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-targettrackingscalingpolicyconfiguration.html) property type. + additionalProperties: false type: object + properties: + MetricName: + description: The name of the metric. To get the exact metric name, namespace, and dimensions, inspect the [Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) object that's returned by a call to [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html). + type: string + Metrics: + uniqueItems: false + description: The metrics to include in the target tracking scaling policy, as a metric data query. This can include both raw metric and metric math expressions. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/TargetTrackingMetricDataQuery' + Statistic: + description: The statistic of the metric. + type: string + Dimensions: + uniqueItems: false + description: |- + The dimensions of the metric. + Conditional: If you published your metric with dimensions, you must specify the same dimensions in your scaling policy. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/MetricDimension' + Unit: + description: The unit of the metric. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference*. + type: string + Namespace: + description: The namespace of the metric. + type: string + PredictiveScalingPredefinedLoadMetric: + description: |- + Describes a load metric for a predictive scaling policy. + When returned in the output of ``DescribePolicies``, it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair. + additionalProperties: false + type: object + properties: + PredefinedMetricType: + description: The metric type. + type: string + ResourceLabel: + description: A label that uniquely identifies a target group. + type: string + required: + - PredefinedMetricType + TargetTrackingScalingPolicyConfiguration: + description: >- + ``TargetTrackingScalingPolicyConfiguration`` is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-applicationautoscaling-scalingpolicy.html) resource that specifies a target tracking scaling policy configuration for Application Auto Scaling. Use a target tracking scaling policy to adjust the capacity of the specified scalable target in response to actual workloads, so that resource utilization + remains at or near the target utilization value. + For more information, see [Target tracking scaling policies](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html) in the *Application Auto Scaling User Guide*. additionalProperties: false + type: object properties: + ScaleOutCooldown: + description: The amount of time, in seconds, to wait for a previous scale-out activity to take effect. For more information and for default values, see [Define cooldown periods](https://docs.aws.amazon.com/autoscaling/application/userguide/target-tracking-scaling-policy-overview.html#target-tracking-cooldown) in the *Application Auto Scaling User Guide*. + type: integer + TargetValue: + description: The target value for the metric. Although this property accepts numbers of type Double, it won't accept values that are either too small or too large. Values must be in the range of -2^360 to 2^360. The value must be a valid number based on the choice of metric. For example, if the metric is CPU utilization, then the target value is a percent value that represents how much of the CPU can be used before scaling out. + type: number CustomizedMetricSpecification: description: A customized metric. You can specify either a predefined metric or a customized metric. $ref: '#/components/schemas/CustomizedMetricSpecification' DisableScaleIn: - description: Indicates whether scale in by the target tracking scaling policy is disabled. If the value is true, scale in is disabled and the target tracking scaling policy won't remove capacity from the scalable target. Otherwise, scale in is enabled and the target tracking scaling policy can remove capacity from the scalable target. The default value is false. + description: Indicates whether scale in by the target tracking scaling policy is disabled. If the value is ``true``, scale in is disabled and the target tracking scaling policy won't remove capacity from the scalable target. Otherwise, scale in is enabled and the target tracking scaling policy can remove capacity from the scalable target. The default value is ``false``. type: boolean + ScaleInCooldown: + description: The amount of time, in seconds, after a scale-in activity completes before another scale-in activity can start. For more information and for default values, see [Define cooldown periods](https://docs.aws.amazon.com/autoscaling/application/userguide/target-tracking-scaling-policy-overview.html#target-tracking-cooldown) in the *Application Auto Scaling User Guide*. + type: integer PredefinedMetricSpecification: description: A predefined metric. You can specify either a predefined metric or a customized metric. $ref: '#/components/schemas/PredefinedMetricSpecification' - ScaleInCooldown: - description: The amount of time, in seconds, after a scale-in activity completes before another scale-in activity can start. - type: integer - ScaleOutCooldown: - description: The amount of time, in seconds, to wait for a previous scale-out activity to take effect. - type: integer - TargetValue: - description: The target value for the metric. Although this property accepts numbers of type Double, it won't accept values that are either too small or too large. Values must be in the range of -2^360 to 2^360. The value must be a valid number based on the choice of metric. For example, if the metric is CPU utilization, then the target value is a percent value that represents how much of the CPU can be used before scaling out. - type: number required: - TargetValue - PredefinedMetricSpecification: - description: Represents a predefined metric for a target tracking scaling policy to use with Application Auto Scaling. - type: object + PredictiveScalingPredefinedMetricPair: + description: Represents a metric pair for a predictive scaling policy. additionalProperties: false + type: object properties: PredefinedMetricType: - description: The metric type. The ALBRequestCountPerTarget metric type applies only to Spot Fleets and ECS services. + description: 'Indicates which metrics to use. There are two different types of metrics for each metric type: one is a load metric and one is a scaling metric.' type: string ResourceLabel: - description: Identifies the resource associated with the metric type. You can't specify a resource label unless the metric type is ALBRequestCountPerTarget and there is a target group attached to the Spot Fleet or ECS service. + description: A label that uniquely identifies a specific target group from which to determine the total and average request count. type: string required: - PredefinedMetricType - CustomizedMetricSpecification: - description: Represents a CloudWatch metric of your choosing for a target tracking scaling policy to use with Application Auto Scaling. + StepAdjustment: + description: |- + ``StepAdjustment`` specifies a step adjustment for the ``StepAdjustments`` property of the [AWS::ApplicationAutoScaling::ScalingPolicy StepScalingPolicyConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-stepscalingpolicyconfiguration.html) property type. + For the following examples, suppose that you have an alarm with a breach threshold of 50: + + To trigger a step adjustment when the metric is greater than or equal to 50 and less than 60, specify a lower bound of 0 and an upper bound of 10. + + To trigger a step adjustment when the metric is greater than 40 and less than or equal to 50, specify a lower bound of -10 and an upper bound of 0. + + For more information, see [Step adjustments](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html#as-scaling-steps) in the *Application Auto Scaling User Guide*. + You can find a sample template snippet in the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-applicationautoscaling-scalingpolicy.html#aws-resource-applicationautoscaling-scalingpolicy--examples) section of the ``AWS::ApplicationAutoScaling::ScalingPolicy`` documentation. + additionalProperties: false type: object + properties: + MetricIntervalUpperBound: + description: |- + The upper bound for the difference between the alarm threshold and the CloudWatch metric. If the metric value is above the breach threshold, the upper bound is exclusive (the metric must be less than the threshold plus the upper bound). Otherwise, it is inclusive (the metric must be less than or equal to the threshold plus the upper bound). A null value indicates positive infinity. + You must specify at least one upper or lower bound. + type: number + MetricIntervalLowerBound: + description: |- + The lower bound for the difference between the alarm threshold and the CloudWatch metric. If the metric value is above the breach threshold, the lower bound is inclusive (the metric must be greater than or equal to the threshold plus the lower bound). Otherwise, it is exclusive (the metric must be greater than the threshold plus the lower bound). A null value indicates negative infinity. + You must specify at least one upper or lower bound. + type: number + ScalingAdjustment: + description: The amount by which to scale. The adjustment is based on the value that you specified in the ``AdjustmentType`` property (either an absolute number or a percentage). A positive value adds to the current capacity and a negative number subtracts from the current capacity. + type: integer + required: + - ScalingAdjustment + PredefinedMetricSpecification: + description: |- + Contains predefined metric specification information for a target tracking scaling policy for Application Auto Scaling. + ``PredefinedMetricSpecification`` is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingScalingPolicyConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-targettrackingscalingpolicyconfiguration.html) property type. additionalProperties: false + type: object properties: - Dimensions: - description: The dimensions of the metric. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/MetricDimension' - MetricName: - description: The name of the metric. To get the exact metric name, namespace, and dimensions, inspect the Metric object that is returned by a call to ListMetrics. + PredefinedMetricType: + description: The metric type. The ``ALBRequestCountPerTarget`` metric type applies only to Spot fleet requests and ECS services. type: string - Namespace: - description: The namespace of the metric. + ResourceLabel: + description: |- + Identifies the resource associated with the metric type. You can't specify a resource label unless the metric type is ``ALBRequestCountPerTarget`` and there is a target group attached to the Spot Fleet or ECS service. + You create the resource label by appending the final portion of the load balancer ARN and the final portion of the target group ARN into a single value, separated by a forward slash (/). The format of the resource label is: + ``app/my-alb/778d41231b141a0f/targetgroup/my-alb-target-group/943f017f100becff``. + Where: + + app// is the final portion of the load balancer ARN + + targetgroup// is the final portion of the target group ARN. + + To find the ARN for an Application Load Balancer, use the [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) API operation. To find the ARN for the target group, use the [DescribeTargetGroups](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeTargetGroups.html) API operation. type: string - Statistic: - description: The statistic of the metric. + required: + - PredefinedMetricType + MetricDimension: + description: '``MetricDimension`` specifies a name/value pair that is part of the identity of a CloudWatch metric for the ``Dimensions`` property of the [AWS::ApplicationAutoScaling::ScalingPolicy CustomizedMetricSpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-customizedmetricspecification.html) property type. Duplicate dimensions are not allowed.' + additionalProperties: false + type: object + properties: + Value: + description: The value of the dimension. type: string - Unit: - description: The unit of the metric. For a complete list of the units that CloudWatch supports, see the MetricDatum data type in the Amazon CloudWatch API Reference. + Name: + description: The name of the dimension. type: string - Metrics: - description: The metrics to include in the target tracking scaling policy, as a metric data query. This can include both raw metric and metric math expressions. - type: array - uniqueItems: false + required: + - Value + - Name + PredictiveScalingPolicyConfiguration: + description: Represents a predictive scaling policy configuration. + additionalProperties: false + type: object + properties: + MaxCapacityBreachBehavior: + description: Defines the behavior that should be applied if the forecast capacity approaches or exceeds the maximum capacity. Defaults to ``HonorMaxCapacity`` if not specified. + type: string + MaxCapacityBuffer: + description: |- + The size of the capacity buffer to use when the forecast capacity is close to or exceeds the maximum capacity. The value is specified as a percentage relative to the forecast capacity. For example, if the buffer is 10, this means a 10 percent buffer, such that if the forecast capacity is 50, and the maximum capacity is 40, then the effective maximum capacity is 55. + Required if the ``MaxCapacityBreachBehavior`` property is set to ``IncreaseMaxCapacity``, and cannot be used otherwise. + type: integer + Mode: + description: The predictive scaling mode. Defaults to ``ForecastOnly`` if not specified. + type: string + MetricSpecifications: + uniqueItems: true + description: |- + This structure includes the metrics and target utilization to use for predictive scaling. + This is an array, but we currently only support a single metric specification. That is, you can specify a target value and a single metric pair, or a target value and one scaling metric and one load metric. x-insertionOrder: false + type: array items: - $ref: '#/components/schemas/TargetTrackingMetricDataQuery' - TargetTrackingMetricDataQuery: - description: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. - type: object + $ref: '#/components/schemas/PredictiveScalingMetricSpecification' + SchedulingBufferTime: + description: |- + The amount of time, in seconds, that the start time can be advanced. + The value must be less than the forecast interval duration of 3600 seconds (60 minutes). Defaults to 300 seconds if not specified. + type: integer + required: + - MetricSpecifications + PredictiveScalingPredefinedScalingMetric: + description: |- + Describes a scaling metric for a predictive scaling policy. + When returned in the output of ``DescribePolicies``, it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair. additionalProperties: false + type: object properties: - Expression: - description: The math expression to perform on the returned data, if this object is performing a math expression. - type: string - Id: - description: A short name that identifies the object's results in the response. + PredefinedMetricType: + description: The metric type. type: string - Label: - description: A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents. + ResourceLabel: + description: A label that uniquely identifies a specific target group from which to determine the average request count. type: string - ReturnData: - description: Indicates whether to return the timestamps and raw data values of this metric. - type: boolean - MetricStat: - description: Information about the metric data to return. - $ref: '#/components/schemas/TargetTrackingMetricStat' - TargetTrackingMetricStat: - description: This structure defines the CloudWatch metric to return, along with the statistic, period, and unit. + required: + - PredefinedMetricType + PredictiveScalingMetricSpecification: + description: |- + This structure specifies the metrics and target utilization settings for a predictive scaling policy. + You must specify either a metric pair, or a load metric and a scaling metric individually. Specifying a metric pair instead of individual metrics provides a simpler way to configure metrics for a scaling policy. You choose the metric pair, and the policy automatically knows the correct sum and average statistics to use for the load metric and the scaling metric. + additionalProperties: false type: object + properties: + CustomizedLoadMetricSpecification: + description: The customized load metric specification. + $ref: '#/components/schemas/PredictiveScalingCustomizedLoadMetric' + PredefinedLoadMetricSpecification: + description: The predefined load metric specification. + $ref: '#/components/schemas/PredictiveScalingPredefinedLoadMetric' + TargetValue: + description: Specifies the target utilization. + type: number + PredefinedScalingMetricSpecification: + description: The predefined scaling metric specification. + $ref: '#/components/schemas/PredictiveScalingPredefinedScalingMetric' + CustomizedCapacityMetricSpecification: + description: The customized capacity metric specification. + $ref: '#/components/schemas/PredictiveScalingCustomizedCapacityMetric' + CustomizedScalingMetricSpecification: + description: The customized scaling metric specification. + $ref: '#/components/schemas/PredictiveScalingCustomizedScalingMetric' + PredefinedMetricPairSpecification: + description: The predefined metric pair specification that determines the appropriate scaling metric and load metric to use. + $ref: '#/components/schemas/PredictiveScalingPredefinedMetricPair' + required: + - TargetValue + PredictiveScalingMetric: + description: Describes the scaling metric. additionalProperties: false + type: object properties: - Metric: - description: 'The CloudWatch metric to return, including the metric name, namespace, and dimensions. ' - $ref: '#/components/schemas/TargetTrackingMetric' - Stat: - description: The statistic to return. It can include any CloudWatch statistic or extended statistic. + MetricName: + description: The name of the metric. type: string - Unit: - description: The unit to use for the returned data points. + Dimensions: + uniqueItems: false + description: Describes the dimensions of the metric. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/PredictiveScalingMetricDimension' + Namespace: + description: The namespace of the metric. type: string - TargetTrackingMetric: - description: Represents a specific metric. + PredictiveScalingCustomizedLoadMetric: + description: The customized load metric specification. + additionalProperties: false type: object + properties: + MetricDataQueries: + uniqueItems: true + description: '' + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/PredictiveScalingMetricDataQuery' + required: + - MetricDataQueries + TargetTrackingMetric: + description: |- + Represents a specific metric for a target tracking scaling policy for Application Auto Scaling. + Metric is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricStat](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-targettrackingmetricstat.html) property type. additionalProperties: false + type: object properties: + MetricName: + description: The name of the metric. + type: string Dimensions: - description: The dimensions for the metric. - type: array uniqueItems: false + description: |- + The dimensions for the metric. For the list of available dimensions, see the AWS documentation available from the table in [services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) in the *Amazon CloudWatch User Guide*. + Conditional: If you published your metric with dimensions, you must specify the same dimensions in your scaling policy. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/TargetTrackingMetricDimension' - MetricName: - description: The name of the metric. - type: string Namespace: - description: The namespace of the metric. + description: The namespace of the metric. For more information, see the table in [services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) in the *Amazon CloudWatch User Guide*. type: string - TargetTrackingMetricDimension: - description: Describes the dimension of a metric. - type: object + PredictiveScalingMetricStat: + description: This structure defines the CloudWatch metric to return, along with the statistic and unit. additionalProperties: false + type: object properties: - Name: - description: The name of the dimension. + Stat: + description: |- + The statistic to return. It can include any CloudWatch statistic or extended statistic. For a list of valid values, see the table in [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the *Amazon CloudWatch User Guide*. + The most commonly used metrics for predictive scaling are ``Average`` and ``Sum``. type: string - Value: - description: The value of the dimension. + Metric: + description: The CloudWatch metric to return, including the metric name, namespace, and dimensions. To get the exact metric name, namespace, and dimensions, inspect the [Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) object that is returned by a call to [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html). + $ref: '#/components/schemas/PredictiveScalingMetric' + Unit: + description: The unit to use for the returned data points. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference*. type: string - StepAdjustment: - description: Represents a step adjustment for a StepScalingPolicyConfiguration. Describes an adjustment based on the difference between the value of the aggregated CloudWatch metric and the breach threshold that you've defined for the alarm. - type: object + StepScalingPolicyConfiguration: + description: |- + ``StepScalingPolicyConfiguration`` is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-applicationautoscaling-scalingpolicy.html) resource that specifies a step scaling policy configuration for Application Auto Scaling. + For more information, see [Step scaling policies](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html) in the *Application Auto Scaling User Guide*. additionalProperties: false - properties: - MetricIntervalLowerBound: - description: The lower bound for the difference between the alarm threshold and the CloudWatch metric. If the metric value is above the breach threshold, the lower bound is inclusive (the metric must be greater than or equal to the threshold plus the lower bound). Otherwise, it is exclusive (the metric must be greater than the threshold plus the lower bound). A null value indicates negative infinity. - type: number - MetricIntervalUpperBound: - description: The upper bound for the difference between the alarm threshold and the CloudWatch metric. If the metric value is above the breach threshold, the upper bound is exclusive (the metric must be less than the threshold plus the upper bound). Otherwise, it is inclusive (the metric must be less than or equal to the threshold plus the upper bound). A null value indicates positive infinity. - type: number - ScalingAdjustment: - description: The amount by which to scale, based on the specified adjustment type. A positive value adds to the current capacity while a negative number removes from the current capacity. For exact capacity, you must specify a positive value. - type: integer - required: - - ScalingAdjustment - MetricDimension: - description: Describes the dimension names and values associated with a metric. type: object - additionalProperties: false properties: - Name: - description: The name of the dimension. + MetricAggregationType: + description: The aggregation type for the CloudWatch metrics. Valid values are ``Minimum``, ``Maximum``, and ``Average``. If the aggregation type is null, the value is treated as ``Average``. type: string - Value: - description: The value of the dimension. + Cooldown: + description: The amount of time, in seconds, to wait for a previous scaling activity to take effect. If not specified, the default value is 300. For more information, see [Cooldown period](https://docs.aws.amazon.com/autoscaling/application/userguide/step-scaling-policy-overview.html#step-scaling-cooldown) in the *Application Auto Scaling User Guide*. + type: integer + StepAdjustments: + uniqueItems: true + description: |- + A set of adjustments that enable you to scale based on the size of the alarm breach. + At least one step adjustment is required if you are adding a new step scaling policy configuration. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/StepAdjustment' + MinAdjustmentMagnitude: + description: The minimum value to scale by when the adjustment type is ``PercentChangeInCapacity``. For example, suppose that you create a step scaling policy to scale out an Amazon ECS service by 25 percent and you specify a ``MinAdjustmentMagnitude`` of 2. If the service has 4 tasks and the scaling policy is performed, 25 percent of 4 is 1. However, because you specified a ``MinAdjustmentMagnitude`` of 2, Application Auto Scaling scales out the service by 2 tasks. + type: integer + AdjustmentType: + description: Specifies whether the ``ScalingAdjustment`` value in the ``StepAdjustment`` property is an absolute number or a percentage of the current capacity. type: string - required: - - Value - - Name ScalingPolicy: type: object properties: - PolicyName: - description: |- - The name of the scaling policy. - - Updates to the name of a target tracking scaling policy are not supported, unless you also update the metric used for scaling. To change only a target tracking scaling policy's name, first delete the policy by removing the existing AWS::ApplicationAutoScaling::ScalingPolicy resource from the template and updating the stack. Then, recreate the resource with the same settings and a different name. - type: string PolicyType: description: |- The scaling policy type. - - The following policy types are supported: - - TargetTrackingScaling Not supported for Amazon EMR - - StepScaling Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune. + The following policy types are supported: + ``TargetTrackingScaling``—Not supported for Amazon EMR + ``StepScaling``—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune. type: string ResourceId: - description: The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier. - type: string - ScalableDimension: - description: The scalable dimension. This string consists of the service namespace, resource type, and scaling property. + description: |- + The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier. + + ECS service - The resource type is ``service`` and the unique identifier is the cluster name and service name. Example: ``service/my-cluster/my-service``. + + Spot Fleet - The resource type is ``spot-fleet-request`` and the unique identifier is the Spot Fleet request ID. Example: ``spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE``. + + EMR cluster - The resource type is ``instancegroup`` and the unique identifier is the cluster ID and instance group ID. Example: ``instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0``. + + AppStream 2.0 fleet - The resource type is ``fleet`` and the unique identifier is the fleet name. Example: ``fleet/sample-fleet``. + + DynamoDB table - The resource type is ``table`` and the unique identifier is the table name. Example: ``table/my-table``. + + DynamoDB global secondary index - The resource type is ``index`` and the unique identifier is the index name. Example: ``table/my-table/index/my-table-index``. + + Aurora DB cluster - The resource type is ``cluster`` and the unique identifier is the cluster name. Example: ``cluster:my-db-cluster``. + + SageMaker endpoint variant - The resource type is ``variant`` and the unique identifier is the resource ID. Example: ``endpoint/my-end-point/variant/KMeansClustering``. + + Custom resources are not supported with a resource type. This parameter must specify the ``OutputValue`` from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our [GitHub repository](https://docs.aws.amazon.com/https://github.com/aws/aws-auto-scaling-custom-resource). + + Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: ``arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE``. + + Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: ``arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE``. + + Lambda provisioned concurrency - The resource type is ``function`` and the unique identifier is the function name with a function version or alias name suffix that is not ``$LATEST``. Example: ``function:my-function:prod`` or ``function:my-function:1``. + + Amazon Keyspaces table - The resource type is ``table`` and the unique identifier is the table name. Example: ``keyspace/mykeyspace/table/mytable``. + + Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: ``arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5``. + + Amazon ElastiCache replication group - The resource type is ``replication-group`` and the unique identifier is the replication group name. Example: ``replication-group/mycluster``. + + Neptune cluster - The resource type is ``cluster`` and the unique identifier is the cluster name. Example: ``cluster:mycluster``. + + SageMaker serverless endpoint - The resource type is ``variant`` and the unique identifier is the resource ID. Example: ``endpoint/my-end-point/variant/KMeansClustering``. + + SageMaker inference component - The resource type is ``inference-component`` and the unique identifier is the resource ID. Example: ``inference-component/my-inference-component``. + + Pool of WorkSpaces - The resource type is ``workspacespool`` and the unique identifier is the pool ID. Example: ``workspacespool/wspool-123456``. type: string ScalingTargetId: - description: The CloudFormation-generated ID of an Application Auto Scaling scalable target. For more information about the ID, see the Return Value section of the AWS::ApplicationAutoScaling::ScalableTarget resource. + description: |- + The CloudFormation-generated ID of an Application Auto Scaling scalable target. For more information about the ID, see the Return Value section of the ``AWS::ApplicationAutoScaling::ScalableTarget`` resource. + You must specify either the ``ScalingTargetId`` property, or the ``ResourceId``, ``ScalableDimension``, and ``ServiceNamespace`` properties, but not both. + type: string + PolicyName: + description: |- + The name of the scaling policy. + Updates to the name of a target tracking scaling policy are not supported, unless you also update the metric used for scaling. To change only a target tracking scaling policy's name, first delete the policy by removing the existing ``AWS::ApplicationAutoScaling::ScalingPolicy`` resource from the template and updating the stack. Then, recreate the resource with the same settings and a different name. type: string ServiceNamespace: - description: The namespace of the AWS service that provides the resource, or a custom-resource. + description: The namespace of the AWS service that provides the resource, or a ``custom-resource``. + type: string + ScalableDimension: + description: |- + The scalable dimension. This string consists of the service namespace, resource type, and scaling property. + + ``ecs:service:DesiredCount`` - The task count of an ECS service. + + ``elasticmapreduce:instancegroup:InstanceCount`` - The instance count of an EMR Instance Group. + + ``ec2:spot-fleet-request:TargetCapacity`` - The target capacity of a Spot Fleet. + + ``appstream:fleet:DesiredCapacity`` - The capacity of an AppStream 2.0 fleet. + + ``dynamodb:table:ReadCapacityUnits`` - The provisioned read capacity for a DynamoDB table. + + ``dynamodb:table:WriteCapacityUnits`` - The provisioned write capacity for a DynamoDB table. + + ``dynamodb:index:ReadCapacityUnits`` - The provisioned read capacity for a DynamoDB global secondary index. + + ``dynamodb:index:WriteCapacityUnits`` - The provisioned write capacity for a DynamoDB global secondary index. + + ``rds:cluster:ReadReplicaCount`` - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition. + + ``sagemaker:variant:DesiredInstanceCount`` - The number of EC2 instances for a SageMaker model endpoint variant. + + ``custom-resource:ResourceType:Property`` - The scalable dimension for a custom resource provided by your own application or service. + + ``comprehend:document-classifier-endpoint:DesiredInferenceUnits`` - The number of inference units for an Amazon Comprehend document classification endpoint. + + ``comprehend:entity-recognizer-endpoint:DesiredInferenceUnits`` - The number of inference units for an Amazon Comprehend entity recognizer endpoint. + + ``lambda:function:ProvisionedConcurrency`` - The provisioned concurrency for a Lambda function. + + ``cassandra:table:ReadCapacityUnits`` - The provisioned read capacity for an Amazon Keyspaces table. + + ``cassandra:table:WriteCapacityUnits`` - The provisioned write capacity for an Amazon Keyspaces table. + + ``kafka:broker-storage:VolumeSize`` - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster. + + ``elasticache:replication-group:NodeGroups`` - The number of node groups for an Amazon ElastiCache replication group. + + ``elasticache:replication-group:Replicas`` - The number of replicas per node group for an Amazon ElastiCache replication group. + + ``neptune:cluster:ReadReplicaCount`` - The count of read replicas in an Amazon Neptune DB cluster. + + ``sagemaker:variant:DesiredProvisionedConcurrency`` - The provisioned concurrency for a SageMaker serverless endpoint. + + ``sagemaker:inference-component:DesiredCopyCount`` - The number of copies across an endpoint for a SageMaker inference component. + + ``workspaces:workspacespool:DesiredUserSessions`` - The number of user sessions for the WorkSpaces in the pool. type: string - StepScalingPolicyConfiguration: - description: A step scaling policy. - $ref: '#/components/schemas/StepScalingPolicyConfiguration' TargetTrackingScalingPolicyConfiguration: description: A target tracking scaling policy. $ref: '#/components/schemas/TargetTrackingScalingPolicyConfiguration' Arn: - description: ARN is a read only property for the resource. + description: '' type: string + StepScalingPolicyConfiguration: + description: A step scaling policy. + $ref: '#/components/schemas/StepScalingPolicyConfiguration' + PredictiveScalingPolicyConfiguration: + description: The predictive scaling policy configuration. + $ref: '#/components/schemas/PredictiveScalingPolicyConfiguration' required: - PolicyName - PolicyType x-stackql-resource-name: scaling_policy - description: Resource Type definition for AWS::ApplicationAutoScaling::ScalingPolicy + description: |- + The ``AWS::ApplicationAutoScaling::ScalingPolicy`` resource defines a scaling policy that Application Auto Scaling uses to adjust the capacity of a scalable target. + For more information, see [Target tracking scaling policies](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html) and [Step scaling policies](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html) in the *Application Auto Scaling User Guide*. x-type-name: AWS::ApplicationAutoScaling::ScalingPolicy x-stackql-primary-identifier: - Arn @@ -863,19 +1188,21 @@ components: tagUpdatable: false cloudFormationSystemTags: false x-required-permissions: + read: + - application-autoscaling:DescribeScalingPolicies create: - application-autoscaling:DescribeScalingPolicies - application-autoscaling:PutScalingPolicy - read: - - application-autoscaling:DescribeScalingPolicies + - cloudwatch:GetMetricData update: - application-autoscaling:DescribeScalingPolicies - application-autoscaling:PutScalingPolicy + - cloudwatch:GetMetricData + list: + - application-autoscaling:DescribeScalingPolicies delete: - application-autoscaling:DescribeScalingPolicies - application-autoscaling:DeleteScalingPolicy - list: - - application-autoscaling:DescribeScalingPolicies CreateScalableTargetRequest: properties: ClientToken: @@ -994,43 +1321,88 @@ components: DesiredState: type: object properties: - PolicyName: - description: |- - The name of the scaling policy. - - Updates to the name of a target tracking scaling policy are not supported, unless you also update the metric used for scaling. To change only a target tracking scaling policy's name, first delete the policy by removing the existing AWS::ApplicationAutoScaling::ScalingPolicy resource from the template and updating the stack. Then, recreate the resource with the same settings and a different name. - type: string PolicyType: description: |- The scaling policy type. - - The following policy types are supported: - - TargetTrackingScaling Not supported for Amazon EMR - - StepScaling Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune. + The following policy types are supported: + ``TargetTrackingScaling``—Not supported for Amazon EMR + ``StepScaling``—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune. type: string ResourceId: - description: The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier. - type: string - ScalableDimension: - description: The scalable dimension. This string consists of the service namespace, resource type, and scaling property. + description: |- + The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier. + + ECS service - The resource type is ``service`` and the unique identifier is the cluster name and service name. Example: ``service/my-cluster/my-service``. + + Spot Fleet - The resource type is ``spot-fleet-request`` and the unique identifier is the Spot Fleet request ID. Example: ``spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE``. + + EMR cluster - The resource type is ``instancegroup`` and the unique identifier is the cluster ID and instance group ID. Example: ``instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0``. + + AppStream 2.0 fleet - The resource type is ``fleet`` and the unique identifier is the fleet name. Example: ``fleet/sample-fleet``. + + DynamoDB table - The resource type is ``table`` and the unique identifier is the table name. Example: ``table/my-table``. + + DynamoDB global secondary index - The resource type is ``index`` and the unique identifier is the index name. Example: ``table/my-table/index/my-table-index``. + + Aurora DB cluster - The resource type is ``cluster`` and the unique identifier is the cluster name. Example: ``cluster:my-db-cluster``. + + SageMaker endpoint variant - The resource type is ``variant`` and the unique identifier is the resource ID. Example: ``endpoint/my-end-point/variant/KMeansClustering``. + + Custom resources are not supported with a resource type. This parameter must specify the ``OutputValue`` from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our [GitHub repository](https://docs.aws.amazon.com/https://github.com/aws/aws-auto-scaling-custom-resource). + + Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: ``arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE``. + + Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: ``arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE``. + + Lambda provisioned concurrency - The resource type is ``function`` and the unique identifier is the function name with a function version or alias name suffix that is not ``$LATEST``. Example: ``function:my-function:prod`` or ``function:my-function:1``. + + Amazon Keyspaces table - The resource type is ``table`` and the unique identifier is the table name. Example: ``keyspace/mykeyspace/table/mytable``. + + Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: ``arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5``. + + Amazon ElastiCache replication group - The resource type is ``replication-group`` and the unique identifier is the replication group name. Example: ``replication-group/mycluster``. + + Neptune cluster - The resource type is ``cluster`` and the unique identifier is the cluster name. Example: ``cluster:mycluster``. + + SageMaker serverless endpoint - The resource type is ``variant`` and the unique identifier is the resource ID. Example: ``endpoint/my-end-point/variant/KMeansClustering``. + + SageMaker inference component - The resource type is ``inference-component`` and the unique identifier is the resource ID. Example: ``inference-component/my-inference-component``. + + Pool of WorkSpaces - The resource type is ``workspacespool`` and the unique identifier is the pool ID. Example: ``workspacespool/wspool-123456``. type: string ScalingTargetId: - description: The CloudFormation-generated ID of an Application Auto Scaling scalable target. For more information about the ID, see the Return Value section of the AWS::ApplicationAutoScaling::ScalableTarget resource. + description: |- + The CloudFormation-generated ID of an Application Auto Scaling scalable target. For more information about the ID, see the Return Value section of the ``AWS::ApplicationAutoScaling::ScalableTarget`` resource. + You must specify either the ``ScalingTargetId`` property, or the ``ResourceId``, ``ScalableDimension``, and ``ServiceNamespace`` properties, but not both. + type: string + PolicyName: + description: |- + The name of the scaling policy. + Updates to the name of a target tracking scaling policy are not supported, unless you also update the metric used for scaling. To change only a target tracking scaling policy's name, first delete the policy by removing the existing ``AWS::ApplicationAutoScaling::ScalingPolicy`` resource from the template and updating the stack. Then, recreate the resource with the same settings and a different name. type: string ServiceNamespace: - description: The namespace of the AWS service that provides the resource, or a custom-resource. + description: The namespace of the AWS service that provides the resource, or a ``custom-resource``. + type: string + ScalableDimension: + description: |- + The scalable dimension. This string consists of the service namespace, resource type, and scaling property. + + ``ecs:service:DesiredCount`` - The task count of an ECS service. + + ``elasticmapreduce:instancegroup:InstanceCount`` - The instance count of an EMR Instance Group. + + ``ec2:spot-fleet-request:TargetCapacity`` - The target capacity of a Spot Fleet. + + ``appstream:fleet:DesiredCapacity`` - The capacity of an AppStream 2.0 fleet. + + ``dynamodb:table:ReadCapacityUnits`` - The provisioned read capacity for a DynamoDB table. + + ``dynamodb:table:WriteCapacityUnits`` - The provisioned write capacity for a DynamoDB table. + + ``dynamodb:index:ReadCapacityUnits`` - The provisioned read capacity for a DynamoDB global secondary index. + + ``dynamodb:index:WriteCapacityUnits`` - The provisioned write capacity for a DynamoDB global secondary index. + + ``rds:cluster:ReadReplicaCount`` - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition. + + ``sagemaker:variant:DesiredInstanceCount`` - The number of EC2 instances for a SageMaker model endpoint variant. + + ``custom-resource:ResourceType:Property`` - The scalable dimension for a custom resource provided by your own application or service. + + ``comprehend:document-classifier-endpoint:DesiredInferenceUnits`` - The number of inference units for an Amazon Comprehend document classification endpoint. + + ``comprehend:entity-recognizer-endpoint:DesiredInferenceUnits`` - The number of inference units for an Amazon Comprehend entity recognizer endpoint. + + ``lambda:function:ProvisionedConcurrency`` - The provisioned concurrency for a Lambda function. + + ``cassandra:table:ReadCapacityUnits`` - The provisioned read capacity for an Amazon Keyspaces table. + + ``cassandra:table:WriteCapacityUnits`` - The provisioned write capacity for an Amazon Keyspaces table. + + ``kafka:broker-storage:VolumeSize`` - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster. + + ``elasticache:replication-group:NodeGroups`` - The number of node groups for an Amazon ElastiCache replication group. + + ``elasticache:replication-group:Replicas`` - The number of replicas per node group for an Amazon ElastiCache replication group. + + ``neptune:cluster:ReadReplicaCount`` - The count of read replicas in an Amazon Neptune DB cluster. + + ``sagemaker:variant:DesiredProvisionedConcurrency`` - The provisioned concurrency for a SageMaker serverless endpoint. + + ``sagemaker:inference-component:DesiredCopyCount`` - The number of copies across an endpoint for a SageMaker inference component. + + ``workspaces:workspacespool:DesiredUserSessions`` - The number of user sessions for the WorkSpaces in the pool. type: string - StepScalingPolicyConfiguration: - description: A step scaling policy. - $ref: '#/components/schemas/StepScalingPolicyConfiguration' TargetTrackingScalingPolicyConfiguration: description: A target tracking scaling policy. $ref: '#/components/schemas/TargetTrackingScalingPolicyConfiguration' Arn: - description: ARN is a read only property for the resource. + description: '' type: string + StepScalingPolicyConfiguration: + description: A step scaling policy. + $ref: '#/components/schemas/StepScalingPolicyConfiguration' + PredictiveScalingPolicyConfiguration: + description: The predictive scaling policy configuration. + $ref: '#/components/schemas/PredictiveScalingPolicyConfiguration' x-stackQL-stringOnly: true x-title: CreateScalingPolicyRequest type: object @@ -1281,15 +1653,16 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, JSON_EXTRACT(Properties, '$.PolicyType') as policy_type, JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, - JSON_EXTRACT(Properties, '$.ScalableDimension') as scalable_dimension, JSON_EXTRACT(Properties, '$.ScalingTargetId') as scaling_target_id, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, JSON_EXTRACT(Properties, '$.ServiceNamespace') as service_namespace, - JSON_EXTRACT(Properties, '$.StepScalingPolicyConfiguration') as step_scaling_policy_configuration, + JSON_EXTRACT(Properties, '$.ScalableDimension') as scalable_dimension, JSON_EXTRACT(Properties, '$.TargetTrackingScalingPolicyConfiguration') as target_tracking_scaling_policy_configuration, - JSON_EXTRACT(Properties, '$.Arn') as arn + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.StepScalingPolicyConfiguration') as step_scaling_policy_configuration, + JSON_EXTRACT(Properties, '$.PredictiveScalingPolicyConfiguration') as predictive_scaling_policy_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApplicationAutoScaling::ScalingPolicy' AND data__Identifier = '|' AND region = 'us-east-1' @@ -1298,15 +1671,16 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.PolicyName') as policy_name, JSON_EXTRACT(detail.Properties, '$.PolicyType') as policy_type, JSON_EXTRACT(detail.Properties, '$.ResourceId') as resource_id, - JSON_EXTRACT(detail.Properties, '$.ScalableDimension') as scalable_dimension, JSON_EXTRACT(detail.Properties, '$.ScalingTargetId') as scaling_target_id, + JSON_EXTRACT(detail.Properties, '$.PolicyName') as policy_name, JSON_EXTRACT(detail.Properties, '$.ServiceNamespace') as service_namespace, - JSON_EXTRACT(detail.Properties, '$.StepScalingPolicyConfiguration') as step_scaling_policy_configuration, + JSON_EXTRACT(detail.Properties, '$.ScalableDimension') as scalable_dimension, JSON_EXTRACT(detail.Properties, '$.TargetTrackingScalingPolicyConfiguration') as target_tracking_scaling_policy_configuration, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.StepScalingPolicyConfiguration') as step_scaling_policy_configuration, + JSON_EXTRACT(detail.Properties, '$.PredictiveScalingPolicyConfiguration') as predictive_scaling_policy_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1320,15 +1694,16 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'PolicyName') as policy_name, json_extract_path_text(Properties, 'PolicyType') as policy_type, json_extract_path_text(Properties, 'ResourceId') as resource_id, - json_extract_path_text(Properties, 'ScalableDimension') as scalable_dimension, json_extract_path_text(Properties, 'ScalingTargetId') as scaling_target_id, + json_extract_path_text(Properties, 'PolicyName') as policy_name, json_extract_path_text(Properties, 'ServiceNamespace') as service_namespace, - json_extract_path_text(Properties, 'StepScalingPolicyConfiguration') as step_scaling_policy_configuration, + json_extract_path_text(Properties, 'ScalableDimension') as scalable_dimension, json_extract_path_text(Properties, 'TargetTrackingScalingPolicyConfiguration') as target_tracking_scaling_policy_configuration, - json_extract_path_text(Properties, 'Arn') as arn + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'StepScalingPolicyConfiguration') as step_scaling_policy_configuration, + json_extract_path_text(Properties, 'PredictiveScalingPolicyConfiguration') as predictive_scaling_policy_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApplicationAutoScaling::ScalingPolicy' AND data__Identifier = '|' AND region = 'us-east-1' @@ -1337,15 +1712,16 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'PolicyName') as policy_name, json_extract_path_text(detail.Properties, 'PolicyType') as policy_type, json_extract_path_text(detail.Properties, 'ResourceId') as resource_id, - json_extract_path_text(detail.Properties, 'ScalableDimension') as scalable_dimension, json_extract_path_text(detail.Properties, 'ScalingTargetId') as scaling_target_id, + json_extract_path_text(detail.Properties, 'PolicyName') as policy_name, json_extract_path_text(detail.Properties, 'ServiceNamespace') as service_namespace, - json_extract_path_text(detail.Properties, 'StepScalingPolicyConfiguration') as step_scaling_policy_configuration, + json_extract_path_text(detail.Properties, 'ScalableDimension') as scalable_dimension, json_extract_path_text(detail.Properties, 'TargetTrackingScalingPolicyConfiguration') as target_tracking_scaling_policy_configuration, - json_extract_path_text(detail.Properties, 'Arn') as arn + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'StepScalingPolicyConfiguration') as step_scaling_policy_configuration, + json_extract_path_text(detail.Properties, 'PredictiveScalingPolicyConfiguration') as predictive_scaling_policy_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/applicationinsights.yaml b/providers/src/aws/v00.00.00000/services/applicationinsights.yaml index 95d75585..b2ffd5f2 100644 --- a/providers/src/aws/v00.00.00000/services/applicationinsights.yaml +++ b/providers/src/aws/v00.00.00000/services/applicationinsights.yaml @@ -863,6 +863,12 @@ components: minLength: 20 maxLength: 300 pattern: ^arn:aws(-[\w]+)*:[\w\d-]+:([\w\d-]*)?:[\w\d_-]*([:/].+)*$ + SNSNotificationArn: + description: Application Insights sends notifications to this SNS topic whenever there is a problem update in the associated application. + type: string + minLength: 20 + maxLength: 300 + pattern: ^arn:aws(-[\w]+)*:[\w\d-]+:([\w\d-]*)?:[\w\d_-]*([:/].+)*$ Tags: description: The tags of Application Insights application. type: array @@ -918,23 +924,98 @@ components: - CustomComponents - GroupingType - OpsItemSNSTopicArn + - SNSNotificationArn - AttachMissingPermission x-read-only-properties: - ApplicationARN x-required-properties: - ResourceGroupName - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - applicationinsights:ListTagsForResource + - applicationinsights:TagResource + - applicationinsights:UntagResource x-required-permissions: create: - - '*' + - applicationinsights:CreateApplication + - applicationinsights:DescribeApplication + - applicationinsights:CreateComponent + - applicationinsights:DescribeComponent + - applicationinsights:CreateLogPattern + - applicationinsights:DescribeLogPattern + - applicationinsights:DescribeComponentConfigurationRecommendation + - applicationinsights:UpdateComponentConfiguration + - applicationinsights:ListComponents + - applicationinsights:TagResource + - ec2:DescribeInstances + - ec2:DescribeVolumes + - rds:DescribeDBInstances + - rds:DescribeDBClusters + - sqs:ListQueues + - elasticloadbalancing:DescribeLoadBalancers + - elasticloadbalancing:DescribeTargetGroups + - elasticloadbalancing:DescribeTargetHealth + - autoscaling:DescribeAutoScalingGroups + - lambda:ListFunctions + - dynamodb:ListTables + - s3:ListAllMyBuckets + - sns:ListTopics + - states:ListStateMachines + - apigateway:GET + - ecs:ListClusters + - ecs:DescribeTaskDefinition + - ecs:ListServices + - ecs:ListTasks + - eks:ListClusters + - eks:ListNodegroups + - fsx:DescribeFileSystems + - logs:DescribeLogGroups + - elasticfilesystem:DescribeFileSystems read: - - '*' + - applicationinsights:DescribeApplication + - applicationinsights:ListTagsForResource + - applicationinsights:DescribeComponent + - applicationinsights:ListComponents + - applicationinsights:DescribeLogPattern + - applicationinsights:ListLogPatterns + - applicationinsights:ListLogPatternSets update: - - '*' + - applicationinsights:CreateApplication + - applicationinsights:DescribeApplication + - applicationinsights:UpdateApplication + - applicationinsights:TagResource + - applicationinsights:UntagResource + - applicationinsights:ListTagsForResource + - applicationinsights:CreateComponent + - applicationinsights:DescribeComponent + - applicationinsights:DeleteComponent + - applicationinsights:ListComponents + - applicationinsights:CreateLogPattern + - applicationinsights:DeleteLogPattern + - applicationinsights:DescribeLogPattern + - applicationinsights:ListLogPatterns + - applicationinsights:ListLogPatternSets + - applicationinsights:UpdateLogPattern + - applicationinsights:DescribeComponentConfiguration + - applicationinsights:DescribeComponentConfigurationRecommendation + - applicationinsights:UpdateComponentConfiguration delete: - - '*' + - applicationinsights:DeleteApplication + - applicationinsights:DescribeApplication list: - - '*' + - applicationinsights:ListApplications + - applicationinsights:DescribeApplication + - applicationinsights:ListTagsForResource + - applicationinsights:DescribeComponent + - applicationinsights:ListComponents + - applicationinsights:DescribeLogPattern + - applicationinsights:ListLogPatterns + - applicationinsights:ListLogPatternSets CreateApplicationRequest: properties: ClientToken: @@ -969,6 +1050,12 @@ components: minLength: 20 maxLength: 300 pattern: ^arn:aws(-[\w]+)*:[\w\d-]+:([\w\d-]*)?:[\w\d_-]*([:/].+)*$ + SNSNotificationArn: + description: Application Insights sends notifications to this SNS topic whenever there is a problem update in the associated application. + type: string + minLength: 20 + maxLength: 300 + pattern: ^arn:aws(-[\w]+)*:[\w\d-]+:([\w\d-]*)?:[\w\d_-]*([:/].+)*$ Tags: description: The tags of Application Insights application. type: array @@ -1088,6 +1175,7 @@ components: JSON_EXTRACT(Properties, '$.CWEMonitorEnabled') as cwe_monitor_enabled, JSON_EXTRACT(Properties, '$.OpsCenterEnabled') as ops_center_enabled, JSON_EXTRACT(Properties, '$.OpsItemSNSTopicArn') as ops_item_sns_topic_arn, + JSON_EXTRACT(Properties, '$.SNSNotificationArn') as sns_notification_arn, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.CustomComponents') as custom_components, JSON_EXTRACT(Properties, '$.LogPatternSets') as log_pattern_sets, @@ -1108,6 +1196,7 @@ components: JSON_EXTRACT(detail.Properties, '$.CWEMonitorEnabled') as cwe_monitor_enabled, JSON_EXTRACT(detail.Properties, '$.OpsCenterEnabled') as ops_center_enabled, JSON_EXTRACT(detail.Properties, '$.OpsItemSNSTopicArn') as ops_item_sns_topic_arn, + JSON_EXTRACT(detail.Properties, '$.SNSNotificationArn') as sns_notification_arn, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.CustomComponents') as custom_components, JSON_EXTRACT(detail.Properties, '$.LogPatternSets') as log_pattern_sets, @@ -1133,6 +1222,7 @@ components: json_extract_path_text(Properties, 'CWEMonitorEnabled') as cwe_monitor_enabled, json_extract_path_text(Properties, 'OpsCenterEnabled') as ops_center_enabled, json_extract_path_text(Properties, 'OpsItemSNSTopicArn') as ops_item_sns_topic_arn, + json_extract_path_text(Properties, 'SNSNotificationArn') as sns_notification_arn, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'CustomComponents') as custom_components, json_extract_path_text(Properties, 'LogPatternSets') as log_pattern_sets, @@ -1153,6 +1243,7 @@ components: json_extract_path_text(detail.Properties, 'CWEMonitorEnabled') as cwe_monitor_enabled, json_extract_path_text(detail.Properties, 'OpsCenterEnabled') as ops_center_enabled, json_extract_path_text(detail.Properties, 'OpsItemSNSTopicArn') as ops_item_sns_topic_arn, + json_extract_path_text(detail.Properties, 'SNSNotificationArn') as sns_notification_arn, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'CustomComponents') as custom_components, json_extract_path_text(detail.Properties, 'LogPatternSets') as log_pattern_sets, @@ -1223,6 +1314,7 @@ components: JSON_EXTRACT(detail.Properties, '$.CWEMonitorEnabled') as cwe_monitor_enabled, JSON_EXTRACT(detail.Properties, '$.OpsCenterEnabled') as ops_center_enabled, JSON_EXTRACT(detail.Properties, '$.OpsItemSNSTopicArn') as ops_item_sns_topic_arn, + JSON_EXTRACT(detail.Properties, '$.SNSNotificationArn') as sns_notification_arn, JSON_EXTRACT(detail.Properties, '$.CustomComponents') as custom_components, JSON_EXTRACT(detail.Properties, '$.LogPatternSets') as log_pattern_sets, JSON_EXTRACT(detail.Properties, '$.AutoConfigurationEnabled') as auto_configuration_enabled, @@ -1249,6 +1341,7 @@ components: json_extract_path_text(detail.Properties, 'CWEMonitorEnabled') as cwe_monitor_enabled, json_extract_path_text(detail.Properties, 'OpsCenterEnabled') as ops_center_enabled, json_extract_path_text(detail.Properties, 'OpsItemSNSTopicArn') as ops_item_sns_topic_arn, + json_extract_path_text(detail.Properties, 'SNSNotificationArn') as sns_notification_arn, json_extract_path_text(detail.Properties, 'CustomComponents') as custom_components, json_extract_path_text(detail.Properties, 'LogPatternSets') as log_pattern_sets, json_extract_path_text(detail.Properties, 'AutoConfigurationEnabled') as auto_configuration_enabled, diff --git a/providers/src/aws/v00.00.00000/services/applicationsignals.yaml b/providers/src/aws/v00.00.00000/services/applicationsignals.yaml new file mode 100644 index 00000000..917ec2a1 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/applicationsignals.yaml @@ -0,0 +1,1290 @@ +openapi: 3.0.0 +info: + title: ApplicationSignals + version: 2.0.0 + x-serviceName: cloudcontrolapi +servers: + - url: https://cloudcontrolapi.{region}.amazonaws.com + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The CloudControlApi multi-region endpoint + - url: https://cloudcontrolapi.{region}.amazonaws.com.cn + variables: + region: + description: The AWS region + enum: + - cn-north-1 + - cn-northwest-1 + default: cn-north-1 + description: The CloudControlApi endpoint for China (Beijing) and China (Ningxia) +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + x-cloud-control-schemas: + AlreadyExistsException: {} + CancelResourceRequestInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: CancelResourceRequestInput + type: object + CancelResourceRequestOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + ClientToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + ClientTokenConflictException: {} + ConcurrentModificationException: {} + ConcurrentOperationException: {} + CreateResourceInput: + properties: + ClientToken: + type: string + DesiredState: + allOf: + - $ref: '#/components/x-cloud-control-schemas/Properties' + - description: >- +

Structured data format representing the desired state of the resource, consisting of that resource's properties and their desired values.

Cloud Control API currently supports JSON as a structured data format.

 
 <p>Specify the desired state as one of the following:</p> <ul> <li> <p>A JSON blob</p> </li> <li> <p>A local path containing the desired state in JSON data format</p>
+                </li> </ul> <p>For more information, see <a href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-create.html#resource-operations-create-desiredstate">Composing the desired state of the resource</a> in the <i>Amazon Web Services Cloud Control API User Guide</i>.</p> <p>For more information about the properties of a specific resource, refer to the related topic for the resource in the
+                <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Resource and property types reference</a> in the <i>CloudFormation Users Guide</i>.</p>
+ RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - DesiredState + title: CreateResourceInput + type: object + CreateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + DeleteResourceInput: + properties: + ClientToken: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - Identifier + title: DeleteResourceInput + type: object + DeleteResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + GeneralServiceException: {} + GetResourceInput: + properties: + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + required: + - TypeName + - Identifier + title: GetResourceInput + type: object + GetResourceOutput: + properties: + ResourceDescription: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + TypeName: + type: string + type: object + GetResourceRequestStatusInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: GetResourceRequestStatusInput + type: object + GetResourceRequestStatusOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + HandlerErrorCode: + enum: + - NotUpdatable + - InvalidRequest + - AccessDenied + - InvalidCredentials + - AlreadyExists + - NotFound + - ResourceConflict + - Throttling + - ServiceLimitExceeded + - NotStabilized + - GeneralServiceException + - ServiceInternalError + - ServiceTimeout + - NetworkFailure + - InternalFailure + type: string + HandlerFailureException: {} + HandlerInternalFailureException: {} + HandlerNextToken: + maxLength: 2048 + minLength: 1 + pattern: .+ + type: string + Identifier: + maxLength: 1024 + minLength: 1 + pattern: .+ + type: string + InvalidCredentialsException: {} + InvalidRequestException: {} + MaxResults: + maximum: 100 + minimum: 1 + type: integer + NetworkFailureException: {} + NextToken: + maxLength: 2048 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + NotStabilizedException: {} + NotUpdatableException: {} + Operation: + enum: + - CREATE + - DELETE + - UPDATE + type: string + OperationStatus: + enum: + - PENDING + - IN_PROGRESS + - SUCCESS + - FAILED + - CANCEL_IN_PROGRESS + - CANCEL_COMPLETE + type: string + OperationStatuses: + items: + $ref: '#/components/x-cloud-control-schemas/OperationStatus' + type: array + Operations: + items: + $ref: '#/components/x-cloud-control-schemas/Operation' + type: array + PatchDocument: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + PrivateTypeException: {} + ProgressEvent: + example: + ErrorCode: string + EventTime: number + Identifier: string + Operation: string + OperationStatus: string + RequestToken: string + ResourceModel: string + RetryAfter: number + StatusMessage: string + TypeName: string + properties: + ErrorCode: + type: string + EventTime: + type: number + Identifier: + type: string + Operation: + type: string + OperationStatus: + type: string + RequestToken: + type: string + ResourceModel: + type: string + RetryAfter: + type: number + StatusMessage: + type: string + TypeName: + type: string + type: object + Properties: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + RequestToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + RequestTokenNotFoundException: {} + ResourceConflictException: {} + ResourceDescription: + description: Represents information about a provisioned resource. + properties: + Identifier: + type: string + Properties: + type: string + type: object + ResourceDescriptions: + items: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + type: array + ResourceNotFoundException: {} + ResourceRequestStatusFilter: + description: The filter criteria to use in determining the requests returned. + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/OperationStatuses' + - description: >- +

The operation statuses to include in the filter.

  • PENDING: The operation has been requested, but not yet initiated.

  • IN_PROGRESS: The operation is in progress.

  • SUCCESS: The operation completed.

  • FAILED: The operation failed.

  • CANCEL_IN_PROGRESS: The operation is in the process of being canceled.

  • + CANCEL_COMPLETE: The operation has been canceled.

+ type: object + ResourceRequestStatusSummaries: + items: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: array + RoleArn: + maxLength: 2048 + minLength: 20 + pattern: arn:.+:iam::[0-9]{12}:role/.+ + type: string + ServiceInternalErrorException: {} + ServiceLimitExceededException: {} + StatusMessage: + maxLength: 1024 + minLength: 0 + pattern: '[\s\S]*' + type: string + ThrottlingException: {} + Timestamp: + format: date-time + type: string + TypeName: + maxLength: 196 + minLength: 10 + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}' + type: string + TypeNotFoundException: {} + TypeVersionId: + maxLength: 128 + minLength: 1 + pattern: '[A-Za-z0-9-]+' + type: string + UnsupportedActionException: {} + UpdateResourceInput: + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/PatchDocument' + required: + - Identifier + - PatchDocument + title: UpdateResourceInput + type: object + UpdateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + schemas: + Sli: + description: This structure contains information about the performance metric that an SLO monitors. + type: object + additionalProperties: false + properties: + SliMetric: + $ref: '#/components/schemas/SliMetric' + MetricThreshold: + description: The value that the SLI metric is compared to. + type: number + ComparisonOperator: + description: The arithmetic operation used when comparing the specified metric to the threshold. + type: string + enum: + - GreaterThanOrEqualTo + - LessThanOrEqualTo + - LessThan + - GreaterThan + required: + - SliMetric + - MetricThreshold + - ComparisonOperator + RequestBasedSli: + description: This structure contains information about the performance metric that a request-based SLO monitors. + type: object + additionalProperties: false + properties: + RequestBasedSliMetric: + $ref: '#/components/schemas/RequestBasedSliMetric' + MetricThreshold: + description: The value that the SLI metric is compared to. + type: number + ComparisonOperator: + description: The arithmetic operation used when comparing the specified metric to the threshold. + type: string + enum: + - GreaterThanOrEqualTo + - LessThanOrEqualTo + - LessThan + - GreaterThan + required: + - RequestBasedSliMetric + Goal: + description: A structure that contains the attributes that determine the goal of the SLO. This includes the time period for evaluation and the attainment threshold. + type: object + additionalProperties: false + properties: + Interval: + $ref: '#/components/schemas/Interval' + AttainmentGoal: + description: |- + The threshold that determines if the goal is being met. An attainment goal is the ratio of good periods that meet the threshold requirements to the total periods within the interval. For example, an attainment goal of 99.9% means that within your interval, you are targeting 99.9% of the periods to be in healthy state. + If you omit this parameter, 99 is used to represent 99% as the attainment goal. + type: number + WarningThreshold: + description: The percentage of remaining budget over total budget that you want to get warnings for. If you omit this parameter, the default of 50.0 is used. + type: number + SliMetric: + description: A structure that contains information about the metric that the SLO monitors. + type: object + additionalProperties: false + properties: + KeyAttributes: + $ref: '#/components/schemas/KeyAttributes' + OperationName: + description: If the SLO monitors a specific operation of the service, this field displays that operation name. + type: string + minLength: 1 + maxLength: 255 + MetricType: + description: If the SLO monitors either the LATENCY or AVAILABILITY metric that Application Signals collects, this field displays which of those metrics is used. + type: string + enum: + - LATENCY + - AVAILABILITY + Statistic: + description: The statistic to use for comparison to the threshold. It can be any CloudWatch statistic or extended statistic + type: string + minLength: 1 + maxLength: 20 + PeriodSeconds: + description: The number of seconds to use as the period for SLO evaluation. Your application's performance is compared to the SLI during each period. For each period, the application is determined to have either achieved or not achieved the necessary performance. + type: integer + minimum: 60 + maximum: 900 + MetricDataQueries: + $ref: '#/components/schemas/MetricDataQueries' + RequestBasedSliMetric: + description: This structure contains the information about the metric that is used for a request-based SLO. + type: object + additionalProperties: false + properties: + KeyAttributes: + $ref: '#/components/schemas/KeyAttributes' + OperationName: + description: If the SLO monitors a specific operation of the service, this field displays that operation name. + type: string + minLength: 1 + maxLength: 255 + MetricType: + description: If the SLO monitors either the LATENCY or AVAILABILITY metric that Application Signals collects, this field displays which of those metrics is used. + type: string + enum: + - LATENCY + - AVAILABILITY + TotalRequestCountMetric: + description: This structure defines the metric that is used as the "total requests" number for a request-based SLO. The number observed for this metric is divided by the number of "good requests" or "bad requests" that is observed for the metric defined in `MonitoredRequestCountMetric`. + $ref: '#/components/schemas/MetricDataQueries' + MonitoredRequestCountMetric: + $ref: '#/components/schemas/MonitoredRequestCountMetric' + MonitoredRequestCountMetric: + description: This structure defines the metric that is used as the "good request" or "bad request" value for a request-based SLO. This value observed for the metric defined in `TotalRequestCountMetric` is divided by the number found for `MonitoredRequestCountMetric` to determine the percentage of successful requests that this SLO tracks. + type: object + additionalProperties: false + properties: + GoodCountMetric: + description: If you want to count "good requests" to determine the percentage of successful requests for this request-based SLO, specify the metric to use as "good requests" in this structure. + $ref: '#/components/schemas/MetricDataQueries' + BadCountMetric: + description: If you want to count "bad requests" to determine the percentage of successful requests for this request-based SLO, specify the metric to use as "bad requests" in this structure. + $ref: '#/components/schemas/MetricDataQueries' + KeyAttributes: + description: This is a string-to-string map that contains information about the type of object that this SLO is related to. + x-patternProperties: + ^.+$: + type: string + additionalProperties: false + Interval: + description: |- + The time period used to evaluate the SLO. It can be either a calendar interval or rolling interval. + If you omit this parameter, a rolling interval of 7 days is used. + type: object + additionalProperties: false + properties: + RollingInterval: + $ref: '#/components/schemas/RollingInterval' + CalendarInterval: + $ref: '#/components/schemas/CalendarInterval' + RollingInterval: + description: If the interval is a calendar interval, this structure contains the interval specifications. + type: object + additionalProperties: false + properties: + DurationUnit: + $ref: '#/components/schemas/DurationUnit' + Duration: + $ref: '#/components/schemas/Duration' + required: + - DurationUnit + - Duration + CalendarInterval: + description: If the interval for this service level objective is a calendar interval, this structure contains the interval specifications. + type: object + additionalProperties: false + properties: + StartTime: + type: integer + description: |- + Epoch time in seconds you want the first interval to start. Be sure to choose a time that configures the intervals the way that you want. For example, if you want weekly intervals starting on Mondays at 6 a.m., be sure to specify a start time that is a Monday at 6 a.m. + As soon as one calendar interval ends, another automatically begins. + minimum: 946684800 + DurationUnit: + $ref: '#/components/schemas/DurationUnit' + Duration: + $ref: '#/components/schemas/Duration' + required: + - StartTime + - DurationUnit + - Duration + DurationUnit: + description: Specifies the calendar interval unit. + type: string + enum: + - DAY + - MONTH + Duration: + description: Specifies the duration of each calendar interval. For example, if `Duration` is 1 and `DurationUnit` is `MONTH`, each interval is one month, aligned with the calendar. + type: integer + minimum: 1 + MetricDataQueries: + description: If this SLO monitors a CloudWatch metric or the result of a CloudWatch metric math expression, this structure includes the information about that metric or expression. + type: array + uniqueItems: false + x-insertionOrder: true + items: + $ref: '#/components/schemas/MetricDataQuery' + MetricDataQuery: + description: >- + Use this structure to define a metric or metric math expression that you want to use as for a service level objective. + + Each `MetricDataQuery` in the `MetricDataQueries` array specifies either a metric to retrieve, or a metric math expression to be performed on retrieved metrics. A single `MetricDataQueries` array can include as many as 20 `MetricDataQuery` structures in the array. The 20 structures can include as many as 10 structures that contain a `MetricStat` parameter to retrieve a metric, and as many as 10 structures that contain the `Expression` parameter to perform a math expression. Of those + Expression structures, exactly one must have true as the value for `ReturnData`. The result of this expression used for the SLO. + type: object + additionalProperties: false + properties: + MetricStat: + description: A metric to be used directly for the SLO, or to be used in the math expression that will be used for the SLO. Within one MetricDataQuery, you must specify either Expression or MetricStat but not both. + $ref: '#/components/schemas/MetricStat' + Id: + description: A short name used to tie this object to the results in the response. + type: string + ReturnData: + description: This option indicates whether to return the timestamps and raw data values of this metric. + type: boolean + Expression: + description: The math expression to be performed on the returned data. + type: string + AccountId: + description: The ID of the account where the metrics are located, if this is a cross-account alarm. + type: string + required: + - Id + MetricStat: + description: A metric to be used directly for the SLO, or to be used in the math expression that will be used for the SLO. Within one MetricDataQuery object, you must specify either Expression or MetricStat but not both. + type: object + additionalProperties: false + properties: + Period: + description: The granularity, in seconds, to be used for the metric. + type: integer + Metric: + $ref: '#/components/schemas/Metric' + Stat: + description: The statistic to use for comparison to the threshold. It can be any CloudWatch statistic or extended statistic. + type: string + Unit: + description: If you omit Unit then all data that was collected with any unit is returned, along with the corresponding units that were specified when the data was reported to CloudWatch. If you specify a unit, the operation returns only data that was collected with that unit specified. If you specify a unit that does not match the data collected, the results of the operation are null. CloudWatch does not perform unit conversions. + type: string + required: + - Stat + - Period + - Metric + Metric: + description: This structure defines the metric used for a service level indicator, including the metric name, namespace, and dimensions. + type: object + additionalProperties: false + properties: + MetricName: + description: The name of the metric to use. + type: string + Dimensions: + description: An array of one or more dimensions to use to define the metric that you want to use. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Dimension' + Namespace: + description: The namespace of the metric. + type: string + Dimension: + description: A dimension is a name/value pair that is part of the identity of a metric. Because dimensions are part of the unique identifier for a metric, whenever you add a unique name/value pair to one of your metrics, you are creating a new variation of that metric. For example, many Amazon EC2 metrics publish `InstanceId` as a dimension name, and the actual instance ID as the value for that dimension. You can assign up to 30 dimensions to a metric. + type: object + additionalProperties: false + properties: + Value: + description: The value of the dimension. Dimension values must contain only ASCII characters and must include at least one non-whitespace character. ASCII control characters are not supported as part of dimension values + type: string + Name: + description: The name of the dimension. Dimension names must contain only ASCII characters, must include at least one non-whitespace character, and cannot start with a colon (:). ASCII control characters are not supported as part of dimension names. + type: string + required: + - Value + - Name + Tags: + description: The list of tag keys and values associated with the resource you specified + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + minItems: 1 + maxItems: 200 + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + description: A string that you can use to assign a value. The combination of tag keys and values can help you organize and categorize your resources. + minLength: 1 + maxLength: 128 + Value: + type: string + description: The value for the specified tag key. + minLength: 0 + maxLength: 256 + required: + - Key + - Value + BurnRateConfigurations: + description: Each object in this array defines the length of the look-back window used to calculate one burn rate metric for this SLO. The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/BurnRateConfiguration' + minItems: 0 + maxItems: 10 + BurnRateConfiguration: + type: object + description: |- + This object defines the length of the look-back window used to calculate one burn rate metric for this SLO. The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO. A burn rate of exactly 1 indicates that the SLO goal will be met exactly. + For example, if you specify 60 as the number of minutes in the look-back window, the burn rate is calculated as the following: + burn rate = error rate over the look-back window / (1 - attainment goal percentage) + additionalProperties: false + properties: + LookBackWindowMinutes: + description: The number of minutes to use as the look-back window. + type: integer + minimum: 1 + maximum: 10080 + required: + - LookBackWindowMinutes + ServiceLevelObjective: + type: object + properties: + Arn: + description: The ARN of this SLO. + type: string + pattern: ^arn:[^:]*:application-signals:[^:]*:[^:]*:slo\/[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]$ + Name: + description: The name of this SLO. + type: string + pattern: ^[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]$ + Description: + description: An optional description for this SLO. Default is 'No description' + type: string + minLength: 1 + maxLength: 1024 + default: No description + CreatedTime: + type: integer + description: Epoch time in seconds of the time that this SLO was created + minimum: 946684800 + LastUpdatedTime: + type: integer + description: Epoch time in seconds of the time that this SLO was most recently updated + minimum: 946684800 + Sli: + $ref: '#/components/schemas/Sli' + RequestBasedSli: + $ref: '#/components/schemas/RequestBasedSli' + EvaluationType: + description: Displays whether this is a period-based SLO or a request-based SLO. + type: string + enum: + - PeriodBased + - RequestBased + Goal: + $ref: '#/components/schemas/Goal' + Tags: + $ref: '#/components/schemas/Tags' + BurnRateConfigurations: + $ref: '#/components/schemas/BurnRateConfigurations' + required: + - Name + x-stackql-resource-name: service_level_objective + description: Resource Type definition for AWS::ApplicationSignals::ServiceLevelObjective + x-type-name: AWS::ApplicationSignals::ServiceLevelObjective + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + - CreatedTime + - LastUpdatedTime + - EvaluationType + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - application-signals:ListTagsForResource + - application-signals:TagResource + - application-signals:UntagResource + x-required-permissions: + create: + - application-signals:CreateServiceLevelObjective + - cloudwatch:GetMetricData + - application-signals:TagResource + - application-signals:GetServiceLevelObjective + - application-signals:ListTagsForResource + - iam:GetRole + - iam:CreateServiceLinkedRole + read: + - application-signals:GetServiceLevelObjective + - application-signals:ListTagsForResource + update: + - application-signals:UpdateServiceLevelObjective + - cloudwatch:GetMetricData + - application-signals:TagResource + - application-signals:UntagResource + - application-signals:GetServiceLevelObjective + - application-signals:ListTagsForResource + delete: + - application-signals:DeleteServiceLevelObjective + - application-signals:UntagResource + - application-signals:GetServiceLevelObjective + list: + - application-signals:ListServiceLevelObjectives + - application-signals:ListTagsForResource + CreateServiceLevelObjectiveRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + description: The ARN of this SLO. + type: string + pattern: ^arn:[^:]*:application-signals:[^:]*:[^:]*:slo\/[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]$ + Name: + description: The name of this SLO. + type: string + pattern: ^[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]$ + Description: + description: An optional description for this SLO. Default is 'No description' + type: string + minLength: 1 + maxLength: 1024 + default: No description + CreatedTime: + type: integer + description: Epoch time in seconds of the time that this SLO was created + minimum: 946684800 + LastUpdatedTime: + type: integer + description: Epoch time in seconds of the time that this SLO was most recently updated + minimum: 946684800 + Sli: + $ref: '#/components/schemas/Sli' + RequestBasedSli: + $ref: '#/components/schemas/RequestBasedSli' + EvaluationType: + description: Displays whether this is a period-based SLO or a request-based SLO. + type: string + enum: + - PeriodBased + - RequestBased + Goal: + $ref: '#/components/schemas/Goal' + Tags: + $ref: '#/components/schemas/Tags' + BurnRateConfigurations: + $ref: '#/components/schemas/BurnRateConfigurations' + x-stackQL-stringOnly: true + x-title: CreateServiceLevelObjectiveRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + service_level_objectives: + name: service_level_objectives + id: aws.applicationsignals.service_level_objectives + x-cfn-schema-name: ServiceLevelObjective + x-cfn-type-name: AWS::ApplicationSignals::ServiceLevelObjective + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ServiceLevelObjective&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApplicationSignals::ServiceLevelObjective" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApplicationSignals::ServiceLevelObjective" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ApplicationSignals::ServiceLevelObjective" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/service_level_objectives/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/service_level_objectives/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/service_level_objectives/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.Sli') as sli, + JSON_EXTRACT(Properties, '$.RequestBasedSli') as request_based_sli, + JSON_EXTRACT(Properties, '$.EvaluationType') as evaluation_type, + JSON_EXTRACT(Properties, '$.Goal') as goal, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.BurnRateConfigurations') as burn_rate_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApplicationSignals::ServiceLevelObjective' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(detail.Properties, '$.Sli') as sli, + JSON_EXTRACT(detail.Properties, '$.RequestBasedSli') as request_based_sli, + JSON_EXTRACT(detail.Properties, '$.EvaluationType') as evaluation_type, + JSON_EXTRACT(detail.Properties, '$.Goal') as goal, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.BurnRateConfigurations') as burn_rate_configurations + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ApplicationSignals::ServiceLevelObjective' + AND detail.data__TypeName = 'AWS::ApplicationSignals::ServiceLevelObjective' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'Sli') as sli, + json_extract_path_text(Properties, 'RequestBasedSli') as request_based_sli, + json_extract_path_text(Properties, 'EvaluationType') as evaluation_type, + json_extract_path_text(Properties, 'Goal') as goal, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'BurnRateConfigurations') as burn_rate_configurations + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ApplicationSignals::ServiceLevelObjective' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'CreatedTime') as created_time, + json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(detail.Properties, 'Sli') as sli, + json_extract_path_text(detail.Properties, 'RequestBasedSli') as request_based_sli, + json_extract_path_text(detail.Properties, 'EvaluationType') as evaluation_type, + json_extract_path_text(detail.Properties, 'Goal') as goal, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'BurnRateConfigurations') as burn_rate_configurations + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ApplicationSignals::ServiceLevelObjective' + AND detail.data__TypeName = 'AWS::ApplicationSignals::ServiceLevelObjective' + AND listing.region = 'us-east-1' + service_level_objectives_list_only: + name: service_level_objectives_list_only + id: aws.applicationsignals.service_level_objectives_list_only + x-cfn-schema-name: ServiceLevelObjective + x-cfn-type-name: AWS::ApplicationSignals::ServiceLevelObjective + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApplicationSignals::ServiceLevelObjective' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ApplicationSignals::ServiceLevelObjective' + AND region = 'us-east-1' + service_level_objective_tags: + name: service_level_objective_tags + id: aws.applicationsignals.service_level_objective_tags + x-cfn-schema-name: ServiceLevelObjective + x-cfn-type-name: AWS::ApplicationSignals::ServiceLevelObjective + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(detail.Properties, '$.Sli') as sli, + JSON_EXTRACT(detail.Properties, '$.RequestBasedSli') as request_based_sli, + JSON_EXTRACT(detail.Properties, '$.EvaluationType') as evaluation_type, + JSON_EXTRACT(detail.Properties, '$.Goal') as goal, + JSON_EXTRACT(detail.Properties, '$.BurnRateConfigurations') as burn_rate_configurations + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::ApplicationSignals::ServiceLevelObjective' + AND detail.data__TypeName = 'AWS::ApplicationSignals::ServiceLevelObjective' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'CreatedTime') as created_time, + json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(detail.Properties, 'Sli') as sli, + json_extract_path_text(detail.Properties, 'RequestBasedSli') as request_based_sli, + json_extract_path_text(detail.Properties, 'EvaluationType') as evaluation_type, + json_extract_path_text(detail.Properties, 'Goal') as goal, + json_extract_path_text(detail.Properties, 'BurnRateConfigurations') as burn_rate_configurations + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::ApplicationSignals::ServiceLevelObjective' + AND detail.data__TypeName = 'AWS::ApplicationSignals::ServiceLevelObjective' + AND listing.region = 'us-east-1' +paths: + /?Action=CreateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__ServiceLevelObjective&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateServiceLevelObjective + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateServiceLevelObjectiveRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success +x-stackQL-config: + requestTranslate: + algorithm: drop_double_underscore_params + pagination: + requestToken: + key: NextToken + location: body + responseToken: + key: NextToken + location: body diff --git a/providers/src/aws/v00.00.00000/services/appsync.yaml b/providers/src/aws/v00.00.00000/services/appsync.yaml index 01d19710..98311623 100644 --- a/providers/src/aws/v00.00.00000/services/appsync.yaml +++ b/providers/src/aws/v00.00.00000/services/appsync.yaml @@ -385,6 +385,557 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + EventConfig: + description: The configuration for an Event Api + type: object + additionalProperties: false + properties: + AuthProviders: + $ref: '#/components/schemas/AuthProviders' + ConnectionAuthModes: + $ref: '#/components/schemas/AuthModes' + DefaultPublishAuthModes: + $ref: '#/components/schemas/AuthModes' + DefaultSubscribeAuthModes: + $ref: '#/components/schemas/AuthModes' + LogConfig: + $ref: '#/components/schemas/EventLogConfig' + required: + - AuthProviders + - ConnectionAuthModes + - DefaultPublishAuthModes + - DefaultSubscribeAuthModes + AuthMode: + description: An auth mode. + type: object + additionalProperties: false + properties: + AuthType: + $ref: '#/components/schemas/AuthenticationType' + AuthModes: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AuthMode' + AuthenticationType: + description: Security configuration for your AppSync API. + type: string + enum: + - AMAZON_COGNITO_USER_POOLS + - AWS_IAM + - API_KEY + - OPENID_CONNECT + - AWS_LAMBDA + OpenIDConnectConfig: + type: object + additionalProperties: false + properties: + ClientId: + description: The client identifier of the Relying party at the OpenID identity provider. + type: string + AuthTTL: + description: The number of milliseconds that a token is valid after being authenticated. + type: number + Issuer: + description: 'The issuer for the OIDC configuration. ' + type: string + IatTTL: + description: |+ + The number of milliseconds that a token is valid after it's issued to a user. + + type: number + CognitoConfig: + description: Optional authorization configuration for using Amazon Cognito user pools with your API endpoint. + type: object + additionalProperties: false + properties: + AppIdClientRegex: + type: string + UserPoolId: + type: string + AwsRegion: + type: string + required: + - UserPoolId + - AwsRegion + LambdaAuthorizerConfig: + type: object + additionalProperties: false + properties: + IdentityValidationExpression: + description: A regular expression for validation of tokens before the Lambda function is called. + type: string + AuthorizerUri: + description: The ARN of the Lambda function to be called for authorization. + type: string + AuthorizerResultTtlInSeconds: + description: The number of seconds a response should be cached for. + type: integer + AuthProviders: + description: A list of auth providers for the AppSync API. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AuthProvider' + AuthProvider: + description: An auth provider for the AppSync API. + type: object + additionalProperties: false + properties: + AuthType: + $ref: '#/components/schemas/AuthenticationType' + OpenIDConnectConfig: + $ref: '#/components/schemas/OpenIDConnectConfig' + CognitoConfig: + $ref: '#/components/schemas/CognitoConfig' + LambdaAuthorizerConfig: + $ref: '#/components/schemas/LambdaAuthorizerConfig' + required: + - AuthType + Tag: + type: object + additionalProperties: false + properties: + Value: + type: string + Key: + type: string + required: + - Value + - Key + Tags: + description: An arbitrary set of tags (key-value pairs) for this AppSync API. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + ApiName: + description: The name of the AppSync API. + type: string + minLength: 1 + maxLength: 50 + pattern: '[A-Za-z0-9_\-\ ]+' + OwnerContact: + description: The owner contact information for an API resource. + type: string + minLength: 1 + maxLength: 250 + pattern: '[A-Za-z0-9_\-\ \.]+' + DnsMap: + description: A map of DNS names for the AppSync API. + type: object + additionalProperties: false + properties: + Realtime: + type: string + Http: + type: string + EventLogLevel: + description: Logging level for the AppSync API. + type: string + enum: + - NONE + - ERROR + - ALL + - INFO + - DEBUG + EventLogConfig: + description: The log config for the AppSync API. + type: object + additionalProperties: false + properties: + LogLevel: + $ref: '#/components/schemas/EventLogLevel' + CloudWatchLogsRoleArn: + type: string + required: + - LogLevel + - CloudWatchLogsRoleArn + Api: + type: object + properties: + ApiId: + description: The unique identifier for the AppSync Api generated by the service + type: string + ApiArn: + description: The Amazon Resource Name (ARN) of the AppSync Api + type: string + Name: + $ref: '#/components/schemas/ApiName' + OwnerContact: + $ref: '#/components/schemas/OwnerContact' + Dns: + $ref: '#/components/schemas/DnsMap' + EventConfig: + $ref: '#/components/schemas/EventConfig' + Tags: + $ref: '#/components/schemas/Tags' + required: + - Name + x-stackql-resource-name: api + description: Resource schema for AppSync Api + x-type-name: AWS::AppSync::Api + x-stackql-primary-identifier: + - ApiArn + x-read-only-properties: + - ApiId + - Dns + - Dns/Realtime + - Dns/Http + - ApiArn + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - appsync:TagResource + - appsync:UntagResource + x-required-permissions: + create: + - appsync:CreateApi + - appsync:TagResource + - appsync:GetApi + - iam:PassRole + read: + - appsync:GetApi + - appsync:ListTagsForResource + update: + - appsync:UpdateApi + - appsync:TagResource + - appsync:UntagResource + - appsync:GetApi + - iam:PassRole + delete: + - appsync:DeleteApi + - appsync:UntagResource + list: + - appsync:ListApis + Namespace: + description: Namespace indentifier. + type: string + minLength: 1 + maxLength: 50 + pattern: ([A-Za-z0-9](?:[A-Za-z0-9\-]{0,48}[A-Za-z0-9])?) + Code: + description: String of APPSYNC_JS code to be used by the handlers. + type: string + minLength: 1 + maxLength: 32768 + ChannelNamespaceArn: + type: string + description: The Amazon Resource Name (ARN) for the Channel Namespace. + ChannelNamespace: + type: object + properties: + ApiId: + description: AppSync Api Id that this Channel Namespace belongs to. + type: string + Name: + $ref: '#/components/schemas/Namespace' + SubscribeAuthModes: + description: List of AuthModes supported for Subscribe operations. + $ref: '#/components/schemas/AuthModes' + PublishAuthModes: + description: List of AuthModes supported for Publish operations. + $ref: '#/components/schemas/AuthModes' + CodeHandlers: + $ref: '#/components/schemas/Code' + CodeS3Location: + description: The Amazon S3 endpoint where the code is located. + type: string + ChannelNamespaceArn: + $ref: '#/components/schemas/ChannelNamespaceArn' + Tags: + $ref: '#/components/schemas/Tags' + required: + - ApiId + - Name + x-stackql-resource-name: channel_namespace + description: Resource schema for AppSync ChannelNamespace + x-type-name: AWS::AppSync::ChannelNamespace + x-stackql-primary-identifier: + - ChannelNamespaceArn + x-create-only-properties: + - ApiId + - Name + x-write-only-properties: + - CodeS3Location + x-read-only-properties: + - ChannelNamespaceArn + x-required-properties: + - ApiId + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - appsync:TagResource + - appsync:UntagResource + x-required-permissions: + create: + - appsync:CreateChannelNamespace + - appsync:TagResource + - appsync:GetChannelNamespace + - s3:GetObject + read: + - appsync:GetChannelNamespace + - appsync:ListTagsForResource + update: + - appsync:UpdateChannelNamespace + - appsync:TagResource + - appsync:UntagResource + - appsync:GetChannelNamespace + - s3:GetObject + delete: + - appsync:DeleteChannelNamespace + - appsync:UntagResource + list: + - appsync:ListChannelNamespaces + RdsHttpEndpointConfig: + type: object + additionalProperties: false + properties: + DatabaseName: + description: Logical database name. + type: string + AwsRegion: + description: AWS Region for RDS HTTP endpoint. + type: string + DbClusterIdentifier: + description: Amazon RDS cluster Amazon Resource Name (ARN). + type: string + AwsSecretStoreArn: + description: The ARN for database credentials stored in AWS Secrets Manager. + type: string + Schema: + description: Logical schema name. + type: string + required: + - AwsRegion + - DbClusterIdentifier + - AwsSecretStoreArn + OpenSearchServiceConfig: + type: object + additionalProperties: false + properties: + AwsRegion: + description: The AWS Region. + type: string + Endpoint: + description: The endpoint. + type: string + required: + - AwsRegion + - Endpoint + AwsIamConfig: + type: object + additionalProperties: false + properties: + SigningRegion: + description: The signing Region for AWS Identity and Access Management authorization. + type: string + SigningServiceName: + description: The signing service name for AWS Identity and Access Management authorization. + type: string + EventBridgeConfig: + type: object + additionalProperties: false + properties: + EventBusArn: + description: ARN for the EventBridge bus. + type: string + required: + - EventBusArn + AuthorizationConfig: + type: object + additionalProperties: false + properties: + AuthorizationType: + description: The authorization type that the HTTP endpoint requires. + type: string + AwsIamConfig: + description: The AWS Identity and Access Management settings. + $ref: '#/components/schemas/AwsIamConfig' + required: + - AuthorizationType + DeltaSyncConfig: + type: object + additionalProperties: false + properties: + BaseTableTTL: + description: The number of minutes that an Item is stored in the data source. + type: string + DeltaSyncTableTTL: + description: The number of minutes that a Delta Sync log entry is stored in the Delta Sync table. + type: string + DeltaSyncTableName: + description: The Delta Sync table name. + type: string + required: + - BaseTableTTL + - DeltaSyncTableTTL + - DeltaSyncTableName + RelationalDatabaseConfig: + type: object + additionalProperties: false + properties: + RdsHttpEndpointConfig: + description: Information about the Amazon RDS resource. + $ref: '#/components/schemas/RdsHttpEndpointConfig' + RelationalDatabaseSourceType: + description: The type of relational data source. + type: string + required: + - RelationalDatabaseSourceType + HttpConfig: + type: object + additionalProperties: false + properties: + Endpoint: + description: The endpoint. + type: string + AuthorizationConfig: + description: The authorization configuration. + $ref: '#/components/schemas/AuthorizationConfig' + required: + - Endpoint + LambdaConfig: + type: object + additionalProperties: false + properties: + LambdaFunctionArn: + description: The ARN for the Lambda function. + type: string + required: + - LambdaFunctionArn + ElasticsearchConfig: + type: object + additionalProperties: false + properties: + AwsRegion: + description: The AWS Region. + type: string + Endpoint: + description: The endpoint. + type: string + required: + - AwsRegion + - Endpoint + DynamoDBConfig: + type: object + additionalProperties: false + properties: + TableName: + description: The table name. + type: string + DeltaSyncConfig: + description: The DeltaSyncConfig for a versioned datasource. + $ref: '#/components/schemas/DeltaSyncConfig' + UseCallerCredentials: + description: Set to TRUE to use AWS Identity and Access Management with this data source. + type: boolean + AwsRegion: + description: The AWS Region. + type: string + Versioned: + description: Set to TRUE to use Conflict Detection and Resolution with this data source. + type: boolean + required: + - TableName + - AwsRegion + DataSource: + type: object + properties: + ApiId: + description: Unique AWS AppSync GraphQL API identifier where this data source will be created. + type: string + Description: + description: The description of the data source. + type: string + DynamoDBConfig: + description: AWS Region and TableName for an Amazon DynamoDB table in your account. + $ref: '#/components/schemas/DynamoDBConfig' + ElasticsearchConfig: + description: |- + AWS Region and Endpoints for an Amazon OpenSearch Service domain in your account. + As of September 2021, Amazon Elasticsearch Service is Amazon OpenSearch Service. This property is deprecated. For new data sources, use OpenSearchServiceConfig to specify an OpenSearch Service data source. + $ref: '#/components/schemas/ElasticsearchConfig' + EventBridgeConfig: + description: ARN for the EventBridge bus. + $ref: '#/components/schemas/EventBridgeConfig' + HttpConfig: + description: Endpoints for an HTTP data source. + $ref: '#/components/schemas/HttpConfig' + LambdaConfig: + description: An ARN of a Lambda function in valid ARN format. This can be the ARN of a Lambda function that exists in the current account or in another account. + $ref: '#/components/schemas/LambdaConfig' + Name: + description: Friendly name for you to identify your AppSync data source after creation. + type: string + OpenSearchServiceConfig: + description: AWS Region and Endpoints for an Amazon OpenSearch Service domain in your account. + $ref: '#/components/schemas/OpenSearchServiceConfig' + RelationalDatabaseConfig: + description: Relational Database configuration of the relational database data source. + $ref: '#/components/schemas/RelationalDatabaseConfig' + ServiceRoleArn: + description: The AWS Identity and Access Management service role ARN for the data source. The system assumes this role when accessing the data source. + type: string + Type: + description: The type of the data source. + type: string + DataSourceArn: + description: The Amazon Resource Name (ARN) of the API key, such as arn:aws:appsync:us-east-1:123456789012:apis/graphqlapiid/datasources/datasourcename. + type: string + MetricsConfig: + description: '' + type: string + enum: + - DISABLED + - ENABLED + required: + - Type + - ApiId + - Name + x-stackql-resource-name: data_source + description: Resource Type definition for AWS::AppSync::DataSource + x-type-name: AWS::AppSync::DataSource + x-stackql-primary-identifier: + - DataSourceArn + x-create-only-properties: + - ApiId + - Name + x-read-only-properties: + - DataSourceArn + x-required-properties: + - Type + - ApiId + - Name + x-tagging: + taggable: false + x-required-permissions: + create: + - appsync:CreateDataSource + - appsync:GetDataSource + - iam:PassRole + read: + - appsync:GetDataSource + update: + - appsync:UpdateDataSource + - iam:PassRole + delete: + - appsync:DeleteDataSource + - appsync:GetDataSource + list: + - appsync:ListDataSources DomainName: type: object properties: @@ -625,47 +1176,267 @@ components: - appsync:DeleteFunction list: - appsync:ListFunctions - PipelineConfig: + EnhancedMetricsConfig: type: object additionalProperties: false properties: - Functions: - type: array - description: A list of ``Function`` objects. - uniqueItems: false - x-insertionOrder: false - items: - type: string - description: |- - Use the ``PipelineConfig`` property type to specify ``PipelineConfig`` for an APSYlong resolver. - ``PipelineConfig`` is a property of the [AWS::AppSync::Resolver](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html) resource. - CachingConfig: + OperationLevelMetricsConfig: + description: |+ + Controls how operation metrics will be emitted to CloudWatch. Operation metrics include: + + type: string + ResolverLevelMetricsBehavior: + description: |+ + Controls how resolver metrics will be emitted to CloudWatch. Resolver metrics include: + + type: string + DataSourceLevelMetricsBehavior: + description: |+ + Controls how data source metrics will be emitted to CloudWatch. Data source metrics include: + + type: string + required: + - OperationLevelMetricsConfig + - ResolverLevelMetricsBehavior + - DataSourceLevelMetricsBehavior + CognitoUserPoolConfig: type: object additionalProperties: false properties: - CachingKeys: - type: array - description: |- - The caching keys for a resolver that has caching activated. - Valid values are entries from the ``$context.arguments``, ``$context.source``, and ``$context.identity`` maps. - uniqueItems: false - x-insertionOrder: false - items: - type: string - Ttl: - type: number - description: |- - The TTL in seconds for a resolver that has caching activated. - Valid values are 1–3,600 seconds. - required: - - Ttl - description: The caching configuration for a resolver that has caching activated. - Resolver: + AppIdClientRegex: + description: 'A regular expression for validating the incoming Amazon Cognito user pool app client ID. ' + type: string + UserPoolId: + description: The user pool ID + type: string + AwsRegion: + description: The AWS Region in which the user pool was created. + type: string + UserPoolConfig: type: object + additionalProperties: false properties: - ApiId: + AppIdClientRegex: + description: A regular expression for validating the incoming Amazon Cognito user pool app client ID. type: string - description: The APSYlong GraphQL API to which you want to attach this resolver. + UserPoolId: + description: The user pool ID. + type: string + AwsRegion: + description: The AWS Region in which the user pool was created. + type: string + DefaultAction: + description: The action that you want your GraphQL API to take when a request that uses Amazon Cognito user pool authentication doesn't match the Amazon Cognito user pool configuration. + type: string + AdditionalAuthenticationProvider: + type: object + additionalProperties: false + properties: + LambdaAuthorizerConfig: + $ref: '#/components/schemas/LambdaAuthorizerConfig' + OpenIDConnectConfig: + $ref: '#/components/schemas/OpenIDConnectConfig' + UserPoolConfig: + $ref: '#/components/schemas/CognitoUserPoolConfig' + AuthenticationType: + description: The authentication type for API key, AWS Identity and Access Management, OIDC, Amazon Cognito user pools, or AWS Lambda. + type: string + required: + - AuthenticationType + LogConfig: + type: object + additionalProperties: false + properties: + ExcludeVerboseContent: + description: Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. + type: boolean + FieldLogLevel: + description: The field logging level. Values can be NONE, ERROR, INFO, DEBUG, or ALL. + type: string + CloudWatchLogsRoleArn: + description: The service role that AWS AppSync will assume to publish to Amazon CloudWatch Logs in your account. + type: string + GraphQLApi: + type: object + properties: + AdditionalAuthenticationProviders: + type: array + description: A list of additional authentication providers for the GraphqlApi API. + uniqueItems: true + items: + $ref: '#/components/schemas/AdditionalAuthenticationProvider' + ApiId: + description: Unique AWS AppSync GraphQL API identifier. + type: string + ApiType: + description: The value that indicates whether the GraphQL API is a standard API (GRAPHQL) or merged API (MERGED). + type: string + Arn: + description: The Amazon Resource Name (ARN) of the API key + type: string + AuthenticationType: + description: Security configuration for your GraphQL API + type: string + EnhancedMetricsConfig: + description: Enables and controls the enhanced metrics feature. Enhanced metrics emit granular data on API usage and performance such as AppSync request and error counts, latency, and cache hits/misses. All enhanced metric data is sent to your CloudWatch account, and you can configure the types of data that will be sent. + $ref: '#/components/schemas/EnhancedMetricsConfig' + EnvironmentVariables: + description: A map containing the list of resources with their properties and environment variables. + type: object + additionalProperties: false + x-patternProperties: + ^[A-Za-z]+\w*$: + type: string + GraphQLDns: + description: The fully qualified domain name (FQDN) of the endpoint URL of your GraphQL API. + type: string + GraphQLEndpointArn: + description: The GraphQL endpoint ARN. + type: string + GraphQLUrl: + description: The Endpoint URL of your GraphQL API. + type: string + IntrospectionConfig: + description: Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. + type: string + LambdaAuthorizerConfig: + description: A LambdaAuthorizerConfig holds configuration on how to authorize AWS AppSync API access when using the AWS_LAMBDA authorizer mode. Be aware that an AWS AppSync API may have only one Lambda authorizer configured at a time. + $ref: '#/components/schemas/LambdaAuthorizerConfig' + LogConfig: + description: The Amazon CloudWatch Logs configuration. + $ref: '#/components/schemas/LogConfig' + MergedApiExecutionRoleArn: + description: 'The AWS Identity and Access Management service role ARN for a merged API. ' + type: string + Name: + description: The API name + type: string + OpenIDConnectConfig: + description: The OpenID Connect configuration. + $ref: '#/components/schemas/OpenIDConnectConfig' + OwnerContact: + description: The owner contact information for an API resource. + type: string + QueryDepthLimit: + description: The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. + type: integer + RealtimeDns: + description: The fully qualified domain name (FQDN) of the real-time endpoint URL of your GraphQL API. + type: string + RealtimeUrl: + description: The GraphQL API real-time endpoint URL. + type: string + ResolverCountLimit: + description: The maximum number of resolvers that can be invoked in a single request. + type: integer + Tags: + description: |+ + An arbitrary set of tags (key-value pairs) for this GraphQL API. + + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + UserPoolConfig: + description: |+ + Optional authorization configuration for using Amazon Cognito user pools with your GraphQL endpoint. + + $ref: '#/components/schemas/UserPoolConfig' + Visibility: + description: Sets the scope of the GraphQL API to public (GLOBAL) or private (PRIVATE). By default, the scope is set to Global if no value is provided. + type: string + XrayEnabled: + description: |+ + A flag indicating whether to use AWS X-Ray tracing for this GraphqlApi. + + type: boolean + required: + - Name + - AuthenticationType + x-stackql-resource-name: graphql_api + description: Resource Type definition for AWS::AppSync::GraphQLApi + x-type-name: AWS::AppSync::GraphQLApi + x-stackql-primary-identifier: + - ApiId + x-read-only-properties: + - ApiId + - Arn + - GraphQLEndpointArn + - GraphQLDns + - GraphQLUrl + - RealtimeDns + - RealtimeUrl + x-required-properties: + - Name + - AuthenticationType + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - appsync:TagResource + - appsync:UntagResource + - appsync:ListTagsForResource + x-required-permissions: + create: + - appsync:CreateGraphqlApi + - appsync:TagResource + read: + - appsync:GetGraphqlApi + - appsync:GetGraphqlApiEnvironmentVariables + - appsync:ListTagsForResource + update: + - appsync:GetGraphqlApi + - appsync:UpdateGraphqlApi + - appsync:TagResource + - appsync:UntagResource + delete: + - appsync:DeleteGraphqlApi + list: + - appsync:ListGraphqlApis + PipelineConfig: + type: object + additionalProperties: false + properties: + Functions: + type: array + description: A list of ``Function`` objects. + uniqueItems: false + x-insertionOrder: false + items: + type: string + description: |- + Use the ``PipelineConfig`` property type to specify ``PipelineConfig`` for an APSYlong resolver. + ``PipelineConfig`` is a property of the [AWS::AppSync::Resolver](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html) resource. + CachingConfig: + type: object + additionalProperties: false + properties: + CachingKeys: + type: array + description: |- + The caching keys for a resolver that has caching activated. + Valid values are entries from the ``$context.arguments``, ``$context.source``, and ``$context.identity`` maps. + uniqueItems: false + x-insertionOrder: false + items: + type: string + Ttl: + type: number + description: |- + The TTL in seconds for a resolver that has caching activated. + Valid values are 1–3,600 seconds. + required: + - Ttl + description: The caching configuration for a resolver that has caching activated. + Resolver: + type: object + properties: + ApiId: + type: string + description: The APSYlong GraphQL API to which you want to attach this resolver. CachingConfig: $ref: '#/components/schemas/CachingConfig' description: The caching configuration for the resolver. @@ -878,6 +1649,140 @@ components: - appsync:ListSourceApiAssociations list: - appsync:ListSourceApiAssociations + CreateApiRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ApiId: + description: The unique identifier for the AppSync Api generated by the service + type: string + ApiArn: + description: The Amazon Resource Name (ARN) of the AppSync Api + type: string + Name: + $ref: '#/components/schemas/ApiName' + OwnerContact: + $ref: '#/components/schemas/OwnerContact' + Dns: + $ref: '#/components/schemas/DnsMap' + EventConfig: + $ref: '#/components/schemas/EventConfig' + Tags: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateApiRequest + type: object + required: [] + CreateChannelNamespaceRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ApiId: + description: AppSync Api Id that this Channel Namespace belongs to. + type: string + Name: + $ref: '#/components/schemas/Namespace' + SubscribeAuthModes: + description: List of AuthModes supported for Subscribe operations. + $ref: '#/components/schemas/AuthModes' + PublishAuthModes: + description: List of AuthModes supported for Publish operations. + $ref: '#/components/schemas/AuthModes' + CodeHandlers: + $ref: '#/components/schemas/Code' + CodeS3Location: + description: The Amazon S3 endpoint where the code is located. + type: string + ChannelNamespaceArn: + $ref: '#/components/schemas/ChannelNamespaceArn' + Tags: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateChannelNamespaceRequest + type: object + required: [] + CreateDataSourceRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ApiId: + description: Unique AWS AppSync GraphQL API identifier where this data source will be created. + type: string + Description: + description: The description of the data source. + type: string + DynamoDBConfig: + description: AWS Region and TableName for an Amazon DynamoDB table in your account. + $ref: '#/components/schemas/DynamoDBConfig' + ElasticsearchConfig: + description: |- + AWS Region and Endpoints for an Amazon OpenSearch Service domain in your account. + As of September 2021, Amazon Elasticsearch Service is Amazon OpenSearch Service. This property is deprecated. For new data sources, use OpenSearchServiceConfig to specify an OpenSearch Service data source. + $ref: '#/components/schemas/ElasticsearchConfig' + EventBridgeConfig: + description: ARN for the EventBridge bus. + $ref: '#/components/schemas/EventBridgeConfig' + HttpConfig: + description: Endpoints for an HTTP data source. + $ref: '#/components/schemas/HttpConfig' + LambdaConfig: + description: An ARN of a Lambda function in valid ARN format. This can be the ARN of a Lambda function that exists in the current account or in another account. + $ref: '#/components/schemas/LambdaConfig' + Name: + description: Friendly name for you to identify your AppSync data source after creation. + type: string + OpenSearchServiceConfig: + description: AWS Region and Endpoints for an Amazon OpenSearch Service domain in your account. + $ref: '#/components/schemas/OpenSearchServiceConfig' + RelationalDatabaseConfig: + description: Relational Database configuration of the relational database data source. + $ref: '#/components/schemas/RelationalDatabaseConfig' + ServiceRoleArn: + description: The AWS Identity and Access Management service role ARN for the data source. The system assumes this role when accessing the data source. + type: string + Type: + description: The type of the data source. + type: string + DataSourceArn: + description: The Amazon Resource Name (ARN) of the API key, such as arn:aws:appsync:us-east-1:123456789012:apis/graphqlapiid/datasources/datasourcename. + type: string + MetricsConfig: + description: '' + type: string + enum: + - DISABLED + - ENABLED + x-stackQL-stringOnly: true + x-title: CreateDataSourceRequest + type: object + required: [] CreateDomainNameRequest: properties: ClientToken: @@ -1004,6 +1909,114 @@ components: x-title: CreateFunctionConfigurationRequest type: object required: [] + CreateGraphQLApiRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AdditionalAuthenticationProviders: + type: array + description: A list of additional authentication providers for the GraphqlApi API. + uniqueItems: true + items: + $ref: '#/components/schemas/AdditionalAuthenticationProvider' + ApiId: + description: Unique AWS AppSync GraphQL API identifier. + type: string + ApiType: + description: The value that indicates whether the GraphQL API is a standard API (GRAPHQL) or merged API (MERGED). + type: string + Arn: + description: The Amazon Resource Name (ARN) of the API key + type: string + AuthenticationType: + description: Security configuration for your GraphQL API + type: string + EnhancedMetricsConfig: + description: Enables and controls the enhanced metrics feature. Enhanced metrics emit granular data on API usage and performance such as AppSync request and error counts, latency, and cache hits/misses. All enhanced metric data is sent to your CloudWatch account, and you can configure the types of data that will be sent. + $ref: '#/components/schemas/EnhancedMetricsConfig' + EnvironmentVariables: + description: A map containing the list of resources with their properties and environment variables. + type: object + additionalProperties: false + x-patternProperties: + ^[A-Za-z]+\w*$: + type: string + GraphQLDns: + description: The fully qualified domain name (FQDN) of the endpoint URL of your GraphQL API. + type: string + GraphQLEndpointArn: + description: The GraphQL endpoint ARN. + type: string + GraphQLUrl: + description: The Endpoint URL of your GraphQL API. + type: string + IntrospectionConfig: + description: Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. + type: string + LambdaAuthorizerConfig: + description: A LambdaAuthorizerConfig holds configuration on how to authorize AWS AppSync API access when using the AWS_LAMBDA authorizer mode. Be aware that an AWS AppSync API may have only one Lambda authorizer configured at a time. + $ref: '#/components/schemas/LambdaAuthorizerConfig' + LogConfig: + description: The Amazon CloudWatch Logs configuration. + $ref: '#/components/schemas/LogConfig' + MergedApiExecutionRoleArn: + description: 'The AWS Identity and Access Management service role ARN for a merged API. ' + type: string + Name: + description: The API name + type: string + OpenIDConnectConfig: + description: The OpenID Connect configuration. + $ref: '#/components/schemas/OpenIDConnectConfig' + OwnerContact: + description: The owner contact information for an API resource. + type: string + QueryDepthLimit: + description: The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. + type: integer + RealtimeDns: + description: The fully qualified domain name (FQDN) of the real-time endpoint URL of your GraphQL API. + type: string + RealtimeUrl: + description: The GraphQL API real-time endpoint URL. + type: string + ResolverCountLimit: + description: The maximum number of resolvers that can be invoked in a single request. + type: integer + Tags: + description: |+ + An arbitrary set of tags (key-value pairs) for this GraphQL API. + + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + UserPoolConfig: + description: |+ + Optional authorization configuration for using Amazon Cognito user pools with your GraphQL endpoint. + + $ref: '#/components/schemas/UserPoolConfig' + Visibility: + description: Sets the scope of the GraphQL API to public (GLOBAL) or private (PRIVATE). By default, the scope is set to Global if no value is provided. + type: string + XrayEnabled: + description: |+ + A flag indicating whether to use AWS X-Ray tracing for this GraphqlApi. + + type: boolean + x-stackQL-stringOnly: true + x-title: CreateGraphQLApiRequest + type: object + required: [] CreateResolverRequest: properties: ClientToken: @@ -1159,6 +2172,624 @@ components: description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: + apis: + name: apis + id: aws.appsync.apis + x-cfn-schema-name: Api + x-cfn-type-name: AWS::AppSync::Api + x-identifiers: + - ApiArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Api&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppSync::Api" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppSync::Api" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppSync::Api" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/apis/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/apis/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/apis/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.ApiArn') as api_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.OwnerContact') as owner_contact, + JSON_EXTRACT(Properties, '$.Dns') as dns, + JSON_EXTRACT(Properties, '$.EventConfig') as event_config, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::Api' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ApiId') as api_id, + JSON_EXTRACT(detail.Properties, '$.ApiArn') as api_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.OwnerContact') as owner_contact, + JSON_EXTRACT(detail.Properties, '$.Dns') as dns, + JSON_EXTRACT(detail.Properties, '$.EventConfig') as event_config, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppSync::Api' + AND detail.data__TypeName = 'AWS::AppSync::Api' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'ApiArn') as api_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'OwnerContact') as owner_contact, + json_extract_path_text(Properties, 'Dns') as dns, + json_extract_path_text(Properties, 'EventConfig') as event_config, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::Api' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ApiId') as api_id, + json_extract_path_text(detail.Properties, 'ApiArn') as api_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'OwnerContact') as owner_contact, + json_extract_path_text(detail.Properties, 'Dns') as dns, + json_extract_path_text(detail.Properties, 'EventConfig') as event_config, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppSync::Api' + AND detail.data__TypeName = 'AWS::AppSync::Api' + AND listing.region = 'us-east-1' + apis_list_only: + name: apis_list_only + id: aws.appsync.apis_list_only + x-cfn-schema-name: Api + x-cfn-type-name: AWS::AppSync::Api + x-identifiers: + - ApiArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApiArn') as api_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::Api' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApiArn') as api_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::Api' + AND region = 'us-east-1' + api_tags: + name: api_tags + id: aws.appsync.api_tags + x-cfn-schema-name: Api + x-cfn-type-name: AWS::AppSync::Api + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ApiId') as api_id, + JSON_EXTRACT(detail.Properties, '$.ApiArn') as api_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.OwnerContact') as owner_contact, + JSON_EXTRACT(detail.Properties, '$.Dns') as dns, + JSON_EXTRACT(detail.Properties, '$.EventConfig') as event_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::AppSync::Api' + AND detail.data__TypeName = 'AWS::AppSync::Api' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ApiId') as api_id, + json_extract_path_text(detail.Properties, 'ApiArn') as api_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'OwnerContact') as owner_contact, + json_extract_path_text(detail.Properties, 'Dns') as dns, + json_extract_path_text(detail.Properties, 'EventConfig') as event_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::AppSync::Api' + AND detail.data__TypeName = 'AWS::AppSync::Api' + AND listing.region = 'us-east-1' + channel_namespaces: + name: channel_namespaces + id: aws.appsync.channel_namespaces + x-cfn-schema-name: ChannelNamespace + x-cfn-type-name: AWS::AppSync::ChannelNamespace + x-identifiers: + - ChannelNamespaceArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ChannelNamespace&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppSync::ChannelNamespace" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppSync::ChannelNamespace" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppSync::ChannelNamespace" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/channel_namespaces/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/channel_namespaces/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/channel_namespaces/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SubscribeAuthModes') as subscribe_auth_modes, + JSON_EXTRACT(Properties, '$.PublishAuthModes') as publish_auth_modes, + JSON_EXTRACT(Properties, '$.CodeHandlers') as code_handlers, + JSON_EXTRACT(Properties, '$.CodeS3Location') as code_s3_location, + JSON_EXTRACT(Properties, '$.ChannelNamespaceArn') as channel_namespace_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::ChannelNamespace' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ApiId') as api_id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.SubscribeAuthModes') as subscribe_auth_modes, + JSON_EXTRACT(detail.Properties, '$.PublishAuthModes') as publish_auth_modes, + JSON_EXTRACT(detail.Properties, '$.CodeHandlers') as code_handlers, + JSON_EXTRACT(detail.Properties, '$.CodeS3Location') as code_s3_location, + JSON_EXTRACT(detail.Properties, '$.ChannelNamespaceArn') as channel_namespace_arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppSync::ChannelNamespace' + AND detail.data__TypeName = 'AWS::AppSync::ChannelNamespace' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SubscribeAuthModes') as subscribe_auth_modes, + json_extract_path_text(Properties, 'PublishAuthModes') as publish_auth_modes, + json_extract_path_text(Properties, 'CodeHandlers') as code_handlers, + json_extract_path_text(Properties, 'CodeS3Location') as code_s3_location, + json_extract_path_text(Properties, 'ChannelNamespaceArn') as channel_namespace_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::ChannelNamespace' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ApiId') as api_id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'SubscribeAuthModes') as subscribe_auth_modes, + json_extract_path_text(detail.Properties, 'PublishAuthModes') as publish_auth_modes, + json_extract_path_text(detail.Properties, 'CodeHandlers') as code_handlers, + json_extract_path_text(detail.Properties, 'CodeS3Location') as code_s3_location, + json_extract_path_text(detail.Properties, 'ChannelNamespaceArn') as channel_namespace_arn, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppSync::ChannelNamespace' + AND detail.data__TypeName = 'AWS::AppSync::ChannelNamespace' + AND listing.region = 'us-east-1' + channel_namespaces_list_only: + name: channel_namespaces_list_only + id: aws.appsync.channel_namespaces_list_only + x-cfn-schema-name: ChannelNamespace + x-cfn-type-name: AWS::AppSync::ChannelNamespace + x-identifiers: + - ChannelNamespaceArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ChannelNamespaceArn') as channel_namespace_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::ChannelNamespace' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ChannelNamespaceArn') as channel_namespace_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::ChannelNamespace' + AND region = 'us-east-1' + channel_namespace_tags: + name: channel_namespace_tags + id: aws.appsync.channel_namespace_tags + x-cfn-schema-name: ChannelNamespace + x-cfn-type-name: AWS::AppSync::ChannelNamespace + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ApiId') as api_id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.SubscribeAuthModes') as subscribe_auth_modes, + JSON_EXTRACT(detail.Properties, '$.PublishAuthModes') as publish_auth_modes, + JSON_EXTRACT(detail.Properties, '$.CodeHandlers') as code_handlers, + JSON_EXTRACT(detail.Properties, '$.CodeS3Location') as code_s3_location, + JSON_EXTRACT(detail.Properties, '$.ChannelNamespaceArn') as channel_namespace_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::AppSync::ChannelNamespace' + AND detail.data__TypeName = 'AWS::AppSync::ChannelNamespace' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ApiId') as api_id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'SubscribeAuthModes') as subscribe_auth_modes, + json_extract_path_text(detail.Properties, 'PublishAuthModes') as publish_auth_modes, + json_extract_path_text(detail.Properties, 'CodeHandlers') as code_handlers, + json_extract_path_text(detail.Properties, 'CodeS3Location') as code_s3_location, + json_extract_path_text(detail.Properties, 'ChannelNamespaceArn') as channel_namespace_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::AppSync::ChannelNamespace' + AND detail.data__TypeName = 'AWS::AppSync::ChannelNamespace' + AND listing.region = 'us-east-1' + data_sources: + name: data_sources + id: aws.appsync.data_sources + x-cfn-schema-name: DataSource + x-cfn-type-name: AWS::AppSync::DataSource + x-identifiers: + - DataSourceArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DataSource&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppSync::DataSource" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppSync::DataSource" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppSync::DataSource" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/data_sources/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/data_sources/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/data_sources/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DynamoDBConfig') as dynamo_db_config, + JSON_EXTRACT(Properties, '$.ElasticsearchConfig') as elasticsearch_config, + JSON_EXTRACT(Properties, '$.EventBridgeConfig') as event_bridge_config, + JSON_EXTRACT(Properties, '$.HttpConfig') as http_config, + JSON_EXTRACT(Properties, '$.LambdaConfig') as lambda_config, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.OpenSearchServiceConfig') as open_search_service_config, + JSON_EXTRACT(Properties, '$.RelationalDatabaseConfig') as relational_database_config, + JSON_EXTRACT(Properties, '$.ServiceRoleArn') as service_role_arn, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.DataSourceArn') as data_source_arn, + JSON_EXTRACT(Properties, '$.MetricsConfig') as metrics_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::DataSource' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ApiId') as api_id, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DynamoDBConfig') as dynamo_db_config, + JSON_EXTRACT(detail.Properties, '$.ElasticsearchConfig') as elasticsearch_config, + JSON_EXTRACT(detail.Properties, '$.EventBridgeConfig') as event_bridge_config, + JSON_EXTRACT(detail.Properties, '$.HttpConfig') as http_config, + JSON_EXTRACT(detail.Properties, '$.LambdaConfig') as lambda_config, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.OpenSearchServiceConfig') as open_search_service_config, + JSON_EXTRACT(detail.Properties, '$.RelationalDatabaseConfig') as relational_database_config, + JSON_EXTRACT(detail.Properties, '$.ServiceRoleArn') as service_role_arn, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.DataSourceArn') as data_source_arn, + JSON_EXTRACT(detail.Properties, '$.MetricsConfig') as metrics_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppSync::DataSource' + AND detail.data__TypeName = 'AWS::AppSync::DataSource' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DynamoDBConfig') as dynamo_db_config, + json_extract_path_text(Properties, 'ElasticsearchConfig') as elasticsearch_config, + json_extract_path_text(Properties, 'EventBridgeConfig') as event_bridge_config, + json_extract_path_text(Properties, 'HttpConfig') as http_config, + json_extract_path_text(Properties, 'LambdaConfig') as lambda_config, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'OpenSearchServiceConfig') as open_search_service_config, + json_extract_path_text(Properties, 'RelationalDatabaseConfig') as relational_database_config, + json_extract_path_text(Properties, 'ServiceRoleArn') as service_role_arn, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'DataSourceArn') as data_source_arn, + json_extract_path_text(Properties, 'MetricsConfig') as metrics_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::DataSource' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ApiId') as api_id, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DynamoDBConfig') as dynamo_db_config, + json_extract_path_text(detail.Properties, 'ElasticsearchConfig') as elasticsearch_config, + json_extract_path_text(detail.Properties, 'EventBridgeConfig') as event_bridge_config, + json_extract_path_text(detail.Properties, 'HttpConfig') as http_config, + json_extract_path_text(detail.Properties, 'LambdaConfig') as lambda_config, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'OpenSearchServiceConfig') as open_search_service_config, + json_extract_path_text(detail.Properties, 'RelationalDatabaseConfig') as relational_database_config, + json_extract_path_text(detail.Properties, 'ServiceRoleArn') as service_role_arn, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'DataSourceArn') as data_source_arn, + json_extract_path_text(detail.Properties, 'MetricsConfig') as metrics_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppSync::DataSource' + AND detail.data__TypeName = 'AWS::AppSync::DataSource' + AND listing.region = 'us-east-1' + data_sources_list_only: + name: data_sources_list_only + id: aws.appsync.data_sources_list_only + x-cfn-schema-name: DataSource + x-cfn-type-name: AWS::AppSync::DataSource + x-identifiers: + - DataSourceArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DataSourceArn') as data_source_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::DataSource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DataSourceArn') as data_source_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::DataSource' + AND region = 'us-east-1' domain_names: name: domain_names id: aws.appsync.domain_names @@ -1440,11 +3071,205 @@ components: openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/function_configurations/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/function_configurations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/function_configurations/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/function_configurations/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FunctionId') as function_id, + JSON_EXTRACT(Properties, '$.FunctionArn') as function_arn, + JSON_EXTRACT(Properties, '$.ApiId') as api_id, + JSON_EXTRACT(Properties, '$.Code') as code, + JSON_EXTRACT(Properties, '$.CodeS3Location') as code_s3_location, + JSON_EXTRACT(Properties, '$.DataSourceName') as data_source_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FunctionVersion') as function_version, + JSON_EXTRACT(Properties, '$.MaxBatchSize') as max_batch_size, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RequestMappingTemplate') as request_mapping_template, + JSON_EXTRACT(Properties, '$.RequestMappingTemplateS3Location') as request_mapping_template_s3_location, + JSON_EXTRACT(Properties, '$.ResponseMappingTemplate') as response_mapping_template, + JSON_EXTRACT(Properties, '$.ResponseMappingTemplateS3Location') as response_mapping_template_s3_location, + JSON_EXTRACT(Properties, '$.Runtime') as runtime, + JSON_EXTRACT(Properties, '$.SyncConfig') as sync_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::FunctionConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.FunctionId') as function_id, + JSON_EXTRACT(detail.Properties, '$.FunctionArn') as function_arn, + JSON_EXTRACT(detail.Properties, '$.ApiId') as api_id, + JSON_EXTRACT(detail.Properties, '$.Code') as code, + JSON_EXTRACT(detail.Properties, '$.CodeS3Location') as code_s3_location, + JSON_EXTRACT(detail.Properties, '$.DataSourceName') as data_source_name, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.FunctionVersion') as function_version, + JSON_EXTRACT(detail.Properties, '$.MaxBatchSize') as max_batch_size, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.RequestMappingTemplate') as request_mapping_template, + JSON_EXTRACT(detail.Properties, '$.RequestMappingTemplateS3Location') as request_mapping_template_s3_location, + JSON_EXTRACT(detail.Properties, '$.ResponseMappingTemplate') as response_mapping_template, + JSON_EXTRACT(detail.Properties, '$.ResponseMappingTemplateS3Location') as response_mapping_template_s3_location, + JSON_EXTRACT(detail.Properties, '$.Runtime') as runtime, + JSON_EXTRACT(detail.Properties, '$.SyncConfig') as sync_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppSync::FunctionConfiguration' + AND detail.data__TypeName = 'AWS::AppSync::FunctionConfiguration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FunctionId') as function_id, + json_extract_path_text(Properties, 'FunctionArn') as function_arn, + json_extract_path_text(Properties, 'ApiId') as api_id, + json_extract_path_text(Properties, 'Code') as code, + json_extract_path_text(Properties, 'CodeS3Location') as code_s3_location, + json_extract_path_text(Properties, 'DataSourceName') as data_source_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FunctionVersion') as function_version, + json_extract_path_text(Properties, 'MaxBatchSize') as max_batch_size, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RequestMappingTemplate') as request_mapping_template, + json_extract_path_text(Properties, 'RequestMappingTemplateS3Location') as request_mapping_template_s3_location, + json_extract_path_text(Properties, 'ResponseMappingTemplate') as response_mapping_template, + json_extract_path_text(Properties, 'ResponseMappingTemplateS3Location') as response_mapping_template_s3_location, + json_extract_path_text(Properties, 'Runtime') as runtime, + json_extract_path_text(Properties, 'SyncConfig') as sync_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::FunctionConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'FunctionId') as function_id, + json_extract_path_text(detail.Properties, 'FunctionArn') as function_arn, + json_extract_path_text(detail.Properties, 'ApiId') as api_id, + json_extract_path_text(detail.Properties, 'Code') as code, + json_extract_path_text(detail.Properties, 'CodeS3Location') as code_s3_location, + json_extract_path_text(detail.Properties, 'DataSourceName') as data_source_name, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'FunctionVersion') as function_version, + json_extract_path_text(detail.Properties, 'MaxBatchSize') as max_batch_size, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'RequestMappingTemplate') as request_mapping_template, + json_extract_path_text(detail.Properties, 'RequestMappingTemplateS3Location') as request_mapping_template_s3_location, + json_extract_path_text(detail.Properties, 'ResponseMappingTemplate') as response_mapping_template, + json_extract_path_text(detail.Properties, 'ResponseMappingTemplateS3Location') as response_mapping_template_s3_location, + json_extract_path_text(detail.Properties, 'Runtime') as runtime, + json_extract_path_text(detail.Properties, 'SyncConfig') as sync_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppSync::FunctionConfiguration' + AND detail.data__TypeName = 'AWS::AppSync::FunctionConfiguration' + AND listing.region = 'us-east-1' + function_configurations_list_only: + name: function_configurations_list_only + id: aws.appsync.function_configurations_list_only + x-cfn-schema-name: FunctionConfiguration + x-cfn-type-name: AWS::AppSync::FunctionConfiguration + x-identifiers: + - FunctionArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.FunctionArn') as function_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::FunctionConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'FunctionArn') as function_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::FunctionConfiguration' + AND region = 'us-east-1' + graphql_apis: + name: graphql_apis + id: aws.appsync.graphql_apis + x-cfn-schema-name: GraphQLApi + x-cfn-type-name: AWS::AppSync::GraphQLApi + x-identifiers: + - ApiId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__GraphQLApi&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppSync::GraphQLApi" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppSync::GraphQLApi" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppSync::GraphQLApi" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/graphql_apis/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/function_configurations/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/graphql_apis/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/function_configurations/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/graphql_apis/methods/update_resource' config: views: select: @@ -1453,52 +3278,70 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.FunctionId') as function_id, - JSON_EXTRACT(Properties, '$.FunctionArn') as function_arn, + JSON_EXTRACT(Properties, '$.AdditionalAuthenticationProviders') as additional_authentication_providers, JSON_EXTRACT(Properties, '$.ApiId') as api_id, - JSON_EXTRACT(Properties, '$.Code') as code, - JSON_EXTRACT(Properties, '$.CodeS3Location') as code_s3_location, - JSON_EXTRACT(Properties, '$.DataSourceName') as data_source_name, - JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.FunctionVersion') as function_version, - JSON_EXTRACT(Properties, '$.MaxBatchSize') as max_batch_size, + JSON_EXTRACT(Properties, '$.ApiType') as api_type, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AuthenticationType') as authentication_type, + JSON_EXTRACT(Properties, '$.EnhancedMetricsConfig') as enhanced_metrics_config, + JSON_EXTRACT(Properties, '$.EnvironmentVariables') as environment_variables, + JSON_EXTRACT(Properties, '$.GraphQLDns') as graph_ql_dns, + JSON_EXTRACT(Properties, '$.GraphQLEndpointArn') as graph_ql_endpoint_arn, + JSON_EXTRACT(Properties, '$.GraphQLUrl') as graph_ql_url, + JSON_EXTRACT(Properties, '$.IntrospectionConfig') as introspection_config, + JSON_EXTRACT(Properties, '$.LambdaAuthorizerConfig') as lambda_authorizer_config, + JSON_EXTRACT(Properties, '$.LogConfig') as log_config, + JSON_EXTRACT(Properties, '$.MergedApiExecutionRoleArn') as merged_api_execution_role_arn, JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.RequestMappingTemplate') as request_mapping_template, - JSON_EXTRACT(Properties, '$.RequestMappingTemplateS3Location') as request_mapping_template_s3_location, - JSON_EXTRACT(Properties, '$.ResponseMappingTemplate') as response_mapping_template, - JSON_EXTRACT(Properties, '$.ResponseMappingTemplateS3Location') as response_mapping_template_s3_location, - JSON_EXTRACT(Properties, '$.Runtime') as runtime, - JSON_EXTRACT(Properties, '$.SyncConfig') as sync_config - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::FunctionConfiguration' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.OpenIDConnectConfig') as open_id_connect_config, + JSON_EXTRACT(Properties, '$.OwnerContact') as owner_contact, + JSON_EXTRACT(Properties, '$.QueryDepthLimit') as query_depth_limit, + JSON_EXTRACT(Properties, '$.RealtimeDns') as realtime_dns, + JSON_EXTRACT(Properties, '$.RealtimeUrl') as realtime_url, + JSON_EXTRACT(Properties, '$.ResolverCountLimit') as resolver_count_limit, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UserPoolConfig') as user_pool_config, + JSON_EXTRACT(Properties, '$.Visibility') as visibility, + JSON_EXTRACT(Properties, '$.XrayEnabled') as xray_enabled + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::GraphQLApi' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.FunctionId') as function_id, - JSON_EXTRACT(detail.Properties, '$.FunctionArn') as function_arn, + JSON_EXTRACT(detail.Properties, '$.AdditionalAuthenticationProviders') as additional_authentication_providers, JSON_EXTRACT(detail.Properties, '$.ApiId') as api_id, - JSON_EXTRACT(detail.Properties, '$.Code') as code, - JSON_EXTRACT(detail.Properties, '$.CodeS3Location') as code_s3_location, - JSON_EXTRACT(detail.Properties, '$.DataSourceName') as data_source_name, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.FunctionVersion') as function_version, - JSON_EXTRACT(detail.Properties, '$.MaxBatchSize') as max_batch_size, + JSON_EXTRACT(detail.Properties, '$.ApiType') as api_type, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.AuthenticationType') as authentication_type, + JSON_EXTRACT(detail.Properties, '$.EnhancedMetricsConfig') as enhanced_metrics_config, + JSON_EXTRACT(detail.Properties, '$.EnvironmentVariables') as environment_variables, + JSON_EXTRACT(detail.Properties, '$.GraphQLDns') as graph_ql_dns, + JSON_EXTRACT(detail.Properties, '$.GraphQLEndpointArn') as graph_ql_endpoint_arn, + JSON_EXTRACT(detail.Properties, '$.GraphQLUrl') as graph_ql_url, + JSON_EXTRACT(detail.Properties, '$.IntrospectionConfig') as introspection_config, + JSON_EXTRACT(detail.Properties, '$.LambdaAuthorizerConfig') as lambda_authorizer_config, + JSON_EXTRACT(detail.Properties, '$.LogConfig') as log_config, + JSON_EXTRACT(detail.Properties, '$.MergedApiExecutionRoleArn') as merged_api_execution_role_arn, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.RequestMappingTemplate') as request_mapping_template, - JSON_EXTRACT(detail.Properties, '$.RequestMappingTemplateS3Location') as request_mapping_template_s3_location, - JSON_EXTRACT(detail.Properties, '$.ResponseMappingTemplate') as response_mapping_template, - JSON_EXTRACT(detail.Properties, '$.ResponseMappingTemplateS3Location') as response_mapping_template_s3_location, - JSON_EXTRACT(detail.Properties, '$.Runtime') as runtime, - JSON_EXTRACT(detail.Properties, '$.SyncConfig') as sync_config + JSON_EXTRACT(detail.Properties, '$.OpenIDConnectConfig') as open_id_connect_config, + JSON_EXTRACT(detail.Properties, '$.OwnerContact') as owner_contact, + JSON_EXTRACT(detail.Properties, '$.QueryDepthLimit') as query_depth_limit, + JSON_EXTRACT(detail.Properties, '$.RealtimeDns') as realtime_dns, + JSON_EXTRACT(detail.Properties, '$.RealtimeUrl') as realtime_url, + JSON_EXTRACT(detail.Properties, '$.ResolverCountLimit') as resolver_count_limit, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.UserPoolConfig') as user_pool_config, + JSON_EXTRACT(detail.Properties, '$.Visibility') as visibility, + JSON_EXTRACT(detail.Properties, '$.XrayEnabled') as xray_enabled FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::AppSync::FunctionConfiguration' - AND detail.data__TypeName = 'AWS::AppSync::FunctionConfiguration' + WHERE listing.data__TypeName = 'AWS::AppSync::GraphQLApi' + AND detail.data__TypeName = 'AWS::AppSync::GraphQLApi' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -1506,60 +3349,78 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'FunctionId') as function_id, - json_extract_path_text(Properties, 'FunctionArn') as function_arn, + json_extract_path_text(Properties, 'AdditionalAuthenticationProviders') as additional_authentication_providers, json_extract_path_text(Properties, 'ApiId') as api_id, - json_extract_path_text(Properties, 'Code') as code, - json_extract_path_text(Properties, 'CodeS3Location') as code_s3_location, - json_extract_path_text(Properties, 'DataSourceName') as data_source_name, - json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'FunctionVersion') as function_version, - json_extract_path_text(Properties, 'MaxBatchSize') as max_batch_size, + json_extract_path_text(Properties, 'ApiType') as api_type, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AuthenticationType') as authentication_type, + json_extract_path_text(Properties, 'EnhancedMetricsConfig') as enhanced_metrics_config, + json_extract_path_text(Properties, 'EnvironmentVariables') as environment_variables, + json_extract_path_text(Properties, 'GraphQLDns') as graph_ql_dns, + json_extract_path_text(Properties, 'GraphQLEndpointArn') as graph_ql_endpoint_arn, + json_extract_path_text(Properties, 'GraphQLUrl') as graph_ql_url, + json_extract_path_text(Properties, 'IntrospectionConfig') as introspection_config, + json_extract_path_text(Properties, 'LambdaAuthorizerConfig') as lambda_authorizer_config, + json_extract_path_text(Properties, 'LogConfig') as log_config, + json_extract_path_text(Properties, 'MergedApiExecutionRoleArn') as merged_api_execution_role_arn, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'RequestMappingTemplate') as request_mapping_template, - json_extract_path_text(Properties, 'RequestMappingTemplateS3Location') as request_mapping_template_s3_location, - json_extract_path_text(Properties, 'ResponseMappingTemplate') as response_mapping_template, - json_extract_path_text(Properties, 'ResponseMappingTemplateS3Location') as response_mapping_template_s3_location, - json_extract_path_text(Properties, 'Runtime') as runtime, - json_extract_path_text(Properties, 'SyncConfig') as sync_config - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::FunctionConfiguration' - AND data__Identifier = '' + json_extract_path_text(Properties, 'OpenIDConnectConfig') as open_id_connect_config, + json_extract_path_text(Properties, 'OwnerContact') as owner_contact, + json_extract_path_text(Properties, 'QueryDepthLimit') as query_depth_limit, + json_extract_path_text(Properties, 'RealtimeDns') as realtime_dns, + json_extract_path_text(Properties, 'RealtimeUrl') as realtime_url, + json_extract_path_text(Properties, 'ResolverCountLimit') as resolver_count_limit, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UserPoolConfig') as user_pool_config, + json_extract_path_text(Properties, 'Visibility') as visibility, + json_extract_path_text(Properties, 'XrayEnabled') as xray_enabled + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppSync::GraphQLApi' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'FunctionId') as function_id, - json_extract_path_text(detail.Properties, 'FunctionArn') as function_arn, + json_extract_path_text(detail.Properties, 'AdditionalAuthenticationProviders') as additional_authentication_providers, json_extract_path_text(detail.Properties, 'ApiId') as api_id, - json_extract_path_text(detail.Properties, 'Code') as code, - json_extract_path_text(detail.Properties, 'CodeS3Location') as code_s3_location, - json_extract_path_text(detail.Properties, 'DataSourceName') as data_source_name, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'FunctionVersion') as function_version, - json_extract_path_text(detail.Properties, 'MaxBatchSize') as max_batch_size, + json_extract_path_text(detail.Properties, 'ApiType') as api_type, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'AuthenticationType') as authentication_type, + json_extract_path_text(detail.Properties, 'EnhancedMetricsConfig') as enhanced_metrics_config, + json_extract_path_text(detail.Properties, 'EnvironmentVariables') as environment_variables, + json_extract_path_text(detail.Properties, 'GraphQLDns') as graph_ql_dns, + json_extract_path_text(detail.Properties, 'GraphQLEndpointArn') as graph_ql_endpoint_arn, + json_extract_path_text(detail.Properties, 'GraphQLUrl') as graph_ql_url, + json_extract_path_text(detail.Properties, 'IntrospectionConfig') as introspection_config, + json_extract_path_text(detail.Properties, 'LambdaAuthorizerConfig') as lambda_authorizer_config, + json_extract_path_text(detail.Properties, 'LogConfig') as log_config, + json_extract_path_text(detail.Properties, 'MergedApiExecutionRoleArn') as merged_api_execution_role_arn, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'RequestMappingTemplate') as request_mapping_template, - json_extract_path_text(detail.Properties, 'RequestMappingTemplateS3Location') as request_mapping_template_s3_location, - json_extract_path_text(detail.Properties, 'ResponseMappingTemplate') as response_mapping_template, - json_extract_path_text(detail.Properties, 'ResponseMappingTemplateS3Location') as response_mapping_template_s3_location, - json_extract_path_text(detail.Properties, 'Runtime') as runtime, - json_extract_path_text(detail.Properties, 'SyncConfig') as sync_config + json_extract_path_text(detail.Properties, 'OpenIDConnectConfig') as open_id_connect_config, + json_extract_path_text(detail.Properties, 'OwnerContact') as owner_contact, + json_extract_path_text(detail.Properties, 'QueryDepthLimit') as query_depth_limit, + json_extract_path_text(detail.Properties, 'RealtimeDns') as realtime_dns, + json_extract_path_text(detail.Properties, 'RealtimeUrl') as realtime_url, + json_extract_path_text(detail.Properties, 'ResolverCountLimit') as resolver_count_limit, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'UserPoolConfig') as user_pool_config, + json_extract_path_text(detail.Properties, 'Visibility') as visibility, + json_extract_path_text(detail.Properties, 'XrayEnabled') as xray_enabled FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::AppSync::FunctionConfiguration' - AND detail.data__TypeName = 'AWS::AppSync::FunctionConfiguration' + WHERE listing.data__TypeName = 'AWS::AppSync::GraphQLApi' + AND detail.data__TypeName = 'AWS::AppSync::GraphQLApi' AND listing.region = 'us-east-1' - function_configurations_list_only: - name: function_configurations_list_only - id: aws.appsync.function_configurations_list_only - x-cfn-schema-name: FunctionConfiguration - x-cfn-type-name: AWS::AppSync::FunctionConfiguration + graphql_apis_list_only: + name: graphql_apis_list_only + id: aws.appsync.graphql_apis_list_only + x-cfn-schema-name: GraphQLApi + x-cfn-type-name: AWS::AppSync::GraphQLApi x-identifiers: - - FunctionArn + - ApiId x-type: cloud_control_view methods: {} sqlVerbs: @@ -1573,17 +3434,108 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.FunctionArn') as function_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::FunctionConfiguration' + JSON_EXTRACT(Properties, '$.ApiId') as api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::GraphQLApi' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'FunctionArn') as function_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::FunctionConfiguration' + json_extract_path_text(Properties, 'ApiId') as api_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppSync::GraphQLApi' AND region = 'us-east-1' + graphql_api_tags: + name: graphql_api_tags + id: aws.appsync.graphql_api_tags + x-cfn-schema-name: GraphQLApi + x-cfn-type-name: AWS::AppSync::GraphQLApi + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AdditionalAuthenticationProviders') as additional_authentication_providers, + JSON_EXTRACT(detail.Properties, '$.ApiId') as api_id, + JSON_EXTRACT(detail.Properties, '$.ApiType') as api_type, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.AuthenticationType') as authentication_type, + JSON_EXTRACT(detail.Properties, '$.EnhancedMetricsConfig') as enhanced_metrics_config, + JSON_EXTRACT(detail.Properties, '$.EnvironmentVariables') as environment_variables, + JSON_EXTRACT(detail.Properties, '$.GraphQLDns') as graph_ql_dns, + JSON_EXTRACT(detail.Properties, '$.GraphQLEndpointArn') as graph_ql_endpoint_arn, + JSON_EXTRACT(detail.Properties, '$.GraphQLUrl') as graph_ql_url, + JSON_EXTRACT(detail.Properties, '$.IntrospectionConfig') as introspection_config, + JSON_EXTRACT(detail.Properties, '$.LambdaAuthorizerConfig') as lambda_authorizer_config, + JSON_EXTRACT(detail.Properties, '$.LogConfig') as log_config, + JSON_EXTRACT(detail.Properties, '$.MergedApiExecutionRoleArn') as merged_api_execution_role_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.OpenIDConnectConfig') as open_id_connect_config, + JSON_EXTRACT(detail.Properties, '$.OwnerContact') as owner_contact, + JSON_EXTRACT(detail.Properties, '$.QueryDepthLimit') as query_depth_limit, + JSON_EXTRACT(detail.Properties, '$.RealtimeDns') as realtime_dns, + JSON_EXTRACT(detail.Properties, '$.RealtimeUrl') as realtime_url, + JSON_EXTRACT(detail.Properties, '$.ResolverCountLimit') as resolver_count_limit, + JSON_EXTRACT(detail.Properties, '$.UserPoolConfig') as user_pool_config, + JSON_EXTRACT(detail.Properties, '$.Visibility') as visibility, + JSON_EXTRACT(detail.Properties, '$.XrayEnabled') as xray_enabled + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::AppSync::GraphQLApi' + AND detail.data__TypeName = 'AWS::AppSync::GraphQLApi' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AdditionalAuthenticationProviders') as additional_authentication_providers, + json_extract_path_text(detail.Properties, 'ApiId') as api_id, + json_extract_path_text(detail.Properties, 'ApiType') as api_type, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'AuthenticationType') as authentication_type, + json_extract_path_text(detail.Properties, 'EnhancedMetricsConfig') as enhanced_metrics_config, + json_extract_path_text(detail.Properties, 'EnvironmentVariables') as environment_variables, + json_extract_path_text(detail.Properties, 'GraphQLDns') as graph_ql_dns, + json_extract_path_text(detail.Properties, 'GraphQLEndpointArn') as graph_ql_endpoint_arn, + json_extract_path_text(detail.Properties, 'GraphQLUrl') as graph_ql_url, + json_extract_path_text(detail.Properties, 'IntrospectionConfig') as introspection_config, + json_extract_path_text(detail.Properties, 'LambdaAuthorizerConfig') as lambda_authorizer_config, + json_extract_path_text(detail.Properties, 'LogConfig') as log_config, + json_extract_path_text(detail.Properties, 'MergedApiExecutionRoleArn') as merged_api_execution_role_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'OpenIDConnectConfig') as open_id_connect_config, + json_extract_path_text(detail.Properties, 'OwnerContact') as owner_contact, + json_extract_path_text(detail.Properties, 'QueryDepthLimit') as query_depth_limit, + json_extract_path_text(detail.Properties, 'RealtimeDns') as realtime_dns, + json_extract_path_text(detail.Properties, 'RealtimeUrl') as realtime_url, + json_extract_path_text(detail.Properties, 'ResolverCountLimit') as resolver_count_limit, + json_extract_path_text(detail.Properties, 'UserPoolConfig') as user_pool_config, + json_extract_path_text(detail.Properties, 'Visibility') as visibility, + json_extract_path_text(detail.Properties, 'XrayEnabled') as xray_enabled + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::AppSync::GraphQLApi' + AND detail.data__TypeName = 'AWS::AppSync::GraphQLApi' + AND listing.region = 'us-east-1' resolvers: name: resolvers id: aws.appsync.resolvers @@ -2111,6 +4063,132 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' description: Success + /?Action=CreateResource&Version=2021-09-30&__Api&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateApi + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateApiRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__ChannelNamespace&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateChannelNamespace + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateChannelNamespaceRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__DataSource&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDataSource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDataSourceRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__DomainName&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -2237,6 +4315,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__GraphQLApi&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateGraphQLApi + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateGraphQLApiRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Resolver&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/apptest.yaml b/providers/src/aws/v00.00.00000/services/apptest.yaml new file mode 100644 index 00000000..b05c8ff1 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/apptest.yaml @@ -0,0 +1,1362 @@ +openapi: 3.0.0 +info: + title: AppTest + version: 2.0.0 + x-serviceName: cloudcontrolapi +servers: + - url: https://cloudcontrolapi.{region}.amazonaws.com + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The CloudControlApi multi-region endpoint + - url: https://cloudcontrolapi.{region}.amazonaws.com.cn + variables: + region: + description: The AWS region + enum: + - cn-north-1 + - cn-northwest-1 + default: cn-north-1 + description: The CloudControlApi endpoint for China (Beijing) and China (Ningxia) +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + x-cloud-control-schemas: + AlreadyExistsException: {} + CancelResourceRequestInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: CancelResourceRequestInput + type: object + CancelResourceRequestOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + ClientToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + ClientTokenConflictException: {} + ConcurrentModificationException: {} + ConcurrentOperationException: {} + CreateResourceInput: + properties: + ClientToken: + type: string + DesiredState: + allOf: + - $ref: '#/components/x-cloud-control-schemas/Properties' + - description: >- +

Structured data format representing the desired state of the resource, consisting of that resource's properties and their desired values.

Cloud Control API currently supports JSON as a structured data format.

 
 <p>Specify the desired state as one of the following:</p> <ul> <li> <p>A JSON blob</p> </li> <li> <p>A local path containing the desired state in JSON data format</p>
+                </li> </ul> <p>For more information, see <a href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-create.html#resource-operations-create-desiredstate">Composing the desired state of the resource</a> in the <i>Amazon Web Services Cloud Control API User Guide</i>.</p> <p>For more information about the properties of a specific resource, refer to the related topic for the resource in the
+                <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Resource and property types reference</a> in the <i>CloudFormation Users Guide</i>.</p>
+ RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - DesiredState + title: CreateResourceInput + type: object + CreateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + DeleteResourceInput: + properties: + ClientToken: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - Identifier + title: DeleteResourceInput + type: object + DeleteResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + GeneralServiceException: {} + GetResourceInput: + properties: + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + required: + - TypeName + - Identifier + title: GetResourceInput + type: object + GetResourceOutput: + properties: + ResourceDescription: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + TypeName: + type: string + type: object + GetResourceRequestStatusInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: GetResourceRequestStatusInput + type: object + GetResourceRequestStatusOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + HandlerErrorCode: + enum: + - NotUpdatable + - InvalidRequest + - AccessDenied + - InvalidCredentials + - AlreadyExists + - NotFound + - ResourceConflict + - Throttling + - ServiceLimitExceeded + - NotStabilized + - GeneralServiceException + - ServiceInternalError + - ServiceTimeout + - NetworkFailure + - InternalFailure + type: string + HandlerFailureException: {} + HandlerInternalFailureException: {} + HandlerNextToken: + maxLength: 2048 + minLength: 1 + pattern: .+ + type: string + Identifier: + maxLength: 1024 + minLength: 1 + pattern: .+ + type: string + InvalidCredentialsException: {} + InvalidRequestException: {} + MaxResults: + maximum: 100 + minimum: 1 + type: integer + NetworkFailureException: {} + NextToken: + maxLength: 2048 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + NotStabilizedException: {} + NotUpdatableException: {} + Operation: + enum: + - CREATE + - DELETE + - UPDATE + type: string + OperationStatus: + enum: + - PENDING + - IN_PROGRESS + - SUCCESS + - FAILED + - CANCEL_IN_PROGRESS + - CANCEL_COMPLETE + type: string + OperationStatuses: + items: + $ref: '#/components/x-cloud-control-schemas/OperationStatus' + type: array + Operations: + items: + $ref: '#/components/x-cloud-control-schemas/Operation' + type: array + PatchDocument: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + PrivateTypeException: {} + ProgressEvent: + example: + ErrorCode: string + EventTime: number + Identifier: string + Operation: string + OperationStatus: string + RequestToken: string + ResourceModel: string + RetryAfter: number + StatusMessage: string + TypeName: string + properties: + ErrorCode: + type: string + EventTime: + type: number + Identifier: + type: string + Operation: + type: string + OperationStatus: + type: string + RequestToken: + type: string + ResourceModel: + type: string + RetryAfter: + type: number + StatusMessage: + type: string + TypeName: + type: string + type: object + Properties: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + RequestToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + RequestTokenNotFoundException: {} + ResourceConflictException: {} + ResourceDescription: + description: Represents information about a provisioned resource. + properties: + Identifier: + type: string + Properties: + type: string + type: object + ResourceDescriptions: + items: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + type: array + ResourceNotFoundException: {} + ResourceRequestStatusFilter: + description: The filter criteria to use in determining the requests returned. + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/OperationStatuses' + - description: >- +

The operation statuses to include in the filter.

  • PENDING: The operation has been requested, but not yet initiated.

  • IN_PROGRESS: The operation is in progress.

  • SUCCESS: The operation completed.

  • FAILED: The operation failed.

  • CANCEL_IN_PROGRESS: The operation is in the process of being canceled.

  • + CANCEL_COMPLETE: The operation has been canceled.

+ type: object + ResourceRequestStatusSummaries: + items: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: array + RoleArn: + maxLength: 2048 + minLength: 20 + pattern: arn:.+:iam::[0-9]{12}:role/.+ + type: string + ServiceInternalErrorException: {} + ServiceLimitExceededException: {} + StatusMessage: + maxLength: 1024 + minLength: 0 + pattern: '[\s\S]*' + type: string + ThrottlingException: {} + Timestamp: + format: date-time + type: string + TypeName: + maxLength: 196 + minLength: 10 + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}' + type: string + TypeNotFoundException: {} + TypeVersionId: + maxLength: 128 + minLength: 1 + pattern: '[A-Za-z0-9-]+' + type: string + UnsupportedActionException: {} + UpdateResourceInput: + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/PatchDocument' + required: + - Identifier + - PatchDocument + title: UpdateResourceInput + type: object + UpdateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + schemas: + Batch: + type: object + properties: + BatchJobName: + type: string + pattern: ^\S{1,1000}$ + BatchJobParameters: + $ref: '#/components/schemas/BatchJobParameters' + ExportDataSetNames: + type: array + items: + type: string + pattern: ^\S{1,100}$ + required: + - BatchJobName + additionalProperties: false + BatchJobParameters: + type: object + x-patternProperties: + .+: + type: string + additionalProperties: false + CaptureTool: + type: string + enum: + - Precisely + - AWS DMS + CloudFormationAction: + type: object + properties: + Resource: + type: string + pattern: ^\S{1,1000}$ + ActionType: + $ref: '#/components/schemas/CloudFormationActionType' + required: + - Resource + additionalProperties: false + CloudFormationActionType: + type: string + enum: + - Create + - Delete + CompareAction: + type: object + properties: + Input: + $ref: '#/components/schemas/Input' + Output: + $ref: '#/components/schemas/Output' + required: + - Input + additionalProperties: false + DataSet: + type: object + properties: + Type: + $ref: '#/components/schemas/DataSetType' + Name: + type: string + pattern: ^\S{1,100}$ + Ccsid: + type: string + pattern: ^\S{1,50}$ + Format: + $ref: '#/components/schemas/Format' + Length: + type: number + required: + - Ccsid + - Format + - Length + - Name + - Type + additionalProperties: false + DataSetType: + type: string + enum: + - PS + DatabaseCDC: + type: object + properties: + SourceMetadata: + $ref: '#/components/schemas/SourceDatabaseMetadata' + TargetMetadata: + $ref: '#/components/schemas/TargetDatabaseMetadata' + required: + - SourceMetadata + - TargetMetadata + additionalProperties: false + FileMetadata: + oneOf: + - type: object + title: DataSets + properties: + DataSets: + type: array + items: + $ref: '#/components/schemas/DataSet' + required: + - DataSets + additionalProperties: false + - type: object + title: DatabaseCDC + properties: + DatabaseCDC: + $ref: '#/components/schemas/DatabaseCDC' + required: + - DatabaseCDC + additionalProperties: false + Format: + type: string + enum: + - FIXED + - VARIABLE + - LINE_SEQUENTIAL + Input: + oneOf: + - type: object + title: File + properties: + File: + $ref: '#/components/schemas/InputFile' + required: + - File + additionalProperties: false + InputFile: + type: object + properties: + SourceLocation: + type: string + pattern: ^\S{1,1000}$ + TargetLocation: + type: string + pattern: ^\S{1,1000}$ + FileMetadata: + $ref: '#/components/schemas/FileMetadata' + required: + - FileMetadata + - SourceLocation + - TargetLocation + additionalProperties: false + M2ManagedActionProperties: + type: object + properties: + ForceStop: + type: boolean + ImportDataSetLocation: + type: string + pattern: ^\S{1,1000}$ + additionalProperties: false + M2ManagedActionType: + type: string + enum: + - Configure + - Deconfigure + M2ManagedApplicationAction: + type: object + properties: + Resource: + type: string + pattern: ^\S{1,1000}$ + ActionType: + $ref: '#/components/schemas/M2ManagedActionType' + Properties: + $ref: '#/components/schemas/M2ManagedActionProperties' + required: + - ActionType + - Resource + additionalProperties: false + M2NonManagedActionType: + type: string + enum: + - Configure + - Deconfigure + M2NonManagedApplicationAction: + type: object + properties: + Resource: + type: string + pattern: ^\S{1,1000}$ + ActionType: + $ref: '#/components/schemas/M2NonManagedActionType' + required: + - ActionType + - Resource + additionalProperties: false + MainframeAction: + type: object + properties: + Resource: + type: string + pattern: ^\S{1,1000}$ + ActionType: + $ref: '#/components/schemas/MainframeActionType' + Properties: + $ref: '#/components/schemas/MainframeActionProperties' + required: + - ActionType + - Resource + additionalProperties: false + MainframeActionProperties: + type: object + properties: + DmsTaskArn: + type: string + pattern: ^\S{1,1000}$ + additionalProperties: false + MainframeActionType: + oneOf: + - type: object + title: Batch + properties: + Batch: + $ref: '#/components/schemas/Batch' + required: + - Batch + additionalProperties: false + - type: object + title: Tn3270 + properties: + Tn3270: + $ref: '#/components/schemas/TN3270' + required: + - Tn3270 + additionalProperties: false + Output: + oneOf: + - type: object + title: File + properties: + File: + $ref: '#/components/schemas/OutputFile' + required: + - File + additionalProperties: false + OutputFile: + type: object + properties: + FileLocation: + type: string + maxLength: 1024 + minLength: 0 + additionalProperties: false + ResourceAction: + oneOf: + - type: object + title: M2ManagedApplicationAction + properties: + M2ManagedApplicationAction: + $ref: '#/components/schemas/M2ManagedApplicationAction' + required: + - M2ManagedApplicationAction + additionalProperties: false + - type: object + title: M2NonManagedApplicationAction + properties: + M2NonManagedApplicationAction: + $ref: '#/components/schemas/M2NonManagedApplicationAction' + required: + - M2NonManagedApplicationAction + additionalProperties: false + - type: object + title: CloudFormationAction + properties: + CloudFormationAction: + $ref: '#/components/schemas/CloudFormationAction' + required: + - CloudFormationAction + additionalProperties: false + Script: + type: object + properties: + ScriptLocation: + type: string + maxLength: 1024 + minLength: 0 + Type: + $ref: '#/components/schemas/ScriptType' + required: + - ScriptLocation + - Type + additionalProperties: false + ScriptType: + type: string + enum: + - Selenium + SourceDatabase: + type: string + enum: + - z/OS-DB2 + SourceDatabaseMetadata: + type: object + properties: + Type: + $ref: '#/components/schemas/SourceDatabase' + CaptureTool: + $ref: '#/components/schemas/CaptureTool' + required: + - CaptureTool + - Type + additionalProperties: false + Step: + type: object + properties: + Name: + type: string + pattern: ^[A-Za-z][A-Za-z0-9_\-]{1,59}$ + Description: + type: string + maxLength: 1000 + minLength: 0 + Action: + $ref: '#/components/schemas/StepAction' + required: + - Action + - Name + additionalProperties: false + StepAction: + oneOf: + - type: object + title: ResourceAction + properties: + ResourceAction: + $ref: '#/components/schemas/ResourceAction' + required: + - ResourceAction + additionalProperties: false + - type: object + title: MainframeAction + properties: + MainframeAction: + $ref: '#/components/schemas/MainframeAction' + required: + - MainframeAction + additionalProperties: false + - type: object + title: CompareAction + properties: + CompareAction: + $ref: '#/components/schemas/CompareAction' + required: + - CompareAction + additionalProperties: false + TN3270: + type: object + properties: + Script: + $ref: '#/components/schemas/Script' + ExportDataSetNames: + type: array + items: + type: string + pattern: ^\S{1,100}$ + required: + - Script + additionalProperties: false + TagMap: + type: object + maxProperties: 200 + minProperties: 0 + x-patternProperties: + ^(?!aws:).+$: + type: string + maxLength: 256 + minLength: 0 + additionalProperties: false + TargetDatabase: + type: string + enum: + - PostgreSQL + TargetDatabaseMetadata: + type: object + properties: + Type: + $ref: '#/components/schemas/TargetDatabase' + CaptureTool: + $ref: '#/components/schemas/CaptureTool' + required: + - CaptureTool + - Type + additionalProperties: false + TestCaseLatestVersion: + type: object + properties: + Version: + type: number + Status: + $ref: '#/components/schemas/TestCaseLifecycle' + required: + - Status + - Version + additionalProperties: false + TestCaseLifecycle: + type: string + enum: + - Active + - Deleting + TestCase: + type: object + properties: + CreationTime: + type: string + format: date-time + Description: + type: string + maxLength: 1000 + minLength: 0 + LastUpdateTime: + type: string + format: date-time + LatestVersion: + $ref: '#/components/schemas/TestCaseLatestVersion' + Name: + type: string + pattern: ^[A-Za-z][A-Za-z0-9_\-]{1,59}$ + Status: + $ref: '#/components/schemas/TestCaseLifecycle' + Steps: + type: array + items: + $ref: '#/components/schemas/Step' + maxItems: 20 + minItems: 1 + Tags: + $ref: '#/components/schemas/TagMap' + TestCaseArn: + type: string + pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+=,@.-]{0,1023}$ + TestCaseId: + type: string + pattern: ^[A-Za-z0-9:/\-]{1,100}$ + TestCaseVersion: + type: number + required: + - Name + - Steps + x-stackql-resource-name: test_case + description: Represents a Test Case that can be captured and executed + x-type-name: AWS::AppTest::TestCase + x-stackql-primary-identifier: + - TestCaseId + x-create-only-properties: + - Name + x-read-only-properties: + - CreationTime + - LastUpdateTime + - LatestVersion + - Status + - TestCaseArn + - TestCaseId + - TestCaseVersion + x-required-properties: + - Name + - Steps + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - apptest:TagResource + - apptest:UntagResource + - apptest:ListTagsForResource + x-required-permissions: + create: + - apptest:CreateTestCase + - apptest:GetTestCase + - apptest:ListTagsForResource + read: + - apptest:GetTestCase + - apptest:ListTagsForResource + update: + - apptest:UpdateTestCase + - apptest:GetTestCase + - apptest:TagResource + - apptest:UnTagResource + - apptest:ListTagsForResource + delete: + - apptest:GetTestCase + - apptest:ListTagsForResource + - apptest:DeleteTestCase + list: + - apptest:ListTestCases + CreateTestCaseRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + CreationTime: + type: string + format: date-time + Description: + type: string + maxLength: 1000 + minLength: 0 + LastUpdateTime: + type: string + format: date-time + LatestVersion: + $ref: '#/components/schemas/TestCaseLatestVersion' + Name: + type: string + pattern: ^[A-Za-z][A-Za-z0-9_\-]{1,59}$ + Status: + $ref: '#/components/schemas/TestCaseLifecycle' + Steps: + type: array + items: + $ref: '#/components/schemas/Step' + maxItems: 20 + minItems: 1 + Tags: + $ref: '#/components/schemas/TagMap' + TestCaseArn: + type: string + pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+=,@.-]{0,1023}$ + TestCaseId: + type: string + pattern: ^[A-Za-z0-9:/\-]{1,100}$ + TestCaseVersion: + type: number + x-stackQL-stringOnly: true + x-title: CreateTestCaseRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + test_cases: + name: test_cases + id: aws.apptest.test_cases + x-cfn-schema-name: TestCase + x-cfn-type-name: AWS::AppTest::TestCase + x-identifiers: + - TestCaseId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__TestCase&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppTest::TestCase" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppTest::TestCase" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::AppTest::TestCase" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/test_cases/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/test_cases/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/test_cases/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.LastUpdateTime') as last_update_time, + JSON_EXTRACT(Properties, '$.LatestVersion') as latest_version, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Steps') as steps, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TestCaseArn') as test_case_arn, + JSON_EXTRACT(Properties, '$.TestCaseId') as test_case_id, + JSON_EXTRACT(Properties, '$.TestCaseVersion') as test_case_version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppTest::TestCase' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.LastUpdateTime') as last_update_time, + JSON_EXTRACT(detail.Properties, '$.LatestVersion') as latest_version, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.Steps') as steps, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.TestCaseArn') as test_case_arn, + JSON_EXTRACT(detail.Properties, '$.TestCaseId') as test_case_id, + JSON_EXTRACT(detail.Properties, '$.TestCaseVersion') as test_case_version + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppTest::TestCase' + AND detail.data__TypeName = 'AWS::AppTest::TestCase' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'LastUpdateTime') as last_update_time, + json_extract_path_text(Properties, 'LatestVersion') as latest_version, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Steps') as steps, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TestCaseArn') as test_case_arn, + json_extract_path_text(Properties, 'TestCaseId') as test_case_id, + json_extract_path_text(Properties, 'TestCaseVersion') as test_case_version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AppTest::TestCase' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'CreationTime') as creation_time, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'LastUpdateTime') as last_update_time, + json_extract_path_text(detail.Properties, 'LatestVersion') as latest_version, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'Steps') as steps, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'TestCaseArn') as test_case_arn, + json_extract_path_text(detail.Properties, 'TestCaseId') as test_case_id, + json_extract_path_text(detail.Properties, 'TestCaseVersion') as test_case_version + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::AppTest::TestCase' + AND detail.data__TypeName = 'AWS::AppTest::TestCase' + AND listing.region = 'us-east-1' + test_cases_list_only: + name: test_cases_list_only + id: aws.apptest.test_cases_list_only + x-cfn-schema-name: TestCase + x-cfn-type-name: AWS::AppTest::TestCase + x-identifiers: + - TestCaseId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TestCaseId') as test_case_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppTest::TestCase' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TestCaseId') as test_case_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::AppTest::TestCase' + AND region = 'us-east-1' + test_case_tags: + name: test_case_tags + id: aws.apptest.test_case_tags + x-cfn-schema-name: TestCase + x-cfn-type-name: AWS::AppTest::TestCase + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.LastUpdateTime') as last_update_time, + JSON_EXTRACT(detail.Properties, '$.LatestVersion') as latest_version, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.Steps') as steps, + JSON_EXTRACT(detail.Properties, '$.TestCaseArn') as test_case_arn, + JSON_EXTRACT(detail.Properties, '$.TestCaseId') as test_case_id, + JSON_EXTRACT(detail.Properties, '$.TestCaseVersion') as test_case_version + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::AppTest::TestCase' + AND detail.data__TypeName = 'AWS::AppTest::TestCase' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'CreationTime') as creation_time, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'LastUpdateTime') as last_update_time, + json_extract_path_text(detail.Properties, 'LatestVersion') as latest_version, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'Steps') as steps, + json_extract_path_text(detail.Properties, 'TestCaseArn') as test_case_arn, + json_extract_path_text(detail.Properties, 'TestCaseId') as test_case_id, + json_extract_path_text(detail.Properties, 'TestCaseVersion') as test_case_version + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::AppTest::TestCase' + AND detail.data__TypeName = 'AWS::AppTest::TestCase' + AND listing.region = 'us-east-1' +paths: + /?Action=CreateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__TestCase&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateTestCase + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateTestCaseRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success +x-stackQL-config: + requestTranslate: + algorithm: drop_double_underscore_params + pagination: + requestToken: + key: NextToken + location: body + responseToken: + key: NextToken + location: body diff --git a/providers/src/aws/v00.00.00000/services/aps.yaml b/providers/src/aws/v00.00.00000/services/aps.yaml index 8bf93e8a..0af9c7e0 100644 --- a/providers/src/aws/v00.00.00000/services/aps.yaml +++ b/providers/src/aws/v00.00.00000/services/aps.yaml @@ -591,10 +591,7 @@ components: x-stackql-primary-identifier: - Arn x-create-only-properties: - - ScrapeConfiguration - Source - - Destination - - Alias x-read-only-properties: - ScraperId - Arn @@ -625,7 +622,10 @@ components: - aps:DescribeScraper - aps:ListTagsForResource update: + - aps:CreateScraper - aps:DescribeScraper + - aps:UpdateScraper + - aps:DescribeWorkspace - aps:TagResource - aps:UntagResource - aps:ListTagsForResource diff --git a/providers/src/aws/v00.00.00000/services/arczonalshift.yaml b/providers/src/aws/v00.00.00000/services/arczonalshift.yaml index 41be2632..a10843dd 100644 --- a/providers/src/aws/v00.00.00000/services/arczonalshift.yaml +++ b/providers/src/aws/v00.00.00000/services/arczonalshift.yaml @@ -385,6 +385,52 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + AccountId: + description: User account id, used as part of the primary identifier for the resource + type: string + pattern: ^\d{12}$ + Region: + description: Region, used as part of the primary identifier for the resource + type: string + pattern: ^[a-z0-9-]*$ + maxLength: 30 + minLength: 5 + AutoshiftObserverNotificationStatus: + type: object + properties: + Status: + $ref: '#/components/schemas/AutoshiftObserverNotificationStatus' + AccountId: + $ref: '#/components/schemas/AccountId' + Region: + $ref: '#/components/schemas/Region' + required: + - Status + x-stackql-resource-name: autoshift_observer_notification_status + description: Definition of AWS::ARCZonalShift::AutoshiftObserverNotificationStatus Resource Type + x-type-name: AWS::ARCZonalShift::AutoshiftObserverNotificationStatus + x-stackql-primary-identifier: + - AccountId + - Region + x-create-only-properties: + - Status + x-read-only-properties: + - AccountId + - Region + x-required-properties: + - Status + x-tagging: + taggable: false + x-required-permissions: + create: + - arc-zonal-shift:UpdateAutoshiftObserverNotificationStatus + read: + - arc-zonal-shift:GetAutoshiftObserverNotificationStatus + delete: + - arc-zonal-shift:UpdateAutoshiftObserverNotificationStatus + - arc-zonal-shift:GetAutoshiftObserverNotificationStatus + list: + - arc-zonal-shift:GetAutoshiftObserverNotificationStatus ZonalAutoshiftStatus: type: string enum: @@ -398,15 +444,16 @@ components: type: string maxLength: 1024 minLength: 8 - pattern: ^arn:.*$ + pattern: ^.*$ required: - AlarmIdentifier - Type additionalProperties: false ControlConditionType: type: string - enum: - - CLOUDWATCH + minLength: 8 + maxLength: 10 + pattern: ^[a-zA-Z]*$ PracticeRunConfiguration: type: object properties: @@ -487,6 +534,29 @@ components: - arc-zonal-shift:UpdateZonalAutoshiftConfiguration list: - arc-zonal-shift:ListManagedResources + CreateAutoshiftObserverNotificationStatusRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Status: + $ref: '#/components/schemas/AutoshiftObserverNotificationStatus' + AccountId: + $ref: '#/components/schemas/AccountId' + Region: + $ref: '#/components/schemas/Region' + x-stackQL-stringOnly: true + x-title: CreateAutoshiftObserverNotificationStatusRequest + type: object + required: [] CreateZonalAutoshiftConfigurationRequest: properties: ClientToken: @@ -520,6 +590,139 @@ components: description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: + autoshift_observer_notification_statuses: + name: autoshift_observer_notification_statuses + id: aws.arczonalshift.autoshift_observer_notification_statuses + x-cfn-schema-name: AutoshiftObserverNotificationStatus + x-cfn-type-name: AWS::ARCZonalShift::AutoshiftObserverNotificationStatus + x-identifiers: + - AccountId + - Region + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AutoshiftObserverNotificationStatus&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ARCZonalShift::AutoshiftObserverNotificationStatus" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ARCZonalShift::AutoshiftObserverNotificationStatus" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/autoshift_observer_notification_statuses/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/autoshift_observer_notification_statuses/methods/delete_resource' + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.Region') as region + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ARCZonalShift::AutoshiftObserverNotificationStatus' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.AccountId') as account_id, + JSON_EXTRACT(detail.Properties, '$.Region') as region + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ARCZonalShift::AutoshiftObserverNotificationStatus' + AND detail.data__TypeName = 'AWS::ARCZonalShift::AutoshiftObserverNotificationStatus' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'Region') as region + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ARCZonalShift::AutoshiftObserverNotificationStatus' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'AccountId') as account_id, + json_extract_path_text(detail.Properties, 'Region') as region + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ARCZonalShift::AutoshiftObserverNotificationStatus' + AND detail.data__TypeName = 'AWS::ARCZonalShift::AutoshiftObserverNotificationStatus' + AND listing.region = 'us-east-1' + autoshift_observer_notification_statuses_list_only: + name: autoshift_observer_notification_statuses_list_only + id: aws.arczonalshift.autoshift_observer_notification_statuses_list_only + x-cfn-schema-name: AutoshiftObserverNotificationStatus + x-cfn-type-name: AWS::ARCZonalShift::AutoshiftObserverNotificationStatus + x-identifiers: + - AccountId + - Region + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AccountId') as account_id, + JSON_EXTRACT(Properties, '$.Region') as region + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ARCZonalShift::AutoshiftObserverNotificationStatus' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AccountId') as account_id, + json_extract_path_text(Properties, 'Region') as region + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ARCZonalShift::AutoshiftObserverNotificationStatus' + AND region = 'us-east-1' zonal_autoshift_configurations: name: zonal_autoshift_configurations id: aws.arczonalshift.zonal_autoshift_configurations @@ -805,6 +1008,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' description: Success + /?Action=CreateResource&Version=2021-09-30&__AutoshiftObserverNotificationStatus&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateAutoshiftObserverNotificationStatus + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateAutoshiftObserverNotificationStatusRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__ZonalAutoshiftConfiguration&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/auditmanager.yaml b/providers/src/aws/v00.00.00000/services/auditmanager.yaml index 35a37052..0daa9da2 100644 --- a/providers/src/aws/v00.00.00000/services/auditmanager.yaml +++ b/providers/src/aws/v00.00.00000/services/auditmanager.yaml @@ -636,6 +636,16 @@ components: - Arn - CreationTime x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - auditmanager:TagResource + - auditmanager:ListTagsForResource + - auditmanager:UntagResource x-required-permissions: create: - auditmanager:CreateAssessment @@ -652,8 +662,10 @@ components: - auditmanager:BatchDeleteDelegationByAssessment delete: - auditmanager:DeleteAssessment + - auditmanager:UntagResource list: - auditmanager:ListAssessments + - auditmanager:ListTagsForResource CreateAssessmentRequest: properties: ClientToken: diff --git a/providers/src/aws/v00.00.00000/services/autoscaling.yaml b/providers/src/aws/v00.00.00000/services/autoscaling.yaml index fc14bcb4..1ce134e9 100644 --- a/providers/src/aws/v00.00.00000/services/autoscaling.yaml +++ b/providers/src/aws/v00.00.00000/services/autoscaling.yaml @@ -385,6 +385,237 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + AvailabilityZoneImpairmentPolicy: + description: Describes an Availability Zone impairment policy. + additionalProperties: false + type: object + properties: + ZonalShiftEnabled: + description: If ``true``, enable zonal shift for your Auto Scaling group. + type: boolean + ImpairedZoneHealthCheckBehavior: + description: >- + Specifies the health check behavior for the impaired Availability Zone in an active zonal shift. If you select ``Replace unhealthy``, instances that appear unhealthy will be replaced in all Availability Zones. If you select ``Ignore unhealthy``, instances will not be replaced in the Availability Zone with the active zonal shift. For more information, see [Auto Scaling group zonal shift](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-zonal-shift.html) in the + *Amazon EC2 Auto Scaling User Guide*. + type: string + enum: + - IgnoreUnhealthy + - ReplaceUnhealthy + required: + - ImpairedZoneHealthCheckBehavior + - ZonalShiftEnabled + LifecycleHookSpecification: + description: |- + ``LifecycleHookSpecification`` specifies a lifecycle hook for the ``LifecycleHookSpecificationList`` property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. A lifecycle hook specifies actions to perform when Amazon EC2 Auto Scaling launches or terminates instances. + For more information, see [Amazon EC2 Auto Scaling lifecycle hooks](https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html) in the *Amazon EC2 Auto Scaling User Guide*. You can find a sample template snippet in the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-as-lifecyclehook.html#aws-resource-as-lifecyclehook--examples) section of the ``AWS::AutoScaling::LifecycleHook`` resource. + additionalProperties: false + type: object + properties: + LifecycleHookName: + description: The name of the lifecycle hook. + type: string + LifecycleTransition: + description: |- + The lifecycle transition. For Auto Scaling groups, there are two major lifecycle transitions. + + To create a lifecycle hook for scale-out events, specify ``autoscaling:EC2_INSTANCE_LAUNCHING``. + + To create a lifecycle hook for scale-in events, specify ``autoscaling:EC2_INSTANCE_TERMINATING``. + type: string + HeartbeatTimeout: + description: The maximum time, in seconds, that can elapse before the lifecycle hook times out. The range is from ``30`` to ``7200`` seconds. The default value is ``3600`` seconds (1 hour). + type: integer + NotificationMetadata: + description: Additional information that you want to include any time Amazon EC2 Auto Scaling sends a message to the notification target. + type: string + DefaultResult: + description: |- + The action the Auto Scaling group takes when the lifecycle hook timeout elapses or if an unexpected failure occurs. The default value is ``ABANDON``. + Valid values: ``CONTINUE`` | ``ABANDON`` + type: string + NotificationTargetARN: + description: The Amazon Resource Name (ARN) of the notification target that Amazon EC2 Auto Scaling sends notifications to when an instance is in a wait state for the lifecycle hook. You can specify an Amazon SNS topic or an Amazon SQS queue. + type: string + RoleARN: + description: |- + The ARN of the IAM role that allows the Auto Scaling group to publish to the specified notification target. For information about creating this role, see [Prepare to add a lifecycle hook to your Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/prepare-for-lifecycle-notifications.html) in the *Amazon EC2 Auto Scaling User Guide*. + Valid only if the notification target is an Amazon SNS topic or an Amazon SQS queue. + type: string + required: + - LifecycleHookName + - LifecycleTransition + MemoryGiBPerVCpuRequest: + description: '``MemoryGiBPerVCpuRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum amount of memory per vCPU for an instance type, in GiB.' + additionalProperties: false + type: object + properties: + Min: + description: The memory minimum in GiB. + type: number + Max: + description: The memory maximum in GiB. + type: number + TotalLocalStorageGBRequest: + description: '``TotalLocalStorageGBRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum total local storage size for an instance type, in GB.' + additionalProperties: false + type: object + properties: + Min: + description: The storage minimum in GB. + type: number + Max: + description: The storage maximum in GB. + type: number + NetworkBandwidthGbpsRequest: + description: |- + ``NetworkBandwidthGbpsRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum network bandwidth for an instance type, in Gbps. + Setting the minimum bandwidth does not guarantee that your instance will achieve the minimum bandwidth. Amazon EC2 will identify instance types that support the specified minimum bandwidth, but the actual bandwidth of your instance might go below the specified minimum at times. For more information, see [Available instance bandwidth](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-network-bandwidth.html#available-instance-bandwidth) in the *Amazon EC2 User Guide for Linux Instances*. + additionalProperties: false + type: object + properties: + Min: + description: The minimum amount of network bandwidth, in gigabits per second (Gbps). + type: number + Max: + description: The maximum amount of network bandwidth, in gigabits per second (Gbps). + type: number + BaselineEbsBandwidthMbpsRequest: + description: '``BaselineEbsBandwidthMbpsRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum baseline bandwidth performance for an instance type, in Mbps.' + additionalProperties: false + type: object + properties: + Min: + description: The minimum value in Mbps. + type: integer + Max: + description: The maximum value in Mbps. + type: integer + NetworkInterfaceCountRequest: + description: '``NetworkInterfaceCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of network interfaces for an instance type.' + additionalProperties: false + type: object + properties: + Min: + description: The minimum number of network interfaces. + type: integer + Max: + description: The maximum number of network interfaces. + type: integer + VCpuCountRequest: + description: '``VCpuCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of vCPUs for an instance type.' + additionalProperties: false + type: object + properties: + Min: + description: The minimum number of vCPUs. + type: integer + Max: + description: The maximum number of vCPUs. + type: integer + PerformanceFactorReferenceRequest: + description: '' + additionalProperties: false + type: object + properties: + InstanceFamily: + description: '' + type: string + LaunchTemplate: + description: |- + Use this structure to specify the launch templates and instance types (overrides) for a mixed instances policy. + ``LaunchTemplate`` is a property of the [AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-mixedinstancespolicy.html) property type. + additionalProperties: false + type: object + properties: + LaunchTemplateSpecification: + description: The launch template. + $ref: '#/components/schemas/LaunchTemplateSpecification' + Overrides: + uniqueItems: false + description: Any properties that you specify override the same properties in the launch template. + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/LaunchTemplateOverrides' + required: + - LaunchTemplateSpecification + LaunchTemplateOverrides: + description: |- + Use this structure to let Amazon EC2 Auto Scaling do the following when the Auto Scaling group has a mixed instances policy: + + Override the instance type that is specified in the launch template. + + Use multiple instance types. + + Specify the instance types that you want, or define your instance requirements instead and let Amazon EC2 Auto Scaling provision the available instance types that meet your requirements. This can provide Amazon EC2 Auto Scaling with a larger selection of instance types to choose from when fulfilling Spot and On-Demand capacities. You can view which instance types are matched before you apply the instance requirements to your Auto Scaling group. + After you define your instance requirements, you don't have to keep updating these settings to get new EC2 instance types automatically. Amazon EC2 Auto Scaling uses the instance requirements of the Auto Scaling group to determine whether a new EC2 instance type can be used. + ``LaunchTemplateOverrides`` is a property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplate.html) property type. + additionalProperties: false + type: object + properties: + LaunchTemplateSpecification: + description: >- + Provides a launch template for the specified instance type or set of instance requirements. For example, some instance types might require a launch template with a different AMI. If not provided, Amazon EC2 Auto Scaling uses the launch template that's specified in the ``LaunchTemplate`` definition. For more information, see [Specifying a different launch template for an instance + type](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups-launch-template-overrides.html) in the *Amazon EC2 Auto Scaling User Guide*. + You can specify up to 20 launch templates per Auto Scaling group. The launch templates specified in the overrides and in the ``LaunchTemplate`` definition count towards this limit. + $ref: '#/components/schemas/LaunchTemplateSpecification' + WeightedCapacity: + description: >- + If you provide a list of instance types to use, you can specify the number of capacity units provided by each instance type in terms of virtual CPUs, memory, storage, throughput, or other relative performance characteristic. When a Spot or On-Demand Instance is launched, the capacity units count toward the desired capacity. Amazon EC2 Auto Scaling launches instances until the desired capacity is totally fulfilled, even if this results in an overage. For example, if there are two + units remaining to fulfill capacity, and Amazon EC2 Auto Scaling can only launch an instance with a ``WeightedCapacity`` of five units, the instance is launched, and the desired capacity is exceeded by three units. For more information, see [Configure instance weighting for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups-instance-weighting.html) in the *Amazon EC2 Auto Scaling User Guide*. Value must be in the + range of 1-999. + If you specify a value for ``WeightedCapacity`` for one instance type, you must specify a value for ``WeightedCapacity`` for all of them. + Every Auto Scaling group has three size parameters (``DesiredCapacity``, ``MaxSize``, and ``MinSize``). Usually, you set these sizes based on a specific number of instances. However, if you configure a mixed instances policy that defines weights for the instance types, you must specify these sizes with the same units that you use for weighting instances. + type: string + InstanceRequirements: + description: |- + The instance requirements. Amazon EC2 Auto Scaling uses your specified requirements to identify instance types. Then, it uses your On-Demand and Spot allocation strategies to launch instances from these instance types. + You can specify up to four separate sets of instance requirements per Auto Scaling group. This is useful for provisioning instances from different Amazon Machine Images (AMIs) in the same Auto Scaling group. To do this, create the AMIs and create a new launch template for each AMI. Then, create a compatible set of instance requirements for each launch template. + If you specify ``InstanceRequirements``, you can't specify ``InstanceType``. + $ref: '#/components/schemas/InstanceRequirements' + InstanceType: + description: |- + The instance type, such as ``m3.xlarge``. You must specify an instance type that is supported in your requested Region and Availability Zones. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide for Linux Instances*. + You can specify up to 40 instance types per Auto Scaling group. + type: string + CpuPerformanceFactorRequest: + description: '' + additionalProperties: false + type: object + properties: + References: + description: '' + $ref: '#/components/schemas/PerformanceFactorReferenceSetRequest' + MixedInstancesPolicy: + description: |- + Use this structure to launch multiple instance types and On-Demand Instances and Spot Instances within a single Auto Scaling group. + A mixed instances policy contains information that Amazon EC2 Auto Scaling can use to launch instances and help optimize your costs. For more information, see [Auto Scaling groups with multiple instance types and purchase options](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html) in the *Amazon EC2 Auto Scaling User Guide*. + You can create a mixed instances policy for new and existing Auto Scaling groups. You must use a launch template to configure the policy. You cannot use a launch configuration. + There are key differences between Spot Instances and On-Demand Instances: + + The price for Spot Instances varies based on demand + + Amazon EC2 can terminate an individual Spot Instance as the availability of, or price for, Spot Instances changes + + When a Spot Instance is terminated, Amazon EC2 Auto Scaling group attempts to launch a replacement instance to maintain the desired capacity for the group. + ``MixedInstancesPolicy`` is a property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. + additionalProperties: false + type: object + properties: + InstancesDistribution: + description: The instances distribution. + $ref: '#/components/schemas/InstancesDistribution' + LaunchTemplate: + description: One or more launch templates and the instance types (overrides) that are used to launch EC2 instances to fulfill On-Demand and Spot capacities. + $ref: '#/components/schemas/LaunchTemplate' + required: + - LaunchTemplate + CapacityReservationIds: + uniqueItems: true + x-insertionOrder: true + type: array + items: + type: string + CapacityReservationResourceGroupArns: + uniqueItems: true + x-insertionOrder: true + type: array + items: + type: string TagProperty: description: |- A structure that specifies a tag for the ``Tags`` property of [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. @@ -495,55 +726,20 @@ components: Max: description: The maximum value. type: integer - LifecycleHookSpecification: - description: |- - ``LifecycleHookSpecification`` specifies a lifecycle hook for the ``LifecycleHookSpecificationList`` property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. A lifecycle hook specifies actions to perform when Amazon EC2 Auto Scaling launches or terminates instances. - For more information, see [Amazon EC2 Auto Scaling lifecycle hooks](https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html) in the *Amazon EC2 Auto Scaling User Guide*. You can find a sample template snippet in the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-as-lifecyclehook.html#aws-resource-as-lifecyclehook--examples) section of the ``AWS::AutoScaling::LifecycleHook`` resource. + AvailabilityZoneDistribution: + description: '``AvailabilityZoneDistribution`` is a property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource.' additionalProperties: false type: object properties: - LifecycleHookName: - description: The name of the lifecycle hook. - type: string - LifecycleTransition: + CapacityDistributionStrategy: description: |- - The lifecycle transition. For Auto Scaling groups, there are two major lifecycle transitions. - + To create a lifecycle hook for scale-out events, specify ``autoscaling:EC2_INSTANCE_LAUNCHING``. - + To create a lifecycle hook for scale-in events, specify ``autoscaling:EC2_INSTANCE_TERMINATING``. + If launches fail in an Availability Zone, the following strategies are available. The default is ``balanced-best-effort``. + + ``balanced-only`` - If launches fail in an Availability Zone, Auto Scaling will continue to attempt to launch in the unhealthy zone to preserve a balanced distribution. + + ``balanced-best-effort`` - If launches fail in an Availability Zone, Auto Scaling will attempt to launch in another healthy Availability Zone instead. type: string - HeartbeatTimeout: - description: The maximum time, in seconds, that can elapse before the lifecycle hook times out. The range is from ``30`` to ``7200`` seconds. The default value is ``3600`` seconds (1 hour). - type: integer - NotificationMetadata: - description: Additional information that you want to include any time Amazon EC2 Auto Scaling sends a message to the notification target. - type: string - DefaultResult: - description: |- - The action the Auto Scaling group takes when the lifecycle hook timeout elapses or if an unexpected failure occurs. The default value is ``ABANDON``. - Valid values: ``CONTINUE`` | ``ABANDON`` - type: string - NotificationTargetARN: - description: The Amazon Resource Name (ARN) of the notification target that Amazon EC2 Auto Scaling sends notifications to when an instance is in a wait state for the lifecycle hook. You can specify an Amazon SNS topic or an Amazon SQS queue. - type: string - RoleARN: - description: |- - The ARN of the IAM role that allows the Auto Scaling group to publish to the specified notification target. For information about creating this role, see [Prepare to add a lifecycle hook to your Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/prepare-for-lifecycle-notifications.html) in the *Amazon EC2 Auto Scaling User Guide*. - Valid only if the notification target is an Amazon SNS topic or an Amazon SQS queue. - type: string - required: - - LifecycleHookName - - LifecycleTransition - MemoryGiBPerVCpuRequest: - description: '``MemoryGiBPerVCpuRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum amount of memory per vCPU for an instance type, in GiB.' - additionalProperties: false - type: object - properties: - Min: - description: The memory minimum in GiB. - type: number - Max: - description: The memory maximum in GiB. - type: number + enum: + - balanced-best-effort + - balanced-only NotificationConfiguration: description: |- A structure that specifies an Amazon SNS notification configuration for the ``NotificationConfigurations`` property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. @@ -617,17 +813,6 @@ components: type: string required: - Granularity - TotalLocalStorageGBRequest: - description: '``TotalLocalStorageGBRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum total local storage size for an instance type, in GB.' - additionalProperties: false - type: object - properties: - Min: - description: The storage minimum in GB. - type: number - Max: - description: The storage maximum in GB. - type: number MemoryMiBRequest: description: '``MemoryMiBRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum instance memory size for an instance type, in MiB.' additionalProperties: false @@ -647,120 +832,32 @@ components: type: object properties: MaxHealthyPercentage: - description: |- - Specifies the upper threshold as a percentage of the desired capacity of the Auto Scaling group. It represents the maximum percentage of the group that can be in service and healthy, or pending, to support your workload when replacing instances. Value range is 100 to 200. To clear a previously set value, specify a value of ``-1``. - Both ``MinHealthyPercentage`` and ``MaxHealthyPercentage`` must be specified, and the difference between them cannot be greater than 100. A large range increases the number of instances that can be replaced at the same time. - type: integer - MinHealthyPercentage: - description: Specifies the lower threshold as a percentage of the desired capacity of the Auto Scaling group. It represents the minimum percentage of the group to keep in service, healthy, and ready to use to support your workload when replacing instances. Value range is 0 to 100. To clear a previously set value, specify a value of ``-1``. - type: integer - x-dependencies: - MaxHealthyPercentage: - - MinHealthyPercentage - MinHealthyPercentage: - - MaxHealthyPercentage - NetworkBandwidthGbpsRequest: - description: |- - ``NetworkBandwidthGbpsRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum network bandwidth for an instance type, in Gbps. - Setting the minimum bandwidth does not guarantee that your instance will achieve the minimum bandwidth. Amazon EC2 will identify instance types that support the specified minimum bandwidth, but the actual bandwidth of your instance might go below the specified minimum at times. For more information, see [Available instance bandwidth](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-network-bandwidth.html#available-instance-bandwidth) in the *Amazon EC2 User Guide for Linux Instances*. - additionalProperties: false - type: object - properties: - Min: - description: The minimum amount of network bandwidth, in gigabits per second (Gbps). - type: number - Max: - description: The maximum amount of network bandwidth, in gigabits per second (Gbps). - type: number - BaselineEbsBandwidthMbpsRequest: - description: '``BaselineEbsBandwidthMbpsRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum baseline bandwidth performance for an instance type, in Mbps.' - additionalProperties: false - type: object - properties: - Min: - description: The minimum value in Mbps. - type: integer - Max: - description: The maximum value in Mbps. - type: integer - NetworkInterfaceCountRequest: - description: '``NetworkInterfaceCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of network interfaces for an instance type.' - additionalProperties: false - type: object - properties: - Min: - description: The minimum number of network interfaces. - type: integer - Max: - description: The maximum number of network interfaces. - type: integer - VCpuCountRequest: - description: '``VCpuCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of vCPUs for an instance type.' - additionalProperties: false - type: object - properties: - Min: - description: The minimum number of vCPUs. - type: integer - Max: - description: The maximum number of vCPUs. - type: integer - LaunchTemplate: - description: |- - Use this structure to specify the launch templates and instance types (overrides) for a mixed instances policy. - ``LaunchTemplate`` is a property of the [AWS::AutoScaling::AutoScalingGroup MixedInstancesPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-mixedinstancespolicy.html) property type. - additionalProperties: false - type: object - properties: - LaunchTemplateSpecification: - description: The launch template. - $ref: '#/components/schemas/LaunchTemplateSpecification' - Overrides: - uniqueItems: false - description: Any properties that you specify override the same properties in the launch template. - x-insertionOrder: true - type: array - items: - $ref: '#/components/schemas/LaunchTemplateOverrides' - required: - - LaunchTemplateSpecification - LaunchTemplateOverrides: - description: |- - Use this structure to let Amazon EC2 Auto Scaling do the following when the Auto Scaling group has a mixed instances policy: - + Override the instance type that is specified in the launch template. - + Use multiple instance types. - - Specify the instance types that you want, or define your instance requirements instead and let Amazon EC2 Auto Scaling provision the available instance types that meet your requirements. This can provide Amazon EC2 Auto Scaling with a larger selection of instance types to choose from when fulfilling Spot and On-Demand capacities. You can view which instance types are matched before you apply the instance requirements to your Auto Scaling group. - After you define your instance requirements, you don't have to keep updating these settings to get new EC2 instance types automatically. Amazon EC2 Auto Scaling uses the instance requirements of the Auto Scaling group to determine whether a new EC2 instance type can be used. - ``LaunchTemplateOverrides`` is a property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplate.html) property type. + description: |- + Specifies the upper threshold as a percentage of the desired capacity of the Auto Scaling group. It represents the maximum percentage of the group that can be in service and healthy, or pending, to support your workload when replacing instances. Value range is 100 to 200. To clear a previously set value, specify a value of ``-1``. + Both ``MinHealthyPercentage`` and ``MaxHealthyPercentage`` must be specified, and the difference between them cannot be greater than 100. A large range increases the number of instances that can be replaced at the same time. + type: integer + MinHealthyPercentage: + description: Specifies the lower threshold as a percentage of the desired capacity of the Auto Scaling group. It represents the minimum percentage of the group to keep in service, healthy, and ready to use to support your workload when replacing instances. Value range is 0 to 100. To clear a previously set value, specify a value of ``-1``. + type: integer + x-dependencies: + MaxHealthyPercentage: + - MinHealthyPercentage + MinHealthyPercentage: + - MaxHealthyPercentage + BaselinePerformanceFactorsRequest: + description: '' additionalProperties: false type: object properties: - LaunchTemplateSpecification: - description: >- - Provides a launch template for the specified instance type or set of instance requirements. For example, some instance types might require a launch template with a different AMI. If not provided, Amazon EC2 Auto Scaling uses the launch template that's specified in the ``LaunchTemplate`` definition. For more information, see [Specifying a different launch template for an instance - type](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups-launch-template-overrides.html) in the *Amazon EC2 Auto Scaling User Guide*. - You can specify up to 20 launch templates per Auto Scaling group. The launch templates specified in the overrides and in the ``LaunchTemplate`` definition count towards this limit. - $ref: '#/components/schemas/LaunchTemplateSpecification' - WeightedCapacity: - description: >- - If you provide a list of instance types to use, you can specify the number of capacity units provided by each instance type in terms of virtual CPUs, memory, storage, throughput, or other relative performance characteristic. When a Spot or On-Demand Instance is launched, the capacity units count toward the desired capacity. Amazon EC2 Auto Scaling launches instances until the desired capacity is totally fulfilled, even if this results in an overage. For example, if there are two - units remaining to fulfill capacity, and Amazon EC2 Auto Scaling can only launch an instance with a ``WeightedCapacity`` of five units, the instance is launched, and the desired capacity is exceeded by three units. For more information, see [Configure instance weighting for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups-instance-weighting.html) in the *Amazon EC2 Auto Scaling User Guide*. Value must be in the - range of 1-999. - If you specify a value for ``WeightedCapacity`` for one instance type, you must specify a value for ``WeightedCapacity`` for all of them. - Every Auto Scaling group has three size parameters (``DesiredCapacity``, ``MaxSize``, and ``MinSize``). Usually, you set these sizes based on a specific number of instances. However, if you configure a mixed instances policy that defines weights for the instance types, you must specify these sizes with the same units that you use for weighting instances. - type: string - InstanceRequirements: - description: |- - The instance requirements. Amazon EC2 Auto Scaling uses your specified requirements to identify instance types. Then, it uses your On-Demand and Spot allocation strategies to launch instances from these instance types. - You can specify up to four separate sets of instance requirements per Auto Scaling group. This is useful for provisioning instances from different Amazon Machine Images (AMIs) in the same Auto Scaling group. To do this, create the AMIs and create a new launch template for each AMI. Then, create a compatible set of instance requirements for each launch template. - If you specify ``InstanceRequirements``, you can't specify ``InstanceType``. - $ref: '#/components/schemas/InstanceRequirements' - InstanceType: - description: |- - The instance type, such as ``m3.xlarge``. You must specify an instance type that is supported in your requested Region and Availability Zones. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide for Linux Instances*. - You can specify up to 40 instance types per Auto Scaling group. - type: string + Cpu: + description: '' + $ref: '#/components/schemas/CpuPerformanceFactorRequest' + PerformanceFactorReferenceSetRequest: + uniqueItems: true + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/PerformanceFactorReferenceRequest' AcceleratorTotalMemoryMiBRequest: description: '``AcceleratorTotalMemoryMiBRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum total memory size for the accelerators for an instance type, in MiB.' additionalProperties: false @@ -772,28 +869,36 @@ components: Max: description: The memory maximum in MiB. type: integer - MixedInstancesPolicy: - description: |- - Use this structure to launch multiple instance types and On-Demand Instances and Spot Instances within a single Auto Scaling group. - A mixed instances policy contains information that Amazon EC2 Auto Scaling can use to launch instances and help optimize your costs. For more information, see [Auto Scaling groups with multiple instance types and purchase options](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html) in the *Amazon EC2 Auto Scaling User Guide*. - You can create a mixed instances policy for new and existing Auto Scaling groups. You must use a launch template to configure the policy. You cannot use a launch configuration. - There are key differences between Spot Instances and On-Demand Instances: - + The price for Spot Instances varies based on demand - + Amazon EC2 can terminate an individual Spot Instance as the availability of, or price for, Spot Instances changes - - When a Spot Instance is terminated, Amazon EC2 Auto Scaling group attempts to launch a replacement instance to maintain the desired capacity for the group. - ``MixedInstancesPolicy`` is a property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. + TrafficSourceIdentifier: + description: Identifying information for a traffic source. additionalProperties: false type: object properties: - InstancesDistribution: - description: The instances distribution. - $ref: '#/components/schemas/InstancesDistribution' - LaunchTemplate: - description: One or more launch templates and the instance types (overrides) that are used to launch EC2 instances to fulfill On-Demand and Spot capacities. - $ref: '#/components/schemas/LaunchTemplate' + Type: + description: |- + Provides additional context for the value of ``Identifier``. + The following lists the valid values: + + ``elb`` if ``Identifier`` is the name of a Classic Load Balancer. + + ``elbv2`` if ``Identifier`` is the ARN of an Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target group. + + ``vpc-lattice`` if ``Identifier`` is the ARN of a VPC Lattice target group. + + Required if the identifier is the name of a Classic Load Balancer. + type: string + Identifier: + description: |- + Identifies the traffic source. + For Application Load Balancers, Gateway Load Balancers, Network Load Balancers, and VPC Lattice, this will be the Amazon Resource Name (ARN) for a target group in this account and Region. For Classic Load Balancers, this will be the name of the Classic Load Balancer in this account and Region. + For example: + + Application Load Balancer ARN: ``arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-targets/1234567890123456`` + + Classic Load Balancer name: ``my-classic-load-balancer`` + + VPC Lattice ARN: ``arn:aws:vpc-lattice:us-west-2:123456789012:targetgroup/tg-1234567890123456`` + + To get the ARN of a target group for a Application Load Balancer, Gateway Load Balancer, or Network Load Balancer, or the name of a Classic Load Balancer, use the Elastic Load Balancing [DescribeTargetGroups](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeTargetGroups.html) and [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) API operations. + To get the ARN of a target group for VPC Lattice, use the VPC Lattice [GetTargetGroup](https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetTargetGroup.html) API operation. + type: string required: - - LaunchTemplate + - Identifier + - Type InstanceRequirements: description: |- The attributes for the instance types for a mixed instances policy. Amazon EC2 Auto Scaling uses your specified requirements to identify instance types. Then, it uses your On-Demand and Spot allocation strategies to launch instances from these instance types. @@ -809,18 +914,6 @@ components: additionalProperties: false type: object properties: - LocalStorageTypes: - uniqueItems: true - description: |- - Indicates the type of local storage that is required. - + For instance types with hard disk drive (HDD) storage, specify ``hdd``. - + For instance types with solid state drive (SSD) storage, specify ``ssd``. - - Default: Any local storage type - x-insertionOrder: false - type: array - items: - type: string InstanceGenerations: uniqueItems: true description: |- @@ -833,11 +926,6 @@ components: type: array items: type: string - NetworkInterfaceCount: - description: |- - The minimum and maximum number of network interfaces for an instance type. - Default: No minimum or maximum limits - $ref: '#/components/schemas/NetworkInterfaceCountRequest' AcceleratorTypes: uniqueItems: true description: |- @@ -870,32 +958,9 @@ components: type: array items: type: string - ExcludedInstanceTypes: - uniqueItems: true - description: |- - The instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (``*``), to exclude an instance family, type, size, or generation. The following are examples: ``m5.8xlarge``, ``c5*.*``, ``m5a.*``, ``r*``, ``*3*``. - For example, if you specify ``c5*``, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify ``m5a.*``, Amazon EC2 Auto Scaling will exclude all the M5a instance types, but not the M5n instance types. - If you specify ``ExcludedInstanceTypes``, you can't specify ``AllowedInstanceTypes``. - Default: No excluded instance types - x-insertionOrder: true - type: array - items: - type: string VCpuCount: description: The minimum and maximum number of vCPUs for an instance type. $ref: '#/components/schemas/VCpuCountRequest' - AllowedInstanceTypes: - uniqueItems: true - description: |- - The instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. - You can use strings with one or more wild cards, represented by an asterisk (``*``), to allow an instance type, size, or generation. The following are examples: ``m5.8xlarge``, ``c5*.*``, ``m5a.*``, ``r*``, ``*3*``. - For example, if you specify ``c5*``, Amazon EC2 Auto Scaling will allow the entire C5 instance family, which includes all C5a and C5n instance types. If you specify ``m5a.*``, Amazon EC2 Auto Scaling will allow all the M5a instance types, but not the M5n instance types. - If you specify ``AllowedInstanceTypes``, you can't specify ``ExcludedInstanceTypes``. - Default: All instance types - x-insertionOrder: true - type: array - items: - type: string LocalStorage: description: |- Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, see [Amazon EC2 instance store](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html) in the *Amazon EC2 User Guide for Linux Instances*. @@ -915,17 +980,6 @@ components: type: array items: type: string - AcceleratorCount: - description: |- - The minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips) for an instance type. - To exclude accelerator-enabled instance types, set ``Max`` to ``0``. - Default: No minimum or maximum limits - $ref: '#/components/schemas/AcceleratorCountRequest' - NetworkBandwidthGbps: - description: |- - The minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). - Default: No minimum or maximum limits - $ref: '#/components/schemas/NetworkBandwidthGbpsRequest' BareMetal: description: |- Indicates whether bare metal instance types are included, excluded, or required. @@ -944,6 +998,72 @@ components: If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is based on the per-vCPU or per-memory price instead of the per instance price. Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 Auto Scaling will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999``. type: integer + OnDemandMaxPricePercentageOverLowestPrice: + description: >- + [Price protection] The price protection threshold for On-Demand Instances, as a percentage higher than an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from either the lowest priced current generation instance types or, failing that, the lowest priced previous + generation instance types that match your attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price exceeds your specified threshold. + The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. + To turn off price protection, specify a high value, such as ``999999``. + If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per instance price. + Default: ``20`` + type: integer + MemoryMiB: + description: The minimum and maximum instance memory size for an instance type, in MiB. + $ref: '#/components/schemas/MemoryMiBRequest' + LocalStorageTypes: + uniqueItems: true + description: |- + Indicates the type of local storage that is required. + + For instance types with hard disk drive (HDD) storage, specify ``hdd``. + + For instance types with solid state drive (SSD) storage, specify ``ssd``. + + Default: Any local storage type + x-insertionOrder: false + type: array + items: + type: string + NetworkInterfaceCount: + description: |- + The minimum and maximum number of network interfaces for an instance type. + Default: No minimum or maximum limits + $ref: '#/components/schemas/NetworkInterfaceCountRequest' + ExcludedInstanceTypes: + uniqueItems: true + description: |- + The instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (``*``), to exclude an instance family, type, size, or generation. The following are examples: ``m5.8xlarge``, ``c5*.*``, ``m5a.*``, ``r*``, ``*3*``. + For example, if you specify ``c5*``, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify ``m5a.*``, Amazon EC2 Auto Scaling will exclude all the M5a instance types, but not the M5n instance types. + If you specify ``ExcludedInstanceTypes``, you can't specify ``AllowedInstanceTypes``. + Default: No excluded instance types + x-insertionOrder: true + type: array + items: + type: string + AllowedInstanceTypes: + uniqueItems: true + description: |- + The instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. + You can use strings with one or more wild cards, represented by an asterisk (``*``), to allow an instance type, size, or generation. The following are examples: ``m5.8xlarge``, ``c5*.*``, ``m5a.*``, ``r*``, ``*3*``. + For example, if you specify ``c5*``, Amazon EC2 Auto Scaling will allow the entire C5 instance family, which includes all C5a and C5n instance types. If you specify ``m5a.*``, Amazon EC2 Auto Scaling will allow all the M5a instance types, but not the M5n instance types. + If you specify ``AllowedInstanceTypes``, you can't specify ``ExcludedInstanceTypes``. + Default: All instance types + x-insertionOrder: true + type: array + items: + type: string + AcceleratorCount: + description: |- + The minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips) for an instance type. + To exclude accelerator-enabled instance types, set ``Max`` to ``0``. + Default: No minimum or maximum limits + $ref: '#/components/schemas/AcceleratorCountRequest' + NetworkBandwidthGbps: + description: |- + The minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). + Default: No minimum or maximum limits + $ref: '#/components/schemas/NetworkBandwidthGbpsRequest' + BaselinePerformanceFactors: + description: '' + $ref: '#/components/schemas/BaselinePerformanceFactorsRequest' BaselineEbsBandwidthMbps: description: |- The minimum and maximum baseline bandwidth performance for an instance type, in Mbps. For more information, see [Amazon EBS–optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide for Linux Instances*. @@ -979,23 +1099,11 @@ components: The minimum and maximum total memory size for the accelerators on an instance type, in MiB. Default: No minimum or maximum limits $ref: '#/components/schemas/AcceleratorTotalMemoryMiBRequest' - OnDemandMaxPricePercentageOverLowestPrice: - description: >- - [Price protection] The price protection threshold for On-Demand Instances, as a percentage higher than an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from either the lowest priced current generation instance types or, failing that, the lowest priced previous - generation instance types that match your attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price exceeds your specified threshold. - The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. - To turn off price protection, specify a high value, such as ``999999``. - If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per instance price. - Default: ``20`` - type: integer BurstablePerformance: description: |- Indicates whether burstable performance instance types are included, excluded, or required. For more information, see [Burstable performance instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) in the *Amazon EC2 User Guide for Linux Instances*. Default: ``excluded`` type: string - MemoryMiB: - description: The minimum and maximum instance memory size for an instance type, in MiB. - $ref: '#/components/schemas/MemoryMiBRequest' TotalLocalStorageGB: description: |- The minimum and maximum total local storage size for an instance type, in GB. @@ -1004,6 +1112,26 @@ components: required: - MemoryMiB - VCpuCount + CapacityReservationTarget: + description: '' + additionalProperties: false + type: object + properties: + CapacityReservationIds: + $ref: '#/components/schemas/CapacityReservationIds' + CapacityReservationResourceGroupArns: + $ref: '#/components/schemas/CapacityReservationResourceGroupArns' + CapacityReservationSpecification: + description: '' + additionalProperties: false + type: object + properties: + CapacityReservationPreference: + type: string + CapacityReservationTarget: + $ref: '#/components/schemas/CapacityReservationTarget' + required: + - CapacityReservationPreference AutoScalingGroup: type: object properties: @@ -1029,6 +1157,9 @@ components: ServiceLinkedRoleARN: description: The Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling group uses to call other AWS service on your behalf. By default, Amazon EC2 Auto Scaling uses a service-linked role named ``AWSServiceRoleForAutoScaling``, which it creates if it does not exist. For more information, see [Service-linked roles](https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-service-linked-role.html) in the *Amazon EC2 Auto Scaling User Guide*. type: string + AvailabilityZoneImpairmentPolicy: + description: The Availability Zone impairment policy. + $ref: '#/components/schemas/AvailabilityZoneImpairmentPolicy' TargetGroupARNs: uniqueItems: false description: >- @@ -1071,6 +1202,9 @@ components: To manage various warm-up settings at the group level, we recommend that you set the default instance warmup, *even if it is set to 0 seconds*. To remove a value that you previously set, include the property but specify ``-1`` for the value. However, we strongly recommend keeping the default instance warmup enabled by specifying a value of ``0`` or other nominal value. Default: None type: integer + SkipZonalShiftValidation: + description: '' + type: boolean NewInstancesProtectedFromScaleIn: description: Indicates whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. For more information about preventing instances from terminating on scale in, see [Use instance scale-in protection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html) in the *Amazon EC2 Auto Scaling User Guide*. type: boolean @@ -1127,6 +1261,9 @@ components: NotificationConfiguration: description: '' $ref: '#/components/schemas/NotificationConfiguration' + AvailabilityZoneDistribution: + description: The instance capacity distribution across Availability Zones. + $ref: '#/components/schemas/AvailabilityZoneDistribution' MetricsCollection: uniqueItems: false description: Enables the monitoring of group metrics of an Auto Scaling group. By default, these metrics are disabled. @@ -1162,6 +1299,13 @@ components: The name can contain any ASCII character 33 to 126 including most punctuation characters, digits, and upper and lowercased letters. You cannot use a colon (:) in the name. type: string + TrafficSources: + uniqueItems: true + description: The traffic sources associated with this Auto Scaling group. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/TrafficSourceIdentifier' DesiredCapacityType: description: |- The unit of measurement for the value specified for desired capacity. Amazon EC2 Auto Scaling supports ``DesiredCapacityType`` for attribute-based instance type selection only. For more information, see [Create a mixed instances group using attribute-based instance type selection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-mixed-instances-group-attribute-based-instance-type-selection.html) in the *Amazon EC2 Auto Scaling User Guide*. @@ -1173,10 +1317,13 @@ components: The name of the placement group into which to launch your instances. For more information, see [Placement groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in the *Amazon EC2 User Guide for Linux Instances*. A *cluster* placement group is a logical grouping of instances within a single Availability Zone. You cannot specify multiple Availability Zones and a cluster placement group. type: string + CapacityReservationSpecification: + description: '' + $ref: '#/components/schemas/CapacityReservationSpecification' HealthCheckType: description: |- A comma-separated value string of one or more health check types. - The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. Only specify ``EC2`` if you must clear a value that was previously set. type: string MaxInstanceLifetime: @@ -1200,10 +1347,10 @@ components: x-conditional-create-only-properties: - LaunchConfigurationName - VPCZoneIdentifier - - PlacementGroup - LaunchTemplate - MixedInstancesPolicy x-write-only-properties: + - SkipZonalShiftValidation - InstanceId x-required-properties: - MinSize @@ -1236,6 +1383,10 @@ components: - managed-fleets:CreateAutoScalingGroup - managed-fleets:UpdateAutoScalingGroup - ssm:Get* + - vpc-lattice:DeregisterTargets + - vpc-lattice:GetTargetGroup + - vpc-lattice:ListTargets + - vpc-lattice:RegisterTargets update: - autoscaling:UpdateAutoScalingGroup - autoscaling:CreateOrUpdateTags @@ -1265,6 +1416,10 @@ components: - managed-fleets:DeregisterAutoScalingGroup - managed-fleets:UpdateAutoScalingGroup - ssm:Get* + - vpc-lattice:DeregisterTargets + - vpc-lattice:GetTargetGroup + - vpc-lattice:ListTargets + - vpc-lattice:RegisterTargets list: - autoscaling:Describe* delete: @@ -1575,16 +1730,21 @@ components: uniqueItems: true items: $ref: '#/components/schemas/MetricDimension' + Metrics: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/TargetTrackingMetricDataQuery' Statistic: type: string Unit: type: string Namespace: type: string - required: - - MetricName - - Statistic - - Namespace + Period: + type: integer + required: [] TargetTrackingConfiguration: type: object additionalProperties: false @@ -1716,6 +1876,21 @@ components: required: - MetricName - Namespace + TargetTrackingMetricStat: + type: object + additionalProperties: false + properties: + Metric: + $ref: '#/components/schemas/Metric' + Stat: + type: string + Unit: + type: string + Period: + type: integer + required: + - Stat + - Metric MetricStat: type: object additionalProperties: false @@ -1729,6 +1904,24 @@ components: required: - Stat - Metric + TargetTrackingMetricDataQuery: + type: object + additionalProperties: false + properties: + Label: + type: string + MetricStat: + $ref: '#/components/schemas/TargetTrackingMetricStat' + Id: + type: string + ReturnData: + type: boolean + Expression: + type: string + Period: + type: integer + required: + - Id MetricDataQuery: type: object additionalProperties: false @@ -1914,6 +2107,8 @@ components: - AutoScalingGroupName x-required-properties: - AutoScalingGroupName + x-tagging: + taggable: false x-required-permissions: create: - autoscaling:PutWarmPool @@ -1963,6 +2158,9 @@ components: ServiceLinkedRoleARN: description: The Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling group uses to call other AWS service on your behalf. By default, Amazon EC2 Auto Scaling uses a service-linked role named ``AWSServiceRoleForAutoScaling``, which it creates if it does not exist. For more information, see [Service-linked roles](https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-service-linked-role.html) in the *Amazon EC2 Auto Scaling User Guide*. type: string + AvailabilityZoneImpairmentPolicy: + description: The Availability Zone impairment policy. + $ref: '#/components/schemas/AvailabilityZoneImpairmentPolicy' TargetGroupARNs: uniqueItems: false description: >- @@ -2005,6 +2203,9 @@ components: To manage various warm-up settings at the group level, we recommend that you set the default instance warmup, *even if it is set to 0 seconds*. To remove a value that you previously set, include the property but specify ``-1`` for the value. However, we strongly recommend keeping the default instance warmup enabled by specifying a value of ``0`` or other nominal value. Default: None type: integer + SkipZonalShiftValidation: + description: '' + type: boolean NewInstancesProtectedFromScaleIn: description: Indicates whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. For more information about preventing instances from terminating on scale in, see [Use instance scale-in protection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html) in the *Amazon EC2 Auto Scaling User Guide*. type: boolean @@ -2061,6 +2262,9 @@ components: NotificationConfiguration: description: '' $ref: '#/components/schemas/NotificationConfiguration' + AvailabilityZoneDistribution: + description: The instance capacity distribution across Availability Zones. + $ref: '#/components/schemas/AvailabilityZoneDistribution' MetricsCollection: uniqueItems: false description: Enables the monitoring of group metrics of an Auto Scaling group. By default, these metrics are disabled. @@ -2096,6 +2300,13 @@ components: The name can contain any ASCII character 33 to 126 including most punctuation characters, digits, and upper and lowercased letters. You cannot use a colon (:) in the name. type: string + TrafficSources: + uniqueItems: true + description: The traffic sources associated with this Auto Scaling group. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/TrafficSourceIdentifier' DesiredCapacityType: description: |- The unit of measurement for the value specified for desired capacity. Amazon EC2 Auto Scaling supports ``DesiredCapacityType`` for attribute-based instance type selection only. For more information, see [Create a mixed instances group using attribute-based instance type selection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-mixed-instances-group-attribute-based-instance-type-selection.html) in the *Amazon EC2 Auto Scaling User Guide*. @@ -2107,10 +2318,13 @@ components: The name of the placement group into which to launch your instances. For more information, see [Placement groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in the *Amazon EC2 User Guide for Linux Instances*. A *cluster* placement group is a logical grouping of instances within a single Availability Zone. You cannot specify multiple Availability Zones and a cluster placement group. type: string + CapacityReservationSpecification: + description: '' + $ref: '#/components/schemas/CapacityReservationSpecification' HealthCheckType: description: |- A comma-separated value string of one or more health check types. - The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. Only specify ``EC2`` if you must clear a value that was previously set. type: string MaxInstanceLifetime: @@ -2464,12 +2678,14 @@ components: JSON_EXTRACT(Properties, '$.LoadBalancerNames') as load_balancer_names, JSON_EXTRACT(Properties, '$.LaunchConfigurationName') as launch_configuration_name, JSON_EXTRACT(Properties, '$.ServiceLinkedRoleARN') as service_linked_role_arn, + JSON_EXTRACT(Properties, '$.AvailabilityZoneImpairmentPolicy') as availability_zone_impairment_policy, JSON_EXTRACT(Properties, '$.TargetGroupARNs') as target_group_arns, JSON_EXTRACT(Properties, '$.Cooldown') as cooldown, JSON_EXTRACT(Properties, '$.NotificationConfigurations') as notification_configurations, JSON_EXTRACT(Properties, '$.DesiredCapacity') as desired_capacity, JSON_EXTRACT(Properties, '$.HealthCheckGracePeriod') as health_check_grace_period, JSON_EXTRACT(Properties, '$.DefaultInstanceWarmup') as default_instance_warmup, + JSON_EXTRACT(Properties, '$.SkipZonalShiftValidation') as skip_zonal_shift_validation, JSON_EXTRACT(Properties, '$.NewInstancesProtectedFromScaleIn') as new_instances_protected_from_scale_in, JSON_EXTRACT(Properties, '$.LaunchTemplate') as launch_template, JSON_EXTRACT(Properties, '$.MixedInstancesPolicy') as mixed_instances_policy, @@ -2480,14 +2696,17 @@ components: JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, JSON_EXTRACT(Properties, '$.AvailabilityZones') as availability_zones, JSON_EXTRACT(Properties, '$.NotificationConfiguration') as notification_configuration, + JSON_EXTRACT(Properties, '$.AvailabilityZoneDistribution') as availability_zone_distribution, JSON_EXTRACT(Properties, '$.MetricsCollection') as metrics_collection, JSON_EXTRACT(Properties, '$.InstanceMaintenancePolicy') as instance_maintenance_policy, JSON_EXTRACT(Properties, '$.MaxSize') as max_size, JSON_EXTRACT(Properties, '$.MinSize') as min_size, JSON_EXTRACT(Properties, '$.TerminationPolicies') as termination_policies, JSON_EXTRACT(Properties, '$.AutoScalingGroupName') as auto_scaling_group_name, + JSON_EXTRACT(Properties, '$.TrafficSources') as traffic_sources, JSON_EXTRACT(Properties, '$.DesiredCapacityType') as desired_capacity_type, JSON_EXTRACT(Properties, '$.PlacementGroup') as placement_group, + JSON_EXTRACT(Properties, '$.CapacityReservationSpecification') as capacity_reservation_specification, JSON_EXTRACT(Properties, '$.HealthCheckType') as health_check_type, JSON_EXTRACT(Properties, '$.MaxInstanceLifetime') as max_instance_lifetime FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::AutoScalingGroup' @@ -2502,12 +2721,14 @@ components: JSON_EXTRACT(detail.Properties, '$.LoadBalancerNames') as load_balancer_names, JSON_EXTRACT(detail.Properties, '$.LaunchConfigurationName') as launch_configuration_name, JSON_EXTRACT(detail.Properties, '$.ServiceLinkedRoleARN') as service_linked_role_arn, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZoneImpairmentPolicy') as availability_zone_impairment_policy, JSON_EXTRACT(detail.Properties, '$.TargetGroupARNs') as target_group_arns, JSON_EXTRACT(detail.Properties, '$.Cooldown') as cooldown, JSON_EXTRACT(detail.Properties, '$.NotificationConfigurations') as notification_configurations, JSON_EXTRACT(detail.Properties, '$.DesiredCapacity') as desired_capacity, JSON_EXTRACT(detail.Properties, '$.HealthCheckGracePeriod') as health_check_grace_period, JSON_EXTRACT(detail.Properties, '$.DefaultInstanceWarmup') as default_instance_warmup, + JSON_EXTRACT(detail.Properties, '$.SkipZonalShiftValidation') as skip_zonal_shift_validation, JSON_EXTRACT(detail.Properties, '$.NewInstancesProtectedFromScaleIn') as new_instances_protected_from_scale_in, JSON_EXTRACT(detail.Properties, '$.LaunchTemplate') as launch_template, JSON_EXTRACT(detail.Properties, '$.MixedInstancesPolicy') as mixed_instances_policy, @@ -2518,14 +2739,17 @@ components: JSON_EXTRACT(detail.Properties, '$.InstanceId') as instance_id, JSON_EXTRACT(detail.Properties, '$.AvailabilityZones') as availability_zones, JSON_EXTRACT(detail.Properties, '$.NotificationConfiguration') as notification_configuration, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZoneDistribution') as availability_zone_distribution, JSON_EXTRACT(detail.Properties, '$.MetricsCollection') as metrics_collection, JSON_EXTRACT(detail.Properties, '$.InstanceMaintenancePolicy') as instance_maintenance_policy, JSON_EXTRACT(detail.Properties, '$.MaxSize') as max_size, JSON_EXTRACT(detail.Properties, '$.MinSize') as min_size, JSON_EXTRACT(detail.Properties, '$.TerminationPolicies') as termination_policies, JSON_EXTRACT(detail.Properties, '$.AutoScalingGroupName') as auto_scaling_group_name, + JSON_EXTRACT(detail.Properties, '$.TrafficSources') as traffic_sources, JSON_EXTRACT(detail.Properties, '$.DesiredCapacityType') as desired_capacity_type, JSON_EXTRACT(detail.Properties, '$.PlacementGroup') as placement_group, + JSON_EXTRACT(detail.Properties, '$.CapacityReservationSpecification') as capacity_reservation_specification, JSON_EXTRACT(detail.Properties, '$.HealthCheckType') as health_check_type, JSON_EXTRACT(detail.Properties, '$.MaxInstanceLifetime') as max_instance_lifetime FROM aws.cloud_control.resources listing @@ -2545,12 +2769,14 @@ components: json_extract_path_text(Properties, 'LoadBalancerNames') as load_balancer_names, json_extract_path_text(Properties, 'LaunchConfigurationName') as launch_configuration_name, json_extract_path_text(Properties, 'ServiceLinkedRoleARN') as service_linked_role_arn, + json_extract_path_text(Properties, 'AvailabilityZoneImpairmentPolicy') as availability_zone_impairment_policy, json_extract_path_text(Properties, 'TargetGroupARNs') as target_group_arns, json_extract_path_text(Properties, 'Cooldown') as cooldown, json_extract_path_text(Properties, 'NotificationConfigurations') as notification_configurations, json_extract_path_text(Properties, 'DesiredCapacity') as desired_capacity, json_extract_path_text(Properties, 'HealthCheckGracePeriod') as health_check_grace_period, json_extract_path_text(Properties, 'DefaultInstanceWarmup') as default_instance_warmup, + json_extract_path_text(Properties, 'SkipZonalShiftValidation') as skip_zonal_shift_validation, json_extract_path_text(Properties, 'NewInstancesProtectedFromScaleIn') as new_instances_protected_from_scale_in, json_extract_path_text(Properties, 'LaunchTemplate') as launch_template, json_extract_path_text(Properties, 'MixedInstancesPolicy') as mixed_instances_policy, @@ -2561,14 +2787,17 @@ components: json_extract_path_text(Properties, 'InstanceId') as instance_id, json_extract_path_text(Properties, 'AvailabilityZones') as availability_zones, json_extract_path_text(Properties, 'NotificationConfiguration') as notification_configuration, + json_extract_path_text(Properties, 'AvailabilityZoneDistribution') as availability_zone_distribution, json_extract_path_text(Properties, 'MetricsCollection') as metrics_collection, json_extract_path_text(Properties, 'InstanceMaintenancePolicy') as instance_maintenance_policy, json_extract_path_text(Properties, 'MaxSize') as max_size, json_extract_path_text(Properties, 'MinSize') as min_size, json_extract_path_text(Properties, 'TerminationPolicies') as termination_policies, json_extract_path_text(Properties, 'AutoScalingGroupName') as auto_scaling_group_name, + json_extract_path_text(Properties, 'TrafficSources') as traffic_sources, json_extract_path_text(Properties, 'DesiredCapacityType') as desired_capacity_type, json_extract_path_text(Properties, 'PlacementGroup') as placement_group, + json_extract_path_text(Properties, 'CapacityReservationSpecification') as capacity_reservation_specification, json_extract_path_text(Properties, 'HealthCheckType') as health_check_type, json_extract_path_text(Properties, 'MaxInstanceLifetime') as max_instance_lifetime FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::AutoScaling::AutoScalingGroup' @@ -2583,12 +2812,14 @@ components: json_extract_path_text(detail.Properties, 'LoadBalancerNames') as load_balancer_names, json_extract_path_text(detail.Properties, 'LaunchConfigurationName') as launch_configuration_name, json_extract_path_text(detail.Properties, 'ServiceLinkedRoleARN') as service_linked_role_arn, + json_extract_path_text(detail.Properties, 'AvailabilityZoneImpairmentPolicy') as availability_zone_impairment_policy, json_extract_path_text(detail.Properties, 'TargetGroupARNs') as target_group_arns, json_extract_path_text(detail.Properties, 'Cooldown') as cooldown, json_extract_path_text(detail.Properties, 'NotificationConfigurations') as notification_configurations, json_extract_path_text(detail.Properties, 'DesiredCapacity') as desired_capacity, json_extract_path_text(detail.Properties, 'HealthCheckGracePeriod') as health_check_grace_period, json_extract_path_text(detail.Properties, 'DefaultInstanceWarmup') as default_instance_warmup, + json_extract_path_text(detail.Properties, 'SkipZonalShiftValidation') as skip_zonal_shift_validation, json_extract_path_text(detail.Properties, 'NewInstancesProtectedFromScaleIn') as new_instances_protected_from_scale_in, json_extract_path_text(detail.Properties, 'LaunchTemplate') as launch_template, json_extract_path_text(detail.Properties, 'MixedInstancesPolicy') as mixed_instances_policy, @@ -2599,14 +2830,17 @@ components: json_extract_path_text(detail.Properties, 'InstanceId') as instance_id, json_extract_path_text(detail.Properties, 'AvailabilityZones') as availability_zones, json_extract_path_text(detail.Properties, 'NotificationConfiguration') as notification_configuration, + json_extract_path_text(detail.Properties, 'AvailabilityZoneDistribution') as availability_zone_distribution, json_extract_path_text(detail.Properties, 'MetricsCollection') as metrics_collection, json_extract_path_text(detail.Properties, 'InstanceMaintenancePolicy') as instance_maintenance_policy, json_extract_path_text(detail.Properties, 'MaxSize') as max_size, json_extract_path_text(detail.Properties, 'MinSize') as min_size, json_extract_path_text(detail.Properties, 'TerminationPolicies') as termination_policies, json_extract_path_text(detail.Properties, 'AutoScalingGroupName') as auto_scaling_group_name, + json_extract_path_text(detail.Properties, 'TrafficSources') as traffic_sources, json_extract_path_text(detail.Properties, 'DesiredCapacityType') as desired_capacity_type, json_extract_path_text(detail.Properties, 'PlacementGroup') as placement_group, + json_extract_path_text(detail.Properties, 'CapacityReservationSpecification') as capacity_reservation_specification, json_extract_path_text(detail.Properties, 'HealthCheckType') as health_check_type, json_extract_path_text(detail.Properties, 'MaxInstanceLifetime') as max_instance_lifetime FROM aws.cloud_control.resources listing @@ -2671,12 +2905,14 @@ components: JSON_EXTRACT(detail.Properties, '$.LoadBalancerNames') as load_balancer_names, JSON_EXTRACT(detail.Properties, '$.LaunchConfigurationName') as launch_configuration_name, JSON_EXTRACT(detail.Properties, '$.ServiceLinkedRoleARN') as service_linked_role_arn, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZoneImpairmentPolicy') as availability_zone_impairment_policy, JSON_EXTRACT(detail.Properties, '$.TargetGroupARNs') as target_group_arns, JSON_EXTRACT(detail.Properties, '$.Cooldown') as cooldown, JSON_EXTRACT(detail.Properties, '$.NotificationConfigurations') as notification_configurations, JSON_EXTRACT(detail.Properties, '$.DesiredCapacity') as desired_capacity, JSON_EXTRACT(detail.Properties, '$.HealthCheckGracePeriod') as health_check_grace_period, JSON_EXTRACT(detail.Properties, '$.DefaultInstanceWarmup') as default_instance_warmup, + JSON_EXTRACT(detail.Properties, '$.SkipZonalShiftValidation') as skip_zonal_shift_validation, JSON_EXTRACT(detail.Properties, '$.NewInstancesProtectedFromScaleIn') as new_instances_protected_from_scale_in, JSON_EXTRACT(detail.Properties, '$.LaunchTemplate') as launch_template, JSON_EXTRACT(detail.Properties, '$.MixedInstancesPolicy') as mixed_instances_policy, @@ -2686,14 +2922,17 @@ components: JSON_EXTRACT(detail.Properties, '$.InstanceId') as instance_id, JSON_EXTRACT(detail.Properties, '$.AvailabilityZones') as availability_zones, JSON_EXTRACT(detail.Properties, '$.NotificationConfiguration') as notification_configuration, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZoneDistribution') as availability_zone_distribution, JSON_EXTRACT(detail.Properties, '$.MetricsCollection') as metrics_collection, JSON_EXTRACT(detail.Properties, '$.InstanceMaintenancePolicy') as instance_maintenance_policy, JSON_EXTRACT(detail.Properties, '$.MaxSize') as max_size, JSON_EXTRACT(detail.Properties, '$.MinSize') as min_size, JSON_EXTRACT(detail.Properties, '$.TerminationPolicies') as termination_policies, JSON_EXTRACT(detail.Properties, '$.AutoScalingGroupName') as auto_scaling_group_name, + JSON_EXTRACT(detail.Properties, '$.TrafficSources') as traffic_sources, JSON_EXTRACT(detail.Properties, '$.DesiredCapacityType') as desired_capacity_type, JSON_EXTRACT(detail.Properties, '$.PlacementGroup') as placement_group, + JSON_EXTRACT(detail.Properties, '$.CapacityReservationSpecification') as capacity_reservation_specification, JSON_EXTRACT(detail.Properties, '$.HealthCheckType') as health_check_type, JSON_EXTRACT(detail.Properties, '$.MaxInstanceLifetime') as max_instance_lifetime FROM aws.cloud_control.resources listing @@ -2715,12 +2954,14 @@ components: json_extract_path_text(detail.Properties, 'LoadBalancerNames') as load_balancer_names, json_extract_path_text(detail.Properties, 'LaunchConfigurationName') as launch_configuration_name, json_extract_path_text(detail.Properties, 'ServiceLinkedRoleARN') as service_linked_role_arn, + json_extract_path_text(detail.Properties, 'AvailabilityZoneImpairmentPolicy') as availability_zone_impairment_policy, json_extract_path_text(detail.Properties, 'TargetGroupARNs') as target_group_arns, json_extract_path_text(detail.Properties, 'Cooldown') as cooldown, json_extract_path_text(detail.Properties, 'NotificationConfigurations') as notification_configurations, json_extract_path_text(detail.Properties, 'DesiredCapacity') as desired_capacity, json_extract_path_text(detail.Properties, 'HealthCheckGracePeriod') as health_check_grace_period, json_extract_path_text(detail.Properties, 'DefaultInstanceWarmup') as default_instance_warmup, + json_extract_path_text(detail.Properties, 'SkipZonalShiftValidation') as skip_zonal_shift_validation, json_extract_path_text(detail.Properties, 'NewInstancesProtectedFromScaleIn') as new_instances_protected_from_scale_in, json_extract_path_text(detail.Properties, 'LaunchTemplate') as launch_template, json_extract_path_text(detail.Properties, 'MixedInstancesPolicy') as mixed_instances_policy, @@ -2730,14 +2971,17 @@ components: json_extract_path_text(detail.Properties, 'InstanceId') as instance_id, json_extract_path_text(detail.Properties, 'AvailabilityZones') as availability_zones, json_extract_path_text(detail.Properties, 'NotificationConfiguration') as notification_configuration, + json_extract_path_text(detail.Properties, 'AvailabilityZoneDistribution') as availability_zone_distribution, json_extract_path_text(detail.Properties, 'MetricsCollection') as metrics_collection, json_extract_path_text(detail.Properties, 'InstanceMaintenancePolicy') as instance_maintenance_policy, json_extract_path_text(detail.Properties, 'MaxSize') as max_size, json_extract_path_text(detail.Properties, 'MinSize') as min_size, json_extract_path_text(detail.Properties, 'TerminationPolicies') as termination_policies, json_extract_path_text(detail.Properties, 'AutoScalingGroupName') as auto_scaling_group_name, + json_extract_path_text(detail.Properties, 'TrafficSources') as traffic_sources, json_extract_path_text(detail.Properties, 'DesiredCapacityType') as desired_capacity_type, json_extract_path_text(detail.Properties, 'PlacementGroup') as placement_group, + json_extract_path_text(detail.Properties, 'CapacityReservationSpecification') as capacity_reservation_specification, json_extract_path_text(detail.Properties, 'HealthCheckType') as health_check_type, json_extract_path_text(detail.Properties, 'MaxInstanceLifetime') as max_instance_lifetime FROM aws.cloud_control.resources listing diff --git a/providers/src/aws/v00.00.00000/services/b2bi.yaml b/providers/src/aws/v00.00.00000/services/b2bi.yaml index ea6eadae..68dc7b24 100644 --- a/providers/src/aws/v00.00.00000/services/b2bi.yaml +++ b/providers/src/aws/v00.00.00000/services/b2bi.yaml @@ -395,6 +395,11 @@ components: required: - Edi additionalProperties: false + CapabilityDirection: + type: string + enum: + - INBOUND + - OUTBOUND CapabilityType: type: string enum: @@ -402,6 +407,8 @@ components: EdiConfiguration: type: object properties: + CapabilityDirection: + $ref: '#/components/schemas/CapabilityDirection' Type: $ref: '#/components/schemas/EdiType' InputLocation: @@ -467,57 +474,324 @@ components: X12TransactionSet: type: string enum: + - X12_100 + - X12_101 + - X12_102 + - X12_103 + - X12_104 + - X12_105 + - X12_106 + - X12_107 + - X12_108 + - X12_109 - X12_110 + - X12_111 + - X12_112 + - X12_113 + - X12_120 + - X12_121 + - X12_124 + - X12_125 + - X12_126 + - X12_127 + - X12_128 + - X12_129 + - X12_130 + - X12_131 + - X12_132 + - X12_133 + - X12_135 + - X12_138 + - X12_139 + - X12_140 + - X12_141 + - X12_142 + - X12_143 + - X12_144 + - X12_146 + - X12_147 + - X12_148 + - X12_149 + - X12_150 + - X12_151 + - X12_152 + - X12_153 + - X12_154 + - X12_155 + - X12_157 + - X12_158 + - X12_159 + - X12_160 + - X12_161 + - X12_163 + - X12_170 + - X12_175 + - X12_176 + - X12_179 - X12_180 + - X12_185 + - X12_186 + - X12_187 + - X12_188 + - X12_189 + - X12_190 + - X12_191 + - X12_194 + - X12_195 + - X12_196 + - X12_197 + - X12_198 + - X12_199 + - X12_200 + - X12_201 + - X12_202 + - X12_203 - X12_204 + - X12_205 + - X12_206 - X12_210 - X12_211 + - X12_212 + - X12_213 - X12_214 - X12_215 + - X12_216 + - X12_217 + - X12_218 + - X12_219 + - X12_220 + - X12_222 + - X12_223 + - X12_224 + - X12_225 + - X12_227 + - X12_228 + - X12_240 + - X12_242 + - X12_244 + - X12_245 + - X12_248 + - X12_249 + - X12_250 + - X12_251 + - X12_252 + - X12_255 + - X12_256 - X12_259 - X12_260 + - X12_261 + - X12_262 + - X12_263 + - X12_264 + - X12_265 - X12_266 + - X12_267 + - X12_268 - X12_269 - X12_270 - X12_271 + - X12_272 + - X12_273 - X12_274 - X12_275 - X12_276 - X12_277 - X12_278 + - X12_280 + - X12_283 + - X12_284 + - X12_285 + - X12_286 + - X12_288 + - X12_290 + - X12_300 + - X12_301 + - X12_303 + - X12_304 + - X12_309 - X12_310 + - X12_311 + - X12_312 + - X12_313 - X12_315 + - X12_317 + - X12_319 - X12_322 + - X12_323 + - X12_324 + - X12_325 + - X12_326 + - X12_350 + - X12_352 + - X12_353 + - X12_354 + - X12_355 + - X12_356 + - X12_357 + - X12_358 + - X12_361 + - X12_362 - X12_404 - X12_410 + - X12_412 + - X12_414 - X12_417 + - X12_418 + - X12_419 + - X12_420 - X12_421 + - X12_422 + - X12_423 + - X12_424 + - X12_425 - X12_426 + - X12_429 + - X12_431 + - X12_432 + - X12_433 + - X12_434 + - X12_435 + - X12_436 + - X12_437 + - X12_440 + - X12_451 + - X12_452 + - X12_453 + - X12_455 + - X12_456 + - X12_460 + - X12_463 + - X12_466 + - X12_468 + - X12_470 + - X12_475 + - X12_485 + - X12_486 + - X12_490 + - X12_492 + - X12_494 + - X12_500 + - X12_501 + - X12_503 + - X12_504 + - X12_511 + - X12_517 + - X12_521 + - X12_527 + - X12_536 + - X12_540 + - X12_561 + - X12_567 + - X12_568 + - X12_601 + - X12_602 + - X12_620 + - X12_625 + - X12_650 + - X12_715 + - X12_753 + - X12_754 + - X12_805 + - X12_806 - X12_810 + - X12_811 + - X12_812 + - X12_813 + - X12_814 + - X12_815 + - X12_816 + - X12_818 + - X12_819 - X12_820 + - X12_821 + - X12_822 + - X12_823 - X12_824 + - X12_826 + - X12_827 + - X12_828 + - X12_829 - X12_830 + - X12_831 - X12_832 + - X12_833 - X12_834 - X12_835 + - X12_836 - X12_837 + - X12_838 + - X12_839 + - X12_840 + - X12_841 + - X12_842 + - X12_843 - X12_844 + - X12_845 - X12_846 + - X12_847 + - X12_848 - X12_849 - X12_850 + - X12_851 - X12_852 + - X12_853 + - X12_854 - X12_855 - X12_856 + - X12_857 + - X12_858 + - X12_859 - X12_860 - X12_861 + - X12_862 + - X12_863 - X12_864 - X12_865 + - X12_866 + - X12_867 + - X12_868 - X12_869 - X12_870 + - X12_871 + - X12_872 + - X12_873 + - X12_874 + - X12_875 + - X12_876 + - X12_877 + - X12_878 + - X12_879 + - X12_880 + - X12_881 + - X12_882 + - X12_883 + - X12_884 + - X12_885 + - X12_886 + - X12_887 + - X12_888 + - X12_889 + - X12_891 + - X12_893 + - X12_894 + - X12_895 + - X12_896 + - X12_920 + - X12_924 + - X12_925 + - X12_926 + - X12_928 - X12_940 + - X12_943 + - X12_944 - X12_945 + - X12_947 + - X12_980 - X12_990 + - X12_993 + - X12_996 - X12_997 + - X12_998 - X12_999 - X12_270_X279 - X12_271_X279 @@ -547,6 +821,8 @@ components: enum: - VERSION_4010 - VERSION_4030 + - VERSION_4050 + - VERSION_4060 - VERSION_5010 - VERSION_5010_HIPAA Capability: @@ -613,6 +889,10 @@ components: tagProperty: /properties/Tags tagUpdatable: true taggable: true + permissions: + - b2bi:ListTagsForResource + - b2bi:TagResource + - b2bi:UntagResource x-required-permissions: create: - b2bi:CreateCapability @@ -642,6 +922,116 @@ components: - b2bi:DeleteCapability list: - b2bi:ListCapabilities + CapabilityOptions: + type: object + properties: + OutboundEdi: + $ref: '#/components/schemas/OutboundEdiOptions' + additionalProperties: false + OutboundEdiOptions: + oneOf: + - type: object + title: X12 + properties: + X12: + $ref: '#/components/schemas/X12Envelope' + required: + - X12 + additionalProperties: false + X12Delimiters: + type: object + properties: + ComponentSeparator: + type: string + maxLength: 1 + minLength: 1 + pattern: ^[!&'()*+,\-./:;?=%@\[\]_{}|<>~^`"]$ + DataElementSeparator: + type: string + maxLength: 1 + minLength: 1 + pattern: ^[!&'()*+,\-./:;?=%@\[\]_{}|<>~^`"]$ + SegmentTerminator: + type: string + maxLength: 1 + minLength: 1 + pattern: ^[!&'()*+,\-./:;?=%@\[\]_{}|<>~^`"]$ + additionalProperties: false + X12Envelope: + type: object + properties: + Common: + $ref: '#/components/schemas/X12OutboundEdiHeaders' + additionalProperties: false + X12FunctionalGroupHeaders: + type: object + properties: + ApplicationSenderCode: + type: string + maxLength: 15 + minLength: 2 + pattern: ^[a-zA-Z0-9]*$ + ApplicationReceiverCode: + type: string + maxLength: 15 + minLength: 2 + pattern: ^[a-zA-Z0-9]*$ + ResponsibleAgencyCode: + type: string + maxLength: 2 + minLength: 1 + pattern: ^[a-zA-Z0-9]*$ + additionalProperties: false + X12InterchangeControlHeaders: + type: object + properties: + SenderIdQualifier: + type: string + maxLength: 2 + minLength: 2 + pattern: ^[a-zA-Z0-9]*$ + SenderId: + type: string + maxLength: 15 + minLength: 15 + pattern: ^[a-zA-Z0-9]*$ + ReceiverIdQualifier: + type: string + maxLength: 2 + minLength: 2 + pattern: ^[a-zA-Z0-9]*$ + ReceiverId: + type: string + maxLength: 15 + minLength: 15 + pattern: ^[a-zA-Z0-9]*$ + RepetitionSeparator: + type: string + maxLength: 1 + minLength: 1 + AcknowledgmentRequestedCode: + type: string + maxLength: 1 + minLength: 1 + pattern: ^[a-zA-Z0-9]*$ + UsageIndicatorCode: + type: string + maxLength: 1 + minLength: 1 + pattern: ^[a-zA-Z0-9]*$ + additionalProperties: false + X12OutboundEdiHeaders: + type: object + properties: + InterchangeControlHeaders: + $ref: '#/components/schemas/X12InterchangeControlHeaders' + FunctionalGroupHeaders: + $ref: '#/components/schemas/X12FunctionalGroupHeaders' + Delimiters: + $ref: '#/components/schemas/X12Delimiters' + ValidateEdi: + type: boolean + additionalProperties: false Partnership: type: object properties: @@ -652,6 +1042,8 @@ components: maxLength: 64 minLength: 1 pattern: ^[a-zA-Z0-9_-]+$ + CapabilityOptions: + $ref: '#/components/schemas/CapabilityOptions' CreatedAt: type: string format: date-time @@ -698,6 +1090,7 @@ components: minLength: 1 pattern: ^[a-zA-Z0-9_-]+$ required: + - Capabilities - Email - Name - ProfileId @@ -717,6 +1110,7 @@ components: - PartnershipId - TradingPartnerId x-required-properties: + - Capabilities - Email - Name - ProfileId @@ -726,6 +1120,10 @@ components: tagProperty: /properties/Tags tagUpdatable: true taggable: true + permissions: + - b2bi:ListTagsForResource + - b2bi:TagResource + - b2bi:UntagResource x-required-permissions: create: - b2bi:CreatePartnership @@ -824,6 +1222,10 @@ components: tagProperty: /properties/Tags tagUpdatable: true taggable: true + permissions: + - b2bi:ListTagsForResource + - b2bi:TagResource + - b2bi:UntagResource x-required-permissions: create: - b2bi:CreateProfile @@ -855,6 +1257,89 @@ components: enum: - XML - JSON + - NOT_USED + FormatOptions: + oneOf: + - type: object + title: X12 + properties: + X12: + $ref: '#/components/schemas/X12Details' + required: + - X12 + additionalProperties: false + FromFormat: + type: string + enum: + - X12 + InputConversion: + type: object + properties: + FromFormat: + $ref: '#/components/schemas/FromFormat' + FormatOptions: + $ref: '#/components/schemas/FormatOptions' + required: + - FromFormat + additionalProperties: false + Mapping: + type: object + properties: + TemplateLanguage: + $ref: '#/components/schemas/MappingTemplateLanguage' + Template: + type: string + maxLength: 350000 + minLength: 0 + required: + - TemplateLanguage + additionalProperties: false + MappingTemplateLanguage: + type: string + enum: + - XSLT + - JSONATA + OutputConversion: + type: object + properties: + ToFormat: + $ref: '#/components/schemas/ToFormat' + FormatOptions: + $ref: '#/components/schemas/FormatOptions' + required: + - ToFormat + additionalProperties: false + SampleDocumentKeys: + type: object + properties: + Input: + type: string + maxLength: 1024 + minLength: 0 + Output: + type: string + maxLength: 1024 + minLength: 0 + additionalProperties: false + SampleDocuments: + type: object + properties: + BucketName: + type: string + maxLength: 63 + minLength: 3 + Keys: + type: array + items: + $ref: '#/components/schemas/SampleDocumentKeys' + required: + - BucketName + - Keys + additionalProperties: false + ToFormat: + type: string + enum: + - X12 TransformerStatus: type: string enum: @@ -870,10 +1355,15 @@ components: $ref: '#/components/schemas/EdiType' FileFormat: $ref: '#/components/schemas/FileFormat' + InputConversion: + $ref: '#/components/schemas/InputConversion' + Mapping: + $ref: '#/components/schemas/Mapping' MappingTemplate: type: string maxLength: 350000 minLength: 0 + description: 'This shape is deprecated: This is a legacy trait. Please use input-conversion or output-conversion.' ModifiedAt: type: string format: date-time @@ -881,10 +1371,16 @@ components: type: string maxLength: 254 minLength: 1 + pattern: ^[a-zA-Z0-9_-]{1,512}$ + OutputConversion: + $ref: '#/components/schemas/OutputConversion' SampleDocument: type: string maxLength: 1024 minLength: 0 + description: 'This shape is deprecated: This is a legacy trait. Please use input-conversion or output-conversion.' + SampleDocuments: + $ref: '#/components/schemas/SampleDocuments' Status: $ref: '#/components/schemas/TransformerStatus' Tags: @@ -903,9 +1399,6 @@ components: minLength: 1 pattern: ^[a-zA-Z0-9_-]+$ required: - - EdiType - - FileFormat - - MappingTemplate - Name - Status x-stackql-resource-name: transformer @@ -919,9 +1412,6 @@ components: - TransformerArn - TransformerId x-required-properties: - - EdiType - - FileFormat - - MappingTemplate - Name - Status x-tagging: @@ -930,6 +1420,10 @@ components: tagProperty: /properties/Tags tagUpdatable: true taggable: true + permissions: + - b2bi:ListTagsForResource + - b2bi:TagResource + - b2bi:UntagResource x-required-permissions: create: - b2bi:CreateTransformer @@ -1029,6 +1523,8 @@ components: maxLength: 64 minLength: 1 pattern: ^[a-zA-Z0-9_-]+$ + CapabilityOptions: + $ref: '#/components/schemas/CapabilityOptions' CreatedAt: type: string format: date-time @@ -1160,10 +1656,15 @@ components: $ref: '#/components/schemas/EdiType' FileFormat: $ref: '#/components/schemas/FileFormat' + InputConversion: + $ref: '#/components/schemas/InputConversion' + Mapping: + $ref: '#/components/schemas/Mapping' MappingTemplate: type: string maxLength: 350000 minLength: 0 + description: 'This shape is deprecated: This is a legacy trait. Please use input-conversion or output-conversion.' ModifiedAt: type: string format: date-time @@ -1171,10 +1672,16 @@ components: type: string maxLength: 254 minLength: 1 + pattern: ^[a-zA-Z0-9_-]{1,512}$ + OutputConversion: + $ref: '#/components/schemas/OutputConversion' SampleDocument: type: string maxLength: 1024 minLength: 0 + description: 'This shape is deprecated: This is a legacy trait. Please use input-conversion or output-conversion.' + SampleDocuments: + $ref: '#/components/schemas/SampleDocuments' Status: $ref: '#/components/schemas/TransformerStatus' Tags: @@ -1493,6 +2000,7 @@ components: region, data__Identifier, JSON_EXTRACT(Properties, '$.Capabilities') as capabilities, + JSON_EXTRACT(Properties, '$.CapabilityOptions') as capability_options, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.Email') as email, JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, @@ -1512,6 +2020,7 @@ components: SELECT detail.region, JSON_EXTRACT(detail.Properties, '$.Capabilities') as capabilities, + JSON_EXTRACT(detail.Properties, '$.CapabilityOptions') as capability_options, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.Email') as email, JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, @@ -1536,6 +2045,7 @@ components: region, data__Identifier, json_extract_path_text(Properties, 'Capabilities') as capabilities, + json_extract_path_text(Properties, 'CapabilityOptions') as capability_options, json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'Email') as email, json_extract_path_text(Properties, 'ModifiedAt') as modified_at, @@ -1555,6 +2065,7 @@ components: SELECT detail.region, json_extract_path_text(detail.Properties, 'Capabilities') as capabilities, + json_extract_path_text(detail.Properties, 'CapabilityOptions') as capability_options, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'Email') as email, json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, @@ -1624,6 +2135,7 @@ components: JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.Capabilities') as capabilities, + JSON_EXTRACT(detail.Properties, '$.CapabilityOptions') as capability_options, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.Email') as email, JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, @@ -1649,6 +2161,7 @@ components: json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'Capabilities') as capabilities, + json_extract_path_text(detail.Properties, 'CapabilityOptions') as capability_options, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'Email') as email, json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, @@ -1969,10 +2482,14 @@ components: JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.EdiType') as edi_type, JSON_EXTRACT(Properties, '$.FileFormat') as file_format, + JSON_EXTRACT(Properties, '$.InputConversion') as input_conversion, + JSON_EXTRACT(Properties, '$.Mapping') as mapping, JSON_EXTRACT(Properties, '$.MappingTemplate') as mapping_template, JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.OutputConversion') as output_conversion, JSON_EXTRACT(Properties, '$.SampleDocument') as sample_document, + JSON_EXTRACT(Properties, '$.SampleDocuments') as sample_documents, JSON_EXTRACT(Properties, '$.Status') as status, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.TransformerArn') as transformer_arn, @@ -1988,10 +2505,14 @@ components: JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.EdiType') as edi_type, JSON_EXTRACT(detail.Properties, '$.FileFormat') as file_format, + JSON_EXTRACT(detail.Properties, '$.InputConversion') as input_conversion, + JSON_EXTRACT(detail.Properties, '$.Mapping') as mapping, JSON_EXTRACT(detail.Properties, '$.MappingTemplate') as mapping_template, JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.OutputConversion') as output_conversion, JSON_EXTRACT(detail.Properties, '$.SampleDocument') as sample_document, + JSON_EXTRACT(detail.Properties, '$.SampleDocuments') as sample_documents, JSON_EXTRACT(detail.Properties, '$.Status') as status, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.TransformerArn') as transformer_arn, @@ -2012,10 +2533,14 @@ components: json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'EdiType') as edi_type, json_extract_path_text(Properties, 'FileFormat') as file_format, + json_extract_path_text(Properties, 'InputConversion') as input_conversion, + json_extract_path_text(Properties, 'Mapping') as mapping, json_extract_path_text(Properties, 'MappingTemplate') as mapping_template, json_extract_path_text(Properties, 'ModifiedAt') as modified_at, json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'OutputConversion') as output_conversion, json_extract_path_text(Properties, 'SampleDocument') as sample_document, + json_extract_path_text(Properties, 'SampleDocuments') as sample_documents, json_extract_path_text(Properties, 'Status') as status, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'TransformerArn') as transformer_arn, @@ -2031,10 +2556,14 @@ components: json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'EdiType') as edi_type, json_extract_path_text(detail.Properties, 'FileFormat') as file_format, + json_extract_path_text(detail.Properties, 'InputConversion') as input_conversion, + json_extract_path_text(detail.Properties, 'Mapping') as mapping, json_extract_path_text(detail.Properties, 'MappingTemplate') as mapping_template, json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'OutputConversion') as output_conversion, json_extract_path_text(detail.Properties, 'SampleDocument') as sample_document, + json_extract_path_text(detail.Properties, 'SampleDocuments') as sample_documents, json_extract_path_text(detail.Properties, 'Status') as status, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'TransformerArn') as transformer_arn, @@ -2100,10 +2629,14 @@ components: JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.EdiType') as edi_type, JSON_EXTRACT(detail.Properties, '$.FileFormat') as file_format, + JSON_EXTRACT(detail.Properties, '$.InputConversion') as input_conversion, + JSON_EXTRACT(detail.Properties, '$.Mapping') as mapping, JSON_EXTRACT(detail.Properties, '$.MappingTemplate') as mapping_template, JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.OutputConversion') as output_conversion, JSON_EXTRACT(detail.Properties, '$.SampleDocument') as sample_document, + JSON_EXTRACT(detail.Properties, '$.SampleDocuments') as sample_documents, JSON_EXTRACT(detail.Properties, '$.Status') as status, JSON_EXTRACT(detail.Properties, '$.TransformerArn') as transformer_arn, JSON_EXTRACT(detail.Properties, '$.TransformerId') as transformer_id @@ -2125,10 +2658,14 @@ components: json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'EdiType') as edi_type, json_extract_path_text(detail.Properties, 'FileFormat') as file_format, + json_extract_path_text(detail.Properties, 'InputConversion') as input_conversion, + json_extract_path_text(detail.Properties, 'Mapping') as mapping, json_extract_path_text(detail.Properties, 'MappingTemplate') as mapping_template, json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'OutputConversion') as output_conversion, json_extract_path_text(detail.Properties, 'SampleDocument') as sample_document, + json_extract_path_text(detail.Properties, 'SampleDocuments') as sample_documents, json_extract_path_text(detail.Properties, 'Status') as status, json_extract_path_text(detail.Properties, 'TransformerArn') as transformer_arn, json_extract_path_text(detail.Properties, 'TransformerId') as transformer_id diff --git a/providers/src/aws/v00.00.00000/services/backup.yaml b/providers/src/aws/v00.00.00000/services/backup.yaml index 2233a1e6..c3e0183b 100644 --- a/providers/src/aws/v00.00.00000/services/backup.yaml +++ b/providers/src/aws/v00.00.00000/services/backup.yaml @@ -508,6 +508,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/BackupPlanTags + permissions: + - backup:TagResource + - backup:UntagResource + - backup:ListTags x-required-permissions: read: - backup:GetBackupPlan @@ -651,6 +655,7 @@ components: - iam:CreateServiceLinkedRole list: - backup:ListBackupSelections + - backup:ListBackupPlans NotificationObjectType: type: object additionalProperties: false @@ -724,6 +729,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/BackupVaultTags + permissions: + - backup:TagResource + - backup:UntagResource + - backup:ListTags x-required-permissions: create: - backup:TagResource @@ -895,6 +904,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/FrameworkTags + permissions: + - backup:TagResource + - backup:UntagResource + - backup:ListTags x-required-permissions: create: - backup:CreateFramework @@ -916,6 +929,95 @@ components: - backup:DescribeFramework list: - backup:ListFrameworks + LogicallyAirGappedBackupVault: + type: object + properties: + AccessPolicy: + type: object + BackupVaultName: + $ref: '#/components/schemas/BackupVaultNamePattern' + MinRetentionDays: + type: integer + MaxRetentionDays: + type: integer + BackupVaultTags: + type: object + additionalProperties: false + x-patternProperties: + ^.{1,128}$: + type: string + Notifications: + $ref: '#/components/schemas/NotificationObjectType' + EncryptionKeyArn: + type: string + BackupVaultArn: + type: string + VaultState: + type: string + VaultType: + type: string + required: + - BackupVaultName + - MinRetentionDays + - MaxRetentionDays + x-stackql-resource-name: logically_air_gapped_backup_vault + description: Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault + x-type-name: AWS::Backup::LogicallyAirGappedBackupVault + x-stackql-primary-identifier: + - BackupVaultName + x-create-only-properties: + - BackupVaultName + - MinRetentionDays + - MaxRetentionDays + x-read-only-properties: + - BackupVaultArn + - EncryptionKeyArn + - VaultState + - VaultType + x-required-properties: + - BackupVaultName + - MinRetentionDays + - MaxRetentionDays + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/BackupVaultTags + permissions: + - backup:TagResource + - backup:UntagResource + - backup:ListTags + x-required-permissions: + create: + - backup:TagResource + - backup:CreateLogicallyAirGappedBackupVault + - backup:PutBackupVaultAccessPolicy + - backup:PutBackupVaultNotifications + - backup-storage:Mount + - backup-storage:MountCapsule + - backup:DescribeBackupVault + read: + - backup:DescribeBackupVault + - backup:GetBackupVaultNotifications + - backup:GetBackupVaultAccessPolicy + - backup:ListTags + update: + - backup:DescribeBackupVault + - backup:DeleteBackupVaultAccessPolicy + - backup:DeleteBackupVaultNotifications + - backup:DeleteBackupVaultLockConfiguration + - backup:GetBackupVaultAccessPolicy + - backup:ListTags + - backup:TagResource + - backup:UntagResource + - backup:PutBackupVaultAccessPolicy + - backup:PutBackupVaultNotifications + - backup:PutBackupVaultLockConfiguration + delete: + - backup:DeleteBackupVault + list: + - backup:ListBackupVaults ReportPlan: type: object properties: @@ -1019,6 +1121,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/ReportPlanTags + permissions: + - backup:TagResource + - backup:UntagResource + - backup:ListTags x-required-permissions: create: - backup:CreateReportPlan @@ -1077,6 +1183,11 @@ components: enum: - SNAPSHOT - CONTINUOUS + RestoreTestingScheduleStatus: + type: string + enum: + - ACTIVE + - SUSPENDED RestoreTestingPlan: type: object properties: @@ -1090,6 +1201,8 @@ components: type: string ScheduleExpressionTimezone: type: string + ScheduleStatus: + $ref: '#/components/schemas/RestoreTestingScheduleStatus' StartWindowHours: type: integer Tags: @@ -1121,9 +1234,14 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - backup:TagResource + - backup:UntagResource + - backup:ListTags x-required-permissions: create: - backup:CreateRestoreTestingPlan + - backup:UpdateRestoreTestingPlanScheduleStatus - backup:TagResource - backup:GetRestoreTestingPlan - backup:ListTags @@ -1132,6 +1250,7 @@ components: - backup:ListTags update: - backup:UpdateRestoreTestingPlan + - backup:UpdateRestoreTestingPlanScheduleStatus - backup:TagResource - backup:UntagResource - backup:GetRestoreTestingPlan @@ -1236,6 +1355,7 @@ components: - backup:GetRestoreTestingSelection list: - backup:ListRestoreTestingSelections + - backup:ListRestoreTestingPlans CreateBackupPlanRequest: properties: ClientToken: @@ -1389,6 +1509,47 @@ components: x-title: CreateFrameworkRequest type: object required: [] + CreateLogicallyAirGappedBackupVaultRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AccessPolicy: + type: object + BackupVaultName: + $ref: '#/components/schemas/BackupVaultNamePattern' + MinRetentionDays: + type: integer + MaxRetentionDays: + type: integer + BackupVaultTags: + type: object + additionalProperties: false + x-patternProperties: + ^.{1,128}$: + type: string + Notifications: + $ref: '#/components/schemas/NotificationObjectType' + EncryptionKeyArn: + type: string + BackupVaultArn: + type: string + VaultState: + type: string + VaultType: + type: string + x-stackQL-stringOnly: true + x-title: CreateLogicallyAirGappedBackupVaultRequest + type: object + required: [] CreateReportPlanRequest: properties: ClientToken: @@ -1508,6 +1669,8 @@ components: type: string ScheduleExpressionTimezone: type: string + ScheduleStatus: + $ref: '#/components/schemas/RestoreTestingScheduleStatus' StartWindowHours: type: integer Tags: @@ -2167,6 +2330,176 @@ components: json_extract_path_text(Properties, 'FrameworkArn') as framework_arn FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::Framework' AND region = 'us-east-1' + logically_air_gapped_backup_vaults: + name: logically_air_gapped_backup_vaults + id: aws.backup.logically_air_gapped_backup_vaults + x-cfn-schema-name: LogicallyAirGappedBackupVault + x-cfn-type-name: AWS::Backup::LogicallyAirGappedBackupVault + x-identifiers: + - BackupVaultName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__LogicallyAirGappedBackupVault&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Backup::LogicallyAirGappedBackupVault" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Backup::LogicallyAirGappedBackupVault" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Backup::LogicallyAirGappedBackupVault" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/logically_air_gapped_backup_vaults/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/logically_air_gapped_backup_vaults/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/logically_air_gapped_backup_vaults/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AccessPolicy') as access_policy, + JSON_EXTRACT(Properties, '$.BackupVaultName') as backup_vault_name, + JSON_EXTRACT(Properties, '$.MinRetentionDays') as min_retention_days, + JSON_EXTRACT(Properties, '$.MaxRetentionDays') as max_retention_days, + JSON_EXTRACT(Properties, '$.BackupVaultTags') as backup_vault_tags, + JSON_EXTRACT(Properties, '$.Notifications') as notifications, + JSON_EXTRACT(Properties, '$.EncryptionKeyArn') as encryption_key_arn, + JSON_EXTRACT(Properties, '$.BackupVaultArn') as backup_vault_arn, + JSON_EXTRACT(Properties, '$.VaultState') as vault_state, + JSON_EXTRACT(Properties, '$.VaultType') as vault_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::LogicallyAirGappedBackupVault' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AccessPolicy') as access_policy, + JSON_EXTRACT(detail.Properties, '$.BackupVaultName') as backup_vault_name, + JSON_EXTRACT(detail.Properties, '$.MinRetentionDays') as min_retention_days, + JSON_EXTRACT(detail.Properties, '$.MaxRetentionDays') as max_retention_days, + JSON_EXTRACT(detail.Properties, '$.BackupVaultTags') as backup_vault_tags, + JSON_EXTRACT(detail.Properties, '$.Notifications') as notifications, + JSON_EXTRACT(detail.Properties, '$.EncryptionKeyArn') as encryption_key_arn, + JSON_EXTRACT(detail.Properties, '$.BackupVaultArn') as backup_vault_arn, + JSON_EXTRACT(detail.Properties, '$.VaultState') as vault_state, + JSON_EXTRACT(detail.Properties, '$.VaultType') as vault_type + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Backup::LogicallyAirGappedBackupVault' + AND detail.data__TypeName = 'AWS::Backup::LogicallyAirGappedBackupVault' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AccessPolicy') as access_policy, + json_extract_path_text(Properties, 'BackupVaultName') as backup_vault_name, + json_extract_path_text(Properties, 'MinRetentionDays') as min_retention_days, + json_extract_path_text(Properties, 'MaxRetentionDays') as max_retention_days, + json_extract_path_text(Properties, 'BackupVaultTags') as backup_vault_tags, + json_extract_path_text(Properties, 'Notifications') as notifications, + json_extract_path_text(Properties, 'EncryptionKeyArn') as encryption_key_arn, + json_extract_path_text(Properties, 'BackupVaultArn') as backup_vault_arn, + json_extract_path_text(Properties, 'VaultState') as vault_state, + json_extract_path_text(Properties, 'VaultType') as vault_type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::LogicallyAirGappedBackupVault' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AccessPolicy') as access_policy, + json_extract_path_text(detail.Properties, 'BackupVaultName') as backup_vault_name, + json_extract_path_text(detail.Properties, 'MinRetentionDays') as min_retention_days, + json_extract_path_text(detail.Properties, 'MaxRetentionDays') as max_retention_days, + json_extract_path_text(detail.Properties, 'BackupVaultTags') as backup_vault_tags, + json_extract_path_text(detail.Properties, 'Notifications') as notifications, + json_extract_path_text(detail.Properties, 'EncryptionKeyArn') as encryption_key_arn, + json_extract_path_text(detail.Properties, 'BackupVaultArn') as backup_vault_arn, + json_extract_path_text(detail.Properties, 'VaultState') as vault_state, + json_extract_path_text(detail.Properties, 'VaultType') as vault_type + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Backup::LogicallyAirGappedBackupVault' + AND detail.data__TypeName = 'AWS::Backup::LogicallyAirGappedBackupVault' + AND listing.region = 'us-east-1' + logically_air_gapped_backup_vaults_list_only: + name: logically_air_gapped_backup_vaults_list_only + id: aws.backup.logically_air_gapped_backup_vaults_list_only + x-cfn-schema-name: LogicallyAirGappedBackupVault + x-cfn-type-name: AWS::Backup::LogicallyAirGappedBackupVault + x-identifiers: + - BackupVaultName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BackupVaultName') as backup_vault_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::LogicallyAirGappedBackupVault' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BackupVaultName') as backup_vault_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Backup::LogicallyAirGappedBackupVault' + AND region = 'us-east-1' report_plans: name: report_plans id: aws.backup.report_plans @@ -2389,6 +2722,7 @@ components: JSON_EXTRACT(Properties, '$.RestoreTestingPlanName') as restore_testing_plan_name, JSON_EXTRACT(Properties, '$.ScheduleExpression') as schedule_expression, JSON_EXTRACT(Properties, '$.ScheduleExpressionTimezone') as schedule_expression_timezone, + JSON_EXTRACT(Properties, '$.ScheduleStatus') as schedule_status, JSON_EXTRACT(Properties, '$.StartWindowHours') as start_window_hours, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::RestoreTestingPlan' @@ -2404,6 +2738,7 @@ components: JSON_EXTRACT(detail.Properties, '$.RestoreTestingPlanName') as restore_testing_plan_name, JSON_EXTRACT(detail.Properties, '$.ScheduleExpression') as schedule_expression, JSON_EXTRACT(detail.Properties, '$.ScheduleExpressionTimezone') as schedule_expression_timezone, + JSON_EXTRACT(detail.Properties, '$.ScheduleStatus') as schedule_status, JSON_EXTRACT(detail.Properties, '$.StartWindowHours') as start_window_hours, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing @@ -2424,6 +2759,7 @@ components: json_extract_path_text(Properties, 'RestoreTestingPlanName') as restore_testing_plan_name, json_extract_path_text(Properties, 'ScheduleExpression') as schedule_expression, json_extract_path_text(Properties, 'ScheduleExpressionTimezone') as schedule_expression_timezone, + json_extract_path_text(Properties, 'ScheduleStatus') as schedule_status, json_extract_path_text(Properties, 'StartWindowHours') as start_window_hours, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Backup::RestoreTestingPlan' @@ -2439,6 +2775,7 @@ components: json_extract_path_text(detail.Properties, 'RestoreTestingPlanName') as restore_testing_plan_name, json_extract_path_text(detail.Properties, 'ScheduleExpression') as schedule_expression, json_extract_path_text(detail.Properties, 'ScheduleExpressionTimezone') as schedule_expression_timezone, + json_extract_path_text(detail.Properties, 'ScheduleStatus') as schedule_status, json_extract_path_text(detail.Properties, 'StartWindowHours') as start_window_hours, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing @@ -2504,6 +2841,7 @@ components: JSON_EXTRACT(detail.Properties, '$.RestoreTestingPlanName') as restore_testing_plan_name, JSON_EXTRACT(detail.Properties, '$.ScheduleExpression') as schedule_expression, JSON_EXTRACT(detail.Properties, '$.ScheduleExpressionTimezone') as schedule_expression_timezone, + JSON_EXTRACT(detail.Properties, '$.ScheduleStatus') as schedule_status, JSON_EXTRACT(detail.Properties, '$.StartWindowHours') as start_window_hours FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -2525,6 +2863,7 @@ components: json_extract_path_text(detail.Properties, 'RestoreTestingPlanName') as restore_testing_plan_name, json_extract_path_text(detail.Properties, 'ScheduleExpression') as schedule_expression, json_extract_path_text(detail.Properties, 'ScheduleExpressionTimezone') as schedule_expression_timezone, + json_extract_path_text(detail.Properties, 'ScheduleStatus') as schedule_status, json_extract_path_text(detail.Properties, 'StartWindowHours') as start_window_hours FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -3011,6 +3350,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__LogicallyAirGappedBackupVault&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateLogicallyAirGappedBackupVault + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateLogicallyAirGappedBackupVaultRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__ReportPlan&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/batch.yaml b/providers/src/aws/v00.00.00000/services/batch.yaml index eb1158ea..2ec81407 100644 --- a/providers/src/aws/v00.00.00000/services/batch.yaml +++ b/providers/src/aws/v00.00.00000/services/batch.yaml @@ -473,6 +473,28 @@ components: type: string Version: type: string + Overrides: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/LaunchTemplateSpecificationOverride' + LaunchTemplateSpecificationOverride: + type: object + additionalProperties: false + properties: + LaunchTemplateId: + type: string + LaunchTemplateName: + type: string + Version: + type: string + TargetInstanceTypes: + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string UpdatePolicy: type: object additionalProperties: false @@ -527,6 +549,8 @@ components: type: integer EksConfiguration: $ref: '#/components/schemas/EksConfiguration' + Context: + type: string required: - Type x-stackql-resource-name: compute_environment @@ -567,34 +591,892 @@ components: x-tagging: taggable: true tagOnCreate: true - tagUpdatable: false - cloudFormationSystemTags: false + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - Batch:TagResource + - Batch:UntagResource + x-required-permissions: + create: + - Batch:CreateComputeEnvironment + - Batch:TagResource + - Batch:DescribeComputeEnvironments + - iam:CreateServiceLinkedRole + - Iam:PassRole + - Eks:DescribeCluster + read: + - Batch:DescribeComputeEnvironments + update: + - Batch:UpdateComputeEnvironment + - Batch:DescribeComputeEnvironments + - Batch:TagResource + - Batch:UnTagResource + - Iam:PassRole + - Eks:DescribeCluster + delete: + - Batch:DeleteComputeEnvironment + - Batch:DescribeComputeEnvironments + - Batch:UpdateComputeEnvironment + - Iam:PassRole + - Eks:DescribeCluster + list: + - Batch:DescribeComputeEnvironments + JobTimeout: + additionalProperties: false + type: object + properties: + AttemptDurationSeconds: + type: integer + EksContainerEnvironmentVariable: + additionalProperties: false + type: object + properties: + Value: + type: string + Name: + type: string + required: + - Name + NodeRangeProperty: + additionalProperties: false + type: object + properties: + Container: + $ref: '#/components/schemas/MultiNodeContainerProperties' + TargetNodes: + type: string + EcsProperties: + $ref: '#/components/schemas/MultiNodeEcsProperties' + InstanceTypes: + uniqueItems: false + x-insertionOrder: false + type: array + items: + type: string + EksProperties: + $ref: '#/components/schemas/EksProperties' + required: + - TargetNodes + EksEmptyDir: + additionalProperties: false + type: object + properties: + Medium: + type: string + SizeLimit: + type: string + LogConfiguration: + additionalProperties: false + type: object + properties: + SecretOptions: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Secret' + Options: + x-patternProperties: + .*: + type: string + additionalProperties: false + type: object + LogDriver: + type: string + required: + - LogDriver + RuntimePlatform: + additionalProperties: false + type: object + properties: + OperatingSystemFamily: + type: string + CpuArchitecture: + type: string + MultiNodeEcsTaskProperties: + additionalProperties: false + type: object + properties: + ExecutionRoleArn: + type: string + TaskRoleArn: + type: string + IpcMode: + type: string + Volumes: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Volume' + Containers: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/TaskContainerProperties' + PidMode: + type: string + NodeProperties: + additionalProperties: false + type: object + properties: + MainNode: + type: integer + NodeRangeProperties: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/NodeRangeProperty' + NumNodes: + type: integer + required: + - NumNodes + - MainNode + - NodeRangeProperties + Tmpfs: + additionalProperties: false + type: object + properties: + Size: + type: integer + ContainerPath: + type: string + MountOptions: + uniqueItems: false + x-insertionOrder: false + type: array + items: + type: string + required: + - ContainerPath + - Size + TaskContainerDependency: + additionalProperties: false + type: object + properties: + Condition: + type: string + ContainerName: + type: string + required: + - ContainerName + - Condition + ContainerProperties: + additionalProperties: false + type: object + properties: + RepositoryCredentials: + $ref: '#/components/schemas/RepositoryCredentials' + User: + type: string + Secrets: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Secret' + Memory: + type: integer + Privileged: + type: boolean + LinuxParameters: + $ref: '#/components/schemas/LinuxParameters' + FargatePlatformConfiguration: + additionalProperties: false + type: object + properties: + PlatformVersion: + type: string + JobRoleArn: + type: string + ReadonlyRootFilesystem: + type: boolean + Vcpus: + type: integer + Image: + type: string + ResourceRequirements: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ResourceRequirement' + LogConfiguration: + $ref: '#/components/schemas/LogConfiguration' + MountPoints: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/MountPoint' + ExecutionRoleArn: + type: string + RuntimePlatform: + $ref: '#/components/schemas/RuntimePlatform' + Volumes: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Volume' + Command: + uniqueItems: false + x-insertionOrder: true + type: array + items: + type: string + Environment: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/Environment' + Ulimits: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Ulimit' + NetworkConfiguration: + $ref: '#/components/schemas/NetworkConfiguration' + EphemeralStorage: + $ref: '#/components/schemas/EphemeralStorage' + required: + - Image + EcsProperties: + additionalProperties: false + type: object + properties: + TaskProperties: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/EcsTaskProperties' + required: + - TaskProperties + EksContainerResourceRequirements: + additionalProperties: false + type: object + properties: + Limits: + x-patternProperties: + .*: + type: string + additionalProperties: false + type: object + Requests: + x-patternProperties: + .*: + type: string + additionalProperties: false + type: object + NetworkConfiguration: + additionalProperties: false + type: object + properties: + AssignPublicIp: + type: string + EcsTaskProperties: + additionalProperties: false + type: object + properties: + PlatformVersion: + type: string + ExecutionRoleArn: + type: string + RuntimePlatform: + $ref: '#/components/schemas/RuntimePlatform' + TaskRoleArn: + type: string + IpcMode: + type: string + Volumes: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Volume' + Containers: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/TaskContainerProperties' + NetworkConfiguration: + $ref: '#/components/schemas/NetworkConfiguration' + PidMode: + type: string + EphemeralStorage: + $ref: '#/components/schemas/EphemeralStorage' + EksContainerSecurityContext: + additionalProperties: false + type: object + properties: + RunAsUser: + type: integer + AllowPrivilegeEscalation: + type: boolean + RunAsNonRoot: + type: boolean + Privileged: + type: boolean + ReadOnlyRootFilesystem: + type: boolean + RunAsGroup: + type: integer + TaskContainerProperties: + additionalProperties: false + type: object + properties: + RepositoryCredentials: + $ref: '#/components/schemas/RepositoryCredentials' + User: + type: string + Secrets: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Secret' + Privileged: + type: boolean + LinuxParameters: + $ref: '#/components/schemas/LinuxParameters' + ReadonlyRootFilesystem: + type: boolean + Image: + type: string + LogConfiguration: + $ref: '#/components/schemas/LogConfiguration' + Essential: + type: boolean + ResourceRequirements: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ResourceRequirement' + Name: + type: string + MountPoints: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/MountPoint' + DependsOn: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/TaskContainerDependency' + Command: + uniqueItems: false + x-insertionOrder: true + type: array + items: + type: string + Environment: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/Environment' + Ulimits: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Ulimit' + required: + - Image + EksMetadata: + additionalProperties: false + type: object + properties: + Labels: + x-patternProperties: + .*: + type: string + additionalProperties: false + type: object + EksSecret: + additionalProperties: false + type: object + properties: + SecretName: + type: string + Optional: + type: boolean + required: + - SecretName + RepositoryCredentials: + additionalProperties: false + type: object + properties: + CredentialsParameter: + type: string + required: + - CredentialsParameter + EFSVolumeConfiguration: + additionalProperties: false + type: object + properties: + TransitEncryption: + type: string + AuthorizationConfig: + $ref: '#/components/schemas/EFSAuthorizationConfig' + FileSystemId: + type: string + RootDirectory: + type: string + TransitEncryptionPort: + type: integer + required: + - FileSystemId + ImagePullSecret: + additionalProperties: false + type: object + properties: + Name: + type: string + EvaluateOnExit: + additionalProperties: false + type: object + properties: + Action: + type: string + OnExitCode: + type: string + OnReason: + type: string + OnStatusReason: + type: string + required: + - Action + MultiNodeEcsProperties: + additionalProperties: false + type: object + properties: + TaskProperties: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/MultiNodeEcsTaskProperties' + required: + - TaskProperties + Device: + additionalProperties: false + type: object + properties: + HostPath: + type: string + Permissions: + uniqueItems: false + x-insertionOrder: false + type: array + items: + type: string + ContainerPath: + type: string + LinuxParameters: + additionalProperties: false + type: object + properties: + Swappiness: + type: integer + Tmpfs: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tmpfs' + SharedMemorySize: + type: integer + Devices: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Device' + InitProcessEnabled: + type: boolean + MaxSwap: + type: integer + Ulimit: + additionalProperties: false + type: object + properties: + SoftLimit: + type: integer + HardLimit: + type: integer + Name: + type: string + required: + - HardLimit + - Name + - SoftLimit + Host: + additionalProperties: false + type: object + properties: + SourcePath: + type: string + EFSAuthorizationConfig: + additionalProperties: false + type: object + properties: + Iam: + type: string + AccessPointId: + type: string + EksVolume: + additionalProperties: false + type: object + properties: + Secret: + $ref: '#/components/schemas/EksSecret' + EmptyDir: + $ref: '#/components/schemas/EksEmptyDir' + HostPath: + $ref: '#/components/schemas/EksHostPath' + Name: + type: string + required: + - Name + EksContainerVolumeMount: + additionalProperties: false + type: object + properties: + MountPath: + type: string + ReadOnly: + type: boolean + Name: + type: string + EksProperties: + additionalProperties: false + type: object + properties: + PodProperties: + $ref: '#/components/schemas/EksPodProperties' + MultiNodeContainerProperties: + additionalProperties: false + type: object + properties: + RepositoryCredentials: + $ref: '#/components/schemas/RepositoryCredentials' + User: + type: string + Secrets: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Secret' + Memory: + type: integer + Privileged: + type: boolean + LinuxParameters: + $ref: '#/components/schemas/LinuxParameters' + JobRoleArn: + type: string + ReadonlyRootFilesystem: + type: boolean + Vcpus: + type: integer + Image: + type: string + ResourceRequirements: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ResourceRequirement' + LogConfiguration: + $ref: '#/components/schemas/LogConfiguration' + MountPoints: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/MountPoint' + ExecutionRoleArn: + type: string + RuntimePlatform: + $ref: '#/components/schemas/RuntimePlatform' + Volumes: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Volume' + Command: + uniqueItems: false + x-insertionOrder: true + type: array + items: + type: string + Environment: + uniqueItems: false + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/Environment' + Ulimits: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Ulimit' + InstanceType: + type: string + EphemeralStorage: + $ref: '#/components/schemas/EphemeralStorage' + required: + - Image + MountPoint: + additionalProperties: false + type: object + properties: + ReadOnly: + type: boolean + SourceVolume: + type: string + ContainerPath: + type: string + Secret: + additionalProperties: false + type: object + properties: + ValueFrom: + type: string + Name: + type: string + required: + - Name + - ValueFrom + Volume: + additionalProperties: false + type: object + properties: + Host: + $ref: '#/components/schemas/Host' + EfsVolumeConfiguration: + $ref: '#/components/schemas/EFSVolumeConfiguration' + Name: + type: string + EksHostPath: + additionalProperties: false + type: object + properties: + Path: + type: string + Environment: + additionalProperties: false + type: object + properties: + Value: + type: string + Name: + type: string + ResourceRequirement: + additionalProperties: false + type: object + properties: + Type: + type: string + Value: + type: string + EphemeralStorage: + additionalProperties: false + type: object + properties: + SizeInGiB: + type: integer + required: + - SizeInGiB + EksContainer: + additionalProperties: false + type: object + properties: + Args: + uniqueItems: false + x-insertionOrder: true + type: array + items: + type: string + VolumeMounts: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/EksContainerVolumeMount' + ImagePullPolicy: + type: string + Command: + uniqueItems: false + x-insertionOrder: true + type: array + items: + type: string + SecurityContext: + $ref: '#/components/schemas/EksContainerSecurityContext' + Resources: + $ref: '#/components/schemas/EksContainerResourceRequirements' + Image: + type: string + Env: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/EksContainerEnvironmentVariable' + Name: + type: string + required: + - Image + RetryStrategy: + additionalProperties: false + type: object + properties: + EvaluateOnExit: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/EvaluateOnExit' + Attempts: + type: integer + EksPodProperties: + additionalProperties: false + type: object + properties: + InitContainers: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/EksContainer' + Volumes: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/EksVolume' + DnsPolicy: + type: string + Containers: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/EksContainer' + Metadata: + $ref: '#/components/schemas/EksMetadata' + ServiceAccountName: + type: string + ImagePullSecrets: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ImagePullSecret' + HostNetwork: + type: boolean + ShareProcessNamespace: + type: boolean + JobDefinition: + type: object + properties: + Parameters: + x-patternProperties: + .*: + type: string + additionalProperties: false + type: object + Timeout: + $ref: '#/components/schemas/JobTimeout' + JobDefinitionName: + type: string + maxLength: 128 + PropagateTags: + type: boolean + PlatformCapabilities: + uniqueItems: false + x-insertionOrder: true + type: array + items: + type: string + EksProperties: + $ref: '#/components/schemas/EksProperties' + Type: + type: string + NodeProperties: + $ref: '#/components/schemas/NodeProperties' + SchedulingPriority: + type: integer + ContainerProperties: + $ref: '#/components/schemas/ContainerProperties' + EcsProperties: + $ref: '#/components/schemas/EcsProperties' + RetryStrategy: + $ref: '#/components/schemas/RetryStrategy' + Tags: + x-patternProperties: + .*: + type: string + description: A key-value pair to associate with a resource. + additionalProperties: false + type: object + required: + - Type + x-stackql-resource-name: job_definition + description: Resource Type definition for AWS::Batch::JobDefinition + x-type-name: AWS::Batch::JobDefinition + x-stackql-primary-identifier: + - JobDefinitionName + x-create-only-properties: + - JobDefinitionName + x-required-properties: + - Type + x-tagging: + permissions: + - Batch:TagResource + - Batch:UntagResource + taggable: true + tagOnCreate: true + tagUpdatable: true tagProperty: /properties/Tags + cloudFormationSystemTags: true x-required-permissions: + read: + - Batch:DescribeJobDefinitions create: - - Batch:CreateComputeEnvironment + - Batch:RegisterJobDefinition - Batch:TagResource - - Batch:DescribeComputeEnvironments - - iam:CreateServiceLinkedRole + - Batch:DescribeJobDefinitions - Iam:PassRole - - Eks:DescribeCluster - read: - - Batch:DescribeComputeEnvironments update: - - Batch:UpdateComputeEnvironment - - Batch:DescribeComputeEnvironments + - Batch:DescribeJobDefinitions + - Batch:RegisterJobDefinition + - Batch:DeregisterJobDefinition - Batch:TagResource - - Batch:UnTagResource + - Batch:UntagResource - Iam:PassRole - - Eks:DescribeCluster + list: + - Batch:DescribeJobDefinitions delete: - - Batch:DeleteComputeEnvironment - - Batch:DescribeComputeEnvironments - - Batch:UpdateComputeEnvironment + - Batch:DescribeJobDefinitions + - Batch:DeregisterJobDefinition - Iam:PassRole - - Eks:DescribeCluster - list: - - Batch:DescribeComputeEnvironments ResourceArn: description: ARN of the Scheduling Policy. type: string @@ -693,6 +1575,9 @@ components: tagUpdatable: false cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - Batch:TagResource + - Batch:UntagResource x-required-permissions: create: - Batch:CreateJobQueue @@ -833,10 +1718,69 @@ components: type: integer EksConfiguration: $ref: '#/components/schemas/EksConfiguration' + Context: + type: string x-stackQL-stringOnly: true x-title: CreateComputeEnvironmentRequest type: object required: [] + CreateJobDefinitionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Parameters: + x-patternProperties: + .*: + type: string + additionalProperties: false + type: object + Timeout: + $ref: '#/components/schemas/JobTimeout' + JobDefinitionName: + type: string + maxLength: 128 + PropagateTags: + type: boolean + PlatformCapabilities: + uniqueItems: false + x-insertionOrder: true + type: array + items: + type: string + EksProperties: + $ref: '#/components/schemas/EksProperties' + Type: + type: string + NodeProperties: + $ref: '#/components/schemas/NodeProperties' + SchedulingPriority: + type: integer + ContainerProperties: + $ref: '#/components/schemas/ContainerProperties' + EcsProperties: + $ref: '#/components/schemas/EcsProperties' + RetryStrategy: + $ref: '#/components/schemas/RetryStrategy' + Tags: + x-patternProperties: + .*: + type: string + description: A key-value pair to associate with a resource. + additionalProperties: false + type: object + x-stackQL-stringOnly: true + x-title: CreateJobDefinitionRequest + type: object + required: [] CreateJobQueueRequest: properties: ClientToken: @@ -1003,7 +1947,8 @@ components: JSON_EXTRACT(Properties, '$.Type') as type, JSON_EXTRACT(Properties, '$.UpdatePolicy') as update_policy, JSON_EXTRACT(Properties, '$.UnmanagedvCpus') as unmanagedv_cpus, - JSON_EXTRACT(Properties, '$.EksConfiguration') as eks_configuration + JSON_EXTRACT(Properties, '$.EksConfiguration') as eks_configuration, + JSON_EXTRACT(Properties, '$.Context') as context FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Batch::ComputeEnvironment' AND data__Identifier = '' AND region = 'us-east-1' @@ -1022,7 +1967,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Type') as type, JSON_EXTRACT(detail.Properties, '$.UpdatePolicy') as update_policy, JSON_EXTRACT(detail.Properties, '$.UnmanagedvCpus') as unmanagedv_cpus, - JSON_EXTRACT(detail.Properties, '$.EksConfiguration') as eks_configuration + JSON_EXTRACT(detail.Properties, '$.EksConfiguration') as eks_configuration, + JSON_EXTRACT(detail.Properties, '$.Context') as context FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1046,7 +1992,8 @@ components: json_extract_path_text(Properties, 'Type') as type, json_extract_path_text(Properties, 'UpdatePolicy') as update_policy, json_extract_path_text(Properties, 'UnmanagedvCpus') as unmanagedv_cpus, - json_extract_path_text(Properties, 'EksConfiguration') as eks_configuration + json_extract_path_text(Properties, 'EksConfiguration') as eks_configuration, + json_extract_path_text(Properties, 'Context') as context FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Batch::ComputeEnvironment' AND data__Identifier = '' AND region = 'us-east-1' @@ -1065,7 +2012,8 @@ components: json_extract_path_text(detail.Properties, 'Type') as type, json_extract_path_text(detail.Properties, 'UpdatePolicy') as update_policy, json_extract_path_text(detail.Properties, 'UnmanagedvCpus') as unmanagedv_cpus, - json_extract_path_text(detail.Properties, 'EksConfiguration') as eks_configuration + json_extract_path_text(detail.Properties, 'EksConfiguration') as eks_configuration, + json_extract_path_text(detail.Properties, 'Context') as context FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1133,7 +2081,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Type') as type, JSON_EXTRACT(detail.Properties, '$.UpdatePolicy') as update_policy, JSON_EXTRACT(detail.Properties, '$.UnmanagedvCpus') as unmanagedv_cpus, - JSON_EXTRACT(detail.Properties, '$.EksConfiguration') as eks_configuration + JSON_EXTRACT(detail.Properties, '$.EksConfiguration') as eks_configuration, + JSON_EXTRACT(detail.Properties, '$.Context') as context FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1158,7 +2107,8 @@ components: json_extract_path_text(detail.Properties, 'Type') as type, json_extract_path_text(detail.Properties, 'UpdatePolicy') as update_policy, json_extract_path_text(detail.Properties, 'UnmanagedvCpus') as unmanagedv_cpus, - json_extract_path_text(detail.Properties, 'EksConfiguration') as eks_configuration + json_extract_path_text(detail.Properties, 'EksConfiguration') as eks_configuration, + json_extract_path_text(detail.Properties, 'Context') as context FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1167,6 +2117,255 @@ components: WHERE listing.data__TypeName = 'AWS::Batch::ComputeEnvironment' AND detail.data__TypeName = 'AWS::Batch::ComputeEnvironment' AND listing.region = 'us-east-1' + job_definitions: + name: job_definitions + id: aws.batch.job_definitions + x-cfn-schema-name: JobDefinition + x-cfn-type-name: AWS::Batch::JobDefinition + x-identifiers: + - JobDefinitionName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__JobDefinition&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Batch::JobDefinition" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Batch::JobDefinition" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Batch::JobDefinition" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/job_definitions/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/job_definitions/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/job_definitions/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Parameters') as parameters, + JSON_EXTRACT(Properties, '$.Timeout') as timeout, + JSON_EXTRACT(Properties, '$.JobDefinitionName') as job_definition_name, + JSON_EXTRACT(Properties, '$.PropagateTags') as propagate_tags, + JSON_EXTRACT(Properties, '$.PlatformCapabilities') as platform_capabilities, + JSON_EXTRACT(Properties, '$.EksProperties') as eks_properties, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.NodeProperties') as node_properties, + JSON_EXTRACT(Properties, '$.SchedulingPriority') as scheduling_priority, + JSON_EXTRACT(Properties, '$.ContainerProperties') as container_properties, + JSON_EXTRACT(Properties, '$.EcsProperties') as ecs_properties, + JSON_EXTRACT(Properties, '$.RetryStrategy') as retry_strategy, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Batch::JobDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Parameters') as parameters, + JSON_EXTRACT(detail.Properties, '$.Timeout') as timeout, + JSON_EXTRACT(detail.Properties, '$.JobDefinitionName') as job_definition_name, + JSON_EXTRACT(detail.Properties, '$.PropagateTags') as propagate_tags, + JSON_EXTRACT(detail.Properties, '$.PlatformCapabilities') as platform_capabilities, + JSON_EXTRACT(detail.Properties, '$.EksProperties') as eks_properties, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.NodeProperties') as node_properties, + JSON_EXTRACT(detail.Properties, '$.SchedulingPriority') as scheduling_priority, + JSON_EXTRACT(detail.Properties, '$.ContainerProperties') as container_properties, + JSON_EXTRACT(detail.Properties, '$.EcsProperties') as ecs_properties, + JSON_EXTRACT(detail.Properties, '$.RetryStrategy') as retry_strategy, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Batch::JobDefinition' + AND detail.data__TypeName = 'AWS::Batch::JobDefinition' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Parameters') as parameters, + json_extract_path_text(Properties, 'Timeout') as timeout, + json_extract_path_text(Properties, 'JobDefinitionName') as job_definition_name, + json_extract_path_text(Properties, 'PropagateTags') as propagate_tags, + json_extract_path_text(Properties, 'PlatformCapabilities') as platform_capabilities, + json_extract_path_text(Properties, 'EksProperties') as eks_properties, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'NodeProperties') as node_properties, + json_extract_path_text(Properties, 'SchedulingPriority') as scheduling_priority, + json_extract_path_text(Properties, 'ContainerProperties') as container_properties, + json_extract_path_text(Properties, 'EcsProperties') as ecs_properties, + json_extract_path_text(Properties, 'RetryStrategy') as retry_strategy, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Batch::JobDefinition' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Parameters') as parameters, + json_extract_path_text(detail.Properties, 'Timeout') as timeout, + json_extract_path_text(detail.Properties, 'JobDefinitionName') as job_definition_name, + json_extract_path_text(detail.Properties, 'PropagateTags') as propagate_tags, + json_extract_path_text(detail.Properties, 'PlatformCapabilities') as platform_capabilities, + json_extract_path_text(detail.Properties, 'EksProperties') as eks_properties, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'NodeProperties') as node_properties, + json_extract_path_text(detail.Properties, 'SchedulingPriority') as scheduling_priority, + json_extract_path_text(detail.Properties, 'ContainerProperties') as container_properties, + json_extract_path_text(detail.Properties, 'EcsProperties') as ecs_properties, + json_extract_path_text(detail.Properties, 'RetryStrategy') as retry_strategy, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Batch::JobDefinition' + AND detail.data__TypeName = 'AWS::Batch::JobDefinition' + AND listing.region = 'us-east-1' + job_definitions_list_only: + name: job_definitions_list_only + id: aws.batch.job_definitions_list_only + x-cfn-schema-name: JobDefinition + x-cfn-type-name: AWS::Batch::JobDefinition + x-identifiers: + - JobDefinitionName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.JobDefinitionName') as job_definition_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Batch::JobDefinition' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'JobDefinitionName') as job_definition_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Batch::JobDefinition' + AND region = 'us-east-1' + job_definition_tags: + name: job_definition_tags + id: aws.batch.job_definition_tags + x-cfn-schema-name: JobDefinition + x-cfn-type-name: AWS::Batch::JobDefinition + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Parameters') as parameters, + JSON_EXTRACT(detail.Properties, '$.Timeout') as timeout, + JSON_EXTRACT(detail.Properties, '$.JobDefinitionName') as job_definition_name, + JSON_EXTRACT(detail.Properties, '$.PropagateTags') as propagate_tags, + JSON_EXTRACT(detail.Properties, '$.PlatformCapabilities') as platform_capabilities, + JSON_EXTRACT(detail.Properties, '$.EksProperties') as eks_properties, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.NodeProperties') as node_properties, + JSON_EXTRACT(detail.Properties, '$.SchedulingPriority') as scheduling_priority, + JSON_EXTRACT(detail.Properties, '$.ContainerProperties') as container_properties, + JSON_EXTRACT(detail.Properties, '$.EcsProperties') as ecs_properties, + JSON_EXTRACT(detail.Properties, '$.RetryStrategy') as retry_strategy + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Batch::JobDefinition' + AND detail.data__TypeName = 'AWS::Batch::JobDefinition' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Parameters') as parameters, + json_extract_path_text(detail.Properties, 'Timeout') as timeout, + json_extract_path_text(detail.Properties, 'JobDefinitionName') as job_definition_name, + json_extract_path_text(detail.Properties, 'PropagateTags') as propagate_tags, + json_extract_path_text(detail.Properties, 'PlatformCapabilities') as platform_capabilities, + json_extract_path_text(detail.Properties, 'EksProperties') as eks_properties, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'NodeProperties') as node_properties, + json_extract_path_text(detail.Properties, 'SchedulingPriority') as scheduling_priority, + json_extract_path_text(detail.Properties, 'ContainerProperties') as container_properties, + json_extract_path_text(detail.Properties, 'EcsProperties') as ecs_properties, + json_extract_path_text(detail.Properties, 'RetryStrategy') as retry_strategy + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Batch::JobDefinition' + AND detail.data__TypeName = 'AWS::Batch::JobDefinition' + AND listing.region = 'us-east-1' job_queues: name: job_queues id: aws.batch.job_queues @@ -1766,6 +2965,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__JobDefinition&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateJobDefinition + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateJobDefinitionRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__JobQueue&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/bedrock.yaml b/providers/src/aws/v00.00.00000/services/bedrock.yaml index 6fc0b01d..f445a301 100644 --- a/providers/src/aws/v00.00.00000/services/bedrock.yaml +++ b/providers/src/aws/v00.00.00000/services/bedrock.yaml @@ -432,6 +432,7 @@ components: description: Action Group Signature for a BuiltIn Action enum: - AMAZON.UserInput + - AMAZON.CodeInterpreter ActionGroupState: type: string description: State of the action group @@ -525,6 +526,8 @@ components: description: Description of function Parameters: $ref: '#/components/schemas/ParameterMap' + RequireConfirmation: + $ref: '#/components/schemas/RequireConfirmation' required: - Name additionalProperties: false @@ -542,6 +545,20 @@ components: required: - Functions additionalProperties: false + GuardrailConfiguration: + type: object + description: Configuration for a guardrail + properties: + GuardrailIdentifier: + type: string + maxLength: 2048 + pattern: ^(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))$ + description: Identifier for the guardrail, could be the id or the arn + GuardrailVersion: + type: string + pattern: ^(([0-9]{1,8})|(DRAFT))$ + description: Version of the guardrail + additionalProperties: false InferenceConfiguration: type: object description: Configuration for inference in prompt configuration @@ -658,6 +675,12 @@ components: - ORCHESTRATION - POST_PROCESSING - KNOWLEDGE_BASE_RESPONSE_GENERATION + RequireConfirmation: + type: string + description: ENUM to check if action requires user confirmation + enum: + - ENABLED + - DISABLED S3Identifier: type: object description: The identifier for the S3 resource. @@ -765,8 +788,10 @@ components: type: string maxLength: 2048 minLength: 1 - pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)$ + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|([0-9]{12}:(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)$ description: ARN or name of a Bedrock model. + GuardrailConfiguration: + $ref: '#/components/schemas/GuardrailConfiguration' IdleSessionTTLInSeconds: type: number maximum: 3600 @@ -775,7 +800,6 @@ components: Instruction: type: string minLength: 40 - maxLength: 4000 description: Instruction for the agent. KnowledgeBases: type: array @@ -848,6 +872,9 @@ components: - bedrock:ListAgentActionGroups - bedrock:TagResource - bedrock:ListTagsForResource + - bedrock:CreateGuardrail + - bedrock:CreateGuardrailVersion + - bedrock:GetGuardrail - iam:PassRole read: - bedrock:GetAgent @@ -856,6 +883,8 @@ components: - bedrock:GetAgentKnowledgeBase - bedrock:ListAgentKnowledgeBases - bedrock:ListTagsForResource + - bedrock:GetGuardrail + - kms:Decrypt update: - bedrock:GetAgent - bedrock:UpdateAgent @@ -873,12 +902,18 @@ components: - bedrock:TagResource - bedrock:UntagResource - bedrock:ListTagsForResource + - bedrock:UpdateGuardrail + - bedrock:GetGuardrail + - kms:Decrypt - iam:PassRole delete: - bedrock:GetAgent - bedrock:DeleteAgent + - bedrock:DeleteGuardrail + - bedrock:GetGuardrail list: - bedrock:ListAgents + - bedrock:ListGuardrails AgentAliasHistoryEvent: type: object description: History event for an alias for an Agent. @@ -1022,6 +1057,194 @@ components: - bedrock:DeleteAgentAlias list: - bedrock:ListAgentAliases + InferenceProfileModelSource: + description: Various ways to encode a list of models in a CreateInferenceProfile request + oneOf: + - type: object + title: CopyFrom + properties: + CopyFrom: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{0,20}):(|[0-9]{12}):(inference-profile|foundation-model)/[a-zA-Z0-9-:.]+$ + description: |- + Source arns for a custom inference profile to copy its regional load balancing config from. This + can either be a foundation model or predefined inference profile ARN. + required: + - CopyFrom + additionalProperties: false + InferenceProfileStatus: + type: string + description: Status of the Inference Profile + enum: + - ACTIVE + InferenceProfileType: + type: string + description: Type of the Inference Profile + enum: + - APPLICATION + - SYSTEM_DEFINED + InferenceProfileModel: + type: object + description: Model configuration + properties: + ModelArn: + type: string + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/[a-z0-9-]{1,63}[.]{1}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}$ + description: ARN for Foundation Models in Bedrock. These models can be used as base models for model customization jobs + additionalProperties: false + Tag: + type: object + description: Definition of the key/value pair for a tag + properties: + Key: + type: string + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9\s._:/=+@-]*$ + description: Tag Key + Value: + type: string + maxLength: 256 + minLength: 0 + pattern: ^[a-zA-Z0-9\s._:/=+@-]*$ + description: Tag Value + required: + - Key + - Value + additionalProperties: false + Unit: + type: object + additionalProperties: false + ApplicationInferenceProfile: + type: object + properties: + CreatedAt: + type: string + description: Time Stamp + format: date-time + Description: + type: string + maxLength: 200 + minLength: 1 + pattern: ^([0-9a-zA-Z:.][ _-]?)+$ + description: Description of the inference profile + InferenceProfileArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{0,20}):(|[0-9]{12}):(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+$ + InferenceProfileId: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9-:.]+$ + InferenceProfileIdentifier: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^(arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{0,20}):(|[0-9]{12}):(inference-profile|application-inference-profile)/)?[a-zA-Z0-9-:.]+$ + description: Inference profile identifier. Supports both system-defined inference profile ids, and inference profile ARNs. + InferenceProfileName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^([0-9a-zA-Z][ _-]?)+$ + ModelSource: + $ref: '#/components/schemas/InferenceProfileModelSource' + Models: + type: array + items: + $ref: '#/components/schemas/InferenceProfileModel' + maxItems: 5 + minItems: 1 + description: List of model configuration + Status: + $ref: '#/components/schemas/InferenceProfileStatus' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + description: List of Tags + Type: + $ref: '#/components/schemas/InferenceProfileType' + UpdatedAt: + type: string + description: Time Stamp + format: date-time + required: + - InferenceProfileName + x-stackql-resource-name: application_inference_profile + description: Definition of AWS::Bedrock::ApplicationInferenceProfile Resource Type + x-type-name: AWS::Bedrock::ApplicationInferenceProfile + x-stackql-primary-identifier: + - InferenceProfileIdentifier + x-create-only-properties: + - Description + - InferenceProfileName + - ModelSource + x-write-only-properties: + - ModelSource + x-read-only-properties: + - Models + - InferenceProfileArn + - InferenceProfileId + - InferenceProfileIdentifier + - Status + - Type + - CreatedAt + - UpdatedAt + x-required-properties: + - InferenceProfileName + x-tagging: + cloudFormationSystemTags: true + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + permissions: + - bedrock:TagResource + - bedrock:UntagResource + - bedrock:ListTagsForResource + x-required-permissions: + create: + - bedrock:CreateInferenceProfile + - bedrock:GetInferenceProfile + - bedrock:TagResource + - bedrock:ListTagsForResource + read: + - bedrock:GetInferenceProfile + - bedrock:ListTagsForResource + update: + - bedrock:GetInferenceProfile + - bedrock:ListTagsForResource + - bedrock:TagResource + - bedrock:UntagResource + delete: + - bedrock:DeleteInferenceProfile + - bedrock:GetInferenceProfile + list: + - bedrock:ListInferenceProfiles + BedrockFoundationModelConfiguration: + type: object + description: Settings for a foundation model used to parse documents for a data source. + properties: + ModelArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})|(arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{1,20}):(|[0-9]{12}):(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+)$ + description: The model's ARN. + ParsingPrompt: + $ref: '#/components/schemas/ParsingPrompt' + ParsingModality: + $ref: '#/components/schemas/ParsingModality' + required: + - ModelArn + additionalProperties: false ChunkingConfiguration: type: object description: Details about how to chunk the documents in the data source. A chunk refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried. @@ -1030,6 +1253,10 @@ components: $ref: '#/components/schemas/ChunkingStrategy' FixedSizeChunkingConfiguration: $ref: '#/components/schemas/FixedSizeChunkingConfiguration' + HierarchicalChunkingConfiguration: + $ref: '#/components/schemas/HierarchicalChunkingConfiguration' + SemanticChunkingConfiguration: + $ref: '#/components/schemas/SemanticChunkingConfiguration' required: - ChunkingStrategy additionalProperties: false @@ -1039,6 +1266,26 @@ components: enum: - FIXED_SIZE - NONE + - HIERARCHICAL + - SEMANTIC + CustomTransformationConfiguration: + type: object + description: Settings for customizing steps in the data source content ingestion pipeline. + properties: + IntermediateStorage: + $ref: '#/components/schemas/IntermediateStorage' + Transformations: + type: array + items: + $ref: '#/components/schemas/Transformation' + maxItems: 1 + minItems: 1 + description: A list of Lambda functions that process documents. + x-insertionOrder: false + required: + - IntermediateStorage + - Transformations + additionalProperties: false DataSourceConfiguration: type: object description: Specifies a raw data source location to ingest. @@ -1047,9 +1294,16 @@ components: $ref: '#/components/schemas/DataSourceType' S3Configuration: $ref: '#/components/schemas/S3DataSourceConfiguration' + ConfluenceConfiguration: + $ref: '#/components/schemas/ConfluenceDataSourceConfiguration' + SalesforceConfiguration: + $ref: '#/components/schemas/SalesforceDataSourceConfiguration' + SharePointConfiguration: + $ref: '#/components/schemas/SharePointDataSourceConfiguration' + WebConfiguration: + $ref: '#/components/schemas/WebDataSourceConfiguration' required: - Type - - S3Configuration additionalProperties: false DataSourceStatus: type: string @@ -1063,6 +1317,11 @@ components: description: The type of the data source location. enum: - S3 + - CONFLUENCE + - SALESFORCE + - SHAREPOINT + - WEB + - CUSTOM DataDeletionPolicy: type: string description: The deletion policy for the data source. @@ -1086,9 +1345,93 @@ components: - MaxTokens - OverlapPercentage additionalProperties: false + HierarchicalChunkingConfiguration: + type: object + description: Configurations for when you choose hierarchical chunking. If you set the chunkingStrategy as NONE, exclude this field. + properties: + LevelConfigurations: + type: array + items: + $ref: '#/components/schemas/HierarchicalChunkingLevelConfiguration' + maxItems: 2 + minItems: 2 + description: Token settings for each layer. + x-insertionOrder: false + OverlapTokens: + type: integer + minimum: 1 + description: The number of tokens to repeat across chunks in the same layer. + required: + - LevelConfigurations + - OverlapTokens + additionalProperties: false + HierarchicalChunkingLevelConfiguration: + type: object + description: Token settings for a layer in a hierarchical chunking configuration. + properties: + MaxTokens: + type: integer + minimum: 1 + maximum: 8192 + description: The maximum number of tokens that a chunk can contain in this layer. + required: + - MaxTokens + additionalProperties: false + IntermediateStorage: + type: object + description: A location for storing content from data sources temporarily as it is processed by custom components in the ingestion pipeline. + properties: + S3Location: + $ref: '#/components/schemas/S3Location' + required: + - S3Location + additionalProperties: false + ParsingConfiguration: + type: object + description: Settings for parsing document contents + properties: + ParsingStrategy: + $ref: '#/components/schemas/ParsingStrategy' + BedrockFoundationModelConfiguration: + $ref: '#/components/schemas/BedrockFoundationModelConfiguration' + BedrockDataAutomationConfiguration: + $ref: '#/components/schemas/BedrockDataAutomationConfiguration' + required: + - ParsingStrategy + additionalProperties: false + ParsingModality: + type: string + description: Determine how will parsed content be stored. + enum: + - MULTIMODAL + BedrockDataAutomationConfiguration: + type: object + description: Settings for a Bedrock Data Automation used to parse documents for a data source. + properties: + ParsingModality: + $ref: '#/components/schemas/ParsingModality' + additionalProperties: false + ParsingPrompt: + type: object + description: Instructions for interpreting the contents of a document. + properties: + ParsingPromptText: + type: string + maxLength: 10000 + minLength: 1 + description: Instructions for interpreting the contents of a document. + required: + - ParsingPromptText + additionalProperties: false + ParsingStrategy: + type: string + description: The parsing strategy for the data source. + enum: + - BEDROCK_FOUNDATION_MODEL + - BEDROCK_DATA_AUTOMATION S3DataSourceConfiguration: type: object - description: Contains information about the S3 configuration of the data source. + description: The configuration information to connect to Amazon S3 as your data source. properties: BucketArn: type: string @@ -1116,6 +1459,86 @@ components: required: - BucketArn additionalProperties: false + ConfluenceDataSourceConfiguration: + type: object + description: The configuration information to connect to Confluence as your data source. + properties: + SourceConfiguration: + $ref: '#/components/schemas/ConfluenceSourceConfiguration' + CrawlerConfiguration: + $ref: '#/components/schemas/ConfluenceCrawlerConfiguration' + required: + - SourceConfiguration + additionalProperties: false + SalesforceDataSourceConfiguration: + type: object + description: The configuration information to connect to Salesforce as your data source. + properties: + SourceConfiguration: + $ref: '#/components/schemas/SalesforceSourceConfiguration' + CrawlerConfiguration: + $ref: '#/components/schemas/SalesforceCrawlerConfiguration' + required: + - SourceConfiguration + additionalProperties: false + SharePointDataSourceConfiguration: + type: object + description: The configuration information to connect to SharePoint as your data source. + properties: + SourceConfiguration: + $ref: '#/components/schemas/SharePointSourceConfiguration' + CrawlerConfiguration: + $ref: '#/components/schemas/SharePointCrawlerConfiguration' + required: + - SourceConfiguration + additionalProperties: false + WebDataSourceConfiguration: + type: object + description: Configures a web data source location. + properties: + SourceConfiguration: + $ref: '#/components/schemas/WebSourceConfiguration' + CrawlerConfiguration: + $ref: '#/components/schemas/WebCrawlerConfiguration' + required: + - SourceConfiguration + additionalProperties: false + S3Location: + type: object + description: An Amazon S3 location. + properties: + URI: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^s3://.{1,128}$ + description: The location's URI + required: + - URI + additionalProperties: false + SemanticChunkingConfiguration: + type: object + description: Configurations for when you choose semantic chunking. If you set the chunkingStrategy as NONE, exclude this field. + properties: + BreakpointPercentileThreshold: + type: integer + minimum: 50 + maximum: 99 + description: The dissimilarity threshold for splitting chunks. + BufferSize: + type: integer + minimum: 0 + maximum: 1 + description: The buffer size. + MaxTokens: + type: integer + minimum: 1 + description: The maximum number of tokens that a chunk can contain. + required: + - BreakpointPercentileThreshold + - BufferSize + - MaxTokens + additionalProperties: false ServerSideEncryptionConfiguration: type: object description: Contains details about the server-side encryption for the data source. @@ -1127,33 +1550,316 @@ components: pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ description: The ARN of the AWS KMS key used to encrypt the resource. additionalProperties: false + Transformation: + type: object + description: A Lambda function that processes documents. + properties: + StepToApply: + type: string + description: When the service applies the transformation. + enum: + - POST_CHUNKING + TransformationFunction: + $ref: '#/components/schemas/TransformationFunction' + required: + - StepToApply + - TransformationFunction + additionalProperties: false + TransformationFunction: + type: object + description: A Lambda function that processes documents. + properties: + TransformationLambdaConfiguration: + $ref: '#/components/schemas/TransformationLambdaConfiguration' + required: + - TransformationLambdaConfiguration + additionalProperties: false + TransformationLambdaConfiguration: + type: object + description: A Lambda function that processes documents. + properties: + LambdaArn: + type: string + maxLength: 2048 + minLength: 0 + pattern: ^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\d{1}:\d{12}:function:[a-zA-Z0-9-_\.]+(:(\$LATEST|[a-zA-Z0-9-_]+))?$ + description: The function's ARN identifier. + required: + - LambdaArn + additionalProperties: false VectorIngestionConfiguration: type: object description: Details about how to chunk the documents in the data source. A chunk refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried. properties: ChunkingConfiguration: $ref: '#/components/schemas/ChunkingConfiguration' + CustomTransformationConfiguration: + $ref: '#/components/schemas/CustomTransformationConfiguration' + ParsingConfiguration: + $ref: '#/components/schemas/ParsingConfiguration' additionalProperties: false - DataSource: + ConfluenceSourceConfiguration: type: object + description: The endpoint information to connect to your Confluence data source. properties: - DataSourceConfiguration: - $ref: '#/components/schemas/DataSourceConfiguration' - DataSourceId: - type: string - pattern: ^[0-9a-zA-Z]{10}$ - description: Identifier for a resource. - Description: + HostUrl: type: string - maxLength: 200 + maxLength: 2048 minLength: 1 - description: Description of the Resource. - KnowledgeBaseId: + pattern: ^https://[A-Za-z0-9][^\s]*$ + description: The Confluence host URL or instance URL. + HostType: + type: string + description: The supported host type, whether online/cloud or server/on-premises. + enum: + - SAAS + AuthType: + type: string + description: The supported authentication type to authenticate and connect to your Confluence instance. + enum: + - BASIC + - OAUTH2_CLIENT_CREDENTIALS + CredentialsSecretArn: type: string - pattern: ^[0-9a-zA-Z]{10}$ - description: The unique identifier of the knowledge base to which to add the data source. - DataSourceStatus: - $ref: '#/components/schemas/DataSourceStatus' + description: The Amazon Resource Name of an AWS Secrets Manager secret that stores your authentication credentials for your Confluence instance URL. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see Confluence connection configuration. + pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ + required: + - HostUrl + - HostType + - AuthType + - CredentialsSecretArn + additionalProperties: false + ConfluenceCrawlerConfiguration: + type: object + description: The configuration of the Confluence content. For example, configuring specific types of Confluence content. + properties: + FilterConfiguration: + $ref: '#/components/schemas/CrawlFilterConfiguration' + additionalProperties: false + SalesforceSourceConfiguration: + type: object + description: The endpoint information to connect to your Salesforce data source. + properties: + HostUrl: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^https://[A-Za-z0-9][^\s]*$ + description: The Salesforce host URL or instance URL. + AuthType: + type: string + description: The supported authentication type to authenticate and connect to your Salesforce instance. + enum: + - OAUTH2_CLIENT_CREDENTIALS + CredentialsSecretArn: + type: string + description: The Amazon Resource Name of an AWS Secrets Manager secret that stores your authentication credentials for your Salesforce instance URL. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see Salesforce connection configuration. + pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ + required: + - HostUrl + - AuthType + - CredentialsSecretArn + additionalProperties: false + SalesforceCrawlerConfiguration: + type: object + description: The configuration of filtering the Salesforce content. For example, configuring regular expression patterns to include or exclude certain content. + properties: + FilterConfiguration: + $ref: '#/components/schemas/CrawlFilterConfiguration' + additionalProperties: false + SharePointSourceConfiguration: + type: object + description: The endpoint information to connect to your SharePoint data source. + properties: + SiteUrls: + type: array + description: A list of one or more SharePoint site URLs. + items: + type: string + pattern: ^https://[A-Za-z0-9][^\s]*$ + description: A forced-HTTPS web url. + maxItems: 100 + minItems: 1 + x-insertionOrder: false + HostType: + type: string + description: The supported host type, whether online/cloud or server/on-premises. + enum: + - ONLINE + AuthType: + type: string + description: The supported authentication type to authenticate and connect to your SharePoint site/sites. + enum: + - OAUTH2_CLIENT_CREDENTIALS + CredentialsSecretArn: + type: string + description: The Amazon Resource Name of an AWS Secrets Manager secret that stores your authentication credentials for your SharePoint site/sites. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see SharePoint connection configuration. + pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ + TenantId: + type: string + description: The identifier of your Microsoft 365 tenant. + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + Domain: + type: string + description: The domain of your SharePoint instance or site URL/URLs. + maxLength: 50 + minLength: 1 + required: + - Domain + - SiteUrls + - HostType + - AuthType + - CredentialsSecretArn + additionalProperties: false + SharePointCrawlerConfiguration: + type: object + description: The configuration of the SharePoint content. For example, configuring specific types of SharePoint content. + properties: + FilterConfiguration: + $ref: '#/components/schemas/CrawlFilterConfiguration' + additionalProperties: false + WebSourceConfiguration: + type: object + description: A web source configuration. + properties: + UrlConfiguration: + $ref: '#/components/schemas/UrlConfiguration' + required: + - UrlConfiguration + additionalProperties: false + UrlConfiguration: + type: object + description: A url configuration. + properties: + SeedUrls: + $ref: '#/components/schemas/SeedUrls' + required: + - SeedUrls + additionalProperties: false + SeedUrl: + type: object + description: A seed url object. + properties: + Url: + type: string + pattern: ^https?://[A-Za-z0-9][^\s]*$ + description: A web url. + required: + - Url + additionalProperties: false + SeedUrls: + type: array + description: A list of web urls. + items: + $ref: '#/components/schemas/SeedUrl' + maxItems: 100 + minItems: 1 + x-insertionOrder: false + WebCrawlerConfiguration: + type: object + description: Configuration for the web crawler. + properties: + CrawlerLimits: + $ref: '#/components/schemas/WebCrawlerLimits' + InclusionFilters: + $ref: '#/components/schemas/FilterList' + ExclusionFilters: + $ref: '#/components/schemas/FilterList' + Scope: + $ref: '#/components/schemas/WebScopeType' + additionalProperties: false + WebCrawlerLimits: + type: object + description: Limit settings for the web crawler. + properties: + RateLimit: + type: integer + minimum: 1 + maximum: 300 + description: Rate of web URLs retrieved per minute. + additionalProperties: false + WebScopeType: + type: string + description: The scope that a web crawl job will be restricted to. + enum: + - HOST_ONLY + - SUBDOMAINS + CrawlFilterConfiguration: + type: object + description: The type of filtering that you want to apply to certain objects or content of the data source. For example, the PATTERN type is regular expression patterns you can apply to filter your content. + properties: + Type: + type: string + description: The crawl filter type. + enum: + - PATTERN + PatternObjectFilter: + $ref: '#/components/schemas/PatternObjectFilterConfiguration' + required: + - Type + additionalProperties: false + PatternObjectFilterConfiguration: + type: object + description: The configuration of specific filters applied to your data source content. You can filter out or include certain content. + properties: + Filters: + $ref: '#/components/schemas/PatternObjectFilterList' + required: + - Filters + additionalProperties: false + PatternObjectFilterList: + type: array + items: + $ref: '#/components/schemas/PatternObjectFilter' + maxItems: 25 + minItems: 1 + description: Contains information + PatternObjectFilter: + type: object + description: The specific filters applied to your data source content. You can filter out or include certain content. + properties: + ObjectType: + type: string + maxLength: 50 + minLength: 1 + description: The supported object type or content type of the data source. + InclusionFilters: + $ref: '#/components/schemas/FilterList' + ExclusionFilters: + $ref: '#/components/schemas/FilterList' + required: + - ObjectType + additionalProperties: false + FilterList: + type: array + description: A set of regular expression filter patterns for a type of object. + items: + type: string + maxLength: 1000 + description: A list of one or more inclusion/exclusion regular expression patterns to include certain object types that adhere to the pattern. If you specify an inclusion and exclusion filter/pattern and both match a document, the exclusion filter takes precedence and the document isn't crawled. + maxItems: 25 + minItems: 1 + x-insertionOrder: false + DataSource: + type: object + properties: + DataSourceConfiguration: + $ref: '#/components/schemas/DataSourceConfiguration' + DataSourceId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a resource. + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + KnowledgeBaseId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: The unique identifier of the knowledge base to which to add the data source. + DataSourceStatus: + $ref: '#/components/schemas/DataSourceStatus' Name: type: string pattern: ^([0-9a-zA-Z][_-]?){1,100}$ @@ -1191,7 +1897,9 @@ components: - DataSourceId x-create-only-properties: - KnowledgeBaseId - - VectorIngestionConfiguration + - VectorIngestionConfiguration/ChunkingConfiguration + - VectorIngestionConfiguration/ParsingConfiguration + - DataSourceConfiguration/Type x-read-only-properties: - DataSourceId - DataSourceStatus @@ -1204,7 +1912,7 @@ components: - KnowledgeBaseId x-tagging: taggable: false - cloudFormationSystemTags: true + cloudFormationSystemTags: false x-required-permissions: create: - bedrock:CreateDataSource @@ -1220,1372 +1928,3406 @@ components: - bedrock:DeleteDataSource list: - bedrock:ListDataSources - ContentFilter: + ConditionFlowNodeConfiguration: type: object - description: Content filter in content policy. + description: Condition flow node configuration properties: - Type: - $ref: '#/components/schemas/ContentFilterType' - InputStrength: - $ref: '#/components/schemas/FilterStrength' - OutputStrength: - $ref: '#/components/schemas/FilterStrength' + Conditions: + type: array + items: + $ref: '#/components/schemas/FlowCondition' + maxItems: 5 + minItems: 1 + description: List of conditions in a condition node + x-insertionOrder: true required: - - InputStrength - - OutputStrength - - Type + - Conditions additionalProperties: false - ContentFilterConfig: + FlowCondition: type: object - description: Content filter config in content policy. + description: Condition branch for a condition node properties: - Type: - $ref: '#/components/schemas/ContentFilterType' - InputStrength: - $ref: '#/components/schemas/FilterStrength' - OutputStrength: - $ref: '#/components/schemas/FilterStrength' + Name: + type: string + pattern: ^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$ + description: Name of a condition in a flow + Expression: + type: string + maxLength: 64 + minLength: 1 + description: Expression for a condition in a flow required: - - InputStrength - - OutputStrength - - Type + - Name additionalProperties: false - ContentFilterType: - type: string - description: Type of filter in content policy - enum: - - SEXUAL - - VIOLENCE - - HATE - - INSULTS - - MISCONDUCT - - PROMPT_ATTACK - ContentPolicyConfig: + FlowConditionalConnectionConfiguration: type: object - description: Content policy config for a guardrail. + description: Conditional connection configuration properties: - FiltersConfig: - type: array - items: - $ref: '#/components/schemas/ContentFilterConfig' - maxItems: 6 - minItems: 1 - description: List of content filter configs in content policy. + Condition: + type: string + pattern: ^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$ + description: Name of a condition in a flow required: - - FiltersConfig + - Condition additionalProperties: false - FilterStrength: - type: string - description: Strength for filters - enum: - - NONE - - LOW - - MEDIUM - - HIGH - GuardrailStatus: - type: string - description: Status of the guardrail - enum: - - CREATING - - UPDATING - - VERSIONING - - READY - - FAILED - - DELETING - ManagedWords: + FlowConnection: type: object - description: A managed words definition. + description: Flow connection properties: Type: - $ref: '#/components/schemas/ManagedWordsType' + $ref: '#/components/schemas/FlowConnectionType' + Name: + type: string + pattern: ^[a-zA-Z]([_]?[0-9a-zA-Z]){1,100}$ + description: Name of a connection in a flow + Source: + type: string + pattern: ^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$ + description: Name of a node in a flow + Target: + type: string + pattern: ^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$ + description: Name of a node in a flow + Configuration: + $ref: '#/components/schemas/FlowConnectionConfiguration' required: + - Name + - Source + - Target - Type additionalProperties: false - ManagedWordsConfig: + FlowConnectionConfiguration: + description: Connection configuration + oneOf: + - type: object + title: Data + properties: + Data: + $ref: '#/components/schemas/FlowDataConnectionConfiguration' + required: + - Data + additionalProperties: false + - type: object + title: Conditional + properties: + Conditional: + $ref: '#/components/schemas/FlowConditionalConnectionConfiguration' + required: + - Conditional + additionalProperties: false + FlowConnectionType: + type: string + description: Connection type + enum: + - Data + - Conditional + FlowDataConnectionConfiguration: type: object - description: A managed words config. + description: Data connection configuration properties: - Type: - $ref: '#/components/schemas/ManagedWordsType' + SourceOutput: + type: string + pattern: ^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$ + description: Name of a node output in a flow + TargetInput: + type: string + pattern: ^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$ + description: Name of a node input in a flow required: - - Type + - SourceOutput + - TargetInput additionalProperties: false - ManagedWordsType: - type: string - description: Options for managed words. - enum: - - PROFANITY - PiiEntity: + FlowDefinition: type: object - description: Entity name and behavior. + description: Flow definition properties: - Type: - $ref: '#/components/schemas/PiiEntityType' - Action: - $ref: '#/components/schemas/SensitiveInformationAction' - required: - - Action - - Type + Nodes: + type: array + items: + $ref: '#/components/schemas/FlowNode' + maxItems: 20 + description: List of nodes in a flow + x-insertionOrder: true + Connections: + type: array + items: + $ref: '#/components/schemas/FlowConnection' + maxItems: 20 + description: List of connections + x-insertionOrder: true additionalProperties: false - PiiEntityConfig: + FlowValidation: type: object - description: Pii entity configuration. + description: Validation for Flow + properties: + Message: + type: string + description: validation message + additionalProperties: false + required: + - Message + FlowValidations: + type: array + description: List of flow validations + items: + $ref: '#/components/schemas/FlowValidation' + x-insertionOrder: false + FlowNode: + type: object + description: Internal mixin for flow node properties: + Name: + type: string + pattern: ^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$ + description: Name of a node in a flow Type: - $ref: '#/components/schemas/PiiEntityType' - Action: - $ref: '#/components/schemas/SensitiveInformationAction' + $ref: '#/components/schemas/FlowNodeType' + Configuration: + $ref: '#/components/schemas/FlowNodeConfiguration' + Inputs: + type: array + items: + $ref: '#/components/schemas/FlowNodeInput' + maxItems: 5 + description: List of node inputs in a flow + x-insertionOrder: true + Outputs: + type: array + items: + $ref: '#/components/schemas/FlowNodeOutput' + maxItems: 5 + description: List of node outputs in a flow + x-insertionOrder: true required: - - Action + - Name - Type additionalProperties: false - PiiEntityType: - type: string - description: The currently supported PII entities - enum: - - ADDRESS - - AGE - - AWS_ACCESS_KEY - - AWS_SECRET_KEY - - CA_HEALTH_NUMBER - - CA_SOCIAL_INSURANCE_NUMBER - - CREDIT_DEBIT_CARD_CVV - - CREDIT_DEBIT_CARD_EXPIRY - - CREDIT_DEBIT_CARD_NUMBER - - DRIVER_ID - - EMAIL - - INTERNATIONAL_BANK_ACCOUNT_NUMBER - - IP_ADDRESS - - LICENSE_PLATE - - MAC_ADDRESS - - NAME - - PASSWORD - - PHONE - - PIN - - SWIFT_CODE - - UK_NATIONAL_HEALTH_SERVICE_NUMBER - - UK_NATIONAL_INSURANCE_NUMBER - - UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER - - URL - - USERNAME - - US_BANK_ACCOUNT_NUMBER - - US_BANK_ROUTING_NUMBER - - US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER - - US_PASSPORT_NUMBER - - US_SOCIAL_SECURITY_NUMBER - - VEHICLE_IDENTIFICATION_NUMBER - RegexConfig: + FlowNodeConfiguration: + description: Node configuration in a flow + oneOf: + - type: object + title: Input + properties: + Input: + $ref: '#/components/schemas/InputFlowNodeConfiguration' + required: + - Input + additionalProperties: false + - type: object + title: Output + properties: + Output: + $ref: '#/components/schemas/OutputFlowNodeConfiguration' + required: + - Output + additionalProperties: false + - type: object + title: KnowledgeBase + properties: + KnowledgeBase: + $ref: '#/components/schemas/KnowledgeBaseFlowNodeConfiguration' + required: + - KnowledgeBase + additionalProperties: false + - type: object + title: Condition + properties: + Condition: + $ref: '#/components/schemas/ConditionFlowNodeConfiguration' + required: + - Condition + additionalProperties: false + - type: object + title: Lex + properties: + Lex: + $ref: '#/components/schemas/LexFlowNodeConfiguration' + required: + - Lex + additionalProperties: false + - type: object + title: Prompt + properties: + Prompt: + $ref: '#/components/schemas/PromptFlowNodeConfiguration' + required: + - Prompt + additionalProperties: false + - type: object + title: LambdaFunction + properties: + LambdaFunction: + $ref: '#/components/schemas/LambdaFunctionFlowNodeConfiguration' + required: + - LambdaFunction + additionalProperties: false + - type: object + title: Agent + properties: + Agent: + $ref: '#/components/schemas/AgentFlowNodeConfiguration' + required: + - Agent + additionalProperties: false + - type: object + title: Storage + properties: + Storage: + $ref: '#/components/schemas/StorageFlowNodeConfiguration' + required: + - Storage + additionalProperties: false + - type: object + title: Retrieval + properties: + Retrieval: + $ref: '#/components/schemas/RetrievalFlowNodeConfiguration' + required: + - Retrieval + additionalProperties: false + - type: object + title: Iterator + properties: + Iterator: + $ref: '#/components/schemas/IteratorFlowNodeConfiguration' + required: + - Iterator + additionalProperties: false + - type: object + title: Collector + properties: + Collector: + $ref: '#/components/schemas/CollectorFlowNodeConfiguration' + required: + - Collector + additionalProperties: false + FlowNodeIODataType: + type: string + description: Type of input/output for a node in a flow + enum: + - String + - Number + - Boolean + - Object + - Array + FlowNodeInput: type: object - description: A regex configuration. + description: Input to a node in a flow properties: Name: type: string - maxLength: 100 - minLength: 1 - description: The regex name. - Description: + pattern: ^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$ + description: Name of a node input in a flow + Type: + $ref: '#/components/schemas/FlowNodeIODataType' + Expression: type: string - maxLength: 1000 + maxLength: 64 minLength: 1 - description: The regex description. - Pattern: + description: Expression for a node input in a flow + required: + - Expression + - Name + - Type + additionalProperties: false + FlowNodeOutput: + type: object + description: Output of a node in a flow + properties: + Name: type: string - minLength: 1 - description: The regex pattern. - Action: - $ref: '#/components/schemas/SensitiveInformationAction' + pattern: ^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$ + description: Name of a node output in a flow + Type: + $ref: '#/components/schemas/FlowNodeIODataType' required: - - Action - Name - - Pattern + - Type additionalProperties: false - SensitiveInformationAction: + FlowNodeType: type: string - description: Options for sensitive information action. + description: Flow node types enum: - - BLOCK - - ANONYMIZE - SensitiveInformationPolicyConfig: + - Input + - Output + - KnowledgeBase + - Condition + - Lex + - Prompt + - LambdaFunction + - Agent + - Iterator + - Collector + - Storage + - Retrieval + FlowStatus: + type: string + description: Schema Type for Flow APIs + enum: + - Failed + - Prepared + - Preparing + - NotPrepared + InputFlowNodeConfiguration: type: object - description: Sensitive information policy config for a guardrail. - properties: - PiiEntitiesConfig: - type: array - items: - $ref: '#/components/schemas/PiiEntityConfig' - minItems: 1 - uniqueItems: true - description: List of entities. - RegexesConfig: - type: array - items: - $ref: '#/components/schemas/RegexConfig' - minItems: 1 - description: List of regex. + description: Input flow node configuration additionalProperties: false - Tag: + AgentFlowNodeConfiguration: type: object - description: Definition of the key/value pair for a tag + description: Agent flow node configuration properties: - Key: - type: string - maxLength: 128 - minLength: 1 - pattern: ^[a-zA-Z0-9\s._:/=+@-]*$ - description: Tag Key - Value: + AgentAliasArn: type: string - maxLength: 256 - minLength: 0 - pattern: ^[a-zA-Z0-9\s._:/=+@-]*$ - description: Tag Value + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}$ + description: Arn representation of the Agent Alias. required: - - Key - - Value + - AgentAliasArn additionalProperties: false - Topic: + KnowledgeBaseFlowNodeConfiguration: type: object - description: Topic in topic policy. + description: Knowledge base flow node configuration properties: - Name: + KnowledgeBaseId: type: string - maxLength: 100 - minLength: 1 - pattern: ^[0-9a-zA-Z-_ !?.]+$ - description: Name of topic in topic policy - Definition: + maxLength: 10 + pattern: ^[0-9a-zA-Z]+$ + description: Identifier of the KnowledgeBase + ModelId: type: string - maxLength: 200 + maxLength: 2048 minLength: 1 - description: Definition of topic in topic policy - Examples: - type: array - items: - type: string - maxLength: 100 - minLength: 1 - description: Text example in topic policy - minItems: 0 - description: List of text examples - Type: - $ref: '#/components/schemas/TopicType' + pattern: ^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$ + description: ARN or Id of a Bedrock Foundational Model or Inference Profile, or the ARN of a imported model, or a provisioned throughput ARN for custom models. + GuardrailConfiguration: + $ref: '#/components/schemas/GuardrailConfiguration' required: - - Definition - - Name - - Type + - KnowledgeBaseId additionalProperties: false - TopicConfig: + LambdaFunctionFlowNodeConfiguration: type: object - description: Topic config in topic policy. + description: Lambda function flow node configuration properties: - Name: + LambdaArn: type: string - maxLength: 100 - minLength: 1 - pattern: ^[0-9a-zA-Z-_ !?.]+$ - description: Name of topic in topic policy - Definition: + maxLength: 2048 + pattern: ^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\d{1}:\d{12}:function:[a-zA-Z0-9-_\.]+(:(\$LATEST|[a-zA-Z0-9-_]+))?$ + description: ARN of a Lambda. + required: + - LambdaArn + additionalProperties: false + LexFlowNodeConfiguration: + type: object + description: Lex flow node configuration + properties: + BotAliasArn: type: string - maxLength: 200 + maxLength: 78 + pattern: ^arn:aws(|-us-gov):lex:[a-z]{2}(-gov)?-[a-z]+-\d{1}:\d{12}:bot-alias/[0-9a-zA-Z]+/[0-9a-zA-Z]+$ + description: ARN of a Lex bot alias + LocaleId: + type: string + maxLength: 10 minLength: 1 - description: Definition of topic in topic policy - Examples: - type: array - items: - type: string - maxLength: 100 - minLength: 1 - description: Text example in topic policy - minItems: 0 - description: List of text examples - Type: - $ref: '#/components/schemas/TopicType' + description: Lex bot locale id required: - - Definition - - Name - - Type + - BotAliasArn + - LocaleId additionalProperties: false - TopicPolicyConfig: + OutputFlowNodeConfiguration: type: object - description: Topic policy config for a guardrail. + description: Output flow node configuration + additionalProperties: false + IteratorFlowNodeConfiguration: + type: object + description: Iterator flow node configuration + additionalProperties: false + CollectorFlowNodeConfiguration: + type: object + description: Collector flow node configuration + additionalProperties: false + PromptFlowNodeConfiguration: + type: object + description: Prompt flow node configuration properties: - TopicsConfig: - type: array - items: - $ref: '#/components/schemas/TopicConfig' - minItems: 1 - description: List of topic configs in topic policy. + SourceConfiguration: + $ref: '#/components/schemas/PromptFlowNodeSourceConfiguration' + GuardrailConfiguration: + $ref: '#/components/schemas/GuardrailConfiguration' required: - - TopicsConfig + - SourceConfiguration additionalProperties: false - TopicType: - type: string - description: Type of topic in a policy - enum: - - DENY - WordConfig: + StorageFlowNodeConfiguration: type: object - description: A custom word config. + description: Storage flow node configuration properties: - Text: - type: string - minLength: 1 - description: The custom word text. + ServiceConfiguration: + $ref: '#/components/schemas/StorageFlowNodeServiceConfiguration' required: - - Text + - ServiceConfiguration additionalProperties: false - WordPolicyConfig: + RetrievalFlowNodeConfiguration: type: object - description: Word policy config for a guardrail. + description: Retrieval flow node configuration properties: - WordsConfig: - type: array - items: - $ref: '#/components/schemas/WordConfig' - minItems: 1 - description: List of custom word configs. - ManagedWordListsConfig: - type: array - items: - $ref: '#/components/schemas/ManagedWordsConfig' - description: A config for the list of managed words. + ServiceConfiguration: + $ref: '#/components/schemas/RetrievalFlowNodeServiceConfiguration' + required: + - ServiceConfiguration additionalProperties: false - Guardrail: + PromptFlowNodeInlineConfiguration: type: object + description: Inline prompt configuration for prompt node properties: - BlockedInputMessaging: + TemplateType: + $ref: '#/components/schemas/PromptTemplateType' + TemplateConfiguration: + $ref: '#/components/schemas/PromptTemplateConfiguration' + ModelId: type: string - maxLength: 500 + maxLength: 2048 minLength: 1 - description: Messaging for when violations are detected in text - BlockedOutputsMessaging: - type: string - maxLength: 500 + pattern: ^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$ + description: ARN or Id of a Bedrock Foundational Model or Inference Profile, or the ARN of a imported model, or a provisioned throughput ARN for custom models. + InferenceConfiguration: + $ref: '#/components/schemas/PromptInferenceConfiguration' + required: + - ModelId + - TemplateConfiguration + - TemplateType + additionalProperties: false + PromptFlowNodeResourceConfiguration: + type: object + description: Resource prompt configuration for prompt node + properties: + PromptArn: + type: string + pattern: ^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10}(?::[0-9]{1,5})?)$ + description: ARN of a prompt resource possibly with a version + required: + - PromptArn + additionalProperties: false + PromptFlowNodeSourceConfiguration: + description: Prompt source configuration for prompt node + oneOf: + - type: object + title: Resource + properties: + Resource: + $ref: '#/components/schemas/PromptFlowNodeResourceConfiguration' + required: + - Resource + additionalProperties: false + - type: object + title: Inline + properties: + Inline: + $ref: '#/components/schemas/PromptFlowNodeInlineConfiguration' + required: + - Inline + additionalProperties: false + StorageFlowNodeServiceConfiguration: + description: storage service configuration for storage node + oneOf: + - type: object + title: S3 + properties: + S3: + $ref: '#/components/schemas/StorageFlowNodeS3Configuration' + additionalProperties: false + StorageFlowNodeS3Configuration: + type: object + description: s3 storage configuration for storage node + properties: + BucketName: + type: string + pattern: ^[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9]$ + description: bucket name of an s3 that will be used for storage flow node configuration + required: + - BucketName + additionalProperties: false + RetrievalFlowNodeServiceConfiguration: + description: Retrieval service configuration for Retrieval node + oneOf: + - type: object + title: S3 + properties: + S3: + $ref: '#/components/schemas/RetrievalFlowNodeS3Configuration' + additionalProperties: false + RetrievalFlowNodeS3Configuration: + type: object + description: s3 Retrieval configuration for Retrieval node + properties: + BucketName: + type: string + pattern: ^[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9]$ + description: bucket name of an s3 that will be used for Retrieval flow node configuration + required: + - BucketName + additionalProperties: false + PromptInferenceConfiguration: + description: Model inference configuration + oneOf: + - type: object + title: Text + properties: + Text: + $ref: '#/components/schemas/PromptModelInferenceConfiguration' + required: + - Text + additionalProperties: false + PromptInputVariable: + type: object + description: Input variable + properties: + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for an input variable + additionalProperties: false + PromptModelInferenceConfiguration: + type: object + description: Prompt model inference configuration + properties: + Temperature: + type: number + maximum: 1 + minimum: 0 + description: Controls randomness, higher values increase diversity + TopP: + type: number + maximum: 1 + minimum: 0 + description: Cumulative probability cutoff for token selection + MaxTokens: + type: number + maximum: 4096 + minimum: 0 + description: Maximum length of output + StopSequences: + type: array + items: + type: string + maxItems: 4 + minItems: 0 + description: List of stop sequences + x-insertionOrder: true + additionalProperties: false + PromptTemplateConfiguration: + description: Prompt template configuration + oneOf: + - type: object + title: Text + properties: + Text: + $ref: '#/components/schemas/TextPromptTemplateConfiguration' + required: + - Text + additionalProperties: false + PromptTemplateType: + type: string + description: Prompt template type + enum: + - TEXT + DefinitionSubstitutions: + type: object + description: When supplied with DefinitionString or DefinitionS3Location, substrings in the definition matching ${keyname} will be replaced with the associated value from this map + additionalProperties: false + x-patternProperties: + ^[a-zA-Z0-9]+$: + anyOf: + - type: string + - type: integer + - type: boolean + minProperties: 1 + maxProperties: 500 + TextPromptTemplateConfiguration: + type: object + description: Configuration for text prompt template + properties: + Text: + type: string + maxLength: 200000 minLength: 1 - description: Messaging for when violations are detected in text - ContentPolicyConfig: - $ref: '#/components/schemas/ContentPolicyConfig' + description: Prompt content for String prompt template + InputVariables: + type: array + items: + $ref: '#/components/schemas/PromptInputVariable' + maxItems: 5 + minItems: 0 + description: List of input variables + x-insertionOrder: true + required: + - Text + additionalProperties: false + Flow: + type: object + properties: + Arn: + type: string + maxLength: 1011 + minLength: 20 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}$ + description: Arn representation of the Flow CreatedAt: type: string - description: Time Stamp + description: Time Stamp. format: date-time + Definition: + $ref: '#/components/schemas/FlowDefinition' + DefinitionString: + type: string + description: A JSON string containing a Definition with the same schema as the Definition property of this resource + maxLength: 512000 + DefinitionS3Location: + $ref: '#/components/schemas/S3Location' + DefinitionSubstitutions: + $ref: '#/components/schemas/DefinitionSubstitutions' Description: type: string maxLength: 200 minLength: 1 - description: Description of the guardrail or its version - FailureRecommendations: - type: array - items: - type: string - maxLength: 200 - minLength: 1 - description: Recommendation for guardrail failure status - maxItems: 100 - description: List of failure recommendations - GuardrailArn: + description: Description of the flow + ExecutionRoleArn: type: string maxLength: 2048 - pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+$ - description: Arn representation for the guardrail - GuardrailId: - type: string - maxLength: 64 - pattern: ^[a-z0-9]+$ - description: Unique id for the guardrail - KmsKeyArn: + pattern: ^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/(service-role/)?.+$ + description: ARN of a IAM role + Id: type: string - maxLength: 2048 - minLength: 1 - pattern: ^arn:aws(-[^:]+)?:kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ - description: The KMS key with which the guardrail was encrypted at rest + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a Flow Name: type: string - maxLength: 50 - minLength: 1 - pattern: ^[0-9a-zA-Z-_]+$ - description: Name of the guardrail - SensitiveInformationPolicyConfig: - $ref: '#/components/schemas/SensitiveInformationPolicyConfig' + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for the flow Status: - $ref: '#/components/schemas/GuardrailStatus' - StatusReasons: - type: array - items: - type: string - maxLength: 200 - minLength: 1 - description: Reason for guardrail status - maxItems: 100 - description: List of status reasons - Tags: - type: array - items: - $ref: '#/components/schemas/Tag' - maxItems: 200 - minItems: 0 - description: List of Tags - TopicPolicyConfig: - $ref: '#/components/schemas/TopicPolicyConfig' + $ref: '#/components/schemas/FlowStatus' UpdatedAt: type: string - description: Time Stamp + description: Time Stamp. format: date-time + CustomerEncryptionKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: A KMS key ARN + Validations: + $ref: '#/components/schemas/FlowValidations' Version: type: string - pattern: ^(([1-9][0-9]{0,7})|(DRAFT))$ - description: Guardrail version - WordPolicyConfig: - $ref: '#/components/schemas/WordPolicyConfig' + maxLength: 5 + minLength: 5 + pattern: ^DRAFT$ + description: Draft Version. + Tags: + $ref: '#/components/schemas/TagsMap' + TestAliasTags: + $ref: '#/components/schemas/TagsMap' required: + - ExecutionRoleArn - Name - - BlockedInputMessaging - - BlockedOutputsMessaging - x-stackql-resource-name: guardrail - description: Definition of AWS::Bedrock::Guardrail Resource Type - x-type-name: AWS::Bedrock::Guardrail + x-stackql-resource-name: flow + description: Definition of AWS::Bedrock::Flow Resource Type + x-type-name: AWS::Bedrock::Flow x-stackql-primary-identifier: - - GuardrailArn + - Arn + x-stackql-additional-identifiers: + - - Id + x-write-only-properties: + - DefinitionString + - DefinitionS3Location + - DefinitionSubstitutions x-read-only-properties: + - Arn - CreatedAt - - FailureRecommendations - - GuardrailArn - - GuardrailId + - Id - Status - - StatusReasons - UpdatedAt - Version + - Validations x-required-properties: + - ExecutionRoleArn - Name - - BlockedInputMessaging - - BlockedOutputsMessaging x-tagging: cloudFormationSystemTags: false tagOnCreate: true tagProperty: /properties/Tags tagUpdatable: true taggable: true + permissions: + - bedrock:TagResource + - bedrock:UntagResource + - bedrock:ListTagsForResource x-required-permissions: create: - - bedrock:CreateGuardrail - - bedrock:GetGuardrail - - kms:DescribeKey - - kms:CreateGrant - - kms:GenerateDataKey - - kms:Decrypt + - bedrock:CreateFlow + - bedrock:GetFlow + - bedrock:PrepareFlow + - iam:PassRole + - s3:GetObject + - s3:GetObjectVersion - bedrock:TagResource - bedrock:ListTagsForResource - read: - - bedrock:GetGuardrail + - kms:GenerateDataKey - kms:Decrypt - - bedrock:ListTagsForResource - update: - - bedrock:UpdateGuardrail + - bedrock:CreateGuardrail + - bedrock:CreateGuardrailVersion - bedrock:GetGuardrail + read: + - bedrock:GetFlow - bedrock:ListTagsForResource + - kms:Decrypt + - bedrock:GetGuardrail + update: + - bedrock:UpdateFlow + - bedrock:GetFlow + - bedrock:PrepareFlow + - iam:PassRole + - s3:GetObject + - s3:GetObjectVersion - bedrock:TagResource - bedrock:UntagResource - - kms:DescribeKey - - kms:CreateGrant + - bedrock:ListTagsForResource - kms:GenerateDataKey - kms:Decrypt + - bedrock:UpdateGuardrail + - bedrock:GetGuardrail delete: + - bedrock:DeleteFlow + - bedrock:GetFlow - bedrock:DeleteGuardrail - bedrock:GetGuardrail - - kms:Decrypt - - kms:RetireGrant list: + - bedrock:ListFlows - bedrock:ListGuardrails - GuardrailVersion: + FlowAliasRoutingConfigurationListItem: type: object + description: Details about the routing configuration for a Flow alias. properties: - Description: + FlowVersion: type: string - maxLength: 200 + maxLength: 5 minLength: 1 - description: Description of the Guardrail version - GuardrailArn: + pattern: ^(DRAFT|[0-9]{0,4}[1-9][0-9]{0,4})$ + description: Version. + additionalProperties: false + FlowAlias: + type: object + properties: + Arn: type: string maxLength: 2048 - pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+$ - description: Arn representation for the guardrail - GuardrailId: - type: string - maxLength: 64 - pattern: ^[a-z0-9]+$ - description: Unique id for the guardrail - GuardrailIdentifier: + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}/alias/[0-9a-zA-Z]{10}$ + description: Arn of the Flow Alias + FlowArn: type: string maxLength: 2048 - pattern: ^(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))$ - description: Identifier (GuardrailId or GuardrailArn) for the guardrail - Version: + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}$ + description: Arn representation of the Flow + CreatedAt: type: string - pattern: ^[1-9][0-9]{0,7}$ - description: Guardrail version - required: - - GuardrailIdentifier - x-stackql-resource-name: guardrail_version - description: Definition of AWS::Bedrock::GuardrailVersion Resource Type - x-type-name: AWS::Bedrock::GuardrailVersion - x-stackql-primary-identifier: - - GuardrailId - - Version - x-create-only-properties: - - Description - - GuardrailIdentifier - x-write-only-properties: - - GuardrailIdentifier + description: Time Stamp. + format: date-time + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + FlowId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a flow resource. + Id: + type: string + maxLength: 10 + minLength: 10 + pattern: ^(\bTSTALIASID\b|[0-9a-zA-Z]+)$ + description: Id for a Flow Alias generated at the server side. + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a resource. + RoutingConfiguration: + type: array + items: + $ref: '#/components/schemas/FlowAliasRoutingConfigurationListItem' + maxItems: 1 + minItems: 1 + description: Routing configuration for a Flow alias. + x-insertionOrder: true + UpdatedAt: + type: string + description: Time Stamp. + format: date-time + Tags: + $ref: '#/components/schemas/TagsMap' + required: + - Name + - FlowArn + - RoutingConfiguration + x-stackql-resource-name: flow_alias + description: Definition of AWS::Bedrock::FlowAlias Resource Type + x-type-name: AWS::Bedrock::FlowAlias + x-stackql-primary-identifier: + - Arn + - FlowArn + x-create-only-properties: + - FlowArn x-read-only-properties: - - GuardrailArn - - GuardrailId + - Arn + - CreatedAt + - FlowId + - Id + - UpdatedAt + x-required-properties: + - Name + - FlowArn + - RoutingConfiguration + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + permissions: + - bedrock:TagResource + - bedrock:UntagResource + - bedrock:ListTagsForResource + x-required-permissions: + create: + - bedrock:CreateFlowAlias + - bedrock:GetFlowAlias + - bedrock:TagResource + - bedrock:ListTagsForResource + read: + - bedrock:GetFlowAlias + - bedrock:ListTagsForResource + update: + - bedrock:UpdateFlowAlias + - bedrock:GetFlowAlias + - bedrock:TagResource + - bedrock:UntagResource + - bedrock:ListTagsForResource + delete: + - bedrock:DeleteFlowAlias + list: + - bedrock:ListFlowAliases + FlowVersion: + type: object + properties: + FlowArn: + type: string + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}$ + description: Arn representation of the Flow + CreatedAt: + type: string + description: Time Stamp. + format: date-time + Definition: + $ref: '#/components/schemas/FlowDefinition' + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the flow version + ExecutionRoleArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/(service-role/)?.+$ + description: ARN of a IAM role + FlowId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a Flow + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for the flow + Status: + $ref: '#/components/schemas/FlowStatus' + Version: + type: string + pattern: ^[0-9]{1,5}$ + description: Numerical Version. + CustomerEncryptionKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: A KMS key ARN + required: + - FlowArn + x-stackql-resource-name: flow_version + description: Definition of AWS::Bedrock::FlowVersion Resource Type + x-type-name: AWS::Bedrock::FlowVersion + x-stackql-primary-identifier: + - FlowArn + - Version + x-create-only-properties: + - Description + - FlowArn + x-read-only-properties: + - CreatedAt + - Definition + - ExecutionRoleArn + - FlowId + - Name + - Status - Version + - CustomerEncryptionKeyArn x-required-properties: - - GuardrailIdentifier + - FlowArn x-tagging: taggable: false x-required-permissions: create: + - bedrock:CreateFlowVersion + - bedrock:GetFlowVersion + - kms:GenerateDataKey + - kms:Decrypt + - bedrock:CreateGuardrail - bedrock:CreateGuardrailVersion - bedrock:GetGuardrail - - kms:CreateGrant - - kms:Decrypt read: - - bedrock:GetGuardrail + - bedrock:GetFlowVersion - kms:Decrypt + - bedrock:GetGuardrail delete: + - bedrock:DeleteFlowVersion + - bedrock:GetFlowVersion - bedrock:DeleteGuardrail - bedrock:GetGuardrail - - kms:RetireGrant - KnowledgeBaseConfiguration: + list: + - bedrock:ListFlowVersions + - bedrock:ListGuardrails + update: + - noservice:NoAction + ContentFilter: type: object - description: Contains details about the embeddings model used for the knowledge base. + description: Content filter in content policy. properties: Type: - $ref: '#/components/schemas/KnowledgeBaseType' - VectorKnowledgeBaseConfiguration: - $ref: '#/components/schemas/VectorKnowledgeBaseConfiguration' + $ref: '#/components/schemas/ContentFilterType' + InputStrength: + $ref: '#/components/schemas/FilterStrength' + OutputStrength: + $ref: '#/components/schemas/FilterStrength' required: + - InputStrength + - OutputStrength - Type - - VectorKnowledgeBaseConfiguration additionalProperties: false - KnowledgeBaseStatus: - type: string - description: The status of a knowledge base. - enum: - - CREATING - - ACTIVE - - DELETING - - UPDATING - - FAILED - - DELETE_UNSUCCESSFUL - KnowledgeBaseStorageType: - type: string - description: The storage type of a knowledge base. - enum: - - OPENSEARCH_SERVERLESS - - PINECONE - - RDS - KnowledgeBaseType: - type: string - description: The type of a knowledge base. - enum: - - VECTOR - OpenSearchServerlessConfiguration: + ContentFilterConfig: type: object - description: Contains the storage configuration of the knowledge base in Amazon OpenSearch Service. + description: Content filter config in content policy. properties: - CollectionArn: - type: string - maxLength: 2048 - pattern: ^arn:aws:aoss:[a-z]{2}(-gov)?-[a-z]+-\d{1}:\d{12}:collection/[a-z0-9-]{3,32}$ - description: The ARN of the OpenSearch Service vector store. - VectorIndexName: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The name of the vector store. - FieldMapping: - $ref: '#/components/schemas/OpenSearchServerlessFieldMapping' + Type: + $ref: '#/components/schemas/ContentFilterType' + InputStrength: + $ref: '#/components/schemas/FilterStrength' + OutputStrength: + $ref: '#/components/schemas/FilterStrength' required: - - CollectionArn - - FieldMapping - - VectorIndexName + - InputStrength + - OutputStrength + - Type additionalProperties: false - OpenSearchServerlessFieldMapping: + ContentFilterType: + type: string + description: Type of filter in content policy + enum: + - SEXUAL + - VIOLENCE + - HATE + - INSULTS + - MISCONDUCT + - PROMPT_ATTACK + ContentPolicyConfig: type: object - description: A mapping of Bedrock Knowledge Base fields to OpenSearch Serverless field names + description: Content policy config for a guardrail. properties: - VectorField: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. - TextField: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. - MetadataField: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The name of the field in which Amazon Bedrock stores metadata about the vector store. + FiltersConfig: + type: array + items: + $ref: '#/components/schemas/ContentFilterConfig' + maxItems: 6 + minItems: 1 + description: List of content filter configs in content policy. required: - - MetadataField - - TextField - - VectorField + - FiltersConfig additionalProperties: false - PineconeConfiguration: + ContextualGroundingFilterConfig: type: object - description: Contains the storage configuration of the knowledge base in Pinecone. + description: A config for grounding filter. properties: - ConnectionString: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The endpoint URL for your index management page. - CredentialsSecretArn: - type: string - pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ - description: The ARN of the secret that you created in AWS Secrets Manager that is linked to your Pinecone API key. - Namespace: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The namespace to be used to write new data to your database. - FieldMapping: - $ref: '#/components/schemas/PineconeFieldMapping' + Type: + $ref: '#/components/schemas/ContextualGroundingFilterType' + Threshold: + type: number + minimum: 0 + description: The threshold for this filter. required: - - ConnectionString - - CredentialsSecretArn - - FieldMapping + - Threshold + - Type additionalProperties: false - PineconeFieldMapping: + ContextualGroundingFilterType: + type: string + description: Type of contextual grounding filter + enum: + - GROUNDING + - RELEVANCE + ContextualGroundingPolicyConfig: type: object - description: Contains the names of the fields to which to map information about the vector store. + description: Contextual grounding policy config for a guardrail. properties: - TextField: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. - MetadataField: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The name of the field in which Amazon Bedrock stores metadata about the vector store. - required: - - MetadataField - - TextField - additionalProperties: false - RdsConfiguration: - type: object - description: Contains details about the storage configuration of the knowledge base in Amazon RDS. For more information, see Create a vector index in Amazon RDS. - properties: - ResourceArn: - type: string - pattern: ^arn:aws(|-cn|-us-gov):rds:[a-zA-Z0-9-]*:[0-9]{12}:cluster:[a-zA-Z0-9-]{1,63}$ - description: The ARN of the vector store. - CredentialsSecretArn: - type: string - pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ - description: The ARN of the secret that you created in AWS Secrets Manager that is linked to your Amazon RDS database. - DatabaseName: - type: string - maxLength: 63 - pattern: ^[a-zA-Z0-9_\-]+$ - description: The name of your Amazon RDS database. - TableName: - type: string - maxLength: 63 - pattern: ^[a-zA-Z0-9_\.\-]+$ - description: The name of the table in the database. - FieldMapping: - $ref: '#/components/schemas/RdsFieldMapping' + FiltersConfig: + type: array + items: + $ref: '#/components/schemas/ContextualGroundingFilterConfig' + minItems: 1 + description: List of contextual grounding filter configs. required: - - CredentialsSecretArn - - DatabaseName - - FieldMapping - - ResourceArn - - TableName + - FiltersConfig additionalProperties: false - RdsFieldMapping: + FilterStrength: + type: string + description: Strength for filters + enum: + - NONE + - LOW + - MEDIUM + - HIGH + GuardrailStatus: + type: string + description: Status of the guardrail + enum: + - CREATING + - UPDATING + - VERSIONING + - READY + - FAILED + - DELETING + ManagedWords: type: object - description: Contains the names of the fields to which to map information about the vector store. + description: A managed words definition. properties: - PrimaryKeyField: - type: string - maxLength: 63 - pattern: ^[a-zA-Z0-9_\-]+$ - description: The name of the field in which Amazon Bedrock stores the ID for each entry. - VectorField: - type: string - maxLength: 63 - pattern: ^[a-zA-Z0-9_\-]+$ - description: The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. - TextField: - type: string - maxLength: 63 - pattern: ^[a-zA-Z0-9_\-]+$ - description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. - MetadataField: - type: string - maxLength: 63 - pattern: ^[a-zA-Z0-9_\-]+$ - description: The name of the field in which Amazon Bedrock stores metadata about the vector store. + Type: + $ref: '#/components/schemas/ManagedWordsType' required: - - MetadataField - - PrimaryKeyField - - TextField - - VectorField + - Type additionalProperties: false - RedisEnterpriseCloudConfiguration: + ManagedWordsConfig: type: object - description: Contains the storage configuration of the knowledge base in Redis Enterprise Cloud. + description: A managed words config. properties: - Endpoint: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The endpoint URL of the Redis Enterprise Cloud database. - VectorIndexName: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The name of the vector index. - CredentialsSecretArn: - type: string - pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ - description: The ARN of the secret that you created in AWS Secrets Manager that is linked to your Redis Enterprise Cloud database. - FieldMapping: - $ref: '#/components/schemas/RedisEnterpriseCloudFieldMapping' + Type: + $ref: '#/components/schemas/ManagedWordsType' required: - - CredentialsSecretArn - - Endpoint - - FieldMapping - - VectorIndexName + - Type additionalProperties: false - RedisEnterpriseCloudFieldMapping: + ManagedWordsType: + type: string + description: Options for managed words. + enum: + - PROFANITY + PiiEntity: type: object - description: Contains the names of the fields to which to map information about the vector store. + description: Entity name and behavior. properties: - VectorField: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. - TextField: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. - MetadataField: - type: string - maxLength: 2048 - pattern: ^.*$ - description: The name of the field in which Amazon Bedrock stores metadata about the vector store. + Type: + $ref: '#/components/schemas/PiiEntityType' + Action: + $ref: '#/components/schemas/SensitiveInformationAction' required: - - MetadataField - - TextField - - VectorField + - Action + - Type additionalProperties: false - StorageConfiguration: + PiiEntityConfig: type: object - description: The vector store service in which the knowledge base is stored. + description: Pii entity configuration. properties: Type: - $ref: '#/components/schemas/KnowledgeBaseStorageType' - OpensearchServerlessConfiguration: - $ref: '#/components/schemas/OpenSearchServerlessConfiguration' - PineconeConfiguration: - $ref: '#/components/schemas/PineconeConfiguration' - RdsConfiguration: - $ref: '#/components/schemas/RdsConfiguration' + $ref: '#/components/schemas/PiiEntityType' + Action: + $ref: '#/components/schemas/SensitiveInformationAction' required: + - Action - Type - oneOf: - - required: - - OpensearchServerlessConfiguration - - required: - - PineconeConfiguration - - required: - - RdsConfiguration additionalProperties: false - VectorKnowledgeBaseConfiguration: + PiiEntityType: + type: string + description: The currently supported PII entities + enum: + - ADDRESS + - AGE + - AWS_ACCESS_KEY + - AWS_SECRET_KEY + - CA_HEALTH_NUMBER + - CA_SOCIAL_INSURANCE_NUMBER + - CREDIT_DEBIT_CARD_CVV + - CREDIT_DEBIT_CARD_EXPIRY + - CREDIT_DEBIT_CARD_NUMBER + - DRIVER_ID + - EMAIL + - INTERNATIONAL_BANK_ACCOUNT_NUMBER + - IP_ADDRESS + - LICENSE_PLATE + - MAC_ADDRESS + - NAME + - PASSWORD + - PHONE + - PIN + - SWIFT_CODE + - UK_NATIONAL_HEALTH_SERVICE_NUMBER + - UK_NATIONAL_INSURANCE_NUMBER + - UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER + - URL + - USERNAME + - US_BANK_ACCOUNT_NUMBER + - US_BANK_ROUTING_NUMBER + - US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER + - US_PASSPORT_NUMBER + - US_SOCIAL_SECURITY_NUMBER + - VEHICLE_IDENTIFICATION_NUMBER + RegexConfig: type: object - description: Contains details about the model used to create vector embeddings for the knowledge base. + description: A regex configuration. properties: - EmbeddingModelArn: + Name: type: string - maxLength: 1011 - minLength: 20 - pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}))$ - description: The ARN of the model used to create vector embeddings for the knowledge base. - required: - - EmbeddingModelArn - additionalProperties: false - KnowledgeBase: - type: object - properties: + maxLength: 100 + minLength: 1 + description: The regex name. Description: type: string - maxLength: 200 + maxLength: 1000 minLength: 1 - description: Description of the Resource. - KnowledgeBaseConfiguration: - $ref: '#/components/schemas/KnowledgeBaseConfiguration' - KnowledgeBaseId: - type: string - pattern: ^[0-9a-zA-Z]{10}$ - description: The unique identifier of the knowledge base. - KnowledgeBaseArn: - type: string - maxLength: 128 - minLength: 0 - pattern: ^arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:knowledge-base/[0-9a-zA-Z]+$ - description: The ARN of the knowledge base. - Name: - type: string - pattern: ^([0-9a-zA-Z][_-]?){1,100}$ - description: The name of the knowledge base. - Status: - $ref: '#/components/schemas/KnowledgeBaseStatus' - RoleArn: - type: string - maxLength: 2048 - pattern: ^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+$ - description: The ARN of the IAM role with permissions to invoke API operations on the knowledge base. The ARN must begin with AmazonBedrockExecutionRoleForKnowledgeBase_ - CreatedAt: + description: The regex description. + Pattern: type: string - description: The time at which the knowledge base was created. - FailureReasons: - type: array - items: - type: string - maxLength: 2048 - description: Failure Reason for Error. - maxItems: 2048 - description: A list of reasons that the API operation on the knowledge base failed. - x-insertionOrder: false - UpdatedAt: - type: string - description: The time at which the knowledge base was last updated. - StorageConfiguration: - $ref: '#/components/schemas/StorageConfiguration' - Tags: - $ref: '#/components/schemas/TagsMap' + minLength: 1 + description: The regex pattern. + Action: + $ref: '#/components/schemas/SensitiveInformationAction' required: - - KnowledgeBaseConfiguration - - Name - - RoleArn - - StorageConfiguration - x-stackql-resource-name: knowledge_base - description: Definition of AWS::Bedrock::KnowledgeBase Resource Type - x-type-name: AWS::Bedrock::KnowledgeBase - x-stackql-primary-identifier: - - KnowledgeBaseId - x-create-only-properties: - - StorageConfiguration - - KnowledgeBaseConfiguration - x-read-only-properties: - - KnowledgeBaseId - - KnowledgeBaseArn - - CreatedAt - - UpdatedAt - - FailureReasons - - Status - x-required-properties: - - KnowledgeBaseConfiguration + - Action - Name - - RoleArn - - StorageConfiguration - x-tagging: - cloudFormationSystemTags: true - tagOnCreate: true - tagProperty: /properties/Tags - tagUpdatable: true - taggable: true - x-required-permissions: - create: - - bedrock:CreateKnowledgeBase - - bedrock:GetKnowledgeBase - - bedrock:TagResource - - bedrock:ListTagsForResource - - bedrock:AssociateThirdPartyKnowledgeBase - - iam:PassRole - read: - - bedrock:GetKnowledgeBase - - bedrock:ListTagsForResource - update: - - bedrock:GetKnowledgeBase - - bedrock:UpdateKnowledgeBase - - bedrock:TagResource - - bedrock:UntagResource - - bedrock:ListTagsForResource - - bedrock:AssociateThirdPartyKnowledgeBase - - iam:PassRole - delete: - - bedrock:GetKnowledgeBase - - bedrock:DeleteKnowledgeBase - - bedrock:ListDataSources - list: - - bedrock:ListKnowledgeBases - CreateAgentRequest: + - Pattern + additionalProperties: false + SensitiveInformationAction: + type: string + description: Options for sensitive information action. + enum: + - BLOCK + - ANONYMIZE + SensitiveInformationPolicyConfig: + type: object + description: Sensitive information policy config for a guardrail. properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - ActionGroups: - type: array - items: - $ref: '#/components/schemas/AgentActionGroup' - description: List of ActionGroups - x-insertionOrder: false - AgentArn: - type: string - maxLength: 2048 - pattern: ^arn:aws(|-cn|-us-gov):bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent/[0-9a-zA-Z]{10}$ - description: Arn representation of the Agent. - AgentId: - type: string - pattern: ^[0-9a-zA-Z]{10}$ - description: Identifier for a resource. - AgentName: - type: string - pattern: ^([0-9a-zA-Z][_-]?){1,100}$ - description: Name for a resource. - AgentResourceRoleArn: - type: string - maxLength: 2048 - description: ARN of a IAM role. - AgentStatus: - $ref: '#/components/schemas/AgentStatus' - AgentVersion: - type: string - maxLength: 5 - minLength: 5 - pattern: ^DRAFT$ - description: Draft Agent Version. - AutoPrepare: - description: Specifies whether to automatically prepare after creating or updating the agent. - type: boolean - default: false - CreatedAt: - type: string - description: Time Stamp. - format: date-time - CustomerEncryptionKeyArn: - type: string - maxLength: 2048 - minLength: 1 - pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ - description: A KMS key ARN - SkipResourceInUseCheckOnDelete: - description: Specifies whether to allow deleting agent while it is in use. - type: boolean - default: false - Description: - type: string - maxLength: 200 - minLength: 1 - description: Description of the Resource. - FailureReasons: - type: array - items: - type: string - maxLength: 2048 - description: Failure Reason for Error. - maxItems: 2048 - description: Failure Reasons for Error. - x-insertionOrder: false - FoundationModel: - type: string - maxLength: 2048 - minLength: 1 - pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)$ - description: ARN or name of a Bedrock model. - IdleSessionTTLInSeconds: - type: number - maximum: 3600 - minimum: 60 - description: Max Session Time. - Instruction: - type: string - minLength: 40 - maxLength: 4000 - description: Instruction for the agent. - KnowledgeBases: - type: array - items: - $ref: '#/components/schemas/AgentKnowledgeBase' - description: List of Agent Knowledge Bases - x-insertionOrder: false - PreparedAt: - type: string - description: Time Stamp. - format: date-time - PromptOverrideConfiguration: - $ref: '#/components/schemas/PromptOverrideConfiguration' - RecommendedActions: - type: array - items: - type: string - maxLength: 2048 - description: The recommended action users can take to resolve an error in failureReasons. - maxItems: 2048 - description: The recommended actions users can take to resolve an error in failureReasons. - x-insertionOrder: false - Tags: - $ref: '#/components/schemas/TagsMap' - TestAliasTags: - $ref: '#/components/schemas/TagsMap' - UpdatedAt: - type: string - description: Time Stamp. - format: date-time - x-stackQL-stringOnly: true - x-title: CreateAgentRequest + PiiEntitiesConfig: + type: array + items: + $ref: '#/components/schemas/PiiEntityConfig' + minItems: 1 + uniqueItems: true + description: List of entities. + RegexesConfig: + type: array + items: + $ref: '#/components/schemas/RegexConfig' + minItems: 1 + description: List of regex. + additionalProperties: false + Topic: type: object - required: [] - CreateAgentAliasRequest: + description: Topic in topic policy. properties: - ClientToken: + Name: type: string - RoleArn: + maxLength: 100 + minLength: 1 + pattern: ^[0-9a-zA-Z-_ !?.]+$ + description: Name of topic in topic policy + Definition: type: string - TypeName: + maxLength: 200 + minLength: 1 + description: Definition of topic in topic policy + Examples: + type: array + items: + type: string + maxLength: 100 + minLength: 1 + description: Text example in topic policy + minItems: 0 + description: List of text examples + Type: + $ref: '#/components/schemas/TopicType' + required: + - Definition + - Name + - Type + additionalProperties: false + TopicConfig: + type: object + description: Topic config in topic policy. + properties: + Name: type: string - TypeVersionId: + maxLength: 100 + minLength: 1 + pattern: ^[0-9a-zA-Z-_ !?.]+$ + description: Name of topic in topic policy + Definition: type: string - DesiredState: - type: object - properties: - AgentAliasArn: - type: string - maxLength: 2048 - pattern: ^arn:aws(|-cn|-us-gov):bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}$ - description: Arn representation of the Agent Alias. - AgentAliasHistoryEvents: - type: array - items: - $ref: '#/components/schemas/AgentAliasHistoryEvent' - maxItems: 10 - description: The list of history events for an alias for an Agent. - x-insertionOrder: false - AgentAliasId: - type: string - maxLength: 10 - minLength: 10 - pattern: ^(\bTSTALIASID\b|[0-9a-zA-Z]+)$ - description: Id for an Agent Alias generated at the server side. - AgentAliasName: - type: string - pattern: ^([0-9a-zA-Z][_-]?){1,100}$ - description: Name for a resource. - AgentAliasStatus: - $ref: '#/components/schemas/AgentAliasStatus' - AgentId: - type: string - pattern: ^[0-9a-zA-Z]{10}$ - description: Identifier for a resource. - CreatedAt: - type: string - description: Time Stamp. - Description: - type: string - maxLength: 200 - minLength: 1 - description: Description of the Resource. - RoutingConfiguration: - type: array - items: - $ref: '#/components/schemas/AgentAliasRoutingConfigurationListItem' - maxItems: 1 - description: Routing configuration for an Agent alias. - x-insertionOrder: false - Tags: - $ref: '#/components/schemas/TagsMap' - UpdatedAt: - type: string - description: Time Stamp. - x-stackQL-stringOnly: true - x-title: CreateAgentAliasRequest + maxLength: 200 + minLength: 1 + description: Definition of topic in topic policy + Examples: + type: array + items: + type: string + maxLength: 100 + minLength: 1 + description: Text example in topic policy + minItems: 0 + description: List of text examples + Type: + $ref: '#/components/schemas/TopicType' + required: + - Definition + - Name + - Type + additionalProperties: false + TopicPolicyConfig: type: object - required: [] - CreateDataSourceRequest: + description: Topic policy config for a guardrail. properties: - ClientToken: + TopicsConfig: + type: array + items: + $ref: '#/components/schemas/TopicConfig' + minItems: 1 + description: List of topic configs in topic policy. + required: + - TopicsConfig + additionalProperties: false + TopicType: + type: string + description: Type of topic in a policy + enum: + - DENY + WordConfig: + type: object + description: A custom word config. + properties: + Text: type: string - RoleArn: + minLength: 1 + description: The custom word text. + required: + - Text + additionalProperties: false + WordPolicyConfig: + type: object + description: Word policy config for a guardrail. + properties: + WordsConfig: + type: array + items: + $ref: '#/components/schemas/WordConfig' + minItems: 1 + description: List of custom word configs. + ManagedWordListsConfig: + type: array + items: + $ref: '#/components/schemas/ManagedWordsConfig' + description: A config for the list of managed words. + additionalProperties: false + Guardrail: + type: object + properties: + BlockedInputMessaging: type: string - TypeName: + maxLength: 500 + minLength: 1 + description: Messaging for when violations are detected in text + BlockedOutputsMessaging: type: string - TypeVersionId: + maxLength: 500 + minLength: 1 + description: Messaging for when violations are detected in text + ContentPolicyConfig: + $ref: '#/components/schemas/ContentPolicyConfig' + ContextualGroundingPolicyConfig: + $ref: '#/components/schemas/ContextualGroundingPolicyConfig' + CreatedAt: type: string - DesiredState: - type: object - properties: - DataSourceConfiguration: - $ref: '#/components/schemas/DataSourceConfiguration' - DataSourceId: - type: string - pattern: ^[0-9a-zA-Z]{10}$ - description: Identifier for a resource. - Description: - type: string - maxLength: 200 - minLength: 1 - description: Description of the Resource. - KnowledgeBaseId: - type: string - pattern: ^[0-9a-zA-Z]{10}$ - description: The unique identifier of the knowledge base to which to add the data source. - DataSourceStatus: - $ref: '#/components/schemas/DataSourceStatus' - Name: - type: string - pattern: ^([0-9a-zA-Z][_-]?){1,100}$ - description: The name of the data source. - ServerSideEncryptionConfiguration: - $ref: '#/components/schemas/ServerSideEncryptionConfiguration' - VectorIngestionConfiguration: - $ref: '#/components/schemas/VectorIngestionConfiguration' - DataDeletionPolicy: - $ref: '#/components/schemas/DataDeletionPolicy' - CreatedAt: - type: string - description: The time at which the data source was created. - UpdatedAt: - type: string - description: The time at which the knowledge base was last updated. - FailureReasons: - type: array - items: - type: string - maxLength: 2048 - description: Failure Reason for Error. - maxItems: 2048 - description: The details of the failure reasons related to the data source. - x-insertionOrder: false - x-stackQL-stringOnly: true - x-title: CreateDataSourceRequest - type: object - required: [] - CreateGuardrailRequest: - properties: - ClientToken: + description: Time Stamp + format: date-time + Description: type: string - RoleArn: + maxLength: 200 + minLength: 1 + description: Description of the guardrail or its version + FailureRecommendations: + type: array + items: + type: string + maxLength: 200 + minLength: 1 + description: Recommendation for guardrail failure status + maxItems: 100 + description: List of failure recommendations + GuardrailArn: type: string - TypeName: + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+$ + description: Arn representation for the guardrail + GuardrailId: type: string - TypeVersionId: + maxLength: 64 + pattern: ^[a-z0-9]+$ + description: Unique id for the guardrail + KmsKeyArn: type: string - DesiredState: - type: object - properties: - BlockedInputMessaging: - type: string - maxLength: 500 - minLength: 1 - description: Messaging for when violations are detected in text - BlockedOutputsMessaging: - type: string - maxLength: 500 - minLength: 1 - description: Messaging for when violations are detected in text - ContentPolicyConfig: - $ref: '#/components/schemas/ContentPolicyConfig' - CreatedAt: - type: string - description: Time Stamp - format: date-time - Description: - type: string - maxLength: 200 - minLength: 1 - description: Description of the guardrail or its version - FailureRecommendations: - type: array - items: - type: string - maxLength: 200 - minLength: 1 - description: Recommendation for guardrail failure status - maxItems: 100 - description: List of failure recommendations - GuardrailArn: - type: string - maxLength: 2048 - pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+$ - description: Arn representation for the guardrail - GuardrailId: - type: string - maxLength: 64 - pattern: ^[a-z0-9]+$ - description: Unique id for the guardrail - KmsKeyArn: - type: string - maxLength: 2048 - minLength: 1 - pattern: ^arn:aws(-[^:]+)?:kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ - description: The KMS key with which the guardrail was encrypted at rest - Name: - type: string - maxLength: 50 - minLength: 1 - pattern: ^[0-9a-zA-Z-_]+$ - description: Name of the guardrail - SensitiveInformationPolicyConfig: - $ref: '#/components/schemas/SensitiveInformationPolicyConfig' - Status: - $ref: '#/components/schemas/GuardrailStatus' - StatusReasons: - type: array - items: - type: string - maxLength: 200 - minLength: 1 - description: Reason for guardrail status - maxItems: 100 - description: List of status reasons - Tags: - type: array - items: - $ref: '#/components/schemas/Tag' - maxItems: 200 - minItems: 0 - description: List of Tags - TopicPolicyConfig: - $ref: '#/components/schemas/TopicPolicyConfig' - UpdatedAt: - type: string - description: Time Stamp - format: date-time - Version: - type: string - pattern: ^(([1-9][0-9]{0,7})|(DRAFT))$ - description: Guardrail version - WordPolicyConfig: - $ref: '#/components/schemas/WordPolicyConfig' - x-stackQL-stringOnly: true - x-title: CreateGuardrailRequest - type: object - required: [] - CreateGuardrailVersionRequest: - properties: - ClientToken: - type: string - RoleArn: + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(-[^:]+)?:kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: The KMS key with which the guardrail was encrypted at rest + Name: type: string - TypeName: + maxLength: 50 + minLength: 1 + pattern: ^[0-9a-zA-Z-_]+$ + description: Name of the guardrail + SensitiveInformationPolicyConfig: + $ref: '#/components/schemas/SensitiveInformationPolicyConfig' + Status: + $ref: '#/components/schemas/GuardrailStatus' + StatusReasons: + type: array + items: + type: string + maxLength: 200 + minLength: 1 + description: Reason for guardrail status + maxItems: 100 + description: List of status reasons + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + description: List of Tags + TopicPolicyConfig: + $ref: '#/components/schemas/TopicPolicyConfig' + UpdatedAt: type: string - TypeVersionId: + description: Time Stamp + format: date-time + Version: type: string - DesiredState: - type: object - properties: - Description: - type: string - maxLength: 200 - minLength: 1 - description: Description of the Guardrail version - GuardrailArn: - type: string - maxLength: 2048 - pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+$ - description: Arn representation for the guardrail - GuardrailId: - type: string - maxLength: 64 - pattern: ^[a-z0-9]+$ - description: Unique id for the guardrail - GuardrailIdentifier: - type: string - maxLength: 2048 - pattern: ^(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))$ - description: Identifier (GuardrailId or GuardrailArn) for the guardrail - Version: - type: string - pattern: ^[1-9][0-9]{0,7}$ - description: Guardrail version - x-stackQL-stringOnly: true - x-title: CreateGuardrailVersionRequest + pattern: ^(([1-9][0-9]{0,7})|(DRAFT))$ + description: Guardrail version + WordPolicyConfig: + $ref: '#/components/schemas/WordPolicyConfig' + required: + - Name + - BlockedInputMessaging + - BlockedOutputsMessaging + x-stackql-resource-name: guardrail + description: Definition of AWS::Bedrock::Guardrail Resource Type + x-type-name: AWS::Bedrock::Guardrail + x-stackql-primary-identifier: + - GuardrailArn + x-read-only-properties: + - CreatedAt + - FailureRecommendations + - GuardrailArn + - GuardrailId + - Status + - StatusReasons + - UpdatedAt + - Version + x-required-properties: + - Name + - BlockedInputMessaging + - BlockedOutputsMessaging + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - bedrock:CreateGuardrail + - bedrock:GetGuardrail + - kms:DescribeKey + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + - bedrock:TagResource + - bedrock:ListTagsForResource + read: + - bedrock:GetGuardrail + - kms:Decrypt + - bedrock:ListTagsForResource + update: + - bedrock:UpdateGuardrail + - bedrock:GetGuardrail + - bedrock:ListTagsForResource + - bedrock:TagResource + - bedrock:UntagResource + - kms:DescribeKey + - kms:CreateGrant + - kms:GenerateDataKey + - kms:Decrypt + delete: + - bedrock:DeleteGuardrail + - bedrock:GetGuardrail + - kms:Decrypt + - kms:RetireGrant + list: + - bedrock:ListGuardrails + GuardrailVersion: type: object - required: [] - CreateKnowledgeBaseRequest: properties: - ClientToken: + Description: type: string - RoleArn: + maxLength: 200 + minLength: 1 + description: Description of the Guardrail version + GuardrailArn: type: string - TypeName: + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+$ + description: Arn representation for the guardrail + GuardrailId: type: string - TypeVersionId: + maxLength: 64 + pattern: ^[a-z0-9]+$ + description: Unique id for the guardrail + GuardrailIdentifier: type: string - DesiredState: - type: object - properties: - Description: - type: string - maxLength: 200 - minLength: 1 - description: Description of the Resource. - KnowledgeBaseConfiguration: - $ref: '#/components/schemas/KnowledgeBaseConfiguration' - KnowledgeBaseId: - type: string - pattern: ^[0-9a-zA-Z]{10}$ - description: The unique identifier of the knowledge base. - KnowledgeBaseArn: - type: string - maxLength: 128 - minLength: 0 - pattern: ^arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:knowledge-base/[0-9a-zA-Z]+$ - description: The ARN of the knowledge base. - Name: - type: string - pattern: ^([0-9a-zA-Z][_-]?){1,100}$ - description: The name of the knowledge base. - Status: - $ref: '#/components/schemas/KnowledgeBaseStatus' - RoleArn: - type: string - maxLength: 2048 - pattern: ^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+$ - description: The ARN of the IAM role with permissions to invoke API operations on the knowledge base. The ARN must begin with AmazonBedrockExecutionRoleForKnowledgeBase_ - CreatedAt: - type: string - description: The time at which the knowledge base was created. - FailureReasons: - type: array - items: - type: string - maxLength: 2048 - description: Failure Reason for Error. - maxItems: 2048 - description: A list of reasons that the API operation on the knowledge base failed. - x-insertionOrder: false - UpdatedAt: - type: string - description: The time at which the knowledge base was last updated. - StorageConfiguration: - $ref: '#/components/schemas/StorageConfiguration' - Tags: - $ref: '#/components/schemas/TagsMap' - x-stackQL-stringOnly: true - x-title: CreateKnowledgeBaseRequest - type: object - required: [] + maxLength: 2048 + pattern: ^(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))$ + description: Identifier (GuardrailId or GuardrailArn) for the guardrail + Version: + type: string + pattern: ^[1-9][0-9]{0,7}$ + description: Guardrail version + required: + - GuardrailIdentifier + x-stackql-resource-name: guardrail_version + description: Definition of AWS::Bedrock::GuardrailVersion Resource Type + x-type-name: AWS::Bedrock::GuardrailVersion + x-stackql-primary-identifier: + - GuardrailId + - Version + x-create-only-properties: + - Description + - GuardrailIdentifier + x-write-only-properties: + - GuardrailIdentifier + x-read-only-properties: + - GuardrailArn + - GuardrailId + - Version + x-required-properties: + - GuardrailIdentifier + x-tagging: + taggable: false + x-required-permissions: + create: + - bedrock:CreateGuardrailVersion + - bedrock:GetGuardrail + - kms:CreateGrant + - kms:Decrypt + read: + - bedrock:GetGuardrail + - kms:Decrypt + delete: + - bedrock:DeleteGuardrail + - bedrock:GetGuardrail + - kms:RetireGrant + KnowledgeBaseConfiguration: + type: object + description: Contains details about the embeddings model used for the knowledge base. + properties: + Type: + $ref: '#/components/schemas/KnowledgeBaseType' + VectorKnowledgeBaseConfiguration: + $ref: '#/components/schemas/VectorKnowledgeBaseConfiguration' + KendraKnowledgeBaseConfiguration: + $ref: '#/components/schemas/KendraKnowledgeBaseConfiguration' + required: + - Type + additionalProperties: false + KnowledgeBaseStatus: + type: string + description: The status of a knowledge base. + enum: + - CREATING + - ACTIVE + - DELETING + - UPDATING + - FAILED + - DELETE_UNSUCCESSFUL + KnowledgeBaseStorageType: + type: string + description: The storage type of a knowledge base. + enum: + - OPENSEARCH_SERVERLESS + - PINECONE + - RDS + - MONGO_DB_ATLAS + KnowledgeBaseType: + type: string + description: The type of a knowledge base. + enum: + - VECTOR + - KENDRA + OpenSearchServerlessConfiguration: + type: object + description: Contains the storage configuration of the knowledge base in Amazon OpenSearch Service. + properties: + CollectionArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(|-cn|-us-gov|-iso):aoss:[a-z]{2}(-gov)?-[a-z]+-\d{1}:\d{12}:collection/[a-z0-9-]{3,32}$ + description: The ARN of the OpenSearch Service vector store. + VectorIndexName: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the vector store. + FieldMapping: + $ref: '#/components/schemas/OpenSearchServerlessFieldMapping' + required: + - CollectionArn + - FieldMapping + - VectorIndexName + additionalProperties: false + OpenSearchServerlessFieldMapping: + type: object + description: A mapping of Bedrock Knowledge Base fields to OpenSearch Serverless field names + properties: + VectorField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. + TextField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. + MetadataField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores metadata about the vector store. + required: + - MetadataField + - TextField + - VectorField + additionalProperties: false + PineconeConfiguration: + type: object + description: Contains the storage configuration of the knowledge base in Pinecone. + properties: + ConnectionString: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The endpoint URL for your index management page. + CredentialsSecretArn: + type: string + pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ + description: The ARN of the secret that you created in AWS Secrets Manager that is linked to your Pinecone API key. + Namespace: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The namespace to be used to write new data to your database. + FieldMapping: + $ref: '#/components/schemas/PineconeFieldMapping' + required: + - ConnectionString + - CredentialsSecretArn + - FieldMapping + additionalProperties: false + PineconeFieldMapping: + type: object + description: Contains the names of the fields to which to map information about the vector store. + properties: + TextField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. + MetadataField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores metadata about the vector store. + required: + - MetadataField + - TextField + additionalProperties: false + RdsConfiguration: + type: object + description: Contains details about the storage configuration of the knowledge base in Amazon RDS. For more information, see Create a vector index in Amazon RDS. + properties: + ResourceArn: + type: string + pattern: ^arn:aws(|-cn|-us-gov):rds:[a-zA-Z0-9-]*:[0-9]{12}:cluster:[a-zA-Z0-9-]{1,63}$ + description: The ARN of the vector store. + CredentialsSecretArn: + type: string + pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ + description: The ARN of the secret that you created in AWS Secrets Manager that is linked to your Amazon RDS database. + DatabaseName: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9_\-]+$ + description: The name of your Amazon RDS database. + TableName: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9_\.\-]+$ + description: The name of the table in the database. + FieldMapping: + $ref: '#/components/schemas/RdsFieldMapping' + required: + - CredentialsSecretArn + - DatabaseName + - FieldMapping + - ResourceArn + - TableName + additionalProperties: false + RdsFieldMapping: + type: object + description: Contains the names of the fields to which to map information about the vector store. + properties: + PrimaryKeyField: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9_\-]+$ + description: The name of the field in which Amazon Bedrock stores the ID for each entry. + VectorField: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9_\-]+$ + description: The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. + TextField: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9_\-]+$ + description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. + MetadataField: + type: string + maxLength: 63 + pattern: ^[a-zA-Z0-9_\-]+$ + description: The name of the field in which Amazon Bedrock stores metadata about the vector store. + required: + - MetadataField + - PrimaryKeyField + - TextField + - VectorField + additionalProperties: false + RedisEnterpriseCloudConfiguration: + type: object + description: Contains the storage configuration of the knowledge base in Redis Enterprise Cloud. + properties: + Endpoint: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The endpoint URL of the Redis Enterprise Cloud database. + VectorIndexName: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the vector index. + CredentialsSecretArn: + type: string + pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ + description: The ARN of the secret that you created in AWS Secrets Manager that is linked to your Redis Enterprise Cloud database. + FieldMapping: + $ref: '#/components/schemas/RedisEnterpriseCloudFieldMapping' + required: + - CredentialsSecretArn + - Endpoint + - FieldMapping + - VectorIndexName + additionalProperties: false + RedisEnterpriseCloudFieldMapping: + type: object + description: Contains the names of the fields to which to map information about the vector store. + properties: + VectorField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. + TextField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. + MetadataField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores metadata about the vector store. + required: + - MetadataField + - TextField + - VectorField + additionalProperties: false + MongoDbAtlasFieldMapping: + type: object + description: Contains the names of the fields to which to map information about the vector store. + properties: + VectorField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. + TextField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. + MetadataField: + type: string + maxLength: 2048 + pattern: ^.*$ + description: The name of the field in which Amazon Bedrock stores metadata about the vector store. + required: + - VectorField + - MetadataField + - TextField + additionalProperties: false + MongoDbAtlasConfiguration: + type: object + description: Contains the storage configuration of the knowledge base in MongoDb Atlas Cloud. + properties: + Endpoint: + type: string + maxLength: 2048 + pattern: ^[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.mongodb\.net$ + description: MongoDB Atlas endpoint. + CredentialsSecretArn: + type: string + pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$ + description: The ARN of the secret that you created in AWS Secrets Manager that is linked to your Amazon Mongo database. + DatabaseName: + type: string + maxLength: 63 + pattern: ^.*$ + description: Name of the database within MongoDB Atlas. + CollectionName: + type: string + maxLength: 63 + pattern: ^.*$ + description: Name of the collection within MongoDB Atlas. + VectorIndexName: + type: string + maxLength: 2048 + pattern: ^.*$ + description: Name of a MongoDB Atlas index. + EndpointServiceName: + type: string + maxLength: 255 + pattern: ^(?:arn:aws(?:-us-gov|-cn|-iso|-iso-[a-z])*:.+:.*:\d+:.+/.+$|[a-zA-Z0-9*]+[a-zA-Z0-9._-]*)$ + description: MongoDB Atlas endpoint service name. + FieldMapping: + $ref: '#/components/schemas/MongoDbAtlasFieldMapping' + required: + - Endpoint + - CredentialsSecretArn + - DatabaseName + - CollectionName + - VectorIndexName + - FieldMapping + additionalProperties: false + StorageConfiguration: + type: object + description: The vector store service in which the knowledge base is stored. + properties: + Type: + $ref: '#/components/schemas/KnowledgeBaseStorageType' + OpensearchServerlessConfiguration: + $ref: '#/components/schemas/OpenSearchServerlessConfiguration' + PineconeConfiguration: + $ref: '#/components/schemas/PineconeConfiguration' + RdsConfiguration: + $ref: '#/components/schemas/RdsConfiguration' + MongoDbAtlasConfiguration: + $ref: '#/components/schemas/MongoDbAtlasConfiguration' + required: + - Type + oneOf: + - required: + - OpensearchServerlessConfiguration + - required: + - PineconeConfiguration + - required: + - RdsConfiguration + - required: + - MongoDbAtlasConfiguration + additionalProperties: false + BedrockEmbeddingModelConfiguration: + type: object + description: The vector configuration details for the Bedrock embeddings model. + properties: + Dimensions: + type: integer + maximum: 4096 + minimum: 0 + description: The dimensions details for the vector configuration used on the Bedrock embeddings model. + additionalProperties: false + EmbeddingModelConfiguration: + type: object + description: The embeddings model configuration details for the vector model used in Knowledge Base. + properties: + BedrockEmbeddingModelConfiguration: + $ref: '#/components/schemas/BedrockEmbeddingModelConfiguration' + additionalProperties: false + VectorKnowledgeBaseConfiguration: + type: object + description: Contains details about the model used to create vector embeddings for the knowledge base. + properties: + EmbeddingModelArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^(arn:aws(-[^:]+)?:[a-z0-9-]+:[a-z0-9-]{1,20}:[0-9]{0,12}:[a-zA-Z0-9-:/._+]+)$ + description: The ARN of the model used to create vector embeddings for the knowledge base. + EmbeddingModelConfiguration: + $ref: '#/components/schemas/EmbeddingModelConfiguration' + SupplementalDataStorageConfiguration: + $ref: '#/components/schemas/SupplementalDataStorageConfiguration' + required: + - EmbeddingModelArn + additionalProperties: false + SupplementalDataStorageLocationType: + type: string + description: Supplemental data storage location type. + enum: + - S3 + SupplementalDataStorageLocation: + type: object + description: Supplemental data storage location. + properties: + SupplementalDataStorageLocationType: + $ref: '#/components/schemas/SupplementalDataStorageLocationType' + S3Location: + $ref: '#/components/schemas/S3Location' + required: + - SupplementalDataStorageLocationType + additionalProperties: false + SupplementalDataStorageLocations: + type: array + items: + $ref: '#/components/schemas/SupplementalDataStorageLocation' + maxItems: 1 + minItems: 1 + description: List of supplemental data storage locations. + x-insertionOrder: false + SupplementalDataStorageConfiguration: + type: object + description: Configurations for supplemental data storage. + properties: + SupplementalDataStorageLocations: + $ref: '#/components/schemas/SupplementalDataStorageLocations' + required: + - SupplementalDataStorageLocations + additionalProperties: false + KendraKnowledgeBaseConfiguration: + type: object + description: Configurations for a Kendra knowledge base + properties: + KendraIndexArn: + $ref: '#/components/schemas/KendraIndexArn' + required: + - KendraIndexArn + additionalProperties: false + KendraIndexArn: + type: string + description: Arn of a Kendra index + pattern: ^arn:aws(|-cn|-us-gov):kendra:[a-z0-9-]{1,20}:([0-9]{12}|):index/([a-zA-Z0-9][a-zA-Z0-9-]{35}|[a-zA-Z0-9][a-zA-Z0-9-]{35}-[a-zA-Z0-9][a-zA-Z0-9-]{35})$ + KnowledgeBase: + type: object + properties: + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + KnowledgeBaseConfiguration: + $ref: '#/components/schemas/KnowledgeBaseConfiguration' + KnowledgeBaseId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: The unique identifier of the knowledge base. + KnowledgeBaseArn: + type: string + maxLength: 128 + minLength: 0 + pattern: ^arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:knowledge-base/[0-9a-zA-Z]+$ + description: The ARN of the knowledge base. + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: The name of the knowledge base. + Status: + $ref: '#/components/schemas/KnowledgeBaseStatus' + RoleArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+$ + description: The ARN of the IAM role with permissions to invoke API operations on the knowledge base. The ARN must begin with AmazonBedrockExecutionRoleForKnowledgeBase_ + CreatedAt: + type: string + description: The time at which the knowledge base was created. + FailureReasons: + type: array + items: + type: string + maxLength: 2048 + description: Failure Reason for Error. + maxItems: 2048 + description: A list of reasons that the API operation on the knowledge base failed. + x-insertionOrder: false + UpdatedAt: + type: string + description: The time at which the knowledge base was last updated. + StorageConfiguration: + $ref: '#/components/schemas/StorageConfiguration' + Tags: + $ref: '#/components/schemas/TagsMap' + required: + - KnowledgeBaseConfiguration + - Name + - RoleArn + x-stackql-resource-name: knowledge_base + description: Definition of AWS::Bedrock::KnowledgeBase Resource Type + x-type-name: AWS::Bedrock::KnowledgeBase + x-stackql-primary-identifier: + - KnowledgeBaseId + x-create-only-properties: + - StorageConfiguration + - KnowledgeBaseConfiguration + x-read-only-properties: + - KnowledgeBaseId + - KnowledgeBaseArn + - CreatedAt + - UpdatedAt + - FailureReasons + - Status + x-required-properties: + - KnowledgeBaseConfiguration + - Name + - RoleArn + x-tagging: + cloudFormationSystemTags: true + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - bedrock:CreateKnowledgeBase + - bedrock:GetKnowledgeBase + - bedrock:TagResource + - bedrock:ListTagsForResource + - bedrock:AssociateThirdPartyKnowledgeBase + - iam:PassRole + read: + - bedrock:GetKnowledgeBase + - bedrock:ListTagsForResource + update: + - bedrock:GetKnowledgeBase + - bedrock:UpdateKnowledgeBase + - bedrock:TagResource + - bedrock:UntagResource + - bedrock:ListTagsForResource + - bedrock:AssociateThirdPartyKnowledgeBase + - iam:PassRole + delete: + - bedrock:GetKnowledgeBase + - bedrock:DeleteKnowledgeBase + - bedrock:ListDataSources + list: + - bedrock:ListKnowledgeBases + PromptVariant: + type: object + description: Prompt variant + properties: + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a variant. + TemplateType: + $ref: '#/components/schemas/PromptTemplateType' + TemplateConfiguration: + $ref: '#/components/schemas/PromptTemplateConfiguration' + ModelId: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$ + description: ARN or Id of a Bedrock Foundational Model or Inference Profile, or the ARN of a imported model, or a provisioned throughput ARN for custom models. + InferenceConfiguration: + $ref: '#/components/schemas/PromptInferenceConfiguration' + required: + - Name + - TemplateType + - TemplateConfiguration + additionalProperties: false + ChatPromptTemplateConfiguration: + type: object + description: Configuration for chat prompt template + properties: + Messages: + type: array + items: + $ref: '#/components/schemas/Message' + minItems: 0 + description: List of messages for chat prompt template + x-insertionOrder: true + System: + type: array + items: + $ref: '#/components/schemas/SystemContentBlock' + minItems: 0 + description: Configuration for chat prompt template + x-insertionOrder: true + ToolConfiguration: + $ref: '#/components/schemas/ToolConfiguration' + InputVariables: + type: array + items: + $ref: '#/components/schemas/PromptInputVariable' + maxItems: 5 + minItems: 0 + description: List of input variables + x-insertionOrder: true + required: + - Messages + additionalProperties: false + TextS3Location: + type: object + description: The identifier for the S3 resource. + properties: + Bucket: + type: string + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9]$ + description: A bucket in S3 + Key: + type: string + maxLength: 1024 + minLength: 1 + description: A object key in S3 + Version: + type: string + maxLength: 1024 + minLength: 1 + description: The version of the the S3 object to use + required: + - Bucket + - Key + additionalProperties: false + ConversationRole: + type: string + description: Conversation roles for the chat prompt + enum: + - user + - assistant + ContentBlock: + description: Configuration for chat prompt template + oneOf: + - title: Text + type: object + properties: + Text: + type: string + minLength: 1 + description: Configuration for chat prompt template + required: + - Text + additionalProperties: false + SystemContentBlock: + description: Configuration for chat prompt template + oneOf: + - title: Text + type: object + properties: + Text: + type: string + minLength: 1 + description: Configuration for chat prompt template + required: + - Text + additionalProperties: false + Message: + type: object + description: Chat prompt Message + properties: + Role: + $ref: '#/components/schemas/ConversationRole' + Content: + type: array + items: + $ref: '#/components/schemas/ContentBlock' + minItems: 1 + description: List of Content Blocks + x-insertionOrder: true + required: + - Role + - Content + additionalProperties: false + ToolInputSchema: + description: Tool input schema + oneOf: + - type: object + title: Json + properties: + Json: + type: object + description: Tool input schema json + required: + - Json + additionalProperties: false + ToolSpecification: + type: object + description: Tool specification + properties: + Name: + type: string + pattern: ^[a-zA-Z][a-zA-Z0-9_]*$ + minLength: 1 + maxLength: 64 + description: Tool name + Description: + type: string + minLength: 1 + InputSchema: + $ref: '#/components/schemas/ToolInputSchema' + required: + - Name + - InputSchema + additionalProperties: false + Tool: + description: Tool details + oneOf: + - type: object + title: ToolSpec + properties: + ToolSpec: + $ref: '#/components/schemas/ToolSpecification' + required: + - ToolSpec + additionalProperties: false + AutoToolChoice: + type: object + description: Auto Tool choice + additionalProperties: false + AnyToolChoice: + type: object + description: Any Tool choice + additionalProperties: false + SpecificToolChoice: + type: object + description: Specific Tool choice + properties: + Name: + type: string + pattern: ^[a-zA-Z][a-zA-Z0-9_]*$ + minLength: 1 + maxLength: 64 + description: Tool name + required: + - Name + additionalProperties: false + ToolChoice: + description: Tool choice + oneOf: + - title: Auto + type: object + properties: + Auto: + $ref: '#/components/schemas/AutoToolChoice' + required: + - Auto + additionalProperties: false + - title: Any + type: object + properties: + Any: + $ref: '#/components/schemas/AnyToolChoice' + required: + - Any + additionalProperties: false + - title: Tool + type: object + properties: + Tool: + $ref: '#/components/schemas/SpecificToolChoice' + required: + - Tool + additionalProperties: false + ToolConfiguration: + type: object + description: Tool configuration + properties: + Tools: + type: array + items: + $ref: '#/components/schemas/Tool' + minItems: 1 + description: List of Tools + x-insertionOrder: true + ToolChoice: + $ref: '#/components/schemas/ToolChoice' + required: + - Tools + additionalProperties: false + PromptAgentResource: + description: Target Agent to invoke with Prompt + type: object + properties: + AgentIdentifier: + type: string + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}$ + description: Arn representation of the Agent Alias. + required: + - AgentIdentifier + additionalProperties: false + PromptGenAiResource: + description: Target resource to invoke with Prompt + oneOf: + - type: object + title: Agent + properties: + Agent: + $ref: '#/components/schemas/PromptAgentResource' + required: + - Agent + additionalProperties: false + Prompt: + type: object + properties: + Arn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10})$ + description: ARN of a prompt resource possibly with a version + CreatedAt: + type: string + description: Time Stamp. + format: date-time + DefaultVariant: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a variant. + Description: + type: string + maxLength: 200 + minLength: 1 + description: Name for a prompt resource. + Id: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a Prompt + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a prompt resource. + UpdatedAt: + type: string + description: Time Stamp. + format: date-time + Variants: + type: array + items: + $ref: '#/components/schemas/PromptVariant' + maxItems: 1 + minItems: 0 + description: List of prompt variants + x-insertionOrder: true + Tags: + $ref: '#/components/schemas/TagsMap' + CustomerEncryptionKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: A KMS key ARN + Version: + type: string + maxLength: 5 + minLength: 5 + pattern: ^DRAFT$ + description: Draft Version. + required: + - Name + x-stackql-resource-name: prompt + description: Definition of AWS::Bedrock::Prompt Resource Type + x-type-name: AWS::Bedrock::Prompt + x-stackql-primary-identifier: + - Arn + x-write-only-properties: + - Variants/*/TemplateConfiguration/Text/TextS3Location + x-read-only-properties: + - Arn + - CreatedAt + - Id + - UpdatedAt + - Version + x-required-properties: + - Name + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + permissions: + - bedrock:TagResource + - bedrock:UntagResource + - bedrock:ListTagsForResource + x-required-permissions: + create: + - bedrock:CreatePrompt + - bedrock:GetPrompt + - s3:GetObject + - s3:GetObjectVersion + - bedrock:TagResource + - bedrock:ListTagsForResource + - kms:GenerateDataKey + - kms:Decrypt + read: + - bedrock:GetPrompt + - bedrock:ListTagsForResource + - kms:Decrypt + update: + - bedrock:UpdatePrompt + - bedrock:GetPrompt + - s3:GetObject + - s3:GetObjectVersion + - bedrock:TagResource + - bedrock:UntagResource + - bedrock:ListTagsForResource + - kms:GenerateDataKey + - kms:Decrypt + delete: + - bedrock:DeletePrompt + - bedrock:GetPrompt + list: + - bedrock:ListPrompts + PromptVersion: + type: object + properties: + PromptArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10})$ + description: ARN of a prompt resource possibly with a version + Arn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10}:[0-9]{1,20})$ + description: ARN of a prompt version resource + CreatedAt: + type: string + description: Time Stamp. + format: date-time + PromptId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a Prompt + UpdatedAt: + type: string + description: Time Stamp. + format: date-time + Version: + type: string + maxLength: 5 + minLength: 1 + pattern: ^(DRAFT|[0-9]{0,4}[1-9][0-9]{0,4})$ + description: Version. + Variants: + type: array + items: + $ref: '#/components/schemas/PromptVariant' + maxItems: 1 + minItems: 1 + description: List of prompt variants + x-insertionOrder: true + DefaultVariant: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a variant. + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description for a prompt version resource. + CustomerEncryptionKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: A KMS key ARN + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a prompt resource. + Tags: + $ref: '#/components/schemas/TagsMap' + required: + - PromptArn + x-stackql-resource-name: prompt_version + description: Definition of AWS::Bedrock::PromptVersion Resource Type + x-type-name: AWS::Bedrock::PromptVersion + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - PromptArn + - Description + - Tags + x-read-only-properties: + - Arn + - CreatedAt + - PromptId + - UpdatedAt + - Version + - Name + - DefaultVariant + - Variants + - CustomerEncryptionKeyArn + x-required-properties: + - PromptArn + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: false + taggable: true + permissions: + - bedrock:TagResource + - bedrock:ListTagsForResource + x-required-permissions: + create: + - bedrock:CreatePromptVersion + - bedrock:GetPrompt + - bedrock:TagResource + - bedrock:ListTagsForResource + - kms:GenerateDataKey + - kms:Decrypt + read: + - bedrock:GetPrompt + - bedrock:ListTagsForResource + - kms:Decrypt + delete: + - bedrock:DeletePrompt + - bedrock:GetPrompt + list: + - bedrock:ListPrompts + CreateAgentRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ActionGroups: + type: array + items: + $ref: '#/components/schemas/AgentActionGroup' + description: List of ActionGroups + x-insertionOrder: false + AgentArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(|-cn|-us-gov):bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent/[0-9a-zA-Z]{10}$ + description: Arn representation of the Agent. + AgentId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a resource. + AgentName: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a resource. + AgentResourceRoleArn: + type: string + maxLength: 2048 + description: ARN of a IAM role. + AgentStatus: + $ref: '#/components/schemas/AgentStatus' + AgentVersion: + type: string + maxLength: 5 + minLength: 5 + pattern: ^DRAFT$ + description: Draft Agent Version. + AutoPrepare: + description: Specifies whether to automatically prepare after creating or updating the agent. + type: boolean + default: false + CreatedAt: + type: string + description: Time Stamp. + format: date-time + CustomerEncryptionKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: A KMS key ARN + SkipResourceInUseCheckOnDelete: + description: Specifies whether to allow deleting agent while it is in use. + type: boolean + default: false + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + FailureReasons: + type: array + items: + type: string + maxLength: 2048 + description: Failure Reason for Error. + maxItems: 2048 + description: Failure Reasons for Error. + x-insertionOrder: false + FoundationModel: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|([0-9]{12}:(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)$ + description: ARN or name of a Bedrock model. + GuardrailConfiguration: + $ref: '#/components/schemas/GuardrailConfiguration' + IdleSessionTTLInSeconds: + type: number + maximum: 3600 + minimum: 60 + description: Max Session Time. + Instruction: + type: string + minLength: 40 + description: Instruction for the agent. + KnowledgeBases: + type: array + items: + $ref: '#/components/schemas/AgentKnowledgeBase' + description: List of Agent Knowledge Bases + x-insertionOrder: false + PreparedAt: + type: string + description: Time Stamp. + format: date-time + PromptOverrideConfiguration: + $ref: '#/components/schemas/PromptOverrideConfiguration' + RecommendedActions: + type: array + items: + type: string + maxLength: 2048 + description: The recommended action users can take to resolve an error in failureReasons. + maxItems: 2048 + description: The recommended actions users can take to resolve an error in failureReasons. + x-insertionOrder: false + Tags: + $ref: '#/components/schemas/TagsMap' + TestAliasTags: + $ref: '#/components/schemas/TagsMap' + UpdatedAt: + type: string + description: Time Stamp. + format: date-time + x-stackQL-stringOnly: true + x-title: CreateAgentRequest + type: object + required: [] + CreateAgentAliasRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AgentAliasArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(|-cn|-us-gov):bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}$ + description: Arn representation of the Agent Alias. + AgentAliasHistoryEvents: + type: array + items: + $ref: '#/components/schemas/AgentAliasHistoryEvent' + maxItems: 10 + description: The list of history events for an alias for an Agent. + x-insertionOrder: false + AgentAliasId: + type: string + maxLength: 10 + minLength: 10 + pattern: ^(\bTSTALIASID\b|[0-9a-zA-Z]+)$ + description: Id for an Agent Alias generated at the server side. + AgentAliasName: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a resource. + AgentAliasStatus: + $ref: '#/components/schemas/AgentAliasStatus' + AgentId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a resource. + CreatedAt: + type: string + description: Time Stamp. + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + RoutingConfiguration: + type: array + items: + $ref: '#/components/schemas/AgentAliasRoutingConfigurationListItem' + maxItems: 1 + description: Routing configuration for an Agent alias. + x-insertionOrder: false + Tags: + $ref: '#/components/schemas/TagsMap' + UpdatedAt: + type: string + description: Time Stamp. + x-stackQL-stringOnly: true + x-title: CreateAgentAliasRequest + type: object + required: [] + CreateApplicationInferenceProfileRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + CreatedAt: + type: string + description: Time Stamp + format: date-time + Description: + type: string + maxLength: 200 + minLength: 1 + pattern: ^([0-9a-zA-Z:.][ _-]?)+$ + description: Description of the inference profile + InferenceProfileArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{0,20}):(|[0-9]{12}):(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+$ + InferenceProfileId: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9-:.]+$ + InferenceProfileIdentifier: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^(arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{0,20}):(|[0-9]{12}):(inference-profile|application-inference-profile)/)?[a-zA-Z0-9-:.]+$ + description: Inference profile identifier. Supports both system-defined inference profile ids, and inference profile ARNs. + InferenceProfileName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^([0-9a-zA-Z][ _-]?)+$ + ModelSource: + $ref: '#/components/schemas/InferenceProfileModelSource' + Models: + type: array + items: + $ref: '#/components/schemas/InferenceProfileModel' + maxItems: 5 + minItems: 1 + description: List of model configuration + Status: + $ref: '#/components/schemas/InferenceProfileStatus' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + description: List of Tags + Type: + $ref: '#/components/schemas/InferenceProfileType' + UpdatedAt: + type: string + description: Time Stamp + format: date-time + x-stackQL-stringOnly: true + x-title: CreateApplicationInferenceProfileRequest + type: object + required: [] + CreateDataSourceRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DataSourceConfiguration: + $ref: '#/components/schemas/DataSourceConfiguration' + DataSourceId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a resource. + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + KnowledgeBaseId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: The unique identifier of the knowledge base to which to add the data source. + DataSourceStatus: + $ref: '#/components/schemas/DataSourceStatus' + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: The name of the data source. + ServerSideEncryptionConfiguration: + $ref: '#/components/schemas/ServerSideEncryptionConfiguration' + VectorIngestionConfiguration: + $ref: '#/components/schemas/VectorIngestionConfiguration' + DataDeletionPolicy: + $ref: '#/components/schemas/DataDeletionPolicy' + CreatedAt: + type: string + description: The time at which the data source was created. + UpdatedAt: + type: string + description: The time at which the knowledge base was last updated. + FailureReasons: + type: array + items: + type: string + maxLength: 2048 + description: Failure Reason for Error. + maxItems: 2048 + description: The details of the failure reasons related to the data source. + x-insertionOrder: false + x-stackQL-stringOnly: true + x-title: CreateDataSourceRequest + type: object + required: [] + CreateFlowRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + maxLength: 1011 + minLength: 20 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}$ + description: Arn representation of the Flow + CreatedAt: + type: string + description: Time Stamp. + format: date-time + Definition: + $ref: '#/components/schemas/FlowDefinition' + DefinitionString: + type: string + description: A JSON string containing a Definition with the same schema as the Definition property of this resource + maxLength: 512000 + DefinitionS3Location: + $ref: '#/components/schemas/S3Location' + DefinitionSubstitutions: + $ref: '#/components/schemas/DefinitionSubstitutions' + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the flow + ExecutionRoleArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/(service-role/)?.+$ + description: ARN of a IAM role + Id: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a Flow + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for the flow + Status: + $ref: '#/components/schemas/FlowStatus' + UpdatedAt: + type: string + description: Time Stamp. + format: date-time + CustomerEncryptionKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: A KMS key ARN + Validations: + $ref: '#/components/schemas/FlowValidations' + Version: + type: string + maxLength: 5 + minLength: 5 + pattern: ^DRAFT$ + description: Draft Version. + Tags: + $ref: '#/components/schemas/TagsMap' + TestAliasTags: + $ref: '#/components/schemas/TagsMap' + x-stackQL-stringOnly: true + x-title: CreateFlowRequest + type: object + required: [] + CreateFlowAliasRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}/alias/[0-9a-zA-Z]{10}$ + description: Arn of the Flow Alias + FlowArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}$ + description: Arn representation of the Flow + CreatedAt: + type: string + description: Time Stamp. + format: date-time + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + FlowId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a flow resource. + Id: + type: string + maxLength: 10 + minLength: 10 + pattern: ^(\bTSTALIASID\b|[0-9a-zA-Z]+)$ + description: Id for a Flow Alias generated at the server side. + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a resource. + RoutingConfiguration: + type: array + items: + $ref: '#/components/schemas/FlowAliasRoutingConfigurationListItem' + maxItems: 1 + minItems: 1 + description: Routing configuration for a Flow alias. + x-insertionOrder: true + UpdatedAt: + type: string + description: Time Stamp. + format: date-time + Tags: + $ref: '#/components/schemas/TagsMap' + x-stackQL-stringOnly: true + x-title: CreateFlowAliasRequest + type: object + required: [] + CreateFlowVersionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + FlowArn: + type: string + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}$ + description: Arn representation of the Flow + CreatedAt: + type: string + description: Time Stamp. + format: date-time + Definition: + $ref: '#/components/schemas/FlowDefinition' + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the flow version + ExecutionRoleArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/(service-role/)?.+$ + description: ARN of a IAM role + FlowId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a Flow + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for the flow + Status: + $ref: '#/components/schemas/FlowStatus' + Version: + type: string + pattern: ^[0-9]{1,5}$ + description: Numerical Version. + CustomerEncryptionKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: A KMS key ARN + x-stackQL-stringOnly: true + x-title: CreateFlowVersionRequest + type: object + required: [] + CreateGuardrailRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + BlockedInputMessaging: + type: string + maxLength: 500 + minLength: 1 + description: Messaging for when violations are detected in text + BlockedOutputsMessaging: + type: string + maxLength: 500 + minLength: 1 + description: Messaging for when violations are detected in text + ContentPolicyConfig: + $ref: '#/components/schemas/ContentPolicyConfig' + ContextualGroundingPolicyConfig: + $ref: '#/components/schemas/ContextualGroundingPolicyConfig' + CreatedAt: + type: string + description: Time Stamp + format: date-time + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the guardrail or its version + FailureRecommendations: + type: array + items: + type: string + maxLength: 200 + minLength: 1 + description: Recommendation for guardrail failure status + maxItems: 100 + description: List of failure recommendations + GuardrailArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+$ + description: Arn representation for the guardrail + GuardrailId: + type: string + maxLength: 64 + pattern: ^[a-z0-9]+$ + description: Unique id for the guardrail + KmsKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(-[^:]+)?:kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: The KMS key with which the guardrail was encrypted at rest + Name: + type: string + maxLength: 50 + minLength: 1 + pattern: ^[0-9a-zA-Z-_]+$ + description: Name of the guardrail + SensitiveInformationPolicyConfig: + $ref: '#/components/schemas/SensitiveInformationPolicyConfig' + Status: + $ref: '#/components/schemas/GuardrailStatus' + StatusReasons: + type: array + items: + type: string + maxLength: 200 + minLength: 1 + description: Reason for guardrail status + maxItems: 100 + description: List of status reasons + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + description: List of Tags + TopicPolicyConfig: + $ref: '#/components/schemas/TopicPolicyConfig' + UpdatedAt: + type: string + description: Time Stamp + format: date-time + Version: + type: string + pattern: ^(([1-9][0-9]{0,7})|(DRAFT))$ + description: Guardrail version + WordPolicyConfig: + $ref: '#/components/schemas/WordPolicyConfig' + x-stackQL-stringOnly: true + x-title: CreateGuardrailRequest + type: object + required: [] + CreateGuardrailVersionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Guardrail version + GuardrailArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+$ + description: Arn representation for the guardrail + GuardrailId: + type: string + maxLength: 64 + pattern: ^[a-z0-9]+$ + description: Unique id for the guardrail + GuardrailIdentifier: + type: string + maxLength: 2048 + pattern: ^(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))$ + description: Identifier (GuardrailId or GuardrailArn) for the guardrail + Version: + type: string + pattern: ^[1-9][0-9]{0,7}$ + description: Guardrail version + x-stackQL-stringOnly: true + x-title: CreateGuardrailVersionRequest + type: object + required: [] + CreateKnowledgeBaseRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the Resource. + KnowledgeBaseConfiguration: + $ref: '#/components/schemas/KnowledgeBaseConfiguration' + KnowledgeBaseId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: The unique identifier of the knowledge base. + KnowledgeBaseArn: + type: string + maxLength: 128 + minLength: 0 + pattern: ^arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:knowledge-base/[0-9a-zA-Z]+$ + description: The ARN of the knowledge base. + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: The name of the knowledge base. + Status: + $ref: '#/components/schemas/KnowledgeBaseStatus' + RoleArn: + type: string + maxLength: 2048 + pattern: ^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+$ + description: The ARN of the IAM role with permissions to invoke API operations on the knowledge base. The ARN must begin with AmazonBedrockExecutionRoleForKnowledgeBase_ + CreatedAt: + type: string + description: The time at which the knowledge base was created. + FailureReasons: + type: array + items: + type: string + maxLength: 2048 + description: Failure Reason for Error. + maxItems: 2048 + description: A list of reasons that the API operation on the knowledge base failed. + x-insertionOrder: false + UpdatedAt: + type: string + description: The time at which the knowledge base was last updated. + StorageConfiguration: + $ref: '#/components/schemas/StorageConfiguration' + Tags: + $ref: '#/components/schemas/TagsMap' + x-stackQL-stringOnly: true + x-title: CreateKnowledgeBaseRequest + type: object + required: [] + CreatePromptRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10})$ + description: ARN of a prompt resource possibly with a version + CreatedAt: + type: string + description: Time Stamp. + format: date-time + DefaultVariant: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a variant. + Description: + type: string + maxLength: 200 + minLength: 1 + description: Name for a prompt resource. + Id: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a Prompt + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a prompt resource. + UpdatedAt: + type: string + description: Time Stamp. + format: date-time + Variants: + type: array + items: + $ref: '#/components/schemas/PromptVariant' + maxItems: 1 + minItems: 0 + description: List of prompt variants + x-insertionOrder: true + Tags: + $ref: '#/components/schemas/TagsMap' + CustomerEncryptionKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: A KMS key ARN + Version: + type: string + maxLength: 5 + minLength: 5 + pattern: ^DRAFT$ + description: Draft Version. + x-stackQL-stringOnly: true + x-title: CreatePromptRequest + type: object + required: [] + CreatePromptVersionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + PromptArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10})$ + description: ARN of a prompt resource possibly with a version + Arn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10}:[0-9]{1,20})$ + description: ARN of a prompt version resource + CreatedAt: + type: string + description: Time Stamp. + format: date-time + PromptId: + type: string + pattern: ^[0-9a-zA-Z]{10}$ + description: Identifier for a Prompt + UpdatedAt: + type: string + description: Time Stamp. + format: date-time + Version: + type: string + maxLength: 5 + minLength: 1 + pattern: ^(DRAFT|[0-9]{0,4}[1-9][0-9]{0,4})$ + description: Version. + Variants: + type: array + items: + $ref: '#/components/schemas/PromptVariant' + maxItems: 1 + minItems: 1 + description: List of prompt variants + x-insertionOrder: true + DefaultVariant: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a variant. + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description for a prompt version resource. + CustomerEncryptionKeyArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$ + description: A KMS key ARN + Name: + type: string + pattern: ^([0-9a-zA-Z][_-]?){1,100}$ + description: Name for a prompt resource. + Tags: + $ref: '#/components/schemas/TagsMap' + x-stackQL-stringOnly: true + x-title: CreatePromptVersionRequest + type: object + required: [] securitySchemes: hmac: type: apiKey @@ -2600,7 +5342,1497 @@ components: x-cfn-schema-name: Agent x-cfn-type-name: AWS::Bedrock::Agent x-identifiers: - - AgentId + - AgentId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Agent&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::Agent" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::Agent" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::Agent" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/agents/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/agents/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/agents/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ActionGroups') as action_groups, + JSON_EXTRACT(Properties, '$.AgentArn') as agent_arn, + JSON_EXTRACT(Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(Properties, '$.AgentName') as agent_name, + JSON_EXTRACT(Properties, '$.AgentResourceRoleArn') as agent_resource_role_arn, + JSON_EXTRACT(Properties, '$.AgentStatus') as agent_status, + JSON_EXTRACT(Properties, '$.AgentVersion') as agent_version, + JSON_EXTRACT(Properties, '$.AutoPrepare') as auto_prepare, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(Properties, '$.SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FailureReasons') as failure_reasons, + JSON_EXTRACT(Properties, '$.FoundationModel') as foundation_model, + JSON_EXTRACT(Properties, '$.GuardrailConfiguration') as guardrail_configuration, + JSON_EXTRACT(Properties, '$.IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, + JSON_EXTRACT(Properties, '$.Instruction') as instruction, + JSON_EXTRACT(Properties, '$.KnowledgeBases') as knowledge_bases, + JSON_EXTRACT(Properties, '$.PreparedAt') as prepared_at, + JSON_EXTRACT(Properties, '$.PromptOverrideConfiguration') as prompt_override_configuration, + JSON_EXTRACT(Properties, '$.RecommendedActions') as recommended_actions, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TestAliasTags') as test_alias_tags, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Agent' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ActionGroups') as action_groups, + JSON_EXTRACT(detail.Properties, '$.AgentArn') as agent_arn, + JSON_EXTRACT(detail.Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(detail.Properties, '$.AgentName') as agent_name, + JSON_EXTRACT(detail.Properties, '$.AgentResourceRoleArn') as agent_resource_role_arn, + JSON_EXTRACT(detail.Properties, '$.AgentStatus') as agent_status, + JSON_EXTRACT(detail.Properties, '$.AgentVersion') as agent_version, + JSON_EXTRACT(detail.Properties, '$.AutoPrepare') as auto_prepare, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(detail.Properties, '$.SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.FailureReasons') as failure_reasons, + JSON_EXTRACT(detail.Properties, '$.FoundationModel') as foundation_model, + JSON_EXTRACT(detail.Properties, '$.GuardrailConfiguration') as guardrail_configuration, + JSON_EXTRACT(detail.Properties, '$.IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, + JSON_EXTRACT(detail.Properties, '$.Instruction') as instruction, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBases') as knowledge_bases, + JSON_EXTRACT(detail.Properties, '$.PreparedAt') as prepared_at, + JSON_EXTRACT(detail.Properties, '$.PromptOverrideConfiguration') as prompt_override_configuration, + JSON_EXTRACT(detail.Properties, '$.RecommendedActions') as recommended_actions, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.TestAliasTags') as test_alias_tags, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Bedrock::Agent' + AND detail.data__TypeName = 'AWS::Bedrock::Agent' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ActionGroups') as action_groups, + json_extract_path_text(Properties, 'AgentArn') as agent_arn, + json_extract_path_text(Properties, 'AgentId') as agent_id, + json_extract_path_text(Properties, 'AgentName') as agent_name, + json_extract_path_text(Properties, 'AgentResourceRoleArn') as agent_resource_role_arn, + json_extract_path_text(Properties, 'AgentStatus') as agent_status, + json_extract_path_text(Properties, 'AgentVersion') as agent_version, + json_extract_path_text(Properties, 'AutoPrepare') as auto_prepare, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(Properties, 'SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FailureReasons') as failure_reasons, + json_extract_path_text(Properties, 'FoundationModel') as foundation_model, + json_extract_path_text(Properties, 'GuardrailConfiguration') as guardrail_configuration, + json_extract_path_text(Properties, 'IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, + json_extract_path_text(Properties, 'Instruction') as instruction, + json_extract_path_text(Properties, 'KnowledgeBases') as knowledge_bases, + json_extract_path_text(Properties, 'PreparedAt') as prepared_at, + json_extract_path_text(Properties, 'PromptOverrideConfiguration') as prompt_override_configuration, + json_extract_path_text(Properties, 'RecommendedActions') as recommended_actions, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TestAliasTags') as test_alias_tags, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Agent' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ActionGroups') as action_groups, + json_extract_path_text(detail.Properties, 'AgentArn') as agent_arn, + json_extract_path_text(detail.Properties, 'AgentId') as agent_id, + json_extract_path_text(detail.Properties, 'AgentName') as agent_name, + json_extract_path_text(detail.Properties, 'AgentResourceRoleArn') as agent_resource_role_arn, + json_extract_path_text(detail.Properties, 'AgentStatus') as agent_status, + json_extract_path_text(detail.Properties, 'AgentVersion') as agent_version, + json_extract_path_text(detail.Properties, 'AutoPrepare') as auto_prepare, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(detail.Properties, 'SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'FailureReasons') as failure_reasons, + json_extract_path_text(detail.Properties, 'FoundationModel') as foundation_model, + json_extract_path_text(detail.Properties, 'GuardrailConfiguration') as guardrail_configuration, + json_extract_path_text(detail.Properties, 'IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, + json_extract_path_text(detail.Properties, 'Instruction') as instruction, + json_extract_path_text(detail.Properties, 'KnowledgeBases') as knowledge_bases, + json_extract_path_text(detail.Properties, 'PreparedAt') as prepared_at, + json_extract_path_text(detail.Properties, 'PromptOverrideConfiguration') as prompt_override_configuration, + json_extract_path_text(detail.Properties, 'RecommendedActions') as recommended_actions, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'TestAliasTags') as test_alias_tags, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Bedrock::Agent' + AND detail.data__TypeName = 'AWS::Bedrock::Agent' + AND listing.region = 'us-east-1' + agents_list_only: + name: agents_list_only + id: aws.bedrock.agents_list_only + x-cfn-schema-name: Agent + x-cfn-type-name: AWS::Bedrock::Agent + x-identifiers: + - AgentId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AgentId') as agent_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Agent' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AgentId') as agent_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Agent' + AND region = 'us-east-1' + agent_tags: + name: agent_tags + id: aws.bedrock.agent_tags + x-cfn-schema-name: Agent + x-cfn-type-name: AWS::Bedrock::Agent + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ActionGroups') as action_groups, + JSON_EXTRACT(detail.Properties, '$.AgentArn') as agent_arn, + JSON_EXTRACT(detail.Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(detail.Properties, '$.AgentName') as agent_name, + JSON_EXTRACT(detail.Properties, '$.AgentResourceRoleArn') as agent_resource_role_arn, + JSON_EXTRACT(detail.Properties, '$.AgentStatus') as agent_status, + JSON_EXTRACT(detail.Properties, '$.AgentVersion') as agent_version, + JSON_EXTRACT(detail.Properties, '$.AutoPrepare') as auto_prepare, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(detail.Properties, '$.SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.FailureReasons') as failure_reasons, + JSON_EXTRACT(detail.Properties, '$.FoundationModel') as foundation_model, + JSON_EXTRACT(detail.Properties, '$.GuardrailConfiguration') as guardrail_configuration, + JSON_EXTRACT(detail.Properties, '$.IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, + JSON_EXTRACT(detail.Properties, '$.Instruction') as instruction, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBases') as knowledge_bases, + JSON_EXTRACT(detail.Properties, '$.PreparedAt') as prepared_at, + JSON_EXTRACT(detail.Properties, '$.PromptOverrideConfiguration') as prompt_override_configuration, + JSON_EXTRACT(detail.Properties, '$.RecommendedActions') as recommended_actions, + JSON_EXTRACT(detail.Properties, '$.TestAliasTags') as test_alias_tags, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Bedrock::Agent' + AND detail.data__TypeName = 'AWS::Bedrock::Agent' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ActionGroups') as action_groups, + json_extract_path_text(detail.Properties, 'AgentArn') as agent_arn, + json_extract_path_text(detail.Properties, 'AgentId') as agent_id, + json_extract_path_text(detail.Properties, 'AgentName') as agent_name, + json_extract_path_text(detail.Properties, 'AgentResourceRoleArn') as agent_resource_role_arn, + json_extract_path_text(detail.Properties, 'AgentStatus') as agent_status, + json_extract_path_text(detail.Properties, 'AgentVersion') as agent_version, + json_extract_path_text(detail.Properties, 'AutoPrepare') as auto_prepare, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(detail.Properties, 'SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'FailureReasons') as failure_reasons, + json_extract_path_text(detail.Properties, 'FoundationModel') as foundation_model, + json_extract_path_text(detail.Properties, 'GuardrailConfiguration') as guardrail_configuration, + json_extract_path_text(detail.Properties, 'IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, + json_extract_path_text(detail.Properties, 'Instruction') as instruction, + json_extract_path_text(detail.Properties, 'KnowledgeBases') as knowledge_bases, + json_extract_path_text(detail.Properties, 'PreparedAt') as prepared_at, + json_extract_path_text(detail.Properties, 'PromptOverrideConfiguration') as prompt_override_configuration, + json_extract_path_text(detail.Properties, 'RecommendedActions') as recommended_actions, + json_extract_path_text(detail.Properties, 'TestAliasTags') as test_alias_tags, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Bedrock::Agent' + AND detail.data__TypeName = 'AWS::Bedrock::Agent' + AND listing.region = 'us-east-1' + agent_aliases: + name: agent_aliases + id: aws.bedrock.agent_aliases + x-cfn-schema-name: AgentAlias + x-cfn-type-name: AWS::Bedrock::AgentAlias + x-identifiers: + - AgentId + - AgentAliasId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AgentAlias&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::AgentAlias" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::AgentAlias" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::AgentAlias" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/agent_aliases/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/agent_aliases/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/agent_aliases/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AgentAliasArn') as agent_alias_arn, + JSON_EXTRACT(Properties, '$.AgentAliasHistoryEvents') as agent_alias_history_events, + JSON_EXTRACT(Properties, '$.AgentAliasId') as agent_alias_id, + JSON_EXTRACT(Properties, '$.AgentAliasName') as agent_alias_name, + JSON_EXTRACT(Properties, '$.AgentAliasStatus') as agent_alias_status, + JSON_EXTRACT(Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.RoutingConfiguration') as routing_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::AgentAlias' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AgentAliasArn') as agent_alias_arn, + JSON_EXTRACT(detail.Properties, '$.AgentAliasHistoryEvents') as agent_alias_history_events, + JSON_EXTRACT(detail.Properties, '$.AgentAliasId') as agent_alias_id, + JSON_EXTRACT(detail.Properties, '$.AgentAliasName') as agent_alias_name, + JSON_EXTRACT(detail.Properties, '$.AgentAliasStatus') as agent_alias_status, + JSON_EXTRACT(detail.Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.RoutingConfiguration') as routing_configuration, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Bedrock::AgentAlias' + AND detail.data__TypeName = 'AWS::Bedrock::AgentAlias' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AgentAliasArn') as agent_alias_arn, + json_extract_path_text(Properties, 'AgentAliasHistoryEvents') as agent_alias_history_events, + json_extract_path_text(Properties, 'AgentAliasId') as agent_alias_id, + json_extract_path_text(Properties, 'AgentAliasName') as agent_alias_name, + json_extract_path_text(Properties, 'AgentAliasStatus') as agent_alias_status, + json_extract_path_text(Properties, 'AgentId') as agent_id, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'RoutingConfiguration') as routing_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::AgentAlias' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AgentAliasArn') as agent_alias_arn, + json_extract_path_text(detail.Properties, 'AgentAliasHistoryEvents') as agent_alias_history_events, + json_extract_path_text(detail.Properties, 'AgentAliasId') as agent_alias_id, + json_extract_path_text(detail.Properties, 'AgentAliasName') as agent_alias_name, + json_extract_path_text(detail.Properties, 'AgentAliasStatus') as agent_alias_status, + json_extract_path_text(detail.Properties, 'AgentId') as agent_id, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'RoutingConfiguration') as routing_configuration, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Bedrock::AgentAlias' + AND detail.data__TypeName = 'AWS::Bedrock::AgentAlias' + AND listing.region = 'us-east-1' + agent_aliases_list_only: + name: agent_aliases_list_only + id: aws.bedrock.agent_aliases_list_only + x-cfn-schema-name: AgentAlias + x-cfn-type-name: AWS::Bedrock::AgentAlias + x-identifiers: + - AgentId + - AgentAliasId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(Properties, '$.AgentAliasId') as agent_alias_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::AgentAlias' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AgentId') as agent_id, + json_extract_path_text(Properties, 'AgentAliasId') as agent_alias_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::AgentAlias' + AND region = 'us-east-1' + agent_alias_tags: + name: agent_alias_tags + id: aws.bedrock.agent_alias_tags + x-cfn-schema-name: AgentAlias + x-cfn-type-name: AWS::Bedrock::AgentAlias + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AgentAliasArn') as agent_alias_arn, + JSON_EXTRACT(detail.Properties, '$.AgentAliasHistoryEvents') as agent_alias_history_events, + JSON_EXTRACT(detail.Properties, '$.AgentAliasId') as agent_alias_id, + JSON_EXTRACT(detail.Properties, '$.AgentAliasName') as agent_alias_name, + JSON_EXTRACT(detail.Properties, '$.AgentAliasStatus') as agent_alias_status, + JSON_EXTRACT(detail.Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.RoutingConfiguration') as routing_configuration, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Bedrock::AgentAlias' + AND detail.data__TypeName = 'AWS::Bedrock::AgentAlias' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AgentAliasArn') as agent_alias_arn, + json_extract_path_text(detail.Properties, 'AgentAliasHistoryEvents') as agent_alias_history_events, + json_extract_path_text(detail.Properties, 'AgentAliasId') as agent_alias_id, + json_extract_path_text(detail.Properties, 'AgentAliasName') as agent_alias_name, + json_extract_path_text(detail.Properties, 'AgentAliasStatus') as agent_alias_status, + json_extract_path_text(detail.Properties, 'AgentId') as agent_id, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'RoutingConfiguration') as routing_configuration, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Bedrock::AgentAlias' + AND detail.data__TypeName = 'AWS::Bedrock::AgentAlias' + AND listing.region = 'us-east-1' + application_inference_profiles: + name: application_inference_profiles + id: aws.bedrock.application_inference_profiles + x-cfn-schema-name: ApplicationInferenceProfile + x-cfn-type-name: AWS::Bedrock::ApplicationInferenceProfile + x-identifiers: + - InferenceProfileIdentifier + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ApplicationInferenceProfile&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::ApplicationInferenceProfile" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::ApplicationInferenceProfile" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::ApplicationInferenceProfile" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/application_inference_profiles/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/application_inference_profiles/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/application_inference_profiles/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.InferenceProfileArn') as inference_profile_arn, + JSON_EXTRACT(Properties, '$.InferenceProfileId') as inference_profile_id, + JSON_EXTRACT(Properties, '$.InferenceProfileIdentifier') as inference_profile_identifier, + JSON_EXTRACT(Properties, '$.InferenceProfileName') as inference_profile_name, + JSON_EXTRACT(Properties, '$.ModelSource') as model_source, + JSON_EXTRACT(Properties, '$.Models') as models, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::ApplicationInferenceProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.InferenceProfileArn') as inference_profile_arn, + JSON_EXTRACT(detail.Properties, '$.InferenceProfileId') as inference_profile_id, + JSON_EXTRACT(detail.Properties, '$.InferenceProfileIdentifier') as inference_profile_identifier, + JSON_EXTRACT(detail.Properties, '$.InferenceProfileName') as inference_profile_name, + JSON_EXTRACT(detail.Properties, '$.ModelSource') as model_source, + JSON_EXTRACT(detail.Properties, '$.Models') as models, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Bedrock::ApplicationInferenceProfile' + AND detail.data__TypeName = 'AWS::Bedrock::ApplicationInferenceProfile' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'InferenceProfileArn') as inference_profile_arn, + json_extract_path_text(Properties, 'InferenceProfileId') as inference_profile_id, + json_extract_path_text(Properties, 'InferenceProfileIdentifier') as inference_profile_identifier, + json_extract_path_text(Properties, 'InferenceProfileName') as inference_profile_name, + json_extract_path_text(Properties, 'ModelSource') as model_source, + json_extract_path_text(Properties, 'Models') as models, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::ApplicationInferenceProfile' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'InferenceProfileArn') as inference_profile_arn, + json_extract_path_text(detail.Properties, 'InferenceProfileId') as inference_profile_id, + json_extract_path_text(detail.Properties, 'InferenceProfileIdentifier') as inference_profile_identifier, + json_extract_path_text(detail.Properties, 'InferenceProfileName') as inference_profile_name, + json_extract_path_text(detail.Properties, 'ModelSource') as model_source, + json_extract_path_text(detail.Properties, 'Models') as models, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Bedrock::ApplicationInferenceProfile' + AND detail.data__TypeName = 'AWS::Bedrock::ApplicationInferenceProfile' + AND listing.region = 'us-east-1' + application_inference_profiles_list_only: + name: application_inference_profiles_list_only + id: aws.bedrock.application_inference_profiles_list_only + x-cfn-schema-name: ApplicationInferenceProfile + x-cfn-type-name: AWS::Bedrock::ApplicationInferenceProfile + x-identifiers: + - InferenceProfileIdentifier + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InferenceProfileIdentifier') as inference_profile_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::ApplicationInferenceProfile' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InferenceProfileIdentifier') as inference_profile_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::ApplicationInferenceProfile' + AND region = 'us-east-1' + application_inference_profile_tags: + name: application_inference_profile_tags + id: aws.bedrock.application_inference_profile_tags + x-cfn-schema-name: ApplicationInferenceProfile + x-cfn-type-name: AWS::Bedrock::ApplicationInferenceProfile + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.InferenceProfileArn') as inference_profile_arn, + JSON_EXTRACT(detail.Properties, '$.InferenceProfileId') as inference_profile_id, + JSON_EXTRACT(detail.Properties, '$.InferenceProfileIdentifier') as inference_profile_identifier, + JSON_EXTRACT(detail.Properties, '$.InferenceProfileName') as inference_profile_name, + JSON_EXTRACT(detail.Properties, '$.ModelSource') as model_source, + JSON_EXTRACT(detail.Properties, '$.Models') as models, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Bedrock::ApplicationInferenceProfile' + AND detail.data__TypeName = 'AWS::Bedrock::ApplicationInferenceProfile' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'InferenceProfileArn') as inference_profile_arn, + json_extract_path_text(detail.Properties, 'InferenceProfileId') as inference_profile_id, + json_extract_path_text(detail.Properties, 'InferenceProfileIdentifier') as inference_profile_identifier, + json_extract_path_text(detail.Properties, 'InferenceProfileName') as inference_profile_name, + json_extract_path_text(detail.Properties, 'ModelSource') as model_source, + json_extract_path_text(detail.Properties, 'Models') as models, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Bedrock::ApplicationInferenceProfile' + AND detail.data__TypeName = 'AWS::Bedrock::ApplicationInferenceProfile' + AND listing.region = 'us-east-1' + data_sources: + name: data_sources + id: aws.bedrock.data_sources + x-cfn-schema-name: DataSource + x-cfn-type-name: AWS::Bedrock::DataSource + x-identifiers: + - KnowledgeBaseId + - DataSourceId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DataSource&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::DataSource" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::DataSource" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::DataSource" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/data_sources/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/data_sources/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/data_sources/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DataSourceConfiguration') as data_source_configuration, + JSON_EXTRACT(Properties, '$.DataSourceId') as data_source_id, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id, + JSON_EXTRACT(Properties, '$.DataSourceStatus') as data_source_status, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + JSON_EXTRACT(Properties, '$.VectorIngestionConfiguration') as vector_ingestion_configuration, + JSON_EXTRACT(Properties, '$.DataDeletionPolicy') as data_deletion_policy, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.FailureReasons') as failure_reasons + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::DataSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.DataSourceConfiguration') as data_source_configuration, + JSON_EXTRACT(detail.Properties, '$.DataSourceId') as data_source_id, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseId') as knowledge_base_id, + JSON_EXTRACT(detail.Properties, '$.DataSourceStatus') as data_source_status, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + JSON_EXTRACT(detail.Properties, '$.VectorIngestionConfiguration') as vector_ingestion_configuration, + JSON_EXTRACT(detail.Properties, '$.DataDeletionPolicy') as data_deletion_policy, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(detail.Properties, '$.FailureReasons') as failure_reasons + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Bedrock::DataSource' + AND detail.data__TypeName = 'AWS::Bedrock::DataSource' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DataSourceConfiguration') as data_source_configuration, + json_extract_path_text(Properties, 'DataSourceId') as data_source_id, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id, + json_extract_path_text(Properties, 'DataSourceStatus') as data_source_status, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + json_extract_path_text(Properties, 'VectorIngestionConfiguration') as vector_ingestion_configuration, + json_extract_path_text(Properties, 'DataDeletionPolicy') as data_deletion_policy, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'FailureReasons') as failure_reasons + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::DataSource' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'DataSourceConfiguration') as data_source_configuration, + json_extract_path_text(detail.Properties, 'DataSourceId') as data_source_id, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'KnowledgeBaseId') as knowledge_base_id, + json_extract_path_text(detail.Properties, 'DataSourceStatus') as data_source_status, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + json_extract_path_text(detail.Properties, 'VectorIngestionConfiguration') as vector_ingestion_configuration, + json_extract_path_text(detail.Properties, 'DataDeletionPolicy') as data_deletion_policy, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(detail.Properties, 'FailureReasons') as failure_reasons + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Bedrock::DataSource' + AND detail.data__TypeName = 'AWS::Bedrock::DataSource' + AND listing.region = 'us-east-1' + data_sources_list_only: + name: data_sources_list_only + id: aws.bedrock.data_sources_list_only + x-cfn-schema-name: DataSource + x-cfn-type-name: AWS::Bedrock::DataSource + x-identifiers: + - KnowledgeBaseId + - DataSourceId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id, + JSON_EXTRACT(Properties, '$.DataSourceId') as data_source_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::DataSource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id, + json_extract_path_text(Properties, 'DataSourceId') as data_source_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::DataSource' + AND region = 'us-east-1' + flows: + name: flows + id: aws.bedrock.flows + x-cfn-schema-name: Flow + x-cfn-type-name: AWS::Bedrock::Flow + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Flow&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::Flow" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::Flow" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::Flow" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/flows/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/flows/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/flows/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Definition') as definition, + JSON_EXTRACT(Properties, '$.DefinitionString') as definition_string, + JSON_EXTRACT(Properties, '$.DefinitionS3Location') as definition_s3_location, + JSON_EXTRACT(Properties, '$.DefinitionSubstitutions') as definition_substitutions, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(Properties, '$.Validations') as validations, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TestAliasTags') as test_alias_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Flow' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Definition') as definition, + JSON_EXTRACT(detail.Properties, '$.DefinitionString') as definition_string, + JSON_EXTRACT(detail.Properties, '$.DefinitionS3Location') as definition_s3_location, + JSON_EXTRACT(detail.Properties, '$.DefinitionSubstitutions') as definition_substitutions, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(detail.Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(detail.Properties, '$.Validations') as validations, + JSON_EXTRACT(detail.Properties, '$.Version') as version, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.TestAliasTags') as test_alias_tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Bedrock::Flow' + AND detail.data__TypeName = 'AWS::Bedrock::Flow' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Definition') as definition, + json_extract_path_text(Properties, 'DefinitionString') as definition_string, + json_extract_path_text(Properties, 'DefinitionS3Location') as definition_s3_location, + json_extract_path_text(Properties, 'DefinitionSubstitutions') as definition_substitutions, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(Properties, 'Validations') as validations, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TestAliasTags') as test_alias_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Flow' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Definition') as definition, + json_extract_path_text(detail.Properties, 'DefinitionString') as definition_string, + json_extract_path_text(detail.Properties, 'DefinitionS3Location') as definition_s3_location, + json_extract_path_text(detail.Properties, 'DefinitionSubstitutions') as definition_substitutions, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(detail.Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(detail.Properties, 'Validations') as validations, + json_extract_path_text(detail.Properties, 'Version') as version, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'TestAliasTags') as test_alias_tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Bedrock::Flow' + AND detail.data__TypeName = 'AWS::Bedrock::Flow' + AND listing.region = 'us-east-1' + flows_list_only: + name: flows_list_only + id: aws.bedrock.flows_list_only + x-cfn-schema-name: Flow + x-cfn-type-name: AWS::Bedrock::Flow + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Flow' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Flow' + AND region = 'us-east-1' + flow_tags: + name: flow_tags + id: aws.bedrock.flow_tags + x-cfn-schema-name: Flow + x-cfn-type-name: AWS::Bedrock::Flow + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Definition') as definition, + JSON_EXTRACT(detail.Properties, '$.DefinitionString') as definition_string, + JSON_EXTRACT(detail.Properties, '$.DefinitionS3Location') as definition_s3_location, + JSON_EXTRACT(detail.Properties, '$.DefinitionSubstitutions') as definition_substitutions, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(detail.Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(detail.Properties, '$.Validations') as validations, + JSON_EXTRACT(detail.Properties, '$.Version') as version, + JSON_EXTRACT(detail.Properties, '$.TestAliasTags') as test_alias_tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Bedrock::Flow' + AND detail.data__TypeName = 'AWS::Bedrock::Flow' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Definition') as definition, + json_extract_path_text(detail.Properties, 'DefinitionString') as definition_string, + json_extract_path_text(detail.Properties, 'DefinitionS3Location') as definition_s3_location, + json_extract_path_text(detail.Properties, 'DefinitionSubstitutions') as definition_substitutions, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(detail.Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(detail.Properties, 'Validations') as validations, + json_extract_path_text(detail.Properties, 'Version') as version, + json_extract_path_text(detail.Properties, 'TestAliasTags') as test_alias_tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Bedrock::Flow' + AND detail.data__TypeName = 'AWS::Bedrock::Flow' + AND listing.region = 'us-east-1' + flow_aliases: + name: flow_aliases + id: aws.bedrock.flow_aliases + x-cfn-schema-name: FlowAlias + x-cfn-type-name: AWS::Bedrock::FlowAlias + x-identifiers: + - Arn + - FlowArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__FlowAlias&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::FlowAlias" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::FlowAlias" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::FlowAlias" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/flow_aliases/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/flow_aliases/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/flow_aliases/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.FlowArn') as flow_arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FlowId') as flow_id, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RoutingConfiguration') as routing_configuration, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::FlowAlias' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.FlowArn') as flow_arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.FlowId') as flow_id, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.RoutingConfiguration') as routing_configuration, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Bedrock::FlowAlias' + AND detail.data__TypeName = 'AWS::Bedrock::FlowAlias' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'FlowArn') as flow_arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FlowId') as flow_id, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RoutingConfiguration') as routing_configuration, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::FlowAlias' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'FlowArn') as flow_arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'FlowId') as flow_id, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'RoutingConfiguration') as routing_configuration, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Bedrock::FlowAlias' + AND detail.data__TypeName = 'AWS::Bedrock::FlowAlias' + AND listing.region = 'us-east-1' + flow_aliases_list_only: + name: flow_aliases_list_only + id: aws.bedrock.flow_aliases_list_only + x-cfn-schema-name: FlowAlias + x-cfn-type-name: AWS::Bedrock::FlowAlias + x-identifiers: + - Arn + - FlowArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.FlowArn') as flow_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::FlowAlias' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'FlowArn') as flow_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::FlowAlias' + AND region = 'us-east-1' + flow_alias_tags: + name: flow_alias_tags + id: aws.bedrock.flow_alias_tags + x-cfn-schema-name: FlowAlias + x-cfn-type-name: AWS::Bedrock::FlowAlias + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.FlowArn') as flow_arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.FlowId') as flow_id, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.RoutingConfiguration') as routing_configuration, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Bedrock::FlowAlias' + AND detail.data__TypeName = 'AWS::Bedrock::FlowAlias' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'FlowArn') as flow_arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'FlowId') as flow_id, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'RoutingConfiguration') as routing_configuration, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Bedrock::FlowAlias' + AND detail.data__TypeName = 'AWS::Bedrock::FlowAlias' + AND listing.region = 'us-east-1' + flow_versions: + name: flow_versions + id: aws.bedrock.flow_versions + x-cfn-schema-name: FlowVersion + x-cfn-type-name: AWS::Bedrock::FlowVersion + x-identifiers: + - FlowArn + - Version x-type: cloud_control methods: create_resource: @@ -2608,12 +6840,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Agent&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__FlowVersion&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::Agent" + "TypeName": "AWS::Bedrock::FlowVersion" } response: mediaType: application/json @@ -2625,7 +6857,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::Agent" + "TypeName": "AWS::Bedrock::FlowVersion" } response: mediaType: application/json @@ -2637,18 +6869,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::Agent" + "TypeName": "AWS::Bedrock::FlowVersion" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/agents/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/flow_versions/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/agents/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/flow_versions/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/agents/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/flow_versions/methods/update_resource' config: views: select: @@ -2657,66 +6889,40 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.ActionGroups') as action_groups, - JSON_EXTRACT(Properties, '$.AgentArn') as agent_arn, - JSON_EXTRACT(Properties, '$.AgentId') as agent_id, - JSON_EXTRACT(Properties, '$.AgentName') as agent_name, - JSON_EXTRACT(Properties, '$.AgentResourceRoleArn') as agent_resource_role_arn, - JSON_EXTRACT(Properties, '$.AgentStatus') as agent_status, - JSON_EXTRACT(Properties, '$.AgentVersion') as agent_version, - JSON_EXTRACT(Properties, '$.AutoPrepare') as auto_prepare, + JSON_EXTRACT(Properties, '$.FlowArn') as flow_arn, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, - JSON_EXTRACT(Properties, '$.SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, + JSON_EXTRACT(Properties, '$.Definition') as definition, JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.FailureReasons') as failure_reasons, - JSON_EXTRACT(Properties, '$.FoundationModel') as foundation_model, - JSON_EXTRACT(Properties, '$.IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, - JSON_EXTRACT(Properties, '$.Instruction') as instruction, - JSON_EXTRACT(Properties, '$.KnowledgeBases') as knowledge_bases, - JSON_EXTRACT(Properties, '$.PreparedAt') as prepared_at, - JSON_EXTRACT(Properties, '$.PromptOverrideConfiguration') as prompt_override_configuration, - JSON_EXTRACT(Properties, '$.RecommendedActions') as recommended_actions, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.TestAliasTags') as test_alias_tags, - JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Agent' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(Properties, '$.FlowId') as flow_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::FlowVersion' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.ActionGroups') as action_groups, - JSON_EXTRACT(detail.Properties, '$.AgentArn') as agent_arn, - JSON_EXTRACT(detail.Properties, '$.AgentId') as agent_id, - JSON_EXTRACT(detail.Properties, '$.AgentName') as agent_name, - JSON_EXTRACT(detail.Properties, '$.AgentResourceRoleArn') as agent_resource_role_arn, - JSON_EXTRACT(detail.Properties, '$.AgentStatus') as agent_status, - JSON_EXTRACT(detail.Properties, '$.AgentVersion') as agent_version, - JSON_EXTRACT(detail.Properties, '$.AutoPrepare') as auto_prepare, + JSON_EXTRACT(detail.Properties, '$.FlowArn') as flow_arn, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(detail.Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, - JSON_EXTRACT(detail.Properties, '$.SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, + JSON_EXTRACT(detail.Properties, '$.Definition') as definition, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.FailureReasons') as failure_reasons, - JSON_EXTRACT(detail.Properties, '$.FoundationModel') as foundation_model, - JSON_EXTRACT(detail.Properties, '$.IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, - JSON_EXTRACT(detail.Properties, '$.Instruction') as instruction, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBases') as knowledge_bases, - JSON_EXTRACT(detail.Properties, '$.PreparedAt') as prepared_at, - JSON_EXTRACT(detail.Properties, '$.PromptOverrideConfiguration') as prompt_override_configuration, - JSON_EXTRACT(detail.Properties, '$.RecommendedActions') as recommended_actions, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.TestAliasTags') as test_alias_tags, - JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + JSON_EXTRACT(detail.Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(detail.Properties, '$.FlowId') as flow_id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.Version') as version, + JSON_EXTRACT(detail.Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Bedrock::Agent' - AND detail.data__TypeName = 'AWS::Bedrock::Agent' + WHERE listing.data__TypeName = 'AWS::Bedrock::FlowVersion' + AND detail.data__TypeName = 'AWS::Bedrock::FlowVersion' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -2724,74 +6930,49 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'ActionGroups') as action_groups, - json_extract_path_text(Properties, 'AgentArn') as agent_arn, - json_extract_path_text(Properties, 'AgentId') as agent_id, - json_extract_path_text(Properties, 'AgentName') as agent_name, - json_extract_path_text(Properties, 'AgentResourceRoleArn') as agent_resource_role_arn, - json_extract_path_text(Properties, 'AgentStatus') as agent_status, - json_extract_path_text(Properties, 'AgentVersion') as agent_version, - json_extract_path_text(Properties, 'AutoPrepare') as auto_prepare, + json_extract_path_text(Properties, 'FlowArn') as flow_arn, json_extract_path_text(Properties, 'CreatedAt') as created_at, - json_extract_path_text(Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, - json_extract_path_text(Properties, 'SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, + json_extract_path_text(Properties, 'Definition') as definition, json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'FailureReasons') as failure_reasons, - json_extract_path_text(Properties, 'FoundationModel') as foundation_model, - json_extract_path_text(Properties, 'IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, - json_extract_path_text(Properties, 'Instruction') as instruction, - json_extract_path_text(Properties, 'KnowledgeBases') as knowledge_bases, - json_extract_path_text(Properties, 'PreparedAt') as prepared_at, - json_extract_path_text(Properties, 'PromptOverrideConfiguration') as prompt_override_configuration, - json_extract_path_text(Properties, 'RecommendedActions') as recommended_actions, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'TestAliasTags') as test_alias_tags, - json_extract_path_text(Properties, 'UpdatedAt') as updated_at - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Agent' - AND data__Identifier = '' + json_extract_path_text(Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(Properties, 'FlowId') as flow_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::FlowVersion' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'ActionGroups') as action_groups, - json_extract_path_text(detail.Properties, 'AgentArn') as agent_arn, - json_extract_path_text(detail.Properties, 'AgentId') as agent_id, - json_extract_path_text(detail.Properties, 'AgentName') as agent_name, - json_extract_path_text(detail.Properties, 'AgentResourceRoleArn') as agent_resource_role_arn, - json_extract_path_text(detail.Properties, 'AgentStatus') as agent_status, - json_extract_path_text(detail.Properties, 'AgentVersion') as agent_version, - json_extract_path_text(detail.Properties, 'AutoPrepare') as auto_prepare, + json_extract_path_text(detail.Properties, 'FlowArn') as flow_arn, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, - json_extract_path_text(detail.Properties, 'SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, + json_extract_path_text(detail.Properties, 'Definition') as definition, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'FailureReasons') as failure_reasons, - json_extract_path_text(detail.Properties, 'FoundationModel') as foundation_model, - json_extract_path_text(detail.Properties, 'IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, - json_extract_path_text(detail.Properties, 'Instruction') as instruction, - json_extract_path_text(detail.Properties, 'KnowledgeBases') as knowledge_bases, - json_extract_path_text(detail.Properties, 'PreparedAt') as prepared_at, - json_extract_path_text(detail.Properties, 'PromptOverrideConfiguration') as prompt_override_configuration, - json_extract_path_text(detail.Properties, 'RecommendedActions') as recommended_actions, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'TestAliasTags') as test_alias_tags, - json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + json_extract_path_text(detail.Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(detail.Properties, 'FlowId') as flow_id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'Version') as version, + json_extract_path_text(detail.Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Bedrock::Agent' - AND detail.data__TypeName = 'AWS::Bedrock::Agent' + WHERE listing.data__TypeName = 'AWS::Bedrock::FlowVersion' + AND detail.data__TypeName = 'AWS::Bedrock::FlowVersion' AND listing.region = 'us-east-1' - agents_list_only: - name: agents_list_only - id: aws.bedrock.agents_list_only - x-cfn-schema-name: Agent - x-cfn-type-name: AWS::Bedrock::Agent + flow_versions_list_only: + name: flow_versions_list_only + id: aws.bedrock.flow_versions_list_only + x-cfn-schema-name: FlowVersion + x-cfn-type-name: AWS::Bedrock::FlowVersion x-identifiers: - - AgentId + - FlowArn + - Version x-type: cloud_control_view methods: {} sqlVerbs: @@ -2805,112 +6986,26 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.AgentId') as agent_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Agent' + JSON_EXTRACT(Properties, '$.FlowArn') as flow_arn, + JSON_EXTRACT(Properties, '$.Version') as version + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::FlowVersion' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'AgentId') as agent_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Agent' + json_extract_path_text(Properties, 'FlowArn') as flow_arn, + json_extract_path_text(Properties, 'Version') as version + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::FlowVersion' AND region = 'us-east-1' - agent_tags: - name: agent_tags - id: aws.bedrock.agent_tags - x-cfn-schema-name: Agent - x-cfn-type-name: AWS::Bedrock::Agent - x-type: cloud_control_view - methods: {} - sqlVerbs: - insert: [] - delete: [] - update: [] - config: - views: - select: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - detail.region, - JSON_EXTRACT(json_each.value, '$.Key') as tag_key, - JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.ActionGroups') as action_groups, - JSON_EXTRACT(detail.Properties, '$.AgentArn') as agent_arn, - JSON_EXTRACT(detail.Properties, '$.AgentId') as agent_id, - JSON_EXTRACT(detail.Properties, '$.AgentName') as agent_name, - JSON_EXTRACT(detail.Properties, '$.AgentResourceRoleArn') as agent_resource_role_arn, - JSON_EXTRACT(detail.Properties, '$.AgentStatus') as agent_status, - JSON_EXTRACT(detail.Properties, '$.AgentVersion') as agent_version, - JSON_EXTRACT(detail.Properties, '$.AutoPrepare') as auto_prepare, - JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(detail.Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, - JSON_EXTRACT(detail.Properties, '$.SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.FailureReasons') as failure_reasons, - JSON_EXTRACT(detail.Properties, '$.FoundationModel') as foundation_model, - JSON_EXTRACT(detail.Properties, '$.IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, - JSON_EXTRACT(detail.Properties, '$.Instruction') as instruction, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBases') as knowledge_bases, - JSON_EXTRACT(detail.Properties, '$.PreparedAt') as prepared_at, - JSON_EXTRACT(detail.Properties, '$.PromptOverrideConfiguration') as prompt_override_configuration, - JSON_EXTRACT(detail.Properties, '$.RecommendedActions') as recommended_actions, - JSON_EXTRACT(detail.Properties, '$.TestAliasTags') as test_alias_tags, - JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::Bedrock::Agent' - AND detail.data__TypeName = 'AWS::Bedrock::Agent' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(json_each.value, 'Key') as tag_key, - json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'ActionGroups') as action_groups, - json_extract_path_text(detail.Properties, 'AgentArn') as agent_arn, - json_extract_path_text(detail.Properties, 'AgentId') as agent_id, - json_extract_path_text(detail.Properties, 'AgentName') as agent_name, - json_extract_path_text(detail.Properties, 'AgentResourceRoleArn') as agent_resource_role_arn, - json_extract_path_text(detail.Properties, 'AgentStatus') as agent_status, - json_extract_path_text(detail.Properties, 'AgentVersion') as agent_version, - json_extract_path_text(detail.Properties, 'AutoPrepare') as auto_prepare, - json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, - json_extract_path_text(detail.Properties, 'SkipResourceInUseCheckOnDelete') as skip_resource_in_use_check_on_delete, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'FailureReasons') as failure_reasons, - json_extract_path_text(detail.Properties, 'FoundationModel') as foundation_model, - json_extract_path_text(detail.Properties, 'IdleSessionTTLInSeconds') as idle_session_ttl_in_seconds, - json_extract_path_text(detail.Properties, 'Instruction') as instruction, - json_extract_path_text(detail.Properties, 'KnowledgeBases') as knowledge_bases, - json_extract_path_text(detail.Properties, 'PreparedAt') as prepared_at, - json_extract_path_text(detail.Properties, 'PromptOverrideConfiguration') as prompt_override_configuration, - json_extract_path_text(detail.Properties, 'RecommendedActions') as recommended_actions, - json_extract_path_text(detail.Properties, 'TestAliasTags') as test_alias_tags, - json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::Bedrock::Agent' - AND detail.data__TypeName = 'AWS::Bedrock::Agent' - AND listing.region = 'us-east-1' - agent_aliases: - name: agent_aliases - id: aws.bedrock.agent_aliases - x-cfn-schema-name: AgentAlias - x-cfn-type-name: AWS::Bedrock::AgentAlias + guardrails: + name: guardrails + id: aws.bedrock.guardrails + x-cfn-schema-name: Guardrail + x-cfn-type-name: AWS::Bedrock::Guardrail x-identifiers: - - AgentId - - AgentAliasId + - GuardrailArn x-type: cloud_control methods: create_resource: @@ -2918,12 +7013,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AgentAlias&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Guardrail&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::AgentAlias" + "TypeName": "AWS::Bedrock::Guardrail" } response: mediaType: application/json @@ -2935,7 +7030,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::AgentAlias" + "TypeName": "AWS::Bedrock::Guardrail" } response: mediaType: application/json @@ -2947,18 +7042,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::AgentAlias" + "TypeName": "AWS::Bedrock::Guardrail" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/agent_aliases/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/guardrails/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/agent_aliases/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/guardrails/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/agent_aliases/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/guardrails/methods/update_resource' config: views: select: @@ -2967,42 +7062,58 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.AgentAliasArn') as agent_alias_arn, - JSON_EXTRACT(Properties, '$.AgentAliasHistoryEvents') as agent_alias_history_events, - JSON_EXTRACT(Properties, '$.AgentAliasId') as agent_alias_id, - JSON_EXTRACT(Properties, '$.AgentAliasName') as agent_alias_name, - JSON_EXTRACT(Properties, '$.AgentAliasStatus') as agent_alias_status, - JSON_EXTRACT(Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(Properties, '$.BlockedInputMessaging') as blocked_input_messaging, + JSON_EXTRACT(Properties, '$.BlockedOutputsMessaging') as blocked_outputs_messaging, + JSON_EXTRACT(Properties, '$.ContentPolicyConfig') as content_policy_config, + JSON_EXTRACT(Properties, '$.ContextualGroundingPolicyConfig') as contextual_grounding_policy_config, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.RoutingConfiguration') as routing_configuration, + JSON_EXTRACT(Properties, '$.FailureRecommendations') as failure_recommendations, + JSON_EXTRACT(Properties, '$.GuardrailArn') as guardrail_arn, + JSON_EXTRACT(Properties, '$.GuardrailId') as guardrail_id, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SensitiveInformationPolicyConfig') as sensitive_information_policy_config, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusReasons') as status_reasons, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::AgentAlias' - AND data__Identifier = '|' + JSON_EXTRACT(Properties, '$.TopicPolicyConfig') as topic_policy_config, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.WordPolicyConfig') as word_policy_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Guardrail' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.AgentAliasArn') as agent_alias_arn, - JSON_EXTRACT(detail.Properties, '$.AgentAliasHistoryEvents') as agent_alias_history_events, - JSON_EXTRACT(detail.Properties, '$.AgentAliasId') as agent_alias_id, - JSON_EXTRACT(detail.Properties, '$.AgentAliasName') as agent_alias_name, - JSON_EXTRACT(detail.Properties, '$.AgentAliasStatus') as agent_alias_status, - JSON_EXTRACT(detail.Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(detail.Properties, '$.BlockedInputMessaging') as blocked_input_messaging, + JSON_EXTRACT(detail.Properties, '$.BlockedOutputsMessaging') as blocked_outputs_messaging, + JSON_EXTRACT(detail.Properties, '$.ContentPolicyConfig') as content_policy_config, + JSON_EXTRACT(detail.Properties, '$.ContextualGroundingPolicyConfig') as contextual_grounding_policy_config, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.RoutingConfiguration') as routing_configuration, + JSON_EXTRACT(detail.Properties, '$.FailureRecommendations') as failure_recommendations, + JSON_EXTRACT(detail.Properties, '$.GuardrailArn') as guardrail_arn, + JSON_EXTRACT(detail.Properties, '$.GuardrailId') as guardrail_id, + JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.SensitiveInformationPolicyConfig') as sensitive_information_policy_config, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.StatusReasons') as status_reasons, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + JSON_EXTRACT(detail.Properties, '$.TopicPolicyConfig') as topic_policy_config, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(detail.Properties, '$.Version') as version, + JSON_EXTRACT(detail.Properties, '$.WordPolicyConfig') as word_policy_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Bedrock::AgentAlias' - AND detail.data__TypeName = 'AWS::Bedrock::AgentAlias' + WHERE listing.data__TypeName = 'AWS::Bedrock::Guardrail' + AND detail.data__TypeName = 'AWS::Bedrock::Guardrail' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -3010,51 +7121,66 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'AgentAliasArn') as agent_alias_arn, - json_extract_path_text(Properties, 'AgentAliasHistoryEvents') as agent_alias_history_events, - json_extract_path_text(Properties, 'AgentAliasId') as agent_alias_id, - json_extract_path_text(Properties, 'AgentAliasName') as agent_alias_name, - json_extract_path_text(Properties, 'AgentAliasStatus') as agent_alias_status, - json_extract_path_text(Properties, 'AgentId') as agent_id, + json_extract_path_text(Properties, 'BlockedInputMessaging') as blocked_input_messaging, + json_extract_path_text(Properties, 'BlockedOutputsMessaging') as blocked_outputs_messaging, + json_extract_path_text(Properties, 'ContentPolicyConfig') as content_policy_config, + json_extract_path_text(Properties, 'ContextualGroundingPolicyConfig') as contextual_grounding_policy_config, json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'RoutingConfiguration') as routing_configuration, + json_extract_path_text(Properties, 'FailureRecommendations') as failure_recommendations, + json_extract_path_text(Properties, 'GuardrailArn') as guardrail_arn, + json_extract_path_text(Properties, 'GuardrailId') as guardrail_id, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SensitiveInformationPolicyConfig') as sensitive_information_policy_config, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusReasons') as status_reasons, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'UpdatedAt') as updated_at - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::AgentAlias' - AND data__Identifier = '|' + json_extract_path_text(Properties, 'TopicPolicyConfig') as topic_policy_config, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'WordPolicyConfig') as word_policy_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Guardrail' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'AgentAliasArn') as agent_alias_arn, - json_extract_path_text(detail.Properties, 'AgentAliasHistoryEvents') as agent_alias_history_events, - json_extract_path_text(detail.Properties, 'AgentAliasId') as agent_alias_id, - json_extract_path_text(detail.Properties, 'AgentAliasName') as agent_alias_name, - json_extract_path_text(detail.Properties, 'AgentAliasStatus') as agent_alias_status, - json_extract_path_text(detail.Properties, 'AgentId') as agent_id, + json_extract_path_text(detail.Properties, 'BlockedInputMessaging') as blocked_input_messaging, + json_extract_path_text(detail.Properties, 'BlockedOutputsMessaging') as blocked_outputs_messaging, + json_extract_path_text(detail.Properties, 'ContentPolicyConfig') as content_policy_config, + json_extract_path_text(detail.Properties, 'ContextualGroundingPolicyConfig') as contextual_grounding_policy_config, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'RoutingConfiguration') as routing_configuration, + json_extract_path_text(detail.Properties, 'FailureRecommendations') as failure_recommendations, + json_extract_path_text(detail.Properties, 'GuardrailArn') as guardrail_arn, + json_extract_path_text(detail.Properties, 'GuardrailId') as guardrail_id, + json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'SensitiveInformationPolicyConfig') as sensitive_information_policy_config, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'StatusReasons') as status_reasons, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + json_extract_path_text(detail.Properties, 'TopicPolicyConfig') as topic_policy_config, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(detail.Properties, 'Version') as version, + json_extract_path_text(detail.Properties, 'WordPolicyConfig') as word_policy_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Bedrock::AgentAlias' - AND detail.data__TypeName = 'AWS::Bedrock::AgentAlias' + WHERE listing.data__TypeName = 'AWS::Bedrock::Guardrail' + AND detail.data__TypeName = 'AWS::Bedrock::Guardrail' AND listing.region = 'us-east-1' - agent_aliases_list_only: - name: agent_aliases_list_only - id: aws.bedrock.agent_aliases_list_only - x-cfn-schema-name: AgentAlias - x-cfn-type-name: AWS::Bedrock::AgentAlias + guardrails_list_only: + name: guardrails_list_only + id: aws.bedrock.guardrails_list_only + x-cfn-schema-name: Guardrail + x-cfn-type-name: AWS::Bedrock::Guardrail x-identifiers: - - AgentId - - AgentAliasId + - GuardrailArn x-type: cloud_control_view methods: {} sqlVerbs: @@ -3068,24 +7194,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.AgentId') as agent_id, - JSON_EXTRACT(Properties, '$.AgentAliasId') as agent_alias_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::AgentAlias' + JSON_EXTRACT(Properties, '$.GuardrailArn') as guardrail_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Guardrail' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'AgentId') as agent_id, - json_extract_path_text(Properties, 'AgentAliasId') as agent_alias_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::AgentAlias' + json_extract_path_text(Properties, 'GuardrailArn') as guardrail_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Guardrail' AND region = 'us-east-1' - agent_alias_tags: - name: agent_alias_tags - id: aws.bedrock.agent_alias_tags - x-cfn-schema-name: AgentAlias - x-cfn-type-name: AWS::Bedrock::AgentAlias + guardrail_tags: + name: guardrail_tags + id: aws.bedrock.guardrail_tags + x-cfn-schema-name: Guardrail + x-cfn-type-name: AWS::Bedrock::Guardrail x-type: cloud_control_view methods: {} sqlVerbs: @@ -3101,23 +7225,31 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.AgentAliasArn') as agent_alias_arn, - JSON_EXTRACT(detail.Properties, '$.AgentAliasHistoryEvents') as agent_alias_history_events, - JSON_EXTRACT(detail.Properties, '$.AgentAliasId') as agent_alias_id, - JSON_EXTRACT(detail.Properties, '$.AgentAliasName') as agent_alias_name, - JSON_EXTRACT(detail.Properties, '$.AgentAliasStatus') as agent_alias_status, - JSON_EXTRACT(detail.Properties, '$.AgentId') as agent_id, + JSON_EXTRACT(detail.Properties, '$.BlockedInputMessaging') as blocked_input_messaging, + JSON_EXTRACT(detail.Properties, '$.BlockedOutputsMessaging') as blocked_outputs_messaging, + JSON_EXTRACT(detail.Properties, '$.ContentPolicyConfig') as content_policy_config, + JSON_EXTRACT(detail.Properties, '$.ContextualGroundingPolicyConfig') as contextual_grounding_policy_config, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.RoutingConfiguration') as routing_configuration, - JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + JSON_EXTRACT(detail.Properties, '$.FailureRecommendations') as failure_recommendations, + JSON_EXTRACT(detail.Properties, '$.GuardrailArn') as guardrail_arn, + JSON_EXTRACT(detail.Properties, '$.GuardrailId') as guardrail_id, + JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.SensitiveInformationPolicyConfig') as sensitive_information_policy_config, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.StatusReasons') as status_reasons, + JSON_EXTRACT(detail.Properties, '$.TopicPolicyConfig') as topic_policy_config, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(detail.Properties, '$.Version') as version, + JSON_EXTRACT(detail.Properties, '$.WordPolicyConfig') as word_policy_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::Bedrock::AgentAlias' - AND detail.data__TypeName = 'AWS::Bedrock::AgentAlias' + WHERE listing.data__TypeName = 'AWS::Bedrock::Guardrail' + AND detail.data__TypeName = 'AWS::Bedrock::Guardrail' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -3126,32 +7258,112 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'AgentAliasArn') as agent_alias_arn, - json_extract_path_text(detail.Properties, 'AgentAliasHistoryEvents') as agent_alias_history_events, - json_extract_path_text(detail.Properties, 'AgentAliasId') as agent_alias_id, - json_extract_path_text(detail.Properties, 'AgentAliasName') as agent_alias_name, - json_extract_path_text(detail.Properties, 'AgentAliasStatus') as agent_alias_status, - json_extract_path_text(detail.Properties, 'AgentId') as agent_id, + json_extract_path_text(detail.Properties, 'BlockedInputMessaging') as blocked_input_messaging, + json_extract_path_text(detail.Properties, 'BlockedOutputsMessaging') as blocked_outputs_messaging, + json_extract_path_text(detail.Properties, 'ContentPolicyConfig') as content_policy_config, + json_extract_path_text(detail.Properties, 'ContextualGroundingPolicyConfig') as contextual_grounding_policy_config, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'RoutingConfiguration') as routing_configuration, - json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + json_extract_path_text(detail.Properties, 'FailureRecommendations') as failure_recommendations, + json_extract_path_text(detail.Properties, 'GuardrailArn') as guardrail_arn, + json_extract_path_text(detail.Properties, 'GuardrailId') as guardrail_id, + json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'SensitiveInformationPolicyConfig') as sensitive_information_policy_config, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'StatusReasons') as status_reasons, + json_extract_path_text(detail.Properties, 'TopicPolicyConfig') as topic_policy_config, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(detail.Properties, 'Version') as version, + json_extract_path_text(detail.Properties, 'WordPolicyConfig') as word_policy_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::Bedrock::AgentAlias' - AND detail.data__TypeName = 'AWS::Bedrock::AgentAlias' + WHERE listing.data__TypeName = 'AWS::Bedrock::Guardrail' + AND detail.data__TypeName = 'AWS::Bedrock::Guardrail' AND listing.region = 'us-east-1' - data_sources: - name: data_sources - id: aws.bedrock.data_sources - x-cfn-schema-name: DataSource - x-cfn-type-name: AWS::Bedrock::DataSource + guardrail_versions: + name: guardrail_versions + id: aws.bedrock.guardrail_versions + x-cfn-schema-name: GuardrailVersion + x-cfn-type-name: AWS::Bedrock::GuardrailVersion + x-identifiers: + - GuardrailId + - Version + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__GuardrailVersion&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::GuardrailVersion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Bedrock::GuardrailVersion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/guardrail_versions/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/guardrail_versions/methods/delete_resource' + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.GuardrailArn') as guardrail_arn, + JSON_EXTRACT(Properties, '$.GuardrailId') as guardrail_id, + JSON_EXTRACT(Properties, '$.GuardrailIdentifier') as guardrail_identifier, + JSON_EXTRACT(Properties, '$.Version') as version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::GuardrailVersion' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'GuardrailArn') as guardrail_arn, + json_extract_path_text(Properties, 'GuardrailId') as guardrail_id, + json_extract_path_text(Properties, 'GuardrailIdentifier') as guardrail_identifier, + json_extract_path_text(Properties, 'Version') as version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::GuardrailVersion' + AND data__Identifier = '|' + AND region = 'us-east-1' + knowledge_bases: + name: knowledge_bases + id: aws.bedrock.knowledge_bases + x-cfn-schema-name: KnowledgeBase + x-cfn-type-name: AWS::Bedrock::KnowledgeBase x-identifiers: - KnowledgeBaseId - - DataSourceId x-type: cloud_control methods: create_resource: @@ -3159,12 +7371,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DataSource&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__KnowledgeBase&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::DataSource" + "TypeName": "AWS::Bedrock::KnowledgeBase" } response: mediaType: application/json @@ -3176,7 +7388,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::DataSource" + "TypeName": "AWS::Bedrock::KnowledgeBase" } response: mediaType: application/json @@ -3188,18 +7400,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::DataSource" + "TypeName": "AWS::Bedrock::KnowledgeBase" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/data_sources/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/knowledge_bases/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/data_sources/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/knowledge_bases/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/data_sources/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/knowledge_bases/methods/update_resource' config: views: select: @@ -3208,44 +7420,44 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.DataSourceConfiguration') as data_source_configuration, - JSON_EXTRACT(Properties, '$.DataSourceId') as data_source_id, JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.KnowledgeBaseConfiguration') as knowledge_base_configuration, JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id, - JSON_EXTRACT(Properties, '$.DataSourceStatus') as data_source_status, + JSON_EXTRACT(Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - JSON_EXTRACT(Properties, '$.VectorIngestionConfiguration') as vector_ingestion_configuration, - JSON_EXTRACT(Properties, '$.DataDeletionPolicy') as data_deletion_policy, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.FailureReasons') as failure_reasons, JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, - JSON_EXTRACT(Properties, '$.FailureReasons') as failure_reasons - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::DataSource' - AND data__Identifier = '|' + JSON_EXTRACT(Properties, '$.StorageConfiguration') as storage_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::KnowledgeBase' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.DataSourceConfiguration') as data_source_configuration, - JSON_EXTRACT(detail.Properties, '$.DataSourceId') as data_source_id, JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseConfiguration') as knowledge_base_configuration, JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseId') as knowledge_base_id, - JSON_EXTRACT(detail.Properties, '$.DataSourceStatus') as data_source_status, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - JSON_EXTRACT(detail.Properties, '$.VectorIngestionConfiguration') as vector_ingestion_configuration, - JSON_EXTRACT(detail.Properties, '$.DataDeletionPolicy') as data_deletion_policy, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.FailureReasons') as failure_reasons, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, - JSON_EXTRACT(detail.Properties, '$.FailureReasons') as failure_reasons + JSON_EXTRACT(detail.Properties, '$.StorageConfiguration') as storage_configuration, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Bedrock::DataSource' - AND detail.data__TypeName = 'AWS::Bedrock::DataSource' + WHERE listing.data__TypeName = 'AWS::Bedrock::KnowledgeBase' + AND detail.data__TypeName = 'AWS::Bedrock::KnowledgeBase' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -3253,53 +7465,52 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'DataSourceConfiguration') as data_source_configuration, - json_extract_path_text(Properties, 'DataSourceId') as data_source_id, json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'KnowledgeBaseConfiguration') as knowledge_base_configuration, json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id, - json_extract_path_text(Properties, 'DataSourceStatus') as data_source_status, + json_extract_path_text(Properties, 'KnowledgeBaseArn') as knowledge_base_arn, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - json_extract_path_text(Properties, 'VectorIngestionConfiguration') as vector_ingestion_configuration, - json_extract_path_text(Properties, 'DataDeletionPolicy') as data_deletion_policy, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'RoleArn') as role_arn, json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'FailureReasons') as failure_reasons, json_extract_path_text(Properties, 'UpdatedAt') as updated_at, - json_extract_path_text(Properties, 'FailureReasons') as failure_reasons - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::DataSource' - AND data__Identifier = '|' + json_extract_path_text(Properties, 'StorageConfiguration') as storage_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::KnowledgeBase' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'DataSourceConfiguration') as data_source_configuration, - json_extract_path_text(detail.Properties, 'DataSourceId') as data_source_id, json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'KnowledgeBaseConfiguration') as knowledge_base_configuration, json_extract_path_text(detail.Properties, 'KnowledgeBaseId') as knowledge_base_id, - json_extract_path_text(detail.Properties, 'DataSourceStatus') as data_source_status, + json_extract_path_text(detail.Properties, 'KnowledgeBaseArn') as knowledge_base_arn, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - json_extract_path_text(detail.Properties, 'VectorIngestionConfiguration') as vector_ingestion_configuration, - json_extract_path_text(detail.Properties, 'DataDeletionPolicy') as data_deletion_policy, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'FailureReasons') as failure_reasons, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, - json_extract_path_text(detail.Properties, 'FailureReasons') as failure_reasons + json_extract_path_text(detail.Properties, 'StorageConfiguration') as storage_configuration, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Bedrock::DataSource' - AND detail.data__TypeName = 'AWS::Bedrock::DataSource' + WHERE listing.data__TypeName = 'AWS::Bedrock::KnowledgeBase' + AND detail.data__TypeName = 'AWS::Bedrock::KnowledgeBase' AND listing.region = 'us-east-1' - data_sources_list_only: - name: data_sources_list_only - id: aws.bedrock.data_sources_list_only - x-cfn-schema-name: DataSource - x-cfn-type-name: AWS::Bedrock::DataSource + knowledge_bases_list_only: + name: knowledge_bases_list_only + id: aws.bedrock.knowledge_bases_list_only + x-cfn-schema-name: KnowledgeBase + x-cfn-type-name: AWS::Bedrock::KnowledgeBase x-identifiers: - KnowledgeBaseId - - DataSourceId x-type: cloud_control_view methods: {} sqlVerbs: @@ -3313,26 +7524,89 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id, - JSON_EXTRACT(Properties, '$.DataSourceId') as data_source_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::DataSource' + JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::KnowledgeBase' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id, - json_extract_path_text(Properties, 'DataSourceId') as data_source_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::DataSource' + json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::KnowledgeBase' AND region = 'us-east-1' - guardrails: - name: guardrails - id: aws.bedrock.guardrails - x-cfn-schema-name: Guardrail - x-cfn-type-name: AWS::Bedrock::Guardrail + knowledge_base_tags: + name: knowledge_base_tags + id: aws.bedrock.knowledge_base_tags + x-cfn-schema-name: KnowledgeBase + x-cfn-type-name: AWS::Bedrock::KnowledgeBase + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseConfiguration') as knowledge_base_configuration, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseId') as knowledge_base_id, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.FailureReasons') as failure_reasons, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(detail.Properties, '$.StorageConfiguration') as storage_configuration + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Bedrock::KnowledgeBase' + AND detail.data__TypeName = 'AWS::Bedrock::KnowledgeBase' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'KnowledgeBaseConfiguration') as knowledge_base_configuration, + json_extract_path_text(detail.Properties, 'KnowledgeBaseId') as knowledge_base_id, + json_extract_path_text(detail.Properties, 'KnowledgeBaseArn') as knowledge_base_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'FailureReasons') as failure_reasons, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(detail.Properties, 'StorageConfiguration') as storage_configuration + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Bedrock::KnowledgeBase' + AND detail.data__TypeName = 'AWS::Bedrock::KnowledgeBase' + AND listing.region = 'us-east-1' + prompts: + name: prompts + id: aws.bedrock.prompts + x-cfn-schema-name: Prompt + x-cfn-type-name: AWS::Bedrock::Prompt x-identifiers: - - GuardrailArn + - Arn x-type: cloud_control methods: create_resource: @@ -3340,12 +7614,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Guardrail&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Prompt&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::Guardrail" + "TypeName": "AWS::Bedrock::Prompt" } response: mediaType: application/json @@ -3357,7 +7631,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::Guardrail" + "TypeName": "AWS::Bedrock::Prompt" } response: mediaType: application/json @@ -3369,18 +7643,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::Guardrail" + "TypeName": "AWS::Bedrock::Prompt" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/guardrails/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/prompts/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/guardrails/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/prompts/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/guardrails/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/prompts/methods/update_resource' config: views: select: @@ -3389,56 +7663,42 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.BlockedInputMessaging') as blocked_input_messaging, - JSON_EXTRACT(Properties, '$.BlockedOutputsMessaging') as blocked_outputs_messaging, - JSON_EXTRACT(Properties, '$.ContentPolicyConfig') as content_policy_config, + JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.DefaultVariant') as default_variant, JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.FailureRecommendations') as failure_recommendations, - JSON_EXTRACT(Properties, '$.GuardrailArn') as guardrail_arn, - JSON_EXTRACT(Properties, '$.GuardrailId') as guardrail_id, - JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.Id') as id, JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.SensitiveInformationPolicyConfig') as sensitive_information_policy_config, - JSON_EXTRACT(Properties, '$.Status') as status, - JSON_EXTRACT(Properties, '$.StatusReasons') as status_reasons, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.TopicPolicyConfig') as topic_policy_config, JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, - JSON_EXTRACT(Properties, '$.Version') as version, - JSON_EXTRACT(Properties, '$.WordPolicyConfig') as word_policy_config - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Guardrail' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.Variants') as variants, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(Properties, '$.Version') as version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Prompt' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.BlockedInputMessaging') as blocked_input_messaging, - JSON_EXTRACT(detail.Properties, '$.BlockedOutputsMessaging') as blocked_outputs_messaging, - JSON_EXTRACT(detail.Properties, '$.ContentPolicyConfig') as content_policy_config, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.DefaultVariant') as default_variant, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.FailureRecommendations') as failure_recommendations, - JSON_EXTRACT(detail.Properties, '$.GuardrailArn') as guardrail_arn, - JSON_EXTRACT(detail.Properties, '$.GuardrailId') as guardrail_id, - JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.SensitiveInformationPolicyConfig') as sensitive_information_policy_config, - JSON_EXTRACT(detail.Properties, '$.Status') as status, - JSON_EXTRACT(detail.Properties, '$.StatusReasons') as status_reasons, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.TopicPolicyConfig') as topic_policy_config, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, - JSON_EXTRACT(detail.Properties, '$.Version') as version, - JSON_EXTRACT(detail.Properties, '$.WordPolicyConfig') as word_policy_config + JSON_EXTRACT(detail.Properties, '$.Variants') as variants, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(detail.Properties, '$.Version') as version FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Bedrock::Guardrail' - AND detail.data__TypeName = 'AWS::Bedrock::Guardrail' + WHERE listing.data__TypeName = 'AWS::Bedrock::Prompt' + AND detail.data__TypeName = 'AWS::Bedrock::Prompt' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -3446,64 +7706,50 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'BlockedInputMessaging') as blocked_input_messaging, - json_extract_path_text(Properties, 'BlockedOutputsMessaging') as blocked_outputs_messaging, - json_extract_path_text(Properties, 'ContentPolicyConfig') as content_policy_config, + json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'DefaultVariant') as default_variant, json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'FailureRecommendations') as failure_recommendations, - json_extract_path_text(Properties, 'GuardrailArn') as guardrail_arn, - json_extract_path_text(Properties, 'GuardrailId') as guardrail_id, - json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'SensitiveInformationPolicyConfig') as sensitive_information_policy_config, - json_extract_path_text(Properties, 'Status') as status, - json_extract_path_text(Properties, 'StatusReasons') as status_reasons, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'TopicPolicyConfig') as topic_policy_config, json_extract_path_text(Properties, 'UpdatedAt') as updated_at, - json_extract_path_text(Properties, 'Version') as version, - json_extract_path_text(Properties, 'WordPolicyConfig') as word_policy_config - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Guardrail' - AND data__Identifier = '' + json_extract_path_text(Properties, 'Variants') as variants, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(Properties, 'Version') as version + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::Prompt' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'BlockedInputMessaging') as blocked_input_messaging, - json_extract_path_text(detail.Properties, 'BlockedOutputsMessaging') as blocked_outputs_messaging, - json_extract_path_text(detail.Properties, 'ContentPolicyConfig') as content_policy_config, + json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'DefaultVariant') as default_variant, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'FailureRecommendations') as failure_recommendations, - json_extract_path_text(detail.Properties, 'GuardrailArn') as guardrail_arn, - json_extract_path_text(detail.Properties, 'GuardrailId') as guardrail_id, - json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'SensitiveInformationPolicyConfig') as sensitive_information_policy_config, - json_extract_path_text(detail.Properties, 'Status') as status, - json_extract_path_text(detail.Properties, 'StatusReasons') as status_reasons, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'TopicPolicyConfig') as topic_policy_config, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, - json_extract_path_text(detail.Properties, 'Version') as version, - json_extract_path_text(detail.Properties, 'WordPolicyConfig') as word_policy_config + json_extract_path_text(detail.Properties, 'Variants') as variants, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(detail.Properties, 'Version') as version FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Bedrock::Guardrail' - AND detail.data__TypeName = 'AWS::Bedrock::Guardrail' + WHERE listing.data__TypeName = 'AWS::Bedrock::Prompt' + AND detail.data__TypeName = 'AWS::Bedrock::Prompt' AND listing.region = 'us-east-1' - guardrails_list_only: - name: guardrails_list_only - id: aws.bedrock.guardrails_list_only - x-cfn-schema-name: Guardrail - x-cfn-type-name: AWS::Bedrock::Guardrail + prompts_list_only: + name: prompts_list_only + id: aws.bedrock.prompts_list_only + x-cfn-schema-name: Prompt + x-cfn-type-name: AWS::Bedrock::Prompt x-identifiers: - - GuardrailArn + - Arn x-type: cloud_control_view methods: {} sqlVerbs: @@ -3517,22 +7763,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.GuardrailArn') as guardrail_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Guardrail' + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Prompt' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'GuardrailArn') as guardrail_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Guardrail' + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::Prompt' AND region = 'us-east-1' - guardrail_tags: - name: guardrail_tags - id: aws.bedrock.guardrail_tags - x-cfn-schema-name: Guardrail - x-cfn-type-name: AWS::Bedrock::Guardrail + prompt_tags: + name: prompt_tags + id: aws.bedrock.prompt_tags + x-cfn-schema-name: Prompt + x-cfn-type-name: AWS::Bedrock::Prompt x-type: cloud_control_view methods: {} sqlVerbs: @@ -3548,30 +7794,23 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.BlockedInputMessaging') as blocked_input_messaging, - JSON_EXTRACT(detail.Properties, '$.BlockedOutputsMessaging') as blocked_outputs_messaging, - JSON_EXTRACT(detail.Properties, '$.ContentPolicyConfig') as content_policy_config, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.DefaultVariant') as default_variant, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.FailureRecommendations') as failure_recommendations, - JSON_EXTRACT(detail.Properties, '$.GuardrailArn') as guardrail_arn, - JSON_EXTRACT(detail.Properties, '$.GuardrailId') as guardrail_id, - JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.SensitiveInformationPolicyConfig') as sensitive_information_policy_config, - JSON_EXTRACT(detail.Properties, '$.Status') as status, - JSON_EXTRACT(detail.Properties, '$.StatusReasons') as status_reasons, - JSON_EXTRACT(detail.Properties, '$.TopicPolicyConfig') as topic_policy_config, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, - JSON_EXTRACT(detail.Properties, '$.Version') as version, - JSON_EXTRACT(detail.Properties, '$.WordPolicyConfig') as word_policy_config + JSON_EXTRACT(detail.Properties, '$.Variants') as variants, + JSON_EXTRACT(detail.Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(detail.Properties, '$.Version') as version FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::Bedrock::Guardrail' - AND detail.data__TypeName = 'AWS::Bedrock::Guardrail' + WHERE listing.data__TypeName = 'AWS::Bedrock::Prompt' + AND detail.data__TypeName = 'AWS::Bedrock::Prompt' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -3580,39 +7819,31 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'BlockedInputMessaging') as blocked_input_messaging, - json_extract_path_text(detail.Properties, 'BlockedOutputsMessaging') as blocked_outputs_messaging, - json_extract_path_text(detail.Properties, 'ContentPolicyConfig') as content_policy_config, + json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'DefaultVariant') as default_variant, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'FailureRecommendations') as failure_recommendations, - json_extract_path_text(detail.Properties, 'GuardrailArn') as guardrail_arn, - json_extract_path_text(detail.Properties, 'GuardrailId') as guardrail_id, - json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'SensitiveInformationPolicyConfig') as sensitive_information_policy_config, - json_extract_path_text(detail.Properties, 'Status') as status, - json_extract_path_text(detail.Properties, 'StatusReasons') as status_reasons, - json_extract_path_text(detail.Properties, 'TopicPolicyConfig') as topic_policy_config, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, - json_extract_path_text(detail.Properties, 'Version') as version, - json_extract_path_text(detail.Properties, 'WordPolicyConfig') as word_policy_config + json_extract_path_text(detail.Properties, 'Variants') as variants, + json_extract_path_text(detail.Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(detail.Properties, 'Version') as version FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::Bedrock::Guardrail' - AND detail.data__TypeName = 'AWS::Bedrock::Guardrail' + WHERE listing.data__TypeName = 'AWS::Bedrock::Prompt' + AND detail.data__TypeName = 'AWS::Bedrock::Prompt' AND listing.region = 'us-east-1' - guardrail_versions: - name: guardrail_versions - id: aws.bedrock.guardrail_versions - x-cfn-schema-name: GuardrailVersion - x-cfn-type-name: AWS::Bedrock::GuardrailVersion + prompt_versions: + name: prompt_versions + id: aws.bedrock.prompt_versions + x-cfn-schema-name: PromptVersion + x-cfn-type-name: AWS::Bedrock::PromptVersion x-identifiers: - - GuardrailId - - Version + - Arn x-type: cloud_control methods: create_resource: @@ -3620,12 +7851,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__GuardrailVersion&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__PromptVersion&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::GuardrailVersion" + "TypeName": "AWS::Bedrock::PromptVersion" } response: mediaType: application/json @@ -3637,16 +7868,16 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Bedrock::GuardrailVersion" + "TypeName": "AWS::Bedrock::PromptVersion" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/guardrail_versions/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/prompt_versions/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/guardrail_versions/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/prompt_versions/methods/delete_resource' update: [] config: views: @@ -3656,129 +7887,44 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.GuardrailArn') as guardrail_arn, - JSON_EXTRACT(Properties, '$.GuardrailId') as guardrail_id, - JSON_EXTRACT(Properties, '$.GuardrailIdentifier') as guardrail_identifier, - JSON_EXTRACT(Properties, '$.Version') as version - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::GuardrailVersion' - AND data__Identifier = '|' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'GuardrailArn') as guardrail_arn, - json_extract_path_text(Properties, 'GuardrailId') as guardrail_id, - json_extract_path_text(Properties, 'GuardrailIdentifier') as guardrail_identifier, - json_extract_path_text(Properties, 'Version') as version - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::GuardrailVersion' - AND data__Identifier = '|' - AND region = 'us-east-1' - knowledge_bases: - name: knowledge_bases - id: aws.bedrock.knowledge_bases - x-cfn-schema-name: KnowledgeBase - x-cfn-type-name: AWS::Bedrock::KnowledgeBase - x-identifiers: - - KnowledgeBaseId - x-type: cloud_control - methods: - create_resource: - config: - requestBodyTranslate: - algorithm: naive_DesiredState - operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__KnowledgeBase&__detailTransformed=true/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::Bedrock::KnowledgeBase" - } - response: - mediaType: application/json - openAPIDocKey: '200' - update_resource: - operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::Bedrock::KnowledgeBase" - } - response: - mediaType: application/json - openAPIDocKey: '200' - delete_resource: - operation: - $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::Bedrock::KnowledgeBase" - } - response: - mediaType: application/json - openAPIDocKey: '200' - sqlVerbs: - insert: - - $ref: '#/components/x-stackQL-resources/knowledge_bases/methods/create_resource' - delete: - - $ref: '#/components/x-stackQL-resources/knowledge_bases/methods/delete_resource' - update: - - $ref: '#/components/x-stackQL-resources/knowledge_bases/methods/update_resource' - config: - views: - select: - predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.KnowledgeBaseConfiguration') as knowledge_base_configuration, - JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id, - JSON_EXTRACT(Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, - JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.Status') as status, - JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.PromptArn') as prompt_arn, + JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(Properties, '$.FailureReasons') as failure_reasons, + JSON_EXTRACT(Properties, '$.PromptId') as prompt_id, JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, - JSON_EXTRACT(Properties, '$.StorageConfiguration') as storage_configuration, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.Variants') as variants, + JSON_EXTRACT(Properties, '$.DefaultVariant') as default_variant, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(Properties, '$.Name') as name, JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::KnowledgeBase' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::PromptVersion' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseConfiguration') as knowledge_base_configuration, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseId') as knowledge_base_id, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Status') as status, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.PromptArn') as prompt_arn, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(detail.Properties, '$.FailureReasons') as failure_reasons, + JSON_EXTRACT(detail.Properties, '$.PromptId') as prompt_id, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, - JSON_EXTRACT(detail.Properties, '$.StorageConfiguration') as storage_configuration, + JSON_EXTRACT(detail.Properties, '$.Version') as version, + JSON_EXTRACT(detail.Properties, '$.Variants') as variants, + JSON_EXTRACT(detail.Properties, '$.DefaultVariant') as default_variant, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Bedrock::KnowledgeBase' - AND detail.data__TypeName = 'AWS::Bedrock::KnowledgeBase' + WHERE listing.data__TypeName = 'AWS::Bedrock::PromptVersion' + AND detail.data__TypeName = 'AWS::Bedrock::PromptVersion' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -3786,52 +7932,52 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'KnowledgeBaseConfiguration') as knowledge_base_configuration, - json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id, - json_extract_path_text(Properties, 'KnowledgeBaseArn') as knowledge_base_arn, - json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'Status') as status, - json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'PromptArn') as prompt_arn, + json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'CreatedAt') as created_at, - json_extract_path_text(Properties, 'FailureReasons') as failure_reasons, + json_extract_path_text(Properties, 'PromptId') as prompt_id, json_extract_path_text(Properties, 'UpdatedAt') as updated_at, - json_extract_path_text(Properties, 'StorageConfiguration') as storage_configuration, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'Variants') as variants, + json_extract_path_text(Properties, 'DefaultVariant') as default_variant, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(Properties, 'Name') as name, json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::KnowledgeBase' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Bedrock::PromptVersion' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'KnowledgeBaseConfiguration') as knowledge_base_configuration, - json_extract_path_text(detail.Properties, 'KnowledgeBaseId') as knowledge_base_id, - json_extract_path_text(detail.Properties, 'KnowledgeBaseArn') as knowledge_base_arn, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Status') as status, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'PromptArn') as prompt_arn, + json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'FailureReasons') as failure_reasons, + json_extract_path_text(detail.Properties, 'PromptId') as prompt_id, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, - json_extract_path_text(detail.Properties, 'StorageConfiguration') as storage_configuration, + json_extract_path_text(detail.Properties, 'Version') as version, + json_extract_path_text(detail.Properties, 'Variants') as variants, + json_extract_path_text(detail.Properties, 'DefaultVariant') as default_variant, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Bedrock::KnowledgeBase' - AND detail.data__TypeName = 'AWS::Bedrock::KnowledgeBase' + WHERE listing.data__TypeName = 'AWS::Bedrock::PromptVersion' + AND detail.data__TypeName = 'AWS::Bedrock::PromptVersion' AND listing.region = 'us-east-1' - knowledge_bases_list_only: - name: knowledge_bases_list_only - id: aws.bedrock.knowledge_bases_list_only - x-cfn-schema-name: KnowledgeBase - x-cfn-type-name: AWS::Bedrock::KnowledgeBase + prompt_versions_list_only: + name: prompt_versions_list_only + id: aws.bedrock.prompt_versions_list_only + x-cfn-schema-name: PromptVersion + x-cfn-type-name: AWS::Bedrock::PromptVersion x-identifiers: - - KnowledgeBaseId + - Arn x-type: cloud_control_view methods: {} sqlVerbs: @@ -3845,22 +7991,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::KnowledgeBase' + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::PromptVersion' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::KnowledgeBase' + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Bedrock::PromptVersion' AND region = 'us-east-1' - knowledge_base_tags: - name: knowledge_base_tags - id: aws.bedrock.knowledge_base_tags - x-cfn-schema-name: KnowledgeBase - x-cfn-type-name: AWS::Bedrock::KnowledgeBase + prompt_version_tags: + name: prompt_version_tags + id: aws.bedrock.prompt_version_tags + x-cfn-schema-name: PromptVersion + x-cfn-type-name: AWS::Bedrock::PromptVersion x-type: cloud_control_view methods: {} sqlVerbs: @@ -3875,25 +8021,25 @@ components: SELECT detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, - JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseConfiguration') as knowledge_base_configuration, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseId') as knowledge_base_id, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Status') as status, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.PromptArn') as prompt_arn, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(detail.Properties, '$.FailureReasons') as failure_reasons, + JSON_EXTRACT(detail.Properties, '$.PromptId') as prompt_id, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, - JSON_EXTRACT(detail.Properties, '$.StorageConfiguration') as storage_configuration + JSON_EXTRACT(detail.Properties, '$.Version') as version, + JSON_EXTRACT(detail.Properties, '$.Variants') as variants, + JSON_EXTRACT(detail.Properties, '$.DefaultVariant') as default_variant, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.CustomerEncryptionKeyArn') as customer_encryption_key_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::Bedrock::KnowledgeBase' - AND detail.data__TypeName = 'AWS::Bedrock::KnowledgeBase' + WHERE listing.data__TypeName = 'AWS::Bedrock::PromptVersion' + AND detail.data__TypeName = 'AWS::Bedrock::PromptVersion' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -3902,24 +8048,24 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'KnowledgeBaseConfiguration') as knowledge_base_configuration, - json_extract_path_text(detail.Properties, 'KnowledgeBaseId') as knowledge_base_id, - json_extract_path_text(detail.Properties, 'KnowledgeBaseArn') as knowledge_base_arn, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Status') as status, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'PromptArn') as prompt_arn, + json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'FailureReasons') as failure_reasons, + json_extract_path_text(detail.Properties, 'PromptId') as prompt_id, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, - json_extract_path_text(detail.Properties, 'StorageConfiguration') as storage_configuration + json_extract_path_text(detail.Properties, 'Version') as version, + json_extract_path_text(detail.Properties, 'Variants') as variants, + json_extract_path_text(detail.Properties, 'DefaultVariant') as default_variant, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'CustomerEncryptionKeyArn') as customer_encryption_key_arn, + json_extract_path_text(detail.Properties, 'Name') as name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::Bedrock::KnowledgeBase' - AND detail.data__TypeName = 'AWS::Bedrock::KnowledgeBase' + WHERE listing.data__TypeName = 'AWS::Bedrock::PromptVersion' + AND detail.data__TypeName = 'AWS::Bedrock::PromptVersion' AND listing.region = 'us-east-1' paths: /?Action=CreateResource&Version=2021-09-30: @@ -4148,6 +8294,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__ApplicationInferenceProfile&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateApplicationInferenceProfile + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateApplicationInferenceProfileRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__DataSource&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -4190,6 +8378,132 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Flow&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateFlow + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateFlowRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__FlowAlias&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateFlowAlias + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateFlowAliasRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__FlowVersion&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateFlowVersion + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateFlowVersionRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Guardrail&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -4316,6 +8630,90 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Prompt&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreatePrompt + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreatePromptRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__PromptVersion&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreatePromptVersion + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreatePromptVersionRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params diff --git a/providers/src/aws/v00.00.00000/services/cassandra.yaml b/providers/src/aws/v00.00.00000/services/cassandra.yaml index a3d71c63..d526a42c 100644 --- a/providers/src/aws/v00.00.00000/services/cassandra.yaml +++ b/providers/src/aws/v00.00.00000/services/cassandra.yaml @@ -461,6 +461,9 @@ components: maxItems: 50 ReplicationSpecification: $ref: '#/components/schemas/ReplicationSpecification' + ClientSideTimestampsEnabled: + type: boolean + description: Indicates whether client-side timestamps are enabled (true) or disabled (false) for all tables in the keyspace. To add a Region to a single-Region keyspace with at least one table, the value must be set to true. After you enabled client-side timestamps for a table, you can’t disable it again. required: [] x-stackql-resource-name: keyspace description: Resource schema for AWS::Cassandra::Keyspace @@ -468,9 +471,19 @@ components: x-stackql-primary-identifier: - KeyspaceName x-create-only-properties: - - ReplicationSpecification - KeyspaceName x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - cassandra:TagResource + - cassandra:TagMultiRegionResource + - cassandra:UntagResource + - cassandra:UntagMultiRegionResource x-required-permissions: create: - cassandra:Create @@ -486,12 +499,23 @@ components: update: - cassandra:Alter - cassandra:AlterMultiRegionResource + - cassandra:Modify + - cassandra:ModifyMultiRegionResource - cassandra:Select - cassandra:SelectMultiRegionResource - cassandra:TagResource - cassandra:TagMultiRegionResource - cassandra:UntagResource - cassandra:UntagMultiRegionResource + - application-autoscaling:RegisterScalableTarget + - application-autoscaling:DeregisterScalableTarget + - application-autoscaling:DescribeScalableTargets + - application-autoscaling:DescribeScalingPolicies + - application-autoscaling:PutScalingPolicy + - cloudwatch:DeleteAlarms + - cloudwatch:DescribeAlarms + - cloudwatch:PutMetricAlarm + - iam:CreateServiceLinkedRole delete: - cassandra:Drop - cassandra:DropMultiRegionResource @@ -728,6 +752,17 @@ components: x-required-properties: - KeyspaceName - PartitionKeyColumns + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - cassandra:TagResource + - cassandra:TagMultiRegionResource + - cassandra:UntagResource + - cassandra:UntagMultiRegionResource x-required-permissions: create: - cassandra:Create @@ -809,6 +844,93 @@ components: - cloudwatch:DescribeAlarms - cloudwatch:GetMetricData - cloudwatch:PutMetricAlarm + Field: + type: object + properties: + FieldName: + type: string + FieldType: + type: string + required: + - FieldName + - FieldType + additionalProperties: false + Type: + type: object + properties: + KeyspaceName: + description: Name of the Keyspace which contains the User-Defined Type. + type: string + TypeName: + description: Name of the User-Defined Type. + type: string + Fields: + description: Field definitions of the User-Defined Type + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Field' + DirectReferringTables: + description: List of Tables that directly reference the User-Defined Type in their columns. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + DirectParentTypes: + description: List of parent User-Defined Types that directly reference the User-Defined Type in their fields. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + MaxNestingDepth: + description: Maximum nesting depth of the User-Defined Type across the field types. + type: integer + LastModifiedTimestamp: + description: Timestamp of the last time the User-Defined Type's meta data was modified. + type: number + KeyspaceArn: + description: ARN of the Keyspace which contains the User-Defined Type. + type: string + required: + - KeyspaceName + - TypeName + - Fields + x-stackql-resource-name: type + description: Resource schema for AWS::Cassandra::Type + x-type-name: AWS::Cassandra::Type + x-stackql-primary-identifier: + - KeyspaceName + - TypeName + x-create-only-properties: + - KeyspaceName + - TypeName + - Fields + x-read-only-properties: + - DirectReferringTables + - DirectParentTypes + - MaxNestingDepth + - LastModifiedTimestamp + - KeyspaceArn + x-required-properties: + - KeyspaceName + - TypeName + - Fields + x-tagging: + taggable: false + x-required-permissions: + create: + - cassandra:Create + - cassandra:Select + read: + - cassandra:Select + delete: + - cassandra:Drop + - cassandra:Select + list: + - cassandra:Select CreateKeyspaceRequest: properties: ClientToken: @@ -835,6 +957,9 @@ components: maxItems: 50 ReplicationSpecification: $ref: '#/components/schemas/ReplicationSpecification' + ClientSideTimestampsEnabled: + type: boolean + description: Indicates whether client-side timestamps are enabled (true) or disabled (false) for all tables in the keyspace. To add a Region to a single-Region keyspace with at least one table, the value must be set to true. After you enabled client-side timestamps for a table, you can’t disable it again. x-stackQL-stringOnly: true x-title: CreateKeyspaceRequest type: object @@ -917,6 +1042,59 @@ components: x-title: CreateTableRequest type: object required: [] + CreateTypeRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + KeyspaceName: + description: Name of the Keyspace which contains the User-Defined Type. + type: string + TypeName: + description: Name of the User-Defined Type. + type: string + Fields: + description: Field definitions of the User-Defined Type + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Field' + DirectReferringTables: + description: List of Tables that directly reference the User-Defined Type in their columns. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + DirectParentTypes: + description: List of parent User-Defined Types that directly reference the User-Defined Type in their fields. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + MaxNestingDepth: + description: Maximum nesting depth of the User-Defined Type across the field types. + type: integer + LastModifiedTimestamp: + description: Timestamp of the last time the User-Defined Type's meta data was modified. + type: number + KeyspaceArn: + description: ARN of the Keyspace which contains the User-Defined Type. + type: string + x-stackQL-stringOnly: true + x-title: CreateTypeRequest + type: object + required: [] securitySchemes: hmac: type: apiKey @@ -990,7 +1168,8 @@ components: data__Identifier, JSON_EXTRACT(Properties, '$.KeyspaceName') as keyspace_name, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.ReplicationSpecification') as replication_specification + JSON_EXTRACT(Properties, '$.ReplicationSpecification') as replication_specification, + JSON_EXTRACT(Properties, '$.ClientSideTimestampsEnabled') as client_side_timestamps_enabled FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cassandra::Keyspace' AND data__Identifier = '' AND region = 'us-east-1' @@ -1001,7 +1180,8 @@ components: detail.region, JSON_EXTRACT(detail.Properties, '$.KeyspaceName') as keyspace_name, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.ReplicationSpecification') as replication_specification + JSON_EXTRACT(detail.Properties, '$.ReplicationSpecification') as replication_specification, + JSON_EXTRACT(detail.Properties, '$.ClientSideTimestampsEnabled') as client_side_timestamps_enabled FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1017,7 +1197,8 @@ components: data__Identifier, json_extract_path_text(Properties, 'KeyspaceName') as keyspace_name, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'ReplicationSpecification') as replication_specification + json_extract_path_text(Properties, 'ReplicationSpecification') as replication_specification, + json_extract_path_text(Properties, 'ClientSideTimestampsEnabled') as client_side_timestamps_enabled FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cassandra::Keyspace' AND data__Identifier = '' AND region = 'us-east-1' @@ -1028,7 +1209,8 @@ components: detail.region, json_extract_path_text(detail.Properties, 'KeyspaceName') as keyspace_name, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'ReplicationSpecification') as replication_specification + json_extract_path_text(detail.Properties, 'ReplicationSpecification') as replication_specification, + json_extract_path_text(detail.Properties, 'ClientSideTimestampsEnabled') as client_side_timestamps_enabled FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1088,7 +1270,8 @@ components: JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.KeyspaceName') as keyspace_name, - JSON_EXTRACT(detail.Properties, '$.ReplicationSpecification') as replication_specification + JSON_EXTRACT(detail.Properties, '$.ReplicationSpecification') as replication_specification, + JSON_EXTRACT(detail.Properties, '$.ClientSideTimestampsEnabled') as client_side_timestamps_enabled FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1105,7 +1288,8 @@ components: json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'KeyspaceName') as keyspace_name, - json_extract_path_text(detail.Properties, 'ReplicationSpecification') as replication_specification + json_extract_path_text(detail.Properties, 'ReplicationSpecification') as replication_specification, + json_extract_path_text(detail.Properties, 'ClientSideTimestampsEnabled') as client_side_timestamps_enabled FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1367,6 +1551,159 @@ components: WHERE listing.data__TypeName = 'AWS::Cassandra::Table' AND detail.data__TypeName = 'AWS::Cassandra::Table' AND listing.region = 'us-east-1' + types: + name: types + id: aws.cassandra.types + x-cfn-schema-name: Type + x-cfn-type-name: AWS::Cassandra::Type + x-identifiers: + - KeyspaceName + - TypeName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Type&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cassandra::Type" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cassandra::Type" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/types/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/types/methods/delete_resource' + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.KeyspaceName') as keyspace_name, + JSON_EXTRACT(Properties, '$.TypeName') as type_name, + JSON_EXTRACT(Properties, '$.Fields') as fields, + JSON_EXTRACT(Properties, '$.DirectReferringTables') as direct_referring_tables, + JSON_EXTRACT(Properties, '$.DirectParentTypes') as direct_parent_types, + JSON_EXTRACT(Properties, '$.MaxNestingDepth') as max_nesting_depth, + JSON_EXTRACT(Properties, '$.LastModifiedTimestamp') as last_modified_timestamp, + JSON_EXTRACT(Properties, '$.KeyspaceArn') as keyspace_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cassandra::Type' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.KeyspaceName') as keyspace_name, + JSON_EXTRACT(detail.Properties, '$.TypeName') as type_name, + JSON_EXTRACT(detail.Properties, '$.Fields') as fields, + JSON_EXTRACT(detail.Properties, '$.DirectReferringTables') as direct_referring_tables, + JSON_EXTRACT(detail.Properties, '$.DirectParentTypes') as direct_parent_types, + JSON_EXTRACT(detail.Properties, '$.MaxNestingDepth') as max_nesting_depth, + JSON_EXTRACT(detail.Properties, '$.LastModifiedTimestamp') as last_modified_timestamp, + JSON_EXTRACT(detail.Properties, '$.KeyspaceArn') as keyspace_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Cassandra::Type' + AND detail.data__TypeName = 'AWS::Cassandra::Type' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'KeyspaceName') as keyspace_name, + json_extract_path_text(Properties, 'TypeName') as type_name, + json_extract_path_text(Properties, 'Fields') as fields, + json_extract_path_text(Properties, 'DirectReferringTables') as direct_referring_tables, + json_extract_path_text(Properties, 'DirectParentTypes') as direct_parent_types, + json_extract_path_text(Properties, 'MaxNestingDepth') as max_nesting_depth, + json_extract_path_text(Properties, 'LastModifiedTimestamp') as last_modified_timestamp, + json_extract_path_text(Properties, 'KeyspaceArn') as keyspace_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cassandra::Type' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'KeyspaceName') as keyspace_name, + json_extract_path_text(detail.Properties, 'TypeName') as type_name, + json_extract_path_text(detail.Properties, 'Fields') as fields, + json_extract_path_text(detail.Properties, 'DirectReferringTables') as direct_referring_tables, + json_extract_path_text(detail.Properties, 'DirectParentTypes') as direct_parent_types, + json_extract_path_text(detail.Properties, 'MaxNestingDepth') as max_nesting_depth, + json_extract_path_text(detail.Properties, 'LastModifiedTimestamp') as last_modified_timestamp, + json_extract_path_text(detail.Properties, 'KeyspaceArn') as keyspace_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Cassandra::Type' + AND detail.data__TypeName = 'AWS::Cassandra::Type' + AND listing.region = 'us-east-1' + types_list_only: + name: types_list_only + id: aws.cassandra.types_list_only + x-cfn-schema-name: Type + x-cfn-type-name: AWS::Cassandra::Type + x-identifiers: + - KeyspaceName + - TypeName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.KeyspaceName') as keyspace_name, + JSON_EXTRACT(Properties, '$.TypeName') as type_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cassandra::Type' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'KeyspaceName') as keyspace_name, + json_extract_path_text(Properties, 'TypeName') as type_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cassandra::Type' + AND region = 'us-east-1' paths: /?Action=CreateResource&Version=2021-09-30: parameters: @@ -1594,6 +1931,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Type&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateType + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateTypeRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params diff --git a/providers/src/aws/v00.00.00000/services/chatbot.yaml b/providers/src/aws/v00.00.00000/services/chatbot.yaml index e1fa67a9..713a483d 100644 --- a/providers/src/aws/v00.00.00000/services/chatbot.yaml +++ b/providers/src/aws/v00.00.00000/services/chatbot.yaml @@ -385,6 +385,67 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + CustomActionAttachment: + type: object + properties: + NotificationType: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + ButtonText: + type: string + maxLength: 50 + minLength: 1 + pattern: ^[\S\s]+$ + Criteria: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CustomActionAttachmentCriteria' + maxItems: 5 + minItems: 1 + Variables: + $ref: '#/components/schemas/CustomActionAttachmentVariables' + additionalProperties: false + CustomActionAttachmentCriteria: + type: object + properties: + Operator: + $ref: '#/components/schemas/CustomActionAttachmentCriteriaOperator' + VariableName: + type: string + Value: + type: string + maxLength: 50 + minLength: 0 + required: + - Operator + - VariableName + additionalProperties: false + CustomActionAttachmentCriteriaOperator: + type: string + enum: + - HAS_VALUE + - EQUALS + CustomActionAttachmentVariables: + type: object + maxProperties: 5 + minProperties: 1 + x-patternProperties: + .+: + type: string + additionalProperties: false + CustomActionDefinition: + type: object + properties: + CommandText: + type: string + maxLength: 100 + minLength: 1 + required: + - CommandText + additionalProperties: false Tag: type: object additionalProperties: false @@ -396,6 +457,82 @@ components: required: - Value - Key + CustomAction: + type: object + properties: + ActionName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]{1,64}$ + AliasName: + type: string + maxLength: 30 + minLength: 1 + pattern: ^[A-Za-z0-9-_]+$ + Attachments: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CustomActionAttachment' + CustomActionArn: + type: string + maxLength: 1011 + minLength: 1 + pattern: ^arn:(aws[a-zA-Z-]*)?:chatbot:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:custom-action/[a-zA-Z0-9_-]{1,64}$ + Definition: + $ref: '#/components/schemas/CustomActionDefinition' + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + required: + - ActionName + - Definition + x-stackql-resource-name: custom_action + description: Definition of AWS::Chatbot::CustomAction Resource Type + x-type-name: AWS::Chatbot::CustomAction + x-stackql-primary-identifier: + - CustomActionArn + x-create-only-properties: + - ActionName + x-read-only-properties: + - CustomActionArn + x-required-properties: + - ActionName + - Definition + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - chatbot:TagResource + - chatbot:ListTagsForResource + - chatbot:UntagResource + x-required-permissions: + create: + - chatbot:CreateCustomAction + - chatbot:GetCustomAction + - chatbot:TagResource + - chatbot:ListTagsForResource + read: + - chatbot:GetCustomAction + - chatbot:ListTagsForResource + update: + - chatbot:UpdateCustomAction + - chatbot:GetCustomAction + - chatbot:TagResource + - chatbot:UntagResource + - chatbot:ListTagsForResource + delete: + - chatbot:DeleteCustomAction + list: + - chatbot:ListCustomActions MicrosoftTeamsChannelConfiguration: type: object properties: @@ -461,6 +598,13 @@ components: x-insertionOrder: false items: $ref: '#/components/schemas/Tag' + CustomizationResourceArns: + description: ARNs of Custom Actions to associate with notifications in the provided chat channel. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^arn:aws:chatbot:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:custom-action/[a-zA-Z0-9_-]{1,64}$ required: - TeamId - TeamsChannelId @@ -490,25 +634,38 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - chatbot:TagResource + - chatbot:ListTagsForResource + - chatbot:UntagResource x-required-permissions: create: - chatbot:CreateMicrosoftTeamsChannelConfiguration - chatbot:TagResource + - chatbot:AssociateToConfiguration + - chatbot:ListAssociations - iam:PassRole - iam:CreateServiceLinkedRole read: - chatbot:GetMicrosoftTeamsChannelConfiguration + - chatbot:ListAssociations update: - chatbot:UpdateMicrosoftTeamsChannelConfiguration - chatbot:TagResource - chatbot:UntagResource - chatbot:ListTagsForResource + - chatbot:AssociateToConfiguration + - chatbot:DisassociateFromConfiguration + - chatbot:ListAssociations - iam:PassRole delete: - chatbot:GetMicrosoftTeamsChannelConfiguration - chatbot:DeleteMicrosoftTeamsChannelConfiguration + - chatbot:DisassociateFromConfiguration + - chatbot:ListAssociations list: - chatbot:ListMicrosoftTeamsChannelConfigurations + - chatbot:ListAssociations SlackChannelConfiguration: type: object properties: @@ -568,6 +725,13 @@ components: description: Enables use of a user role requirement in your chat configuration type: boolean default: false + CustomizationResourceArns: + description: ARNs of Custom Actions to associate with notifications in the provided chat channel. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^arn:aws:chatbot:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:custom-action/[a-zA-Z0-9_-]{1,64}$ required: - SlackWorkspaceId - SlackChannelId @@ -594,24 +758,83 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - chatbot:TagResource + - chatbot:ListTagsForResource + - chatbot:UntagResource x-required-permissions: create: - chatbot:CreateSlackChannelConfiguration - chatbot:TagResource + - chatbot:AssociateToConfiguration + - chatbot:ListAssociations - iam:PassRole - iam:CreateServiceLinkedRole read: - chatbot:DescribeSlackChannelConfigurations + - chatbot:ListAssociations update: - chatbot:UpdateSlackChannelConfiguration - chatbot:TagResource - chatbot:UntagResource - chatbot:ListTagsForResource + - chatbot:AssociateToConfiguration + - chatbot:DisassociateFromConfiguration + - chatbot:ListAssociations - iam:PassRole delete: - chatbot:DeleteSlackChannelConfiguration + - chatbot:DisassociateFromConfiguration + - chatbot:ListAssociations list: - chatbot:DescribeSlackChannelConfigurations + - chatbot:ListAssociations + CreateCustomActionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ActionName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]{1,64}$ + AliasName: + type: string + maxLength: 30 + minLength: 1 + pattern: ^[A-Za-z0-9-_]+$ + Attachments: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CustomActionAttachment' + CustomActionArn: + type: string + maxLength: 1011 + minLength: 1 + pattern: ^arn:(aws[a-zA-Z-]*)?:chatbot:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:custom-action/[a-zA-Z0-9_-]{1,64}$ + Definition: + $ref: '#/components/schemas/CustomActionDefinition' + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-stackQL-stringOnly: true + x-title: CreateCustomActionRequest + type: object + required: [] CreateMicrosoftTeamsChannelConfigurationRequest: properties: ClientToken: @@ -687,6 +910,13 @@ components: x-insertionOrder: false items: $ref: '#/components/schemas/Tag' + CustomizationResourceArns: + description: ARNs of Custom Actions to associate with notifications in the provided chat channel. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^arn:aws:chatbot:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:custom-action/[a-zA-Z0-9_-]{1,64}$ x-stackQL-stringOnly: true x-title: CreateMicrosoftTeamsChannelConfigurationRequest type: object @@ -760,6 +990,13 @@ components: description: Enables use of a user role requirement in your chat configuration type: boolean default: false + CustomizationResourceArns: + description: ARNs of Custom Actions to associate with notifications in the provided chat channel. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^arn:aws:chatbot:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:custom-action/[a-zA-Z0-9_-]{1,64}$ x-stackQL-stringOnly: true x-title: CreateSlackChannelConfigurationRequest type: object @@ -772,6 +1009,213 @@ components: description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: + custom_actions: + name: custom_actions + id: aws.chatbot.custom_actions + x-cfn-schema-name: CustomAction + x-cfn-type-name: AWS::Chatbot::CustomAction + x-identifiers: + - CustomActionArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__CustomAction&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Chatbot::CustomAction" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Chatbot::CustomAction" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Chatbot::CustomAction" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/custom_actions/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/custom_actions/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/custom_actions/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ActionName') as action_name, + JSON_EXTRACT(Properties, '$.AliasName') as alias_name, + JSON_EXTRACT(Properties, '$.Attachments') as attachments, + JSON_EXTRACT(Properties, '$.CustomActionArn') as custom_action_arn, + JSON_EXTRACT(Properties, '$.Definition') as definition, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Chatbot::CustomAction' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ActionName') as action_name, + JSON_EXTRACT(detail.Properties, '$.AliasName') as alias_name, + JSON_EXTRACT(detail.Properties, '$.Attachments') as attachments, + JSON_EXTRACT(detail.Properties, '$.CustomActionArn') as custom_action_arn, + JSON_EXTRACT(detail.Properties, '$.Definition') as definition, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Chatbot::CustomAction' + AND detail.data__TypeName = 'AWS::Chatbot::CustomAction' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ActionName') as action_name, + json_extract_path_text(Properties, 'AliasName') as alias_name, + json_extract_path_text(Properties, 'Attachments') as attachments, + json_extract_path_text(Properties, 'CustomActionArn') as custom_action_arn, + json_extract_path_text(Properties, 'Definition') as definition, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Chatbot::CustomAction' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ActionName') as action_name, + json_extract_path_text(detail.Properties, 'AliasName') as alias_name, + json_extract_path_text(detail.Properties, 'Attachments') as attachments, + json_extract_path_text(detail.Properties, 'CustomActionArn') as custom_action_arn, + json_extract_path_text(detail.Properties, 'Definition') as definition, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Chatbot::CustomAction' + AND detail.data__TypeName = 'AWS::Chatbot::CustomAction' + AND listing.region = 'us-east-1' + custom_actions_list_only: + name: custom_actions_list_only + id: aws.chatbot.custom_actions_list_only + x-cfn-schema-name: CustomAction + x-cfn-type-name: AWS::Chatbot::CustomAction + x-identifiers: + - CustomActionArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CustomActionArn') as custom_action_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Chatbot::CustomAction' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CustomActionArn') as custom_action_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Chatbot::CustomAction' + AND region = 'us-east-1' + custom_action_tags: + name: custom_action_tags + id: aws.chatbot.custom_action_tags + x-cfn-schema-name: CustomAction + x-cfn-type-name: AWS::Chatbot::CustomAction + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ActionName') as action_name, + JSON_EXTRACT(detail.Properties, '$.AliasName') as alias_name, + JSON_EXTRACT(detail.Properties, '$.Attachments') as attachments, + JSON_EXTRACT(detail.Properties, '$.CustomActionArn') as custom_action_arn, + JSON_EXTRACT(detail.Properties, '$.Definition') as definition + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Chatbot::CustomAction' + AND detail.data__TypeName = 'AWS::Chatbot::CustomAction' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ActionName') as action_name, + json_extract_path_text(detail.Properties, 'AliasName') as alias_name, + json_extract_path_text(detail.Properties, 'Attachments') as attachments, + json_extract_path_text(detail.Properties, 'CustomActionArn') as custom_action_arn, + json_extract_path_text(detail.Properties, 'Definition') as definition + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Chatbot::CustomAction' + AND detail.data__TypeName = 'AWS::Chatbot::CustomAction' + AND listing.region = 'us-east-1' microsoft_teams_channel_configurations: name: microsoft_teams_channel_configurations id: aws.chatbot.microsoft_teams_channel_configurations @@ -845,7 +1289,8 @@ components: JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.GuardrailPolicies') as guardrail_policies, JSON_EXTRACT(Properties, '$.UserRoleRequired') as user_role_required, - JSON_EXTRACT(Properties, '$.Tags') as tags + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CustomizationResourceArns') as customization_resource_arns FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Chatbot::MicrosoftTeamsChannelConfiguration' AND data__Identifier = '' AND region = 'us-east-1' @@ -864,7 +1309,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.GuardrailPolicies') as guardrail_policies, JSON_EXTRACT(detail.Properties, '$.UserRoleRequired') as user_role_required, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.CustomizationResourceArns') as customization_resource_arns FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -888,7 +1334,8 @@ components: json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'GuardrailPolicies') as guardrail_policies, json_extract_path_text(Properties, 'UserRoleRequired') as user_role_required, - json_extract_path_text(Properties, 'Tags') as tags + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CustomizationResourceArns') as customization_resource_arns FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Chatbot::MicrosoftTeamsChannelConfiguration' AND data__Identifier = '' AND region = 'us-east-1' @@ -907,7 +1354,8 @@ components: json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'GuardrailPolicies') as guardrail_policies, json_extract_path_text(detail.Properties, 'UserRoleRequired') as user_role_required, - json_extract_path_text(detail.Properties, 'Tags') as tags + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'CustomizationResourceArns') as customization_resource_arns FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -975,7 +1423,8 @@ components: JSON_EXTRACT(detail.Properties, '$.LoggingLevel') as logging_level, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.GuardrailPolicies') as guardrail_policies, - JSON_EXTRACT(detail.Properties, '$.UserRoleRequired') as user_role_required + JSON_EXTRACT(detail.Properties, '$.UserRoleRequired') as user_role_required, + JSON_EXTRACT(detail.Properties, '$.CustomizationResourceArns') as customization_resource_arns FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1000,7 +1449,8 @@ components: json_extract_path_text(detail.Properties, 'LoggingLevel') as logging_level, json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'GuardrailPolicies') as guardrail_policies, - json_extract_path_text(detail.Properties, 'UserRoleRequired') as user_role_required + json_extract_path_text(detail.Properties, 'UserRoleRequired') as user_role_required, + json_extract_path_text(detail.Properties, 'CustomizationResourceArns') as customization_resource_arns FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1081,7 +1531,8 @@ components: JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.GuardrailPolicies') as guardrail_policies, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.UserRoleRequired') as user_role_required + JSON_EXTRACT(Properties, '$.UserRoleRequired') as user_role_required, + JSON_EXTRACT(Properties, '$.CustomizationResourceArns') as customization_resource_arns FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Chatbot::SlackChannelConfiguration' AND data__Identifier = '' AND region = 'us-east-1' @@ -1099,7 +1550,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.GuardrailPolicies') as guardrail_policies, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.UserRoleRequired') as user_role_required + JSON_EXTRACT(detail.Properties, '$.UserRoleRequired') as user_role_required, + JSON_EXTRACT(detail.Properties, '$.CustomizationResourceArns') as customization_resource_arns FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1122,7 +1574,8 @@ components: json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'GuardrailPolicies') as guardrail_policies, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'UserRoleRequired') as user_role_required + json_extract_path_text(Properties, 'UserRoleRequired') as user_role_required, + json_extract_path_text(Properties, 'CustomizationResourceArns') as customization_resource_arns FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Chatbot::SlackChannelConfiguration' AND data__Identifier = '' AND region = 'us-east-1' @@ -1140,7 +1593,8 @@ components: json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'GuardrailPolicies') as guardrail_policies, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'UserRoleRequired') as user_role_required + json_extract_path_text(detail.Properties, 'UserRoleRequired') as user_role_required, + json_extract_path_text(detail.Properties, 'CustomizationResourceArns') as customization_resource_arns FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1207,7 +1661,8 @@ components: JSON_EXTRACT(detail.Properties, '$.LoggingLevel') as logging_level, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.GuardrailPolicies') as guardrail_policies, - JSON_EXTRACT(detail.Properties, '$.UserRoleRequired') as user_role_required + JSON_EXTRACT(detail.Properties, '$.UserRoleRequired') as user_role_required, + JSON_EXTRACT(detail.Properties, '$.CustomizationResourceArns') as customization_resource_arns FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1231,7 +1686,8 @@ components: json_extract_path_text(detail.Properties, 'LoggingLevel') as logging_level, json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'GuardrailPolicies') as guardrail_policies, - json_extract_path_text(detail.Properties, 'UserRoleRequired') as user_role_required + json_extract_path_text(detail.Properties, 'UserRoleRequired') as user_role_required, + json_extract_path_text(detail.Properties, 'CustomizationResourceArns') as customization_resource_arns FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1383,6 +1839,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' description: Success + /?Action=CreateResource&Version=2021-09-30&__CustomAction&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateCustomAction + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateCustomActionRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__MicrosoftTeamsChannelConfiguration&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/cleanrooms.yaml b/providers/src/aws/v00.00.00000/services/cleanrooms.yaml index 46aa393f..33fbc2f8 100644 --- a/providers/src/aws/v00.00.00000/services/cleanrooms.yaml +++ b/providers/src/aws/v00.00.00000/services/cleanrooms.yaml @@ -416,6 +416,19 @@ components: - TIME - TIMETZ - VARBYTE + - BINARY + - BYTE + - CHARACTER + - DOUBLE + - FLOAT + - INT + - LONG + - NUMERIC + - SHORT + - STRING + - TIMESTAMP_LTZ + - TIMESTAMP_NTZ + - TINYINT required: - Name - Type @@ -559,6 +572,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + - cleanrooms:TagResource x-required-permissions: create: - cleanrooms:CreateAnalysisTemplate @@ -583,6 +600,11 @@ components: - cleanrooms:UntagResource list: - cleanrooms:ListAnalysisTemplates + AnalyticsEngine: + type: string + enum: + - CLEAN_ROOMS_SQL + - SPARK CollaborationQueryLogStatus: type: string enum: @@ -616,6 +638,25 @@ components: items: $ref: '#/components/schemas/MemberAbility' uniqueItems: true + MLMemberAbilities: + type: object + properties: + CustomMLMemberAbilities: + $ref: '#/components/schemas/CustomMLMemberAbilities' + required: + - CustomMLMemberAbilities + additionalProperties: false + CustomMLMemberAbility: + type: string + enum: + - CAN_RECEIVE_MODEL_OUTPUT + - CAN_RECEIVE_INFERENCE_OUTPUT + CustomMLMemberAbilities: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CustomMLMemberAbility' + uniqueItems: true MemberSpecification: type: object properties: @@ -626,6 +667,8 @@ components: pattern: ^\d+$ MemberAbilities: $ref: '#/components/schemas/MemberAbilities' + MLMemberAbilities: + $ref: '#/components/schemas/MLMemberAbilities' DisplayName: $ref: '#/components/schemas/Name' PaymentConfiguration: @@ -653,6 +696,8 @@ components: properties: QueryCompute: $ref: '#/components/schemas/QueryComputePaymentConfig' + MachineLearning: + $ref: '#/components/schemas/MLPaymentConfig' required: - QueryCompute QueryComputePaymentConfig: @@ -663,6 +708,30 @@ components: type: boolean required: - IsResponsible + MLPaymentConfig: + type: object + additionalProperties: false + properties: + ModelTraining: + $ref: '#/components/schemas/ModelTrainingPaymentConfig' + ModelInference: + $ref: '#/components/schemas/ModelInferencePaymentConfig' + ModelTrainingPaymentConfig: + type: object + additionalProperties: false + properties: + IsResponsible: + type: boolean + required: + - IsResponsible + ModelInferencePaymentConfig: + type: object + additionalProperties: false + properties: + IsResponsible: + type: boolean + required: + - IsResponsible Collaboration: type: object properties: @@ -685,6 +754,8 @@ components: $ref: '#/components/schemas/Name' CreatorMemberAbilities: $ref: '#/components/schemas/MemberAbilities' + CreatorMLMemberAbilities: + $ref: '#/components/schemas/MLMemberAbilities' DataEncryptionMetadata: $ref: '#/components/schemas/DataEncryptionMetadata' Description: @@ -706,6 +777,8 @@ components: pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t]*$ QueryLogStatus: $ref: '#/components/schemas/CollaborationQueryLogStatus' + AnalyticsEngine: + $ref: '#/components/schemas/AnalyticsEngine' CreatorPaymentConfiguration: $ref: '#/components/schemas/PaymentConfiguration' required: @@ -724,10 +797,12 @@ components: x-create-only-properties: - CreatorDisplayName - CreatorMemberAbilities + - CreatorMLMemberAbilities - DataEncryptionMetadata - QueryLogStatus - Members - CreatorPaymentConfiguration + - AnalyticsEngine x-read-only-properties: - Arn - CollaborationIdentifier @@ -899,6 +974,8 @@ components: items: $ref: '#/components/schemas/AggregationConstraint' minItems: 1 + AdditionalAnalyses: + $ref: '#/components/schemas/AdditionalAnalyses' required: - AggregateColumns - JoinColumns @@ -926,6 +1003,8 @@ components: x-insertionOrder: false items: $ref: '#/components/schemas/AnalysisRuleColumnName' + AdditionalAnalyses: + $ref: '#/components/schemas/AdditionalAnalyses' required: - JoinColumns - ListColumns @@ -952,6 +1031,18 @@ components: minItems: 0 items: $ref: '#/components/schemas/AllowedAnalysisProvider' + DisallowedOutputColumns: + type: array + x-insertionOrder: false + minItems: 0 + items: + $ref: '#/components/schemas/AnalysisRuleColumnName' + AdditionalAnalyses: + type: string + enum: + - ALLOWED + - REQUIRED + - NOT_ALLOWED DifferentialPrivacyColumn: type: object properties: @@ -981,6 +1072,10 @@ components: $ref: '#/components/schemas/AllowedAnalysisProviders' DifferentialPrivacy: $ref: '#/components/schemas/DifferentialPrivacy' + DisallowedOutputColumns: + $ref: '#/components/schemas/DisallowedOutputColumns' + AdditionalAnalyses: + $ref: '#/components/schemas/AdditionalAnalyses' required: - AllowedAnalyses additionalProperties: false @@ -1040,6 +1135,88 @@ components: - DatabaseName - TableName additionalProperties: false + SnowflakeTableReference: + type: object + properties: + SecretArn: + type: string + maxLength: 256 + AccountIdentifier: + type: string + maxLength: 256 + minLength: 3 + DatabaseName: + type: string + maxLength: 256 + minLength: 1 + TableName: + type: string + maxLength: 256 + minLength: 1 + SchemaName: + type: string + maxLength: 256 + minLength: 1 + TableSchema: + $ref: '#/components/schemas/SnowflakeTableSchema' + required: + - AccountIdentifier + - DatabaseName + - SchemaName + - SecretArn + - TableName + - TableSchema + additionalProperties: false + SnowflakeTableSchema: + oneOf: + - type: object + title: V1 + properties: + V1: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SnowflakeTableSchemaV1' + maxItems: 250 + minItems: 1 + required: + - V1 + additionalProperties: false + SnowflakeTableSchemaV1: + type: object + properties: + ColumnName: + type: string + maxLength: 128 + ColumnType: + type: string + maxLength: 255 + required: + - ColumnName + - ColumnType + additionalProperties: false + AthenaTableReference: + type: object + properties: + WorkGroup: + type: string + maxLength: 128 + minLength: 1 + OutputLocation: + type: string + maxLength: 1024 + minLength: 8 + DatabaseName: + type: string + maxLength: 128 + TableName: + type: string + maxLength: 128 + required: + - DatabaseName + - TableName + - WorkGroup + additionalProperties: false AnalysisRule: type: object properties: @@ -1052,14 +1229,31 @@ components: - Policy additionalProperties: false TableReference: - type: object - x-title: Glue - properties: - Glue: - $ref: '#/components/schemas/GlueTableReference' - required: - - Glue - additionalProperties: false + oneOf: + - type: object + title: Glue + properties: + Glue: + $ref: '#/components/schemas/GlueTableReference' + required: + - Glue + additionalProperties: false + - type: object + title: Snowflake + properties: + Snowflake: + $ref: '#/components/schemas/SnowflakeTableReference' + required: + - Snowflake + additionalProperties: false + - type: object + title: Athena + properties: + Athena: + $ref: '#/components/schemas/AthenaTableReference' + required: + - Athena + additionalProperties: false ConfiguredTable: type: object properties: @@ -1135,6 +1329,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + - cleanrooms:TagResource x-required-permissions: create: - cleanrooms:CreateConfiguredTable @@ -1154,6 +1352,7 @@ components: - cleanrooms:ListTagsForResource - cleanrooms:TagResource - cleanrooms:ListConfiguredTables + - athena:GetTableMetadata read: - cleanrooms:GetConfiguredTable - cleanrooms:GetConfiguredTableAnalysisRule @@ -1194,12 +1393,109 @@ components: - glue:GetSchemaVersion list: - cleanrooms:ListConfiguredTables + ConfiguredTableAssociationAnalysisRuleType: + type: string + enum: + - AGGREGATION + - LIST + - CUSTOM + AllowedResultReceiver: + type: string + minLength: 12 + maxLength: 12 + pattern: \d+ + AllowedResultReceivers: + type: array + x-insertionOrder: false + minItems: 0 + items: + $ref: '#/components/schemas/AllowedResultReceiver' + AllowedAdditionalAnalysis: + type: string + maxLength: 256 + AllowedAdditionalAnalyses: + type: array + x-insertionOrder: false + minItems: 0 + maxItems: 25 + items: + $ref: '#/components/schemas/AllowedAdditionalAnalysis' + ConfiguredTableAssociationAnalysisRuleCustom: + type: object + properties: + AllowedResultReceivers: + $ref: '#/components/schemas/AllowedResultReceivers' + AllowedAdditionalAnalyses: + $ref: '#/components/schemas/AllowedAdditionalAnalyses' + additionalProperties: false + ConfiguredTableAssociationAnalysisRuleAggregation: + type: object + properties: + AllowedResultReceivers: + $ref: '#/components/schemas/AllowedResultReceivers' + AllowedAdditionalAnalyses: + $ref: '#/components/schemas/AllowedAdditionalAnalyses' + additionalProperties: false + ConfiguredTableAssociationAnalysisRuleList: + type: object + properties: + AllowedResultReceivers: + $ref: '#/components/schemas/AllowedResultReceivers' + AllowedAdditionalAnalyses: + $ref: '#/components/schemas/AllowedAdditionalAnalyses' + additionalProperties: false + ConfiguredTableAssociationAnalysisRulePolicyV1: + oneOf: + - type: object + title: List + properties: + List: + $ref: '#/components/schemas/ConfiguredTableAssociationAnalysisRuleList' + required: + - List + additionalProperties: false + - type: object + title: Aggregation + properties: + Aggregation: + $ref: '#/components/schemas/ConfiguredTableAssociationAnalysisRuleAggregation' + required: + - Aggregation + additionalProperties: false + - type: object + title: Custom + properties: + Custom: + $ref: '#/components/schemas/ConfiguredTableAssociationAnalysisRuleCustom' + required: + - Custom + additionalProperties: false + ConfiguredTableAssociationAnalysisRulePolicy: + type: object + x-title: V1 + properties: + V1: + $ref: '#/components/schemas/ConfiguredTableAssociationAnalysisRulePolicyV1' + required: + - V1 + additionalProperties: false + ConfiguredTableAssociationAnalysisRule: + type: object + properties: + Type: + $ref: '#/components/schemas/ConfiguredTableAssociationAnalysisRuleType' + Policy: + $ref: '#/components/schemas/ConfiguredTableAssociationAnalysisRulePolicy' + required: + - Type + - Policy + additionalProperties: false ConfiguredTableAssociation: type: object properties: Arn: type: string - maxLength: 100 + maxLength: 256 Tags: description: An arbitrary set of tags (key-value pairs) for this cleanrooms collaboration. x-insertionOrder: false @@ -1233,6 +1529,13 @@ components: type: string maxLength: 512 minLength: 32 + ConfiguredTableAssociationAnalysisRules: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConfiguredTableAssociationAnalysisRule' + maxItems: 1 + minItems: 1 required: - ConfiguredTableIdentifier - Name @@ -1256,12 +1559,17 @@ components: - Name - RoleArn - MembershipIdentifier + x-replacement-strategy: delete_then_create x-tagging: taggable: true tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + - cleanrooms:TagResource x-required-permissions: create: - cleanrooms:CreateConfiguredTableAssociation @@ -1270,9 +1578,14 @@ components: - cleanrooms:TagResource - cleanrooms:GetConfiguredTableAssociation - cleanrooms:ListConfiguredTableAssociations + - cleanrooms:DeleteConfiguredTableAssociation + - cleanrooms:DeleteConfiguredTableAssociationAnalysisRule + - cleanrooms:CreateConfiguredTableAssociationAnalysisRule + - cleanrooms:GetConfiguredTableAssociationAnalysisRule read: - cleanrooms:GetConfiguredTableAssociation - cleanrooms:ListTagsForResource + - cleanrooms:GetConfiguredTableAssociationAnalysisRule update: - cleanrooms:UpdateConfiguredTableAssociation - cleanrooms:GetConfiguredTableAssociation @@ -1280,526 +1593,698 @@ components: - cleanrooms:ListTagsForResource - cleanrooms:TagResource - cleanrooms:UntagResource + - cleanrooms:DeleteConfiguredTableAssociationAnalysisRule + - cleanrooms:CreateConfiguredTableAssociationAnalysisRule + - cleanrooms:GetConfiguredTableAssociationAnalysisRule + - cleanrooms:UpdateConfiguredTableAssociationAnalysisRule delete: - cleanrooms:DeleteConfiguredTableAssociation - cleanrooms:GetConfiguredTableAssociation - cleanrooms:ListConfiguredTableAssociations - cleanrooms:ListTagsForResource - cleanrooms:UntagResource + - cleanrooms:DeleteConfiguredTableAssociationAnalysisRule + - cleanrooms:GetConfiguredTableAssociationAnalysisRule list: - cleanrooms:ListConfiguredTableAssociations - MembershipQueryLogStatus: + UUID: type: string - enum: - - ENABLED - - DISABLED - MembershipStatus: - type: string - enum: - - ACTIVE - - REMOVED - - COLLABORATION_DELETED - ResultFormat: - type: string - enum: - - CSV - - PARQUET - ProtectedQueryS3OutputConfiguration: + maxLength: 36 + minLength: 36 + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + IdMappingTableInputReferenceConfig: type: object - additionalProperties: false properties: - ResultFormat: - $ref: '#/components/schemas/ResultFormat' - Bucket: - type: string - minLength: 3 - maxLength: 63 - KeyPrefix: + InputReferenceArn: type: string + maxLength: 2048 + minLength: 20 + ManageResourcePolicies: + type: boolean required: - - ResultFormat - - Bucket - MembershipProtectedQueryOutputConfiguration: - type: object + - InputReferenceArn + - ManageResourcePolicies additionalProperties: false - properties: - S3: - $ref: '#/components/schemas/ProtectedQueryS3OutputConfiguration' - required: - - S3 - MembershipProtectedQueryResultConfiguration: + IdMappingTableInputSource: type: object - additionalProperties: false properties: - OutputConfiguration: - $ref: '#/components/schemas/MembershipProtectedQueryOutputConfiguration' - RoleArn: + IdNamespaceAssociationId: type: string - minLength: 32 - maxLength: 512 + Type: + type: string + enum: + - SOURCE + - TARGET required: - - OutputConfiguration - MembershipPaymentConfiguration: - type: object + - IdNamespaceAssociationId + - Type additionalProperties: false - properties: - QueryCompute: - $ref: '#/components/schemas/MembershipQueryComputePaymentConfig' - required: - - QueryCompute - MembershipQueryComputePaymentConfig: + IdMappingTableInputReferenceProperties: type: object - additionalProperties: false properties: - IsResponsible: - type: boolean + IdMappingTableInputSource: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/IdMappingTableInputSource' + maxItems: 2 + minItems: 2 required: - - IsResponsible - Membership: + - IdMappingTableInputSource + additionalProperties: false + IdMappingTable: type: object properties: + IdMappingTableIdentifier: + $ref: '#/components/schemas/UUID' Arn: type: string - maxLength: 100 - Tags: - description: An arbitrary set of tags (key-value pairs) for this cleanrooms membership. - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - uniqueItems: true - type: array + maxLength: 200 + InputReferenceConfig: + $ref: '#/components/schemas/IdMappingTableInputReferenceConfig' + MembershipIdentifier: + $ref: '#/components/schemas/UUID' + MembershipArn: + type: string + maxLength: 100 + CollaborationIdentifier: + $ref: '#/components/schemas/UUID' CollaborationArn: type: string maxLength: 100 - CollaborationCreatorAccountId: + Description: type: string - maxLength: 12 - minLength: 12 - pattern: ^\d+$ - CollaborationIdentifier: + maxLength: 255 + pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + Name: type: string - maxLength: 36 - minLength: 36 - pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - MembershipIdentifier: + maxLength: 128 + pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$ + InputReferenceProperties: + $ref: '#/components/schemas/IdMappingTableInputReferenceProperties' + KmsKeyArn: type: string - maxLength: 36 - minLength: 36 - pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - QueryLogStatus: - $ref: '#/components/schemas/MembershipQueryLogStatus' - DefaultResultConfiguration: - $ref: '#/components/schemas/MembershipProtectedQueryResultConfiguration' - PaymentConfiguration: - $ref: '#/components/schemas/MembershipPaymentConfiguration' + maxLength: 2048 + minLength: 4 + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + uniqueItems: true required: - - CollaborationIdentifier - - QueryLogStatus - x-stackql-resource-name: membership - description: Represents an AWS account that is a part of a collaboration - x-type-name: AWS::CleanRooms::Membership + - MembershipIdentifier + - Name + - InputReferenceConfig + x-stackql-resource-name: id_mapping_table + description: Represents an association between an ID mapping workflow and a collaboration + x-type-name: AWS::CleanRooms::IdMappingTable x-stackql-primary-identifier: + - IdMappingTableIdentifier - MembershipIdentifier x-create-only-properties: - - CollaborationIdentifier + - MembershipIdentifier + - Name + - InputReferenceConfig x-read-only-properties: + - IdMappingTableIdentifier - Arn + - MembershipArn + - CollaborationIdentifier - CollaborationArn - - CollaborationCreatorAccountId - - MembershipIdentifier + - InputReferenceProperties x-required-properties: - - CollaborationIdentifier - - QueryLogStatus + - MembershipIdentifier + - Name + - InputReferenceConfig x-tagging: taggable: true tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + - cleanrooms:TagResource x-required-permissions: create: - - cleanrooms:CreateMembership - - logs:CreateLogDelivery - - logs:GetLogDelivery - - logs:UpdateLogDelivery - - logs:DeleteLogDelivery - - logs:ListLogDeliveries - - logs:DescribeLogGroups - - logs:DescribeResourcePolicies - - logs:PutResourcePolicy - - logs:CreateLogGroup - - cleanrooms:GetMembership + - cleanrooms:CreateIdMappingTable + - cleanrooms:GetIdMappingTable + - cleanrooms:ListIdMappingTables - cleanrooms:ListTagsForResource - cleanrooms:TagResource - - cleanrooms:ListMemberships - - iam:PassRole - read: - cleanrooms:GetMembership + - cleanrooms:GetCollaboration + - entityresolution:GetIdMappingWorkflow + - entityresolution:AddPolicyStatement + read: + - cleanrooms:GetIdMappingTable - cleanrooms:ListTagsForResource - - logs:ListLogDeliveries - - logs:DescribeLogGroups - - logs:DescribeResourcePolicies - - logs:GetLogDelivery + - cleanrooms:GetMembership + - cleanrooms:GetCollaboration update: - - cleanrooms:UpdateMembership + - cleanrooms:UpdateIdMappingTable + - cleanrooms:GetIdMappingTable - cleanrooms:GetMembership - - logs:CreateLogDelivery - - logs:GetLogDelivery - - logs:UpdateLogDelivery - - logs:DeleteLogDelivery - - logs:ListLogDeliveries - - logs:DescribeLogGroups - - logs:DescribeResourcePolicies - - logs:PutResourcePolicy - - logs:CreateLogGroup - cleanrooms:ListTagsForResource - cleanrooms:TagResource - cleanrooms:UntagResource - - iam:PassRole + - entityresolution:GetIdMappingWorkflow + - entityresolution:AddPolicyStatement delete: - - cleanrooms:DeleteMembership + - cleanrooms:DeleteIdMappingTable + - cleanrooms:GetIdMappingTable + - cleanrooms:ListIdMappingTables - cleanrooms:GetMembership - - cleanrooms:ListMemberships - cleanrooms:ListTagsForResource - - logs:ListLogDeliveries - - logs:DescribeLogGroups - - logs:DescribeResourcePolicies - - logs:GetLogDelivery + - cleanrooms:UntagResource + - entityresolution:GetIdMappingWorkflow + - entityresolution:AddPolicyStatement + - entityresolution:DeletePolicyStatement list: - - cleanrooms:ListMemberships - PrivacyBudgetTemplate: + - cleanrooms:ListIdMappingTables + - cleanrooms:GetMembership + - cleanrooms:GetCollaboration + Document: + type: object + IdNamespaceAssociationInputReferenceConfig: + type: object + properties: + InputReferenceArn: + type: string + maxLength: 256 + ManageResourcePolicies: + type: boolean + required: + - InputReferenceArn + - ManageResourcePolicies + additionalProperties: false + IdMappingConfig: + type: object + properties: + AllowUseAsDimensionColumn: + type: boolean + required: + - AllowUseAsDimensionColumn + additionalProperties: false + IdNamespaceAssociationInputReferenceProperties: + type: object + properties: + IdNamespaceType: + type: string + enum: + - SOURCE + - TARGET + IdMappingWorkflowsSupported: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Document' + required: [] + additionalProperties: false + IdNamespaceAssociation: type: object properties: + IdNamespaceAssociationIdentifier: + $ref: '#/components/schemas/UUID' Arn: type: string - maxLength: 200 - CollaborationArn: + maxLength: 256 + MembershipIdentifier: + $ref: '#/components/schemas/UUID' + MembershipArn: type: string maxLength: 100 CollaborationIdentifier: + $ref: '#/components/schemas/UUID' + CollaborationArn: type: string - maxLength: 36 - minLength: 36 - pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - PrivacyBudgetTemplateIdentifier: - type: string - maxLength: 36 - minLength: 36 - pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + maxLength: 100 + InputReferenceConfig: + $ref: '#/components/schemas/IdNamespaceAssociationInputReferenceConfig' Tags: - description: An arbitrary set of tags (key-value pairs) for this cleanrooms privacy budget template. + type: array x-insertionOrder: false items: $ref: '#/components/schemas/Tag' - type: array - AutoRefresh: - type: string - enum: - - CALENDAR_MONTH - - NONE - PrivacyBudgetType: - type: string - enum: - - DIFFERENTIAL_PRIVACY - Parameters: - type: object - additionalProperties: false - properties: - Epsilon: - type: integer - minimum: 1 - maximum: 20 - UsersNoisePerQuery: - type: integer - minimum: 10 - maximum: 100 - required: - - Epsilon - - UsersNoisePerQuery - MembershipArn: + uniqueItems: true + Name: type: string maxLength: 100 - MembershipIdentifier: + minLength: 1 + pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t]*$ + Description: type: string - maxLength: 36 - minLength: 36 - pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + maxLength: 255 + pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + IdMappingConfig: + $ref: '#/components/schemas/IdMappingConfig' + InputReferenceProperties: + $ref: '#/components/schemas/IdNamespaceAssociationInputReferenceProperties' required: - - AutoRefresh - - PrivacyBudgetType - - Parameters - MembershipIdentifier - x-stackql-resource-name: privacy_budget_template - description: Represents a privacy budget within a collaboration - x-type-name: AWS::CleanRooms::PrivacyBudgetTemplate + - InputReferenceConfig + - Name + x-stackql-resource-name: id_namespace_association + description: Represents an association between an ID namespace and a collaboration + x-type-name: AWS::CleanRooms::IdNamespaceAssociation x-stackql-primary-identifier: - - PrivacyBudgetTemplateIdentifier + - IdNamespaceAssociationIdentifier - MembershipIdentifier x-create-only-properties: - MembershipIdentifier - - PrivacyBudgetType - - AutoRefresh + - InputReferenceConfig x-read-only-properties: - - CollaborationArn - - CollaborationIdentifier - - PrivacyBudgetTemplateIdentifier + - IdNamespaceAssociationIdentifier - Arn - MembershipArn + - CollaborationIdentifier + - CollaborationArn + - InputReferenceProperties x-required-properties: - - AutoRefresh - - PrivacyBudgetType - - Parameters - MembershipIdentifier - x-replacement-strategy: delete_then_create + - InputReferenceConfig + - Name x-tagging: taggable: true tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + - cleanrooms:TagResource x-required-permissions: create: - - cleanrooms:CreatePrivacyBudgetTemplate + - cleanrooms:CreateIdNamespaceAssociation + - cleanrooms:GetIdNamespaceAssociation + - cleanrooms:ListIdNamespaceAssociations - cleanrooms:ListTagsForResource - cleanrooms:TagResource - - cleanrooms:GetPrivacyBudgetTemplate - - cleanrooms:ListPrivacyBudgetTemplates + - cleanrooms:GetMembership + - cleanrooms:GetCollaboration + - entityresolution:GetIdNamespace + - entityresolution:AddPolicyStatement read: - - cleanrooms:GetPrivacyBudgetTemplate + - cleanrooms:GetIdNamespaceAssociation - cleanrooms:ListTagsForResource + - cleanrooms:GetMembership + - cleanrooms:GetCollaboration + - entityresolution:GetIdNamespace update: - - cleanrooms:UpdatePrivacyBudgetTemplate - - cleanrooms:GetPrivacyBudgetTemplate + - cleanrooms:UpdateIdNamespaceAssociation + - cleanrooms:GetIdNamespaceAssociation + - cleanrooms:GetMembership + - cleanrooms:GetCollaboration - cleanrooms:ListTagsForResource - cleanrooms:TagResource - cleanrooms:UntagResource + - entityresolution:GetIdNamespace + - entityresolution:AddPolicyStatement delete: - - cleanrooms:DeletePrivacyBudgetTemplate - - cleanrooms:GetPrivacyBudgetTemplate - - cleanrooms:ListPrivacyBudgetTemplates + - cleanrooms:DeleteIdNamespaceAssociation + - cleanrooms:GetIdNamespaceAssociation + - cleanrooms:ListIdNamespaceAssociations + - cleanrooms:GetMembership + - cleanrooms:GetCollaboration - cleanrooms:ListTagsForResource - cleanrooms:UntagResource + - entityresolution:GetIdNamespace + - entityresolution:DeletePolicyStatement list: - - cleanrooms:ListPrivacyBudgetTemplates - CreateAnalysisTemplateRequest: + - cleanrooms:ListIdNamespaceAssociations + - cleanrooms:GetMembership + - cleanrooms:GetCollaboration + MembershipQueryLogStatus: + type: string + enum: + - ENABLED + - DISABLED + MembershipStatus: + type: string + enum: + - ACTIVE + - REMOVED + - COLLABORATION_DELETED + ResultFormat: + type: string + enum: + - CSV + - PARQUET + ProtectedQueryS3OutputConfiguration: + type: object + additionalProperties: false properties: - ClientToken: + ResultFormat: + $ref: '#/components/schemas/ResultFormat' + Bucket: type: string - RoleArn: + minLength: 3 + maxLength: 63 + KeyPrefix: type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - Arn: - type: string - maxLength: 200 - CollaborationArn: - type: string - maxLength: 100 - CollaborationIdentifier: - type: string - maxLength: 36 - minLength: 36 - pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - Tags: - description: An arbitrary set of tags (key-value pairs) for this cleanrooms analysis template. - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - type: array - AnalysisParameters: - description: The member who can query can provide this placeholder for a literal data value in an analysis template - x-insertionOrder: false - items: - $ref: '#/components/schemas/AnalysisParameter' - type: array - minItems: 0 - maxItems: 10 - AnalysisTemplateIdentifier: - type: string - maxLength: 36 - minLength: 36 - pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - Description: - type: string - maxLength: 255 - pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ - MembershipArn: - type: string - maxLength: 100 - MembershipIdentifier: - type: string - maxLength: 36 - minLength: 36 - pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - Name: - type: string - maxLength: 128 - pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$ - Schema: - $ref: '#/components/schemas/AnalysisSchema' - Source: - $ref: '#/components/schemas/AnalysisSource' - Format: - type: string - enum: - - SQL - x-stackQL-stringOnly: true - x-title: CreateAnalysisTemplateRequest + SingleFileOutput: + type: boolean + required: + - ResultFormat + - Bucket + MembershipProtectedQueryOutputConfiguration: type: object - required: [] - CreateCollaborationRequest: + additionalProperties: false properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - Arn: - type: string - maxLength: 100 - Tags: - description: An arbitrary set of tags (key-value pairs) for this cleanrooms collaboration. - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - uniqueItems: true - type: array - CollaborationIdentifier: - type: string - maxLength: 36 - minLength: 36 - pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - CreatorDisplayName: - $ref: '#/components/schemas/Name' - CreatorMemberAbilities: - $ref: '#/components/schemas/MemberAbilities' - DataEncryptionMetadata: - $ref: '#/components/schemas/DataEncryptionMetadata' - Description: - type: string - maxLength: 255 - minLength: 1 - pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ - Members: - type: array - x-insertionOrder: false - items: - $ref: '#/components/schemas/MemberSpecification' - maxItems: 9 - minItems: 0 - Name: - type: string - maxLength: 100 - minLength: 1 - pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t]*$ - QueryLogStatus: - $ref: '#/components/schemas/CollaborationQueryLogStatus' - CreatorPaymentConfiguration: - $ref: '#/components/schemas/PaymentConfiguration' - x-stackQL-stringOnly: true - x-title: CreateCollaborationRequest + S3: + $ref: '#/components/schemas/ProtectedQueryS3OutputConfiguration' + required: + - S3 + MembershipProtectedQueryResultConfiguration: type: object - required: [] - CreateConfiguredTableRequest: + additionalProperties: false properties: - ClientToken: - type: string + OutputConfiguration: + $ref: '#/components/schemas/MembershipProtectedQueryOutputConfiguration' RoleArn: type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - Arn: - type: string - maxLength: 100 - Tags: - description: An arbitrary set of tags (key-value pairs) for this cleanrooms collaboration. - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - uniqueItems: true - type: array - AllowedColumns: - type: array - x-insertionOrder: false - items: - type: string - maxLength: 128 - pattern: ^[a-z0-9_](([a-z0-9_ ]+-)*([a-z0-9_ ]+))?$ - maxItems: 100 - minItems: 1 - AnalysisMethod: - $ref: '#/components/schemas/AnalysisMethod' - ConfiguredTableIdentifier: - type: string - maxLength: 36 - minLength: 36 - pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - Description: - type: string - maxLength: 255 - pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ - Name: - type: string - maxLength: 100 - minLength: 1 - pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t]*$ - AnalysisRules: - type: array - x-insertionOrder: false - items: - $ref: '#/components/schemas/AnalysisRule' - maxItems: 1 - minItems: 1 - TableReference: - $ref: '#/components/schemas/TableReference' - x-stackQL-stringOnly: true - x-title: CreateConfiguredTableRequest + minLength: 32 + maxLength: 512 + required: + - OutputConfiguration + MembershipPaymentConfiguration: type: object - required: [] - CreateConfiguredTableAssociationRequest: + additionalProperties: false properties: - ClientToken: + QueryCompute: + $ref: '#/components/schemas/MembershipQueryComputePaymentConfig' + MachineLearning: + $ref: '#/components/schemas/MembershipMLPaymentConfig' + required: + - QueryCompute + MembershipQueryComputePaymentConfig: + type: object + additionalProperties: false + properties: + IsResponsible: + type: boolean + required: + - IsResponsible + MembershipMLPaymentConfig: + type: object + additionalProperties: false + properties: + ModelTraining: + $ref: '#/components/schemas/MembershipModelTrainingPaymentConfig' + ModelInference: + $ref: '#/components/schemas/MembershipModelInferencePaymentConfig' + MembershipModelTrainingPaymentConfig: + type: object + additionalProperties: false + properties: + IsResponsible: + type: boolean + required: + - IsResponsible + MembershipModelInferencePaymentConfig: + type: object + additionalProperties: false + properties: + IsResponsible: + type: boolean + required: + - IsResponsible + Membership: + type: object + properties: + Arn: type: string - RoleArn: + maxLength: 100 + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms membership. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + uniqueItems: true + type: array + CollaborationArn: type: string - TypeName: + maxLength: 100 + CollaborationCreatorAccountId: type: string - TypeVersionId: + maxLength: 12 + minLength: 12 + pattern: ^\d+$ + CollaborationIdentifier: type: string - DesiredState: - type: object - properties: - Arn: - type: string - maxLength: 100 + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + MembershipIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + QueryLogStatus: + $ref: '#/components/schemas/MembershipQueryLogStatus' + DefaultResultConfiguration: + $ref: '#/components/schemas/MembershipProtectedQueryResultConfiguration' + PaymentConfiguration: + $ref: '#/components/schemas/MembershipPaymentConfiguration' + required: + - CollaborationIdentifier + - QueryLogStatus + x-stackql-resource-name: membership + description: Represents an AWS account that is a part of a collaboration + x-type-name: AWS::CleanRooms::Membership + x-stackql-primary-identifier: + - MembershipIdentifier + x-create-only-properties: + - CollaborationIdentifier + x-read-only-properties: + - Arn + - CollaborationArn + - CollaborationCreatorAccountId + - MembershipIdentifier + x-required-properties: + - CollaborationIdentifier + - QueryLogStatus + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + - cleanrooms:TagResource + x-required-permissions: + create: + - cleanrooms:CreateMembership + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:DescribeLogGroups + - logs:DescribeResourcePolicies + - logs:PutResourcePolicy + - logs:CreateLogGroup + - cleanrooms:GetMembership + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:ListMemberships + - iam:PassRole + read: + - cleanrooms:GetMembership + - cleanrooms:ListTagsForResource + - logs:ListLogDeliveries + - logs:DescribeLogGroups + - logs:DescribeResourcePolicies + - logs:GetLogDelivery + update: + - cleanrooms:UpdateMembership + - cleanrooms:GetMembership + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:DescribeLogGroups + - logs:DescribeResourcePolicies + - logs:PutResourcePolicy + - logs:CreateLogGroup + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:UntagResource + - iam:PassRole + delete: + - cleanrooms:DeleteMembership + - cleanrooms:GetMembership + - cleanrooms:ListMemberships + - cleanrooms:ListTagsForResource + - logs:ListLogDeliveries + - logs:DescribeLogGroups + - logs:DescribeResourcePolicies + - logs:GetLogDelivery + list: + - cleanrooms:ListMemberships + PrivacyBudgetTemplate: + type: object + properties: + Arn: + type: string + maxLength: 200 + CollaborationArn: + type: string + maxLength: 100 + CollaborationIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + PrivacyBudgetTemplateIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms privacy budget template. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + type: array + AutoRefresh: + type: string + enum: + - CALENDAR_MONTH + - NONE + PrivacyBudgetType: + type: string + enum: + - DIFFERENTIAL_PRIVACY + Parameters: + type: object + additionalProperties: false + properties: + Epsilon: + type: integer + minimum: 1 + maximum: 20 + UsersNoisePerQuery: + type: integer + minimum: 10 + maximum: 100 + required: + - Epsilon + - UsersNoisePerQuery + MembershipArn: + type: string + maxLength: 100 + MembershipIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + required: + - AutoRefresh + - PrivacyBudgetType + - Parameters + - MembershipIdentifier + x-stackql-resource-name: privacy_budget_template + description: Represents a privacy budget within a collaboration + x-type-name: AWS::CleanRooms::PrivacyBudgetTemplate + x-stackql-primary-identifier: + - PrivacyBudgetTemplateIdentifier + - MembershipIdentifier + x-create-only-properties: + - MembershipIdentifier + - PrivacyBudgetType + - AutoRefresh + x-read-only-properties: + - CollaborationArn + - CollaborationIdentifier + - PrivacyBudgetTemplateIdentifier + - Arn + - MembershipArn + x-required-properties: + - AutoRefresh + - PrivacyBudgetType + - Parameters + - MembershipIdentifier + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + - cleanrooms:TagResource + x-required-permissions: + create: + - cleanrooms:CreatePrivacyBudgetTemplate + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:GetPrivacyBudgetTemplate + - cleanrooms:ListPrivacyBudgetTemplates + read: + - cleanrooms:GetPrivacyBudgetTemplate + - cleanrooms:ListTagsForResource + update: + - cleanrooms:UpdatePrivacyBudgetTemplate + - cleanrooms:GetPrivacyBudgetTemplate + - cleanrooms:ListTagsForResource + - cleanrooms:TagResource + - cleanrooms:UntagResource + delete: + - cleanrooms:DeletePrivacyBudgetTemplate + - cleanrooms:GetPrivacyBudgetTemplate + - cleanrooms:ListPrivacyBudgetTemplates + - cleanrooms:ListTagsForResource + - cleanrooms:UntagResource + list: + - cleanrooms:ListPrivacyBudgetTemplates + CreateAnalysisTemplateRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + maxLength: 200 + CollaborationArn: + type: string + maxLength: 100 + CollaborationIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' Tags: - description: An arbitrary set of tags (key-value pairs) for this cleanrooms collaboration. + description: An arbitrary set of tags (key-value pairs) for this cleanrooms analysis template. x-insertionOrder: false items: $ref: '#/components/schemas/Tag' type: array - ConfiguredTableAssociationIdentifier: - type: string - maxLength: 36 - minLength: 36 - pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - ConfiguredTableIdentifier: + AnalysisParameters: + description: The member who can query can provide this placeholder for a literal data value in an analysis template + x-insertionOrder: false + items: + $ref: '#/components/schemas/AnalysisParameter' + type: array + minItems: 0 + maxItems: 10 + AnalysisTemplateIdentifier: type: string maxLength: 36 minLength: 36 @@ -1808,6 +2293,9 @@ components: type: string maxLength: 255 pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + MembershipArn: + type: string + maxLength: 100 MembershipIdentifier: type: string maxLength: 36 @@ -1817,15 +2305,19 @@ components: type: string maxLength: 128 pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$ - RoleArn: - type: string - maxLength: 512 - minLength: 32 + Schema: + $ref: '#/components/schemas/AnalysisSchema' + Source: + $ref: '#/components/schemas/AnalysisSource' + Format: + type: string + enum: + - SQL x-stackQL-stringOnly: true - x-title: CreateConfiguredTableAssociationRequest + x-title: CreateAnalysisTemplateRequest type: object required: [] - CreateMembershipRequest: + CreateCollaborationRequest: properties: ClientToken: type: string @@ -1842,41 +2334,114 @@ components: type: string maxLength: 100 Tags: - description: An arbitrary set of tags (key-value pairs) for this cleanrooms membership. + description: An arbitrary set of tags (key-value pairs) for this cleanrooms collaboration. x-insertionOrder: false items: $ref: '#/components/schemas/Tag' uniqueItems: true type: array - CollaborationArn: - type: string - maxLength: 100 - CollaborationCreatorAccountId: - type: string - maxLength: 12 - minLength: 12 - pattern: ^\d+$ CollaborationIdentifier: type: string maxLength: 36 minLength: 36 pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - MembershipIdentifier: + CreatorDisplayName: + $ref: '#/components/schemas/Name' + CreatorMemberAbilities: + $ref: '#/components/schemas/MemberAbilities' + CreatorMLMemberAbilities: + $ref: '#/components/schemas/MLMemberAbilities' + DataEncryptionMetadata: + $ref: '#/components/schemas/DataEncryptionMetadata' + Description: + type: string + maxLength: 255 + minLength: 1 + pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + Members: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/MemberSpecification' + maxItems: 9 + minItems: 0 + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t]*$ + QueryLogStatus: + $ref: '#/components/schemas/CollaborationQueryLogStatus' + AnalyticsEngine: + $ref: '#/components/schemas/AnalyticsEngine' + CreatorPaymentConfiguration: + $ref: '#/components/schemas/PaymentConfiguration' + x-stackQL-stringOnly: true + x-title: CreateCollaborationRequest + type: object + required: [] + CreateConfiguredTableRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + maxLength: 100 + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms collaboration. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + uniqueItems: true + type: array + AllowedColumns: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 128 + pattern: ^[a-z0-9_](([a-z0-9_ ]+-)*([a-z0-9_ ]+))?$ + maxItems: 100 + minItems: 1 + AnalysisMethod: + $ref: '#/components/schemas/AnalysisMethod' + ConfiguredTableIdentifier: type: string maxLength: 36 minLength: 36 pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - QueryLogStatus: - $ref: '#/components/schemas/MembershipQueryLogStatus' - DefaultResultConfiguration: - $ref: '#/components/schemas/MembershipProtectedQueryResultConfiguration' - PaymentConfiguration: - $ref: '#/components/schemas/MembershipPaymentConfiguration' + Description: + type: string + maxLength: 255 + pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t]*$ + AnalysisRules: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/AnalysisRule' + maxItems: 1 + minItems: 1 + TableReference: + $ref: '#/components/schemas/TableReference' x-stackQL-stringOnly: true - x-title: CreateMembershipRequest + x-title: CreateConfiguredTableRequest type: object required: [] - CreatePrivacyBudgetTemplateRequest: + CreateConfiguredTableAssociationRequest: properties: ClientToken: type: string @@ -1891,63 +2456,281 @@ components: properties: Arn: type: string - maxLength: 200 - CollaborationArn: + maxLength: 256 + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms collaboration. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + type: array + ConfiguredTableAssociationIdentifier: type: string - maxLength: 100 - CollaborationIdentifier: + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + ConfiguredTableIdentifier: type: string maxLength: 36 minLength: 36 pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - PrivacyBudgetTemplateIdentifier: + Description: + type: string + maxLength: 255 + pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + MembershipIdentifier: type: string maxLength: 36 minLength: 36 pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + Name: + type: string + maxLength: 128 + pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$ + RoleArn: + type: string + maxLength: 512 + minLength: 32 + ConfiguredTableAssociationAnalysisRules: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/ConfiguredTableAssociationAnalysisRule' + maxItems: 1 + minItems: 1 + x-stackQL-stringOnly: true + x-title: CreateConfiguredTableAssociationRequest + type: object + required: [] + CreateIdMappingTableRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + IdMappingTableIdentifier: + $ref: '#/components/schemas/UUID' + Arn: + type: string + maxLength: 200 + InputReferenceConfig: + $ref: '#/components/schemas/IdMappingTableInputReferenceConfig' + MembershipIdentifier: + $ref: '#/components/schemas/UUID' + MembershipArn: + type: string + maxLength: 100 + CollaborationIdentifier: + $ref: '#/components/schemas/UUID' + CollaborationArn: + type: string + maxLength: 100 + Description: + type: string + maxLength: 255 + pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + Name: + type: string + maxLength: 128 + pattern: ^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$ + InputReferenceProperties: + $ref: '#/components/schemas/IdMappingTableInputReferenceProperties' + KmsKeyArn: + type: string + maxLength: 2048 + minLength: 4 Tags: - description: An arbitrary set of tags (key-value pairs) for this cleanrooms privacy budget template. + type: array x-insertionOrder: false items: $ref: '#/components/schemas/Tag' - type: array - AutoRefresh: - type: string - enum: - - CALENDAR_MONTH - - NONE - PrivacyBudgetType: + uniqueItems: true + x-stackQL-stringOnly: true + x-title: CreateIdMappingTableRequest + type: object + required: [] + CreateIdNamespaceAssociationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + IdNamespaceAssociationIdentifier: + $ref: '#/components/schemas/UUID' + Arn: type: string - enum: - - DIFFERENTIAL_PRIVACY - Parameters: - type: object - additionalProperties: false - properties: - Epsilon: - type: integer - minimum: 1 - maximum: 20 - UsersNoisePerQuery: - type: integer - minimum: 10 - maximum: 100 - required: - - Epsilon - - UsersNoisePerQuery + maxLength: 256 + MembershipIdentifier: + $ref: '#/components/schemas/UUID' MembershipArn: type: string maxLength: 100 - MembershipIdentifier: + CollaborationIdentifier: + $ref: '#/components/schemas/UUID' + CollaborationArn: type: string - maxLength: 36 - minLength: 36 - pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + maxLength: 100 + InputReferenceConfig: + $ref: '#/components/schemas/IdNamespaceAssociationInputReferenceConfig' + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + uniqueItems: true + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^(?!\s*$)[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t]*$ + Description: + type: string + maxLength: 255 + pattern: ^[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDBFF-\uDC00\uDFFF\t\r\n]*$ + IdMappingConfig: + $ref: '#/components/schemas/IdMappingConfig' + InputReferenceProperties: + $ref: '#/components/schemas/IdNamespaceAssociationInputReferenceProperties' x-stackQL-stringOnly: true - x-title: CreatePrivacyBudgetTemplateRequest + x-title: CreateIdNamespaceAssociationRequest type: object required: [] - securitySchemes: + CreateMembershipRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + maxLength: 100 + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms membership. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + uniqueItems: true + type: array + CollaborationArn: + type: string + maxLength: 100 + CollaborationCreatorAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^\d+$ + CollaborationIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + MembershipIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + QueryLogStatus: + $ref: '#/components/schemas/MembershipQueryLogStatus' + DefaultResultConfiguration: + $ref: '#/components/schemas/MembershipProtectedQueryResultConfiguration' + PaymentConfiguration: + $ref: '#/components/schemas/MembershipPaymentConfiguration' + x-stackQL-stringOnly: true + x-title: CreateMembershipRequest + type: object + required: [] + CreatePrivacyBudgetTemplateRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + maxLength: 200 + CollaborationArn: + type: string + maxLength: 100 + CollaborationIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + PrivacyBudgetTemplateIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + Tags: + description: An arbitrary set of tags (key-value pairs) for this cleanrooms privacy budget template. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + type: array + AutoRefresh: + type: string + enum: + - CALENDAR_MONTH + - NONE + PrivacyBudgetType: + type: string + enum: + - DIFFERENTIAL_PRIVACY + Parameters: + type: object + additionalProperties: false + properties: + Epsilon: + type: integer + minimum: 1 + maximum: 20 + UsersNoisePerQuery: + type: integer + minimum: 10 + maximum: 100 + required: + - Epsilon + - UsersNoisePerQuery + MembershipArn: + type: string + maxLength: 100 + MembershipIdentifier: + type: string + maxLength: 36 + minLength: 36 + pattern: '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + x-stackQL-stringOnly: true + x-title: CreatePrivacyBudgetTemplateRequest + type: object + required: [] + securitySchemes: hmac: type: apiKey name: Authorization @@ -1961,8 +2744,509 @@ components: x-cfn-schema-name: AnalysisTemplate x-cfn-type-name: AWS::CleanRooms::AnalysisTemplate x-identifiers: - - AnalysisTemplateIdentifier - - MembershipIdentifier + - AnalysisTemplateIdentifier + - MembershipIdentifier + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AnalysisTemplate&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CleanRooms::AnalysisTemplate" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CleanRooms::AnalysisTemplate" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CleanRooms::AnalysisTemplate" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/analysis_templates/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/analysis_templates/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/analysis_templates/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CollaborationArn') as collaboration_arn, + JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AnalysisParameters') as analysis_parameters, + JSON_EXTRACT(Properties, '$.AnalysisTemplateIdentifier') as analysis_template_identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.MembershipArn') as membership_arn, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Schema') as _schema, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.Format') as _format + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CollaborationArn') as collaboration_arn, + JSON_EXTRACT(detail.Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.AnalysisParameters') as analysis_parameters, + JSON_EXTRACT(detail.Properties, '$.AnalysisTemplateIdentifier') as analysis_template_identifier, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.MembershipArn') as membership_arn, + JSON_EXTRACT(detail.Properties, '$.MembershipIdentifier') as membership_identifier, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Schema') as _schema, + JSON_EXTRACT(detail.Properties, '$.Source') as source, + JSON_EXTRACT(detail.Properties, '$.Format') as _format + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND detail.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CollaborationArn') as collaboration_arn, + json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AnalysisParameters') as analysis_parameters, + json_extract_path_text(Properties, 'AnalysisTemplateIdentifier') as analysis_template_identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'MembershipArn') as membership_arn, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Schema') as _schema, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'Format') as _format + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CollaborationArn') as collaboration_arn, + json_extract_path_text(detail.Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'AnalysisParameters') as analysis_parameters, + json_extract_path_text(detail.Properties, 'AnalysisTemplateIdentifier') as analysis_template_identifier, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'MembershipArn') as membership_arn, + json_extract_path_text(detail.Properties, 'MembershipIdentifier') as membership_identifier, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Schema') as _schema, + json_extract_path_text(detail.Properties, 'Source') as source, + json_extract_path_text(detail.Properties, 'Format') as _format + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND detail.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND listing.region = 'us-east-1' + analysis_templates_list_only: + name: analysis_templates_list_only + id: aws.cleanrooms.analysis_templates_list_only + x-cfn-schema-name: AnalysisTemplate + x-cfn-type-name: AWS::CleanRooms::AnalysisTemplate + x-identifiers: + - AnalysisTemplateIdentifier + - MembershipIdentifier + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AnalysisTemplateIdentifier') as analysis_template_identifier, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AnalysisTemplateIdentifier') as analysis_template_identifier, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND region = 'us-east-1' + analysis_template_tags: + name: analysis_template_tags + id: aws.cleanrooms.analysis_template_tags + x-cfn-schema-name: AnalysisTemplate + x-cfn-type-name: AWS::CleanRooms::AnalysisTemplate + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CollaborationArn') as collaboration_arn, + JSON_EXTRACT(detail.Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(detail.Properties, '$.AnalysisParameters') as analysis_parameters, + JSON_EXTRACT(detail.Properties, '$.AnalysisTemplateIdentifier') as analysis_template_identifier, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.MembershipArn') as membership_arn, + JSON_EXTRACT(detail.Properties, '$.MembershipIdentifier') as membership_identifier, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Schema') as _schema, + JSON_EXTRACT(detail.Properties, '$.Source') as source, + JSON_EXTRACT(detail.Properties, '$.Format') as _format + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND detail.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CollaborationArn') as collaboration_arn, + json_extract_path_text(detail.Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(detail.Properties, 'AnalysisParameters') as analysis_parameters, + json_extract_path_text(detail.Properties, 'AnalysisTemplateIdentifier') as analysis_template_identifier, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'MembershipArn') as membership_arn, + json_extract_path_text(detail.Properties, 'MembershipIdentifier') as membership_identifier, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Schema') as _schema, + json_extract_path_text(detail.Properties, 'Source') as source, + json_extract_path_text(detail.Properties, 'Format') as _format + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND detail.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + AND listing.region = 'us-east-1' + collaborations: + name: collaborations + id: aws.cleanrooms.collaborations + x-cfn-schema-name: Collaboration + x-cfn-type-name: AWS::CleanRooms::Collaboration + x-identifiers: + - CollaborationIdentifier + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Collaboration&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CleanRooms::Collaboration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CleanRooms::Collaboration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CleanRooms::Collaboration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/collaborations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/collaborations/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/collaborations/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(Properties, '$.CreatorDisplayName') as creator_display_name, + JSON_EXTRACT(Properties, '$.CreatorMemberAbilities') as creator_member_abilities, + JSON_EXTRACT(Properties, '$.CreatorMLMemberAbilities') as creator_ml_member_abilities, + JSON_EXTRACT(Properties, '$.DataEncryptionMetadata') as data_encryption_metadata, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Members') as members, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.QueryLogStatus') as query_log_status, + JSON_EXTRACT(Properties, '$.AnalyticsEngine') as analytics_engine, + JSON_EXTRACT(Properties, '$.CreatorPaymentConfiguration') as creator_payment_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::Collaboration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(detail.Properties, '$.CreatorDisplayName') as creator_display_name, + JSON_EXTRACT(detail.Properties, '$.CreatorMemberAbilities') as creator_member_abilities, + JSON_EXTRACT(detail.Properties, '$.CreatorMLMemberAbilities') as creator_ml_member_abilities, + JSON_EXTRACT(detail.Properties, '$.DataEncryptionMetadata') as data_encryption_metadata, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Members') as members, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.QueryLogStatus') as query_log_status, + JSON_EXTRACT(detail.Properties, '$.AnalyticsEngine') as analytics_engine, + JSON_EXTRACT(detail.Properties, '$.CreatorPaymentConfiguration') as creator_payment_configuration + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CleanRooms::Collaboration' + AND detail.data__TypeName = 'AWS::CleanRooms::Collaboration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(Properties, 'CreatorDisplayName') as creator_display_name, + json_extract_path_text(Properties, 'CreatorMemberAbilities') as creator_member_abilities, + json_extract_path_text(Properties, 'CreatorMLMemberAbilities') as creator_ml_member_abilities, + json_extract_path_text(Properties, 'DataEncryptionMetadata') as data_encryption_metadata, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Members') as members, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'QueryLogStatus') as query_log_status, + json_extract_path_text(Properties, 'AnalyticsEngine') as analytics_engine, + json_extract_path_text(Properties, 'CreatorPaymentConfiguration') as creator_payment_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::Collaboration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(detail.Properties, 'CreatorDisplayName') as creator_display_name, + json_extract_path_text(detail.Properties, 'CreatorMemberAbilities') as creator_member_abilities, + json_extract_path_text(detail.Properties, 'CreatorMLMemberAbilities') as creator_ml_member_abilities, + json_extract_path_text(detail.Properties, 'DataEncryptionMetadata') as data_encryption_metadata, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Members') as members, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'QueryLogStatus') as query_log_status, + json_extract_path_text(detail.Properties, 'AnalyticsEngine') as analytics_engine, + json_extract_path_text(detail.Properties, 'CreatorPaymentConfiguration') as creator_payment_configuration + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CleanRooms::Collaboration' + AND detail.data__TypeName = 'AWS::CleanRooms::Collaboration' + AND listing.region = 'us-east-1' + collaborations_list_only: + name: collaborations_list_only + id: aws.cleanrooms.collaborations_list_only + x-cfn-schema-name: Collaboration + x-cfn-type-name: AWS::CleanRooms::Collaboration + x-identifiers: + - CollaborationIdentifier + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::Collaboration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::Collaboration' + AND region = 'us-east-1' + collaboration_tags: + name: collaboration_tags + id: aws.cleanrooms.collaboration_tags + x-cfn-schema-name: Collaboration + x-cfn-type-name: AWS::CleanRooms::Collaboration + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(detail.Properties, '$.CreatorDisplayName') as creator_display_name, + JSON_EXTRACT(detail.Properties, '$.CreatorMemberAbilities') as creator_member_abilities, + JSON_EXTRACT(detail.Properties, '$.CreatorMLMemberAbilities') as creator_ml_member_abilities, + JSON_EXTRACT(detail.Properties, '$.DataEncryptionMetadata') as data_encryption_metadata, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Members') as members, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.QueryLogStatus') as query_log_status, + JSON_EXTRACT(detail.Properties, '$.AnalyticsEngine') as analytics_engine, + JSON_EXTRACT(detail.Properties, '$.CreatorPaymentConfiguration') as creator_payment_configuration + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::CleanRooms::Collaboration' + AND detail.data__TypeName = 'AWS::CleanRooms::Collaboration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(detail.Properties, 'CreatorDisplayName') as creator_display_name, + json_extract_path_text(detail.Properties, 'CreatorMemberAbilities') as creator_member_abilities, + json_extract_path_text(detail.Properties, 'CreatorMLMemberAbilities') as creator_ml_member_abilities, + json_extract_path_text(detail.Properties, 'DataEncryptionMetadata') as data_encryption_metadata, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Members') as members, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'QueryLogStatus') as query_log_status, + json_extract_path_text(detail.Properties, 'AnalyticsEngine') as analytics_engine, + json_extract_path_text(detail.Properties, 'CreatorPaymentConfiguration') as creator_payment_configuration + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::CleanRooms::Collaboration' + AND detail.data__TypeName = 'AWS::CleanRooms::Collaboration' + AND listing.region = 'us-east-1' + configured_tables: + name: configured_tables + id: aws.cleanrooms.configured_tables + x-cfn-schema-name: ConfiguredTable + x-cfn-type-name: AWS::CleanRooms::ConfiguredTable + x-identifiers: + - ConfiguredTableIdentifier x-type: cloud_control methods: create_resource: @@ -1970,12 +3254,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AnalysisTemplate&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ConfiguredTable&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CleanRooms::AnalysisTemplate" + "TypeName": "AWS::CleanRooms::ConfiguredTable" } response: mediaType: application/json @@ -1987,7 +3271,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CleanRooms::AnalysisTemplate" + "TypeName": "AWS::CleanRooms::ConfiguredTable" } response: mediaType: application/json @@ -1999,18 +3283,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CleanRooms::AnalysisTemplate" + "TypeName": "AWS::CleanRooms::ConfiguredTable" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/analysis_templates/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/configured_tables/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/analysis_templates/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/configured_tables/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/analysis_templates/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/configured_tables/methods/update_resource' config: views: select: @@ -2020,20 +3304,16 @@ components: region, data__Identifier, JSON_EXTRACT(Properties, '$.Arn') as arn, - JSON_EXTRACT(Properties, '$.CollaborationArn') as collaboration_arn, - JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.AnalysisParameters') as analysis_parameters, - JSON_EXTRACT(Properties, '$.AnalysisTemplateIdentifier') as analysis_template_identifier, + JSON_EXTRACT(Properties, '$.AllowedColumns') as allowed_columns, + JSON_EXTRACT(Properties, '$.AnalysisMethod') as analysis_method, + JSON_EXTRACT(Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.MembershipArn') as membership_arn, - JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier, JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.Schema') as _schema, - JSON_EXTRACT(Properties, '$.Source') as source, - JSON_EXTRACT(Properties, '$.Format') as _format - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' - AND data__Identifier = '|' + JSON_EXTRACT(Properties, '$.AnalysisRules') as analysis_rules, + JSON_EXTRACT(Properties, '$.TableReference') as table_reference + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" @@ -2041,24 +3321,20 @@ components: SELECT detail.region, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.CollaborationArn') as collaboration_arn, - JSON_EXTRACT(detail.Properties, '$.CollaborationIdentifier') as collaboration_identifier, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.AnalysisParameters') as analysis_parameters, - JSON_EXTRACT(detail.Properties, '$.AnalysisTemplateIdentifier') as analysis_template_identifier, + JSON_EXTRACT(detail.Properties, '$.AllowedColumns') as allowed_columns, + JSON_EXTRACT(detail.Properties, '$.AnalysisMethod') as analysis_method, + JSON_EXTRACT(detail.Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.MembershipArn') as membership_arn, - JSON_EXTRACT(detail.Properties, '$.MembershipIdentifier') as membership_identifier, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Schema') as _schema, - JSON_EXTRACT(detail.Properties, '$.Source') as source, - JSON_EXTRACT(detail.Properties, '$.Format') as _format + JSON_EXTRACT(detail.Properties, '$.AnalysisRules') as analysis_rules, + JSON_EXTRACT(detail.Properties, '$.TableReference') as table_reference FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' - AND detail.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -2067,20 +3343,16 @@ components: region, data__Identifier, json_extract_path_text(Properties, 'Arn') as arn, - json_extract_path_text(Properties, 'CollaborationArn') as collaboration_arn, - json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'AnalysisParameters') as analysis_parameters, - json_extract_path_text(Properties, 'AnalysisTemplateIdentifier') as analysis_template_identifier, + json_extract_path_text(Properties, 'AllowedColumns') as allowed_columns, + json_extract_path_text(Properties, 'AnalysisMethod') as analysis_method, + json_extract_path_text(Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'MembershipArn') as membership_arn, - json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'Schema') as _schema, - json_extract_path_text(Properties, 'Source') as source, - json_extract_path_text(Properties, 'Format') as _format - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' - AND data__Identifier = '|' + json_extract_path_text(Properties, 'AnalysisRules') as analysis_rules, + json_extract_path_text(Properties, 'TableReference') as table_reference + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -2088,33 +3360,28 @@ components: SELECT detail.region, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'CollaborationArn') as collaboration_arn, - json_extract_path_text(detail.Properties, 'CollaborationIdentifier') as collaboration_identifier, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'AnalysisParameters') as analysis_parameters, - json_extract_path_text(detail.Properties, 'AnalysisTemplateIdentifier') as analysis_template_identifier, + json_extract_path_text(detail.Properties, 'AllowedColumns') as allowed_columns, + json_extract_path_text(detail.Properties, 'AnalysisMethod') as analysis_method, + json_extract_path_text(detail.Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'MembershipArn') as membership_arn, - json_extract_path_text(detail.Properties, 'MembershipIdentifier') as membership_identifier, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Schema') as _schema, - json_extract_path_text(detail.Properties, 'Source') as source, - json_extract_path_text(detail.Properties, 'Format') as _format + json_extract_path_text(detail.Properties, 'AnalysisRules') as analysis_rules, + json_extract_path_text(detail.Properties, 'TableReference') as table_reference FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' - AND detail.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' AND listing.region = 'us-east-1' - analysis_templates_list_only: - name: analysis_templates_list_only - id: aws.cleanrooms.analysis_templates_list_only - x-cfn-schema-name: AnalysisTemplate - x-cfn-type-name: AWS::CleanRooms::AnalysisTemplate + configured_tables_list_only: + name: configured_tables_list_only + id: aws.cleanrooms.configured_tables_list_only + x-cfn-schema-name: ConfiguredTable + x-cfn-type-name: AWS::CleanRooms::ConfiguredTable x-identifiers: - - AnalysisTemplateIdentifier - - MembershipIdentifier + - ConfiguredTableIdentifier x-type: cloud_control_view methods: {} sqlVerbs: @@ -2128,24 +3395,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.AnalysisTemplateIdentifier') as analysis_template_identifier, - JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + JSON_EXTRACT(Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTable' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'AnalysisTemplateIdentifier') as analysis_template_identifier, - json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + json_extract_path_text(Properties, 'ConfiguredTableIdentifier') as configured_table_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTable' AND region = 'us-east-1' - analysis_template_tags: - name: analysis_template_tags - id: aws.cleanrooms.analysis_template_tags - x-cfn-schema-name: AnalysisTemplate - x-cfn-type-name: AWS::CleanRooms::AnalysisTemplate + configured_table_tags: + name: configured_table_tags + id: aws.cleanrooms.configured_table_tags + x-cfn-schema-name: ConfiguredTable + x-cfn-type-name: AWS::CleanRooms::ConfiguredTable x-type: cloud_control_view methods: {} sqlVerbs: @@ -2162,24 +3427,20 @@ components: JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.CollaborationArn') as collaboration_arn, - JSON_EXTRACT(detail.Properties, '$.CollaborationIdentifier') as collaboration_identifier, - JSON_EXTRACT(detail.Properties, '$.AnalysisParameters') as analysis_parameters, - JSON_EXTRACT(detail.Properties, '$.AnalysisTemplateIdentifier') as analysis_template_identifier, + JSON_EXTRACT(detail.Properties, '$.AllowedColumns') as allowed_columns, + JSON_EXTRACT(detail.Properties, '$.AnalysisMethod') as analysis_method, + JSON_EXTRACT(detail.Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.MembershipArn') as membership_arn, - JSON_EXTRACT(detail.Properties, '$.MembershipIdentifier') as membership_identifier, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Schema') as _schema, - JSON_EXTRACT(detail.Properties, '$.Source') as source, - JSON_EXTRACT(detail.Properties, '$.Format') as _format + JSON_EXTRACT(detail.Properties, '$.AnalysisRules') as analysis_rules, + JSON_EXTRACT(detail.Properties, '$.TableReference') as table_reference FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' - AND detail.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -2189,32 +3450,29 @@ components: json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'CollaborationArn') as collaboration_arn, - json_extract_path_text(detail.Properties, 'CollaborationIdentifier') as collaboration_identifier, - json_extract_path_text(detail.Properties, 'AnalysisParameters') as analysis_parameters, - json_extract_path_text(detail.Properties, 'AnalysisTemplateIdentifier') as analysis_template_identifier, + json_extract_path_text(detail.Properties, 'AllowedColumns') as allowed_columns, + json_extract_path_text(detail.Properties, 'AnalysisMethod') as analysis_method, + json_extract_path_text(detail.Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'MembershipArn') as membership_arn, - json_extract_path_text(detail.Properties, 'MembershipIdentifier') as membership_identifier, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Schema') as _schema, - json_extract_path_text(detail.Properties, 'Source') as source, - json_extract_path_text(detail.Properties, 'Format') as _format + json_extract_path_text(detail.Properties, 'AnalysisRules') as analysis_rules, + json_extract_path_text(detail.Properties, 'TableReference') as table_reference FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' - AND detail.data__TypeName = 'AWS::CleanRooms::AnalysisTemplate' + WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' AND listing.region = 'us-east-1' - collaborations: - name: collaborations - id: aws.cleanrooms.collaborations - x-cfn-schema-name: Collaboration - x-cfn-type-name: AWS::CleanRooms::Collaboration + configured_table_associations: + name: configured_table_associations + id: aws.cleanrooms.configured_table_associations + x-cfn-schema-name: ConfiguredTableAssociation + x-cfn-type-name: AWS::CleanRooms::ConfiguredTableAssociation x-identifiers: - - CollaborationIdentifier + - ConfiguredTableAssociationIdentifier + - MembershipIdentifier x-type: cloud_control methods: create_resource: @@ -2222,12 +3480,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Collaboration&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ConfiguredTableAssociation&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CleanRooms::Collaboration" + "TypeName": "AWS::CleanRooms::ConfiguredTableAssociation" } response: mediaType: application/json @@ -2239,7 +3497,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CleanRooms::Collaboration" + "TypeName": "AWS::CleanRooms::ConfiguredTableAssociation" } response: mediaType: application/json @@ -2251,18 +3509,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CleanRooms::Collaboration" + "TypeName": "AWS::CleanRooms::ConfiguredTableAssociation" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/collaborations/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/configured_table_associations/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/collaborations/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/configured_table_associations/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/collaborations/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/configured_table_associations/methods/update_resource' config: views: select: @@ -2273,17 +3531,15 @@ components: data__Identifier, JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier, - JSON_EXTRACT(Properties, '$.CreatorDisplayName') as creator_display_name, - JSON_EXTRACT(Properties, '$.CreatorMemberAbilities') as creator_member_abilities, - JSON_EXTRACT(Properties, '$.DataEncryptionMetadata') as data_encryption_metadata, + JSON_EXTRACT(Properties, '$.ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + JSON_EXTRACT(Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.Members') as members, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier, JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.QueryLogStatus') as query_log_status, - JSON_EXTRACT(Properties, '$.CreatorPaymentConfiguration') as creator_payment_configuration - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::Collaboration' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.ConfiguredTableAssociationAnalysisRules') as configured_table_association_analysis_rules + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" @@ -2292,21 +3548,19 @@ components: detail.region, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.CollaborationIdentifier') as collaboration_identifier, - JSON_EXTRACT(detail.Properties, '$.CreatorDisplayName') as creator_display_name, - JSON_EXTRACT(detail.Properties, '$.CreatorMemberAbilities') as creator_member_abilities, - JSON_EXTRACT(detail.Properties, '$.DataEncryptionMetadata') as data_encryption_metadata, + JSON_EXTRACT(detail.Properties, '$.ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + JSON_EXTRACT(detail.Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.Members') as members, + JSON_EXTRACT(detail.Properties, '$.MembershipIdentifier') as membership_identifier, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.QueryLogStatus') as query_log_status, - JSON_EXTRACT(detail.Properties, '$.CreatorPaymentConfiguration') as creator_payment_configuration + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.ConfiguredTableAssociationAnalysisRules') as configured_table_association_analysis_rules FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::CleanRooms::Collaboration' - AND detail.data__TypeName = 'AWS::CleanRooms::Collaboration' + WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -2316,17 +3570,15 @@ components: data__Identifier, json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier, - json_extract_path_text(Properties, 'CreatorDisplayName') as creator_display_name, - json_extract_path_text(Properties, 'CreatorMemberAbilities') as creator_member_abilities, - json_extract_path_text(Properties, 'DataEncryptionMetadata') as data_encryption_metadata, + json_extract_path_text(Properties, 'ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + json_extract_path_text(Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'Members') as members, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'QueryLogStatus') as query_log_status, - json_extract_path_text(Properties, 'CreatorPaymentConfiguration') as creator_payment_configuration - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::Collaboration' - AND data__Identifier = '' + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'ConfiguredTableAssociationAnalysisRules') as configured_table_association_analysis_rules + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -2335,29 +3587,28 @@ components: detail.region, json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'CollaborationIdentifier') as collaboration_identifier, - json_extract_path_text(detail.Properties, 'CreatorDisplayName') as creator_display_name, - json_extract_path_text(detail.Properties, 'CreatorMemberAbilities') as creator_member_abilities, - json_extract_path_text(detail.Properties, 'DataEncryptionMetadata') as data_encryption_metadata, + json_extract_path_text(detail.Properties, 'ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + json_extract_path_text(detail.Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'Members') as members, + json_extract_path_text(detail.Properties, 'MembershipIdentifier') as membership_identifier, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'QueryLogStatus') as query_log_status, - json_extract_path_text(detail.Properties, 'CreatorPaymentConfiguration') as creator_payment_configuration + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'ConfiguredTableAssociationAnalysisRules') as configured_table_association_analysis_rules FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::CleanRooms::Collaboration' - AND detail.data__TypeName = 'AWS::CleanRooms::Collaboration' + WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' AND listing.region = 'us-east-1' - collaborations_list_only: - name: collaborations_list_only - id: aws.cleanrooms.collaborations_list_only - x-cfn-schema-name: Collaboration - x-cfn-type-name: AWS::CleanRooms::Collaboration + configured_table_associations_list_only: + name: configured_table_associations_list_only + id: aws.cleanrooms.configured_table_associations_list_only + x-cfn-schema-name: ConfiguredTableAssociation + x-cfn-type-name: AWS::CleanRooms::ConfiguredTableAssociation x-identifiers: - - CollaborationIdentifier + - ConfiguredTableAssociationIdentifier + - MembershipIdentifier x-type: cloud_control_view methods: {} sqlVerbs: @@ -2371,22 +3622,24 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::Collaboration' + JSON_EXTRACT(Properties, '$.ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::Collaboration' + json_extract_path_text(Properties, 'ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' AND region = 'us-east-1' - collaboration_tags: - name: collaboration_tags - id: aws.cleanrooms.collaboration_tags - x-cfn-schema-name: Collaboration - x-cfn-type-name: AWS::CleanRooms::Collaboration + configured_table_association_tags: + name: configured_table_association_tags + id: aws.cleanrooms.configured_table_association_tags + x-cfn-schema-name: ConfiguredTableAssociation + x-cfn-type-name: AWS::CleanRooms::ConfiguredTableAssociation x-type: cloud_control_view methods: {} sqlVerbs: @@ -2403,22 +3656,20 @@ components: JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.CollaborationIdentifier') as collaboration_identifier, - JSON_EXTRACT(detail.Properties, '$.CreatorDisplayName') as creator_display_name, - JSON_EXTRACT(detail.Properties, '$.CreatorMemberAbilities') as creator_member_abilities, - JSON_EXTRACT(detail.Properties, '$.DataEncryptionMetadata') as data_encryption_metadata, + JSON_EXTRACT(detail.Properties, '$.ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + JSON_EXTRACT(detail.Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.Members') as members, + JSON_EXTRACT(detail.Properties, '$.MembershipIdentifier') as membership_identifier, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.QueryLogStatus') as query_log_status, - JSON_EXTRACT(detail.Properties, '$.CreatorPaymentConfiguration') as creator_payment_configuration + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.ConfiguredTableAssociationAnalysisRules') as configured_table_association_analysis_rules FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::CleanRooms::Collaboration' - AND detail.data__TypeName = 'AWS::CleanRooms::Collaboration' + WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -2428,30 +3679,29 @@ components: json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'CollaborationIdentifier') as collaboration_identifier, - json_extract_path_text(detail.Properties, 'CreatorDisplayName') as creator_display_name, - json_extract_path_text(detail.Properties, 'CreatorMemberAbilities') as creator_member_abilities, - json_extract_path_text(detail.Properties, 'DataEncryptionMetadata') as data_encryption_metadata, + json_extract_path_text(detail.Properties, 'ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + json_extract_path_text(detail.Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'Members') as members, + json_extract_path_text(detail.Properties, 'MembershipIdentifier') as membership_identifier, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'QueryLogStatus') as query_log_status, - json_extract_path_text(detail.Properties, 'CreatorPaymentConfiguration') as creator_payment_configuration + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'ConfiguredTableAssociationAnalysisRules') as configured_table_association_analysis_rules FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::CleanRooms::Collaboration' - AND detail.data__TypeName = 'AWS::CleanRooms::Collaboration' + WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' AND listing.region = 'us-east-1' - configured_tables: - name: configured_tables - id: aws.cleanrooms.configured_tables - x-cfn-schema-name: ConfiguredTable - x-cfn-type-name: AWS::CleanRooms::ConfiguredTable + id_mapping_tables: + name: id_mapping_tables + id: aws.cleanrooms.id_mapping_tables + x-cfn-schema-name: IdMappingTable + x-cfn-type-name: AWS::CleanRooms::IdMappingTable x-identifiers: - - ConfiguredTableIdentifier + - IdMappingTableIdentifier + - MembershipIdentifier x-type: cloud_control methods: create_resource: @@ -2459,12 +3709,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ConfiguredTable&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__IdMappingTable&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CleanRooms::ConfiguredTable" + "TypeName": "AWS::CleanRooms::IdMappingTable" } response: mediaType: application/json @@ -2476,7 +3726,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CleanRooms::ConfiguredTable" + "TypeName": "AWS::CleanRooms::IdMappingTable" } response: mediaType: application/json @@ -2488,18 +3738,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CleanRooms::ConfiguredTable" + "TypeName": "AWS::CleanRooms::IdMappingTable" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/configured_tables/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/id_mapping_tables/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/configured_tables/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/id_mapping_tables/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/configured_tables/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/id_mapping_tables/methods/update_resource' config: views: select: @@ -2508,38 +3758,44 @@ components: SELECT region, data__Identifier, + JSON_EXTRACT(Properties, '$.IdMappingTableIdentifier') as id_mapping_table_identifier, JSON_EXTRACT(Properties, '$.Arn') as arn, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.AllowedColumns') as allowed_columns, - JSON_EXTRACT(Properties, '$.AnalysisMethod') as analysis_method, - JSON_EXTRACT(Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, + JSON_EXTRACT(Properties, '$.InputReferenceConfig') as input_reference_config, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier, + JSON_EXTRACT(Properties, '$.MembershipArn') as membership_arn, + JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(Properties, '$.CollaborationArn') as collaboration_arn, JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.AnalysisRules') as analysis_rules, - JSON_EXTRACT(Properties, '$.TableReference') as table_reference - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTable' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.InputReferenceProperties') as input_reference_properties, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::IdMappingTable' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, + JSON_EXTRACT(detail.Properties, '$.IdMappingTableIdentifier') as id_mapping_table_identifier, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.AllowedColumns') as allowed_columns, - JSON_EXTRACT(detail.Properties, '$.AnalysisMethod') as analysis_method, - JSON_EXTRACT(detail.Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, + JSON_EXTRACT(detail.Properties, '$.InputReferenceConfig') as input_reference_config, + JSON_EXTRACT(detail.Properties, '$.MembershipIdentifier') as membership_identifier, + JSON_EXTRACT(detail.Properties, '$.MembershipArn') as membership_arn, + JSON_EXTRACT(detail.Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(detail.Properties, '$.CollaborationArn') as collaboration_arn, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.AnalysisRules') as analysis_rules, - JSON_EXTRACT(detail.Properties, '$.TableReference') as table_reference + JSON_EXTRACT(detail.Properties, '$.InputReferenceProperties') as input_reference_properties, + JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' - AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + WHERE listing.data__TypeName = 'AWS::CleanRooms::IdMappingTable' + AND detail.data__TypeName = 'AWS::CleanRooms::IdMappingTable' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -2547,46 +3803,53 @@ components: SELECT region, data__Identifier, + json_extract_path_text(Properties, 'IdMappingTableIdentifier') as id_mapping_table_identifier, json_extract_path_text(Properties, 'Arn') as arn, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'AllowedColumns') as allowed_columns, - json_extract_path_text(Properties, 'AnalysisMethod') as analysis_method, - json_extract_path_text(Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, + json_extract_path_text(Properties, 'InputReferenceConfig') as input_reference_config, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier, + json_extract_path_text(Properties, 'MembershipArn') as membership_arn, + json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(Properties, 'CollaborationArn') as collaboration_arn, json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'AnalysisRules') as analysis_rules, - json_extract_path_text(Properties, 'TableReference') as table_reference - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTable' - AND data__Identifier = '' + json_extract_path_text(Properties, 'InputReferenceProperties') as input_reference_properties, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::IdMappingTable' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, + json_extract_path_text(detail.Properties, 'IdMappingTableIdentifier') as id_mapping_table_identifier, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'AllowedColumns') as allowed_columns, - json_extract_path_text(detail.Properties, 'AnalysisMethod') as analysis_method, - json_extract_path_text(detail.Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, + json_extract_path_text(detail.Properties, 'InputReferenceConfig') as input_reference_config, + json_extract_path_text(detail.Properties, 'MembershipIdentifier') as membership_identifier, + json_extract_path_text(detail.Properties, 'MembershipArn') as membership_arn, + json_extract_path_text(detail.Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(detail.Properties, 'CollaborationArn') as collaboration_arn, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'AnalysisRules') as analysis_rules, - json_extract_path_text(detail.Properties, 'TableReference') as table_reference + json_extract_path_text(detail.Properties, 'InputReferenceProperties') as input_reference_properties, + json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' - AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + WHERE listing.data__TypeName = 'AWS::CleanRooms::IdMappingTable' + AND detail.data__TypeName = 'AWS::CleanRooms::IdMappingTable' AND listing.region = 'us-east-1' - configured_tables_list_only: - name: configured_tables_list_only - id: aws.cleanrooms.configured_tables_list_only - x-cfn-schema-name: ConfiguredTable - x-cfn-type-name: AWS::CleanRooms::ConfiguredTable + id_mapping_tables_list_only: + name: id_mapping_tables_list_only + id: aws.cleanrooms.id_mapping_tables_list_only + x-cfn-schema-name: IdMappingTable + x-cfn-type-name: AWS::CleanRooms::IdMappingTable x-identifiers: - - ConfiguredTableIdentifier + - IdMappingTableIdentifier + - MembershipIdentifier x-type: cloud_control_view methods: {} sqlVerbs: @@ -2600,22 +3863,24 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + JSON_EXTRACT(Properties, '$.IdMappingTableIdentifier') as id_mapping_table_identifier, + JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::IdMappingTable' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'ConfiguredTableIdentifier') as configured_table_identifier - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + json_extract_path_text(Properties, 'IdMappingTableIdentifier') as id_mapping_table_identifier, + json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::IdMappingTable' AND region = 'us-east-1' - configured_table_tags: - name: configured_table_tags - id: aws.cleanrooms.configured_table_tags - x-cfn-schema-name: ConfiguredTable - x-cfn-type-name: AWS::CleanRooms::ConfiguredTable + id_mapping_table_tags: + name: id_mapping_table_tags + id: aws.cleanrooms.id_mapping_table_tags + x-cfn-schema-name: IdMappingTable + x-cfn-type-name: AWS::CleanRooms::IdMappingTable x-type: cloud_control_view methods: {} sqlVerbs: @@ -2631,21 +3896,24 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.IdMappingTableIdentifier') as id_mapping_table_identifier, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.AllowedColumns') as allowed_columns, - JSON_EXTRACT(detail.Properties, '$.AnalysisMethod') as analysis_method, - JSON_EXTRACT(detail.Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, + JSON_EXTRACT(detail.Properties, '$.InputReferenceConfig') as input_reference_config, + JSON_EXTRACT(detail.Properties, '$.MembershipIdentifier') as membership_identifier, + JSON_EXTRACT(detail.Properties, '$.MembershipArn') as membership_arn, + JSON_EXTRACT(detail.Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(detail.Properties, '$.CollaborationArn') as collaboration_arn, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.AnalysisRules') as analysis_rules, - JSON_EXTRACT(detail.Properties, '$.TableReference') as table_reference + JSON_EXTRACT(detail.Properties, '$.InputReferenceProperties') as input_reference_properties, + JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' - AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + WHERE listing.data__TypeName = 'AWS::CleanRooms::IdMappingTable' + AND detail.data__TypeName = 'AWS::CleanRooms::IdMappingTable' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -2654,29 +3922,32 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'IdMappingTableIdentifier') as id_mapping_table_identifier, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'AllowedColumns') as allowed_columns, - json_extract_path_text(detail.Properties, 'AnalysisMethod') as analysis_method, - json_extract_path_text(detail.Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, + json_extract_path_text(detail.Properties, 'InputReferenceConfig') as input_reference_config, + json_extract_path_text(detail.Properties, 'MembershipIdentifier') as membership_identifier, + json_extract_path_text(detail.Properties, 'MembershipArn') as membership_arn, + json_extract_path_text(detail.Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(detail.Properties, 'CollaborationArn') as collaboration_arn, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'AnalysisRules') as analysis_rules, - json_extract_path_text(detail.Properties, 'TableReference') as table_reference + json_extract_path_text(detail.Properties, 'InputReferenceProperties') as input_reference_properties, + json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' - AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTable' + WHERE listing.data__TypeName = 'AWS::CleanRooms::IdMappingTable' + AND detail.data__TypeName = 'AWS::CleanRooms::IdMappingTable' AND listing.region = 'us-east-1' - configured_table_associations: - name: configured_table_associations - id: aws.cleanrooms.configured_table_associations - x-cfn-schema-name: ConfiguredTableAssociation - x-cfn-type-name: AWS::CleanRooms::ConfiguredTableAssociation + id_namespace_associations: + name: id_namespace_associations + id: aws.cleanrooms.id_namespace_associations + x-cfn-schema-name: IdNamespaceAssociation + x-cfn-type-name: AWS::CleanRooms::IdNamespaceAssociation x-identifiers: - - ConfiguredTableAssociationIdentifier + - IdNamespaceAssociationIdentifier - MembershipIdentifier x-type: cloud_control methods: @@ -2685,12 +3956,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ConfiguredTableAssociation&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__IdNamespaceAssociation&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CleanRooms::ConfiguredTableAssociation" + "TypeName": "AWS::CleanRooms::IdNamespaceAssociation" } response: mediaType: application/json @@ -2702,7 +3973,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CleanRooms::ConfiguredTableAssociation" + "TypeName": "AWS::CleanRooms::IdNamespaceAssociation" } response: mediaType: application/json @@ -2714,18 +3985,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CleanRooms::ConfiguredTableAssociation" + "TypeName": "AWS::CleanRooms::IdNamespaceAssociation" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/configured_table_associations/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/id_namespace_associations/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/configured_table_associations/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/id_namespace_associations/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/configured_table_associations/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/id_namespace_associations/methods/update_resource' config: views: select: @@ -2734,36 +4005,44 @@ components: SELECT region, data__Identifier, + JSON_EXTRACT(Properties, '$.IdNamespaceAssociationIdentifier') as id_namespace_association_identifier, JSON_EXTRACT(Properties, '$.Arn') as arn, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, - JSON_EXTRACT(Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, - JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier, + JSON_EXTRACT(Properties, '$.MembershipArn') as membership_arn, + JSON_EXTRACT(Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(Properties, '$.CollaborationArn') as collaboration_arn, + JSON_EXTRACT(Properties, '$.InputReferenceConfig') as input_reference_config, + JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.RoleArn') as role_arn - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' - AND data__Identifier = '|' + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.IdMappingConfig') as id_mapping_config, + JSON_EXTRACT(Properties, '$.InputReferenceProperties') as input_reference_properties + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::IdNamespaceAssociation' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, + JSON_EXTRACT(detail.Properties, '$.IdNamespaceAssociationIdentifier') as id_namespace_association_identifier, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, - JSON_EXTRACT(detail.Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, - JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.MembershipIdentifier') as membership_identifier, + JSON_EXTRACT(detail.Properties, '$.MembershipArn') as membership_arn, + JSON_EXTRACT(detail.Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(detail.Properties, '$.CollaborationArn') as collaboration_arn, + JSON_EXTRACT(detail.Properties, '$.InputReferenceConfig') as input_reference_config, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.IdMappingConfig') as id_mapping_config, + JSON_EXTRACT(detail.Properties, '$.InputReferenceProperties') as input_reference_properties FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' - AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + WHERE listing.data__TypeName = 'AWS::CleanRooms::IdNamespaceAssociation' + AND detail.data__TypeName = 'AWS::CleanRooms::IdNamespaceAssociation' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -2771,44 +4050,52 @@ components: SELECT region, data__Identifier, + json_extract_path_text(Properties, 'IdNamespaceAssociationIdentifier') as id_namespace_association_identifier, json_extract_path_text(Properties, 'Arn') as arn, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, - json_extract_path_text(Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, - json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier, + json_extract_path_text(Properties, 'MembershipArn') as membership_arn, + json_extract_path_text(Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(Properties, 'CollaborationArn') as collaboration_arn, + json_extract_path_text(Properties, 'InputReferenceConfig') as input_reference_config, + json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'RoleArn') as role_arn - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' - AND data__Identifier = '|' + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'IdMappingConfig') as id_mapping_config, + json_extract_path_text(Properties, 'InputReferenceProperties') as input_reference_properties + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CleanRooms::IdNamespaceAssociation' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, + json_extract_path_text(detail.Properties, 'IdNamespaceAssociationIdentifier') as id_namespace_association_identifier, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, - json_extract_path_text(detail.Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, - json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'MembershipIdentifier') as membership_identifier, + json_extract_path_text(detail.Properties, 'MembershipArn') as membership_arn, + json_extract_path_text(detail.Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(detail.Properties, 'CollaborationArn') as collaboration_arn, + json_extract_path_text(detail.Properties, 'InputReferenceConfig') as input_reference_config, + json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'IdMappingConfig') as id_mapping_config, + json_extract_path_text(detail.Properties, 'InputReferenceProperties') as input_reference_properties FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' - AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + WHERE listing.data__TypeName = 'AWS::CleanRooms::IdNamespaceAssociation' + AND detail.data__TypeName = 'AWS::CleanRooms::IdNamespaceAssociation' AND listing.region = 'us-east-1' - configured_table_associations_list_only: - name: configured_table_associations_list_only - id: aws.cleanrooms.configured_table_associations_list_only - x-cfn-schema-name: ConfiguredTableAssociation - x-cfn-type-name: AWS::CleanRooms::ConfiguredTableAssociation + id_namespace_associations_list_only: + name: id_namespace_associations_list_only + id: aws.cleanrooms.id_namespace_associations_list_only + x-cfn-schema-name: IdNamespaceAssociation + x-cfn-type-name: AWS::CleanRooms::IdNamespaceAssociation x-identifiers: - - ConfiguredTableAssociationIdentifier + - IdNamespaceAssociationIdentifier - MembershipIdentifier x-type: cloud_control_view methods: {} @@ -2823,24 +4110,24 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + JSON_EXTRACT(Properties, '$.IdNamespaceAssociationIdentifier') as id_namespace_association_identifier, JSON_EXTRACT(Properties, '$.MembershipIdentifier') as membership_identifier - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::IdNamespaceAssociation' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, + json_extract_path_text(Properties, 'IdNamespaceAssociationIdentifier') as id_namespace_association_identifier, json_extract_path_text(Properties, 'MembershipIdentifier') as membership_identifier - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CleanRooms::IdNamespaceAssociation' AND region = 'us-east-1' - configured_table_association_tags: - name: configured_table_association_tags - id: aws.cleanrooms.configured_table_association_tags - x-cfn-schema-name: ConfiguredTableAssociation - x-cfn-type-name: AWS::CleanRooms::ConfiguredTableAssociation + id_namespace_association_tags: + name: id_namespace_association_tags + id: aws.cleanrooms.id_namespace_association_tags + x-cfn-schema-name: IdNamespaceAssociation + x-cfn-type-name: AWS::CleanRooms::IdNamespaceAssociation x-type: cloud_control_view methods: {} sqlVerbs: @@ -2856,20 +4143,24 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.IdNamespaceAssociationIdentifier') as id_namespace_association_identifier, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, - JSON_EXTRACT(detail.Properties, '$.ConfiguredTableIdentifier') as configured_table_identifier, - JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.MembershipIdentifier') as membership_identifier, + JSON_EXTRACT(detail.Properties, '$.MembershipArn') as membership_arn, + JSON_EXTRACT(detail.Properties, '$.CollaborationIdentifier') as collaboration_identifier, + JSON_EXTRACT(detail.Properties, '$.CollaborationArn') as collaboration_arn, + JSON_EXTRACT(detail.Properties, '$.InputReferenceConfig') as input_reference_config, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.IdMappingConfig') as id_mapping_config, + JSON_EXTRACT(detail.Properties, '$.InputReferenceProperties') as input_reference_properties FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' - AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + WHERE listing.data__TypeName = 'AWS::CleanRooms::IdNamespaceAssociation' + AND detail.data__TypeName = 'AWS::CleanRooms::IdNamespaceAssociation' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -2878,20 +4169,24 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'IdNamespaceAssociationIdentifier') as id_namespace_association_identifier, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'ConfiguredTableAssociationIdentifier') as configured_table_association_identifier, - json_extract_path_text(detail.Properties, 'ConfiguredTableIdentifier') as configured_table_identifier, - json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'MembershipIdentifier') as membership_identifier, + json_extract_path_text(detail.Properties, 'MembershipArn') as membership_arn, + json_extract_path_text(detail.Properties, 'CollaborationIdentifier') as collaboration_identifier, + json_extract_path_text(detail.Properties, 'CollaborationArn') as collaboration_arn, + json_extract_path_text(detail.Properties, 'InputReferenceConfig') as input_reference_config, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'IdMappingConfig') as id_mapping_config, + json_extract_path_text(detail.Properties, 'InputReferenceProperties') as input_reference_properties FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' - AND detail.data__TypeName = 'AWS::CleanRooms::ConfiguredTableAssociation' + WHERE listing.data__TypeName = 'AWS::CleanRooms::IdNamespaceAssociation' + AND detail.data__TypeName = 'AWS::CleanRooms::IdNamespaceAssociation' AND listing.region = 'us-east-1' memberships: name: memberships @@ -3664,6 +4959,90 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__IdMappingTable&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateIdMappingTable + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateIdMappingTableRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__IdNamespaceAssociation&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateIdNamespaceAssociation + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateIdNamespaceAssociationRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Membership&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/cleanroomsml.yaml b/providers/src/aws/v00.00.00000/services/cleanroomsml.yaml index ed35bb88..639c989d 100644 --- a/providers/src/aws/v00.00.00000/services/cleanroomsml.yaml +++ b/providers/src/aws/v00.00.00000/services/cleanroomsml.yaml @@ -557,6 +557,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - cleanrooms-ml:TagResource + - cleanrooms-ml:UntagResource x-required-permissions: create: - cleanrooms-ml:CreateTrainingDataset diff --git a/providers/src/aws/v00.00.00000/services/cloudformation.yaml b/providers/src/aws/v00.00.00000/services/cloudformation.yaml index fcc939c9..aa677490 100644 --- a/providers/src/aws/v00.00.00000/services/cloudformation.yaml +++ b/providers/src/aws/v00.00.00000/services/cloudformation.yaml @@ -385,6 +385,279 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + S3Location: + description: S3 Source Location for the Guard files. + type: object + properties: + Uri: + description: S3 uri of Guard files. + type: string + VersionId: + description: S3 object version + type: string + additionalProperties: false + required: + - Uri + Role: + description: IAM Role ARN + pattern: arn:.+:iam::[0-9]{12}:role/.+ + type: string + maxLength: 256 + StackName: + pattern: ^[a-zA-Z][-a-zA-Z0-9]*$ + description: CloudFormation Stack name + type: string + maxLength: 128 + TargetOperation: + description: Which operations should this Hook run against? Resource changes, stacks or change sets. + type: string + enum: + - RESOURCE + - STACK + - CHANGE_SET + - CLOUD_CONTROL + TargetName: + description: Type name of hook target. Hook targets are the destination where hooks will be invoked against. + type: string + pattern: ^(?!.*\*\?).*$ + minLength: 1 + maxLength: 256 + Action: + description: Target actions are the type of operation hooks will be executed at. + type: string + enum: + - CREATE + - UPDATE + - DELETE + InvocationPoint: + description: Invocation points are the point in provisioning workflow where hooks will be executed. + type: string + enum: + - PRE_PROVISION + HookTarget: + description: Hook targets are the destination where hooks will be invoked against. + type: object + properties: + TargetName: + $ref: '#/components/schemas/TargetName' + Action: + $ref: '#/components/schemas/Action' + InvocationPoint: + $ref: '#/components/schemas/InvocationPoint' + additionalProperties: false + required: + - TargetName + - Action + - InvocationPoint + GuardHook: + type: object + properties: + RuleLocation: + $ref: '#/components/schemas/S3Location' + LogBucket: + description: S3 Bucket where the guard validate report will be uploaded to + type: string + HookStatus: + default: DISABLED + description: Attribute to specify which stacks this hook applies to or should get invoked for + type: string + enum: + - ENABLED + - DISABLED + TargetOperations: + description: Which operations should this Hook run against? Resource changes, stacks or change sets. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/TargetOperation' + FailureMode: + default: WARN + description: Attribute to specify CloudFormation behavior on hook failure. + type: string + enum: + - FAIL + - WARN + TargetFilters: + description: Attribute to specify which targets should invoke the hook + type: object + oneOf: + - type: object + minProperties: 1 + properties: + TargetNames: + description: List of type names that the hook is going to target + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/TargetName' + Actions: + description: List of actions that the hook is going to target + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Action' + InvocationPoints: + description: List of invocation points that the hook is going to target + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/InvocationPoint' + additionalProperties: false + - type: object + properties: + Targets: + description: List of hook targets + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + items: + $ref: '#/components/schemas/HookTarget' + additionalProperties: false + required: + - Targets + StackFilters: + description: Filters to allow hooks to target specific stack attributes + type: object + properties: + FilteringCriteria: + description: Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match + type: string + default: ALL + enum: + - ALL + - ANY + StackNames: + description: List of stack names as filters + type: object + additionalProperties: false + minProperties: 1 + properties: + Include: + description: List of stack names that the hook is going to target + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/StackName' + Exclude: + description: List of stack names that the hook is going to be excluded from + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/StackName' + StackRoles: + description: List of stack roles that are performing the stack operations. + type: object + additionalProperties: false + minProperties: 1 + properties: + Include: + description: List of stack roles that the hook is going to target + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Role' + Exclude: + description: List of stack roles that the hook is going to be excluded from + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Role' + required: + - FilteringCriteria + additionalProperties: false + Alias: + description: The typename alias for the hook. + pattern: ^(?!(?i)aws)[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$ + type: string + HookArn: + description: The Amazon Resource Name (ARN) of the activated hook + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/hook/.+$ + type: string + ExecutionRole: + description: The execution role ARN assumed by hooks to read Guard rules from S3 and write Guard outputs to S3. + $ref: '#/components/schemas/Role' + Options: + properties: + InputParams: + $ref: '#/components/schemas/S3Location' + required: [] + additionalProperties: false + required: + - RuleLocation + - HookStatus + - TargetOperations + - FailureMode + - Alias + - ExecutionRole + x-stackql-resource-name: guard_hook + description: This is a CloudFormation resource for activating the first-party AWS::Hooks::GuardHook. + x-type-name: AWS::CloudFormation::GuardHook + x-stackql-primary-identifier: + - HookArn + x-create-only-properties: + - ExecutionRole + - Alias + x-read-only-properties: + - HookArn + x-required-properties: + - RuleLocation + - HookStatus + - TargetOperations + - FailureMode + - Alias + - ExecutionRole + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cloudformation:ActivateType + - cloudformation:DescribeType + - cloudformation:ListTypes + - cloudformation:SetTypeConfiguration + - cloudformation:BatchDescribeTypeConfigurations + - iam:PassRole + read: + - cloudformation:DescribeType + - cloudformation:BatchDescribeTypeConfigurations + update: + - cloudformation:BatchDescribeTypeConfigurations + - cloudformation:DescribeType + - cloudformation:SetTypeConfiguration + - iam:PassRole + delete: + - cloudformation:BatchDescribeTypeConfigurations + - cloudformation:DescribeType + - cloudformation:DeactivateType + - cloudformation:SetTypeConfiguration + list: + - cloudformation:ListTypes + - cloudformation:DescribeType + - cloudformation:BatchDescribeTypeConfigurations HookDefaultVersion: type: object properties: @@ -598,6 +871,208 @@ components: list: - cloudformation:ListTypes - cloudformation:ListTypeVersions + LambdaHook: + type: object + properties: + LambdaFunction: + description: Amazon Resource Name (ARN), Partial ARN, name, version, or alias of the Lambda function to invoke with this hook. + type: string + minLength: 1 + maxLength: 170 + pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))? + HookStatus: + default: ENABLED + description: Attribute to specify which stacks this hook applies to or should get invoked for + type: string + enum: + - ENABLED + - DISABLED + TargetOperations: + description: Which operations should this Hook run against? Resource changes, stacks or change sets. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/TargetOperation' + FailureMode: + description: Attribute to specify CloudFormation behavior on hook failure. + type: string + enum: + - FAIL + - WARN + TargetFilters: + description: Attribute to specify which targets should invoke the hook + type: object + oneOf: + - type: object + minProperties: 1 + properties: + TargetNames: + description: List of type names that the hook is going to target + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/TargetName' + Actions: + description: List of actions that the hook is going to target + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Action' + InvocationPoints: + description: List of invocation points that the hook is going to target + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/InvocationPoint' + additionalProperties: false + - type: object + properties: + Targets: + description: List of hook targets + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + items: + $ref: '#/components/schemas/HookTarget' + additionalProperties: false + required: + - Targets + StackFilters: + description: Filters to allow hooks to target specific stack attributes + type: object + properties: + FilteringCriteria: + description: Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match + type: string + default: ALL + enum: + - ALL + - ANY + StackNames: + description: List of stack names as filters + type: object + additionalProperties: false + minProperties: 1 + properties: + Include: + description: List of stack names that the hook is going to target + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/StackName' + Exclude: + description: List of stack names that the hook is going to be excluded from + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/StackName' + StackRoles: + description: List of stack roles that are performing the stack operations. + type: object + additionalProperties: false + minProperties: 1 + properties: + Include: + description: List of stack roles that the hook is going to target + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Role' + Exclude: + description: List of stack roles that the hook is going to be excluded from + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Role' + required: + - FilteringCriteria + additionalProperties: false + Alias: + description: The typename alias for the hook. + pattern: ^(?!(?i)aws)[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$ + type: string + HookArn: + description: The Amazon Resource Name (ARN) of the activated hook + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/hook/.+$ + type: string + ExecutionRole: + description: The execution role ARN assumed by Hooks to invoke Lambda. + $ref: '#/components/schemas/Role' + required: + - LambdaFunction + - FailureMode + - Alias + - ExecutionRole + - TargetOperations + - HookStatus + x-stackql-resource-name: lambda_hook + description: This is a CloudFormation resource for the first-party AWS::Hooks::LambdaHook. + x-type-name: AWS::CloudFormation::LambdaHook + x-stackql-primary-identifier: + - HookArn + x-create-only-properties: + - Alias + x-read-only-properties: + - HookArn + x-required-properties: + - LambdaFunction + - FailureMode + - Alias + - ExecutionRole + - TargetOperations + - HookStatus + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cloudformation:ListTypes + - cloudformation:ActivateType + - cloudformation:BatchDescribeTypeConfigurations + - cloudformation:DescribeType + - cloudformation:SetTypeConfiguration + - iam:PassRole + read: + - cloudformation:BatchDescribeTypeConfigurations + - cloudformation:DescribeType + update: + - cloudformation:BatchDescribeTypeConfigurations + - cloudformation:DescribeType + - cloudformation:SetTypeConfiguration + - iam:PassRole + delete: + - cloudformation:BatchDescribeTypeConfigurations + - cloudformation:DeactivateType + - cloudformation:DescribeType + - cloudformation:SetTypeConfiguration + list: + - cloudformation:ListTypes + - cloudformation:BatchDescribeTypeConfigurations + - cloudformation:DescribeType ModuleDefaultVersion: type: object properties: @@ -743,7 +1218,7 @@ components: maxLength: 64 PublisherId: description: The publisher id assigned by CloudFormation for publishing in this region. - pattern: '[0-9a-zA-Z]{40}' + pattern: '[0-9a-zA-Z-]{40}' type: string minLength: 1 maxLength: 40 @@ -808,7 +1283,7 @@ components: type: boolean PublisherId: description: The publisher id assigned by CloudFormation for publishing in this region. - pattern: '[0-9a-zA-Z]{40}' + pattern: '[0-9a-zA-Z-]{40}' type: string minLength: 1 maxLength: 40 @@ -844,8 +1319,6 @@ components: x-create-only-properties: - AcceptTermsAndConditions - ConnectionArn - x-write-only-properties: - - ConnectionArn x-read-only-properties: - PublisherId - PublisherStatus @@ -1221,6 +1694,12 @@ components: enum: - SEQUENTIAL - PARALLEL + ConcurrencyMode: + description: Specifies how the concurrency level behaves during the operation execution. + type: string + enum: + - STRICT_FAILURE_TOLERANCE + - SOFT_FAILURE_TOLERANCE Active: description: When true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. type: boolean @@ -1248,6 +1727,8 @@ components: $ref: '#/components/schemas/Region' RegionConcurrencyType: $ref: '#/components/schemas/RegionConcurrencyType' + ConcurrencyMode: + $ref: '#/components/schemas/ConcurrencyMode' additionalProperties: false Parameter: type: object @@ -1483,7 +1964,7 @@ components: type: string PublisherId: description: The publisher id assigned by CloudFormation for publishing in this region. - pattern: '[0-9a-zA-Z]{40}' + pattern: '[0-9a-zA-Z-]{40}' type: string minLength: 1 maxLength: 40 @@ -1561,6 +2042,175 @@ components: - cloudformation:DescribeType list: - cloudformation:ListTypes + CreateGuardHookRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + RuleLocation: + $ref: '#/components/schemas/S3Location' + LogBucket: + description: S3 Bucket where the guard validate report will be uploaded to + type: string + HookStatus: + default: DISABLED + description: Attribute to specify which stacks this hook applies to or should get invoked for + type: string + enum: + - ENABLED + - DISABLED + TargetOperations: + description: Which operations should this Hook run against? Resource changes, stacks or change sets. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/TargetOperation' + FailureMode: + default: WARN + description: Attribute to specify CloudFormation behavior on hook failure. + type: string + enum: + - FAIL + - WARN + TargetFilters: + description: Attribute to specify which targets should invoke the hook + type: object + oneOf: + - type: object + minProperties: 1 + properties: + TargetNames: + description: List of type names that the hook is going to target + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/TargetName' + Actions: + description: List of actions that the hook is going to target + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Action' + InvocationPoints: + description: List of invocation points that the hook is going to target + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/InvocationPoint' + additionalProperties: false + - type: object + properties: + Targets: + description: List of hook targets + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + items: + $ref: '#/components/schemas/HookTarget' + additionalProperties: false + required: + - Targets + StackFilters: + description: Filters to allow hooks to target specific stack attributes + type: object + properties: + FilteringCriteria: + description: Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match + type: string + default: ALL + enum: + - ALL + - ANY + StackNames: + description: List of stack names as filters + type: object + additionalProperties: false + minProperties: 1 + properties: + Include: + description: List of stack names that the hook is going to target + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/StackName' + Exclude: + description: List of stack names that the hook is going to be excluded from + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/StackName' + StackRoles: + description: List of stack roles that are performing the stack operations. + type: object + additionalProperties: false + minProperties: 1 + properties: + Include: + description: List of stack roles that the hook is going to target + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Role' + Exclude: + description: List of stack roles that the hook is going to be excluded from + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Role' + required: + - FilteringCriteria + additionalProperties: false + Alias: + description: The typename alias for the hook. + pattern: ^(?!(?i)aws)[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$ + type: string + HookArn: + description: The Amazon Resource Name (ARN) of the activated hook + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/hook/.+$ + type: string + ExecutionRole: + description: The execution role ARN assumed by hooks to read Guard rules from S3 and write Guard outputs to S3. + $ref: '#/components/schemas/Role' + Options: + properties: + InputParams: + $ref: '#/components/schemas/S3Location' + required: [] + additionalProperties: false + x-stackQL-stringOnly: true + x-title: CreateGuardHookRequest + type: object + required: [] CreateHookDefaultVersionRequest: properties: ClientToken: @@ -1707,6 +2357,169 @@ components: x-title: CreateHookVersionRequest type: object required: [] + CreateLambdaHookRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + LambdaFunction: + description: Amazon Resource Name (ARN), Partial ARN, name, version, or alias of the Lambda function to invoke with this hook. + type: string + minLength: 1 + maxLength: 170 + pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))? + HookStatus: + default: ENABLED + description: Attribute to specify which stacks this hook applies to or should get invoked for + type: string + enum: + - ENABLED + - DISABLED + TargetOperations: + description: Which operations should this Hook run against? Resource changes, stacks or change sets. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/TargetOperation' + FailureMode: + description: Attribute to specify CloudFormation behavior on hook failure. + type: string + enum: + - FAIL + - WARN + TargetFilters: + description: Attribute to specify which targets should invoke the hook + type: object + oneOf: + - type: object + minProperties: 1 + properties: + TargetNames: + description: List of type names that the hook is going to target + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/TargetName' + Actions: + description: List of actions that the hook is going to target + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Action' + InvocationPoints: + description: List of invocation points that the hook is going to target + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/InvocationPoint' + additionalProperties: false + - type: object + properties: + Targets: + description: List of hook targets + type: array + minItems: 1 + maxItems: 50 + uniqueItems: true + items: + $ref: '#/components/schemas/HookTarget' + additionalProperties: false + required: + - Targets + StackFilters: + description: Filters to allow hooks to target specific stack attributes + type: object + properties: + FilteringCriteria: + description: Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match + type: string + default: ALL + enum: + - ALL + - ANY + StackNames: + description: List of stack names as filters + type: object + additionalProperties: false + minProperties: 1 + properties: + Include: + description: List of stack names that the hook is going to target + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/StackName' + Exclude: + description: List of stack names that the hook is going to be excluded from + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/StackName' + StackRoles: + description: List of stack roles that are performing the stack operations. + type: object + additionalProperties: false + minProperties: 1 + properties: + Include: + description: List of stack roles that the hook is going to target + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Role' + Exclude: + description: List of stack roles that the hook is going to be excluded from + type: array + maxItems: 50 + minItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Role' + required: + - FilteringCriteria + additionalProperties: false + Alias: + description: The typename alias for the hook. + pattern: ^(?!(?i)aws)[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$ + type: string + HookArn: + description: The Amazon Resource Name (ARN) of the activated hook + pattern: ^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/hook/.+$ + type: string + ExecutionRole: + description: The execution role ARN assumed by Hooks to invoke Lambda. + $ref: '#/components/schemas/Role' + x-stackQL-stringOnly: true + x-title: CreateLambdaHookRequest + type: object + required: [] CreateModuleDefaultVersionRequest: properties: ClientToken: @@ -1829,7 +2642,7 @@ components: maxLength: 64 PublisherId: description: The publisher id assigned by CloudFormation for publishing in this region. - pattern: '[0-9a-zA-Z]{40}' + pattern: '[0-9a-zA-Z-]{40}' type: string minLength: 1 maxLength: 40 @@ -1877,7 +2690,7 @@ components: type: boolean PublisherId: description: The publisher id assigned by CloudFormation for publishing in this region. - pattern: '[0-9a-zA-Z]{40}' + pattern: '[0-9a-zA-Z-]{40}' type: string minLength: 1 maxLength: 40 @@ -2254,7 +3067,7 @@ components: type: string PublisherId: description: The publisher id assigned by CloudFormation for publishing in this region. - pattern: '[0-9a-zA-Z]{40}' + pattern: '[0-9a-zA-Z-]{40}' type: string minLength: 1 maxLength: 40 @@ -2312,6 +3125,180 @@ components: description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: + guard_hooks: + name: guard_hooks + id: aws.cloudformation.guard_hooks + x-cfn-schema-name: GuardHook + x-cfn-type-name: AWS::CloudFormation::GuardHook + x-identifiers: + - HookArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__GuardHook&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudFormation::GuardHook" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudFormation::GuardHook" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudFormation::GuardHook" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/guard_hooks/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/guard_hooks/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/guard_hooks/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.RuleLocation') as rule_location, + JSON_EXTRACT(Properties, '$.LogBucket') as log_bucket, + JSON_EXTRACT(Properties, '$.HookStatus') as hook_status, + JSON_EXTRACT(Properties, '$.TargetOperations') as target_operations, + JSON_EXTRACT(Properties, '$.FailureMode') as failure_mode, + JSON_EXTRACT(Properties, '$.TargetFilters') as target_filters, + JSON_EXTRACT(Properties, '$.StackFilters') as stack_filters, + JSON_EXTRACT(Properties, '$.Alias') as alias, + JSON_EXTRACT(Properties, '$.HookArn') as hook_arn, + JSON_EXTRACT(Properties, '$.ExecutionRole') as execution_role, + JSON_EXTRACT(Properties, '$.Options') as options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::GuardHook' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.RuleLocation') as rule_location, + JSON_EXTRACT(detail.Properties, '$.LogBucket') as log_bucket, + JSON_EXTRACT(detail.Properties, '$.HookStatus') as hook_status, + JSON_EXTRACT(detail.Properties, '$.TargetOperations') as target_operations, + JSON_EXTRACT(detail.Properties, '$.FailureMode') as failure_mode, + JSON_EXTRACT(detail.Properties, '$.TargetFilters') as target_filters, + JSON_EXTRACT(detail.Properties, '$.StackFilters') as stack_filters, + JSON_EXTRACT(detail.Properties, '$.Alias') as alias, + JSON_EXTRACT(detail.Properties, '$.HookArn') as hook_arn, + JSON_EXTRACT(detail.Properties, '$.ExecutionRole') as execution_role, + JSON_EXTRACT(detail.Properties, '$.Options') as options + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CloudFormation::GuardHook' + AND detail.data__TypeName = 'AWS::CloudFormation::GuardHook' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'RuleLocation') as rule_location, + json_extract_path_text(Properties, 'LogBucket') as log_bucket, + json_extract_path_text(Properties, 'HookStatus') as hook_status, + json_extract_path_text(Properties, 'TargetOperations') as target_operations, + json_extract_path_text(Properties, 'FailureMode') as failure_mode, + json_extract_path_text(Properties, 'TargetFilters') as target_filters, + json_extract_path_text(Properties, 'StackFilters') as stack_filters, + json_extract_path_text(Properties, 'Alias') as alias, + json_extract_path_text(Properties, 'HookArn') as hook_arn, + json_extract_path_text(Properties, 'ExecutionRole') as execution_role, + json_extract_path_text(Properties, 'Options') as options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::GuardHook' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'RuleLocation') as rule_location, + json_extract_path_text(detail.Properties, 'LogBucket') as log_bucket, + json_extract_path_text(detail.Properties, 'HookStatus') as hook_status, + json_extract_path_text(detail.Properties, 'TargetOperations') as target_operations, + json_extract_path_text(detail.Properties, 'FailureMode') as failure_mode, + json_extract_path_text(detail.Properties, 'TargetFilters') as target_filters, + json_extract_path_text(detail.Properties, 'StackFilters') as stack_filters, + json_extract_path_text(detail.Properties, 'Alias') as alias, + json_extract_path_text(detail.Properties, 'HookArn') as hook_arn, + json_extract_path_text(detail.Properties, 'ExecutionRole') as execution_role, + json_extract_path_text(detail.Properties, 'Options') as options + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CloudFormation::GuardHook' + AND detail.data__TypeName = 'AWS::CloudFormation::GuardHook' + AND listing.region = 'us-east-1' + guard_hooks_list_only: + name: guard_hooks_list_only + id: aws.cloudformation.guard_hooks_list_only + x-cfn-schema-name: GuardHook + x-cfn-type-name: AWS::CloudFormation::GuardHook + x-identifiers: + - HookArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.HookArn') as hook_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::GuardHook' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'HookArn') as hook_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::GuardHook' + AND region = 'us-east-1' hook_default_versions: name: hook_default_versions id: aws.cloudformation.hook_default_versions @@ -2748,6 +3735,172 @@ components: json_extract_path_text(Properties, 'Arn') as arn FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::HookVersion' AND region = 'us-east-1' + lambda_hooks: + name: lambda_hooks + id: aws.cloudformation.lambda_hooks + x-cfn-schema-name: LambdaHook + x-cfn-type-name: AWS::CloudFormation::LambdaHook + x-identifiers: + - HookArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__LambdaHook&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudFormation::LambdaHook" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudFormation::LambdaHook" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudFormation::LambdaHook" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/lambda_hooks/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/lambda_hooks/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/lambda_hooks/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LambdaFunction') as lambda_function, + JSON_EXTRACT(Properties, '$.HookStatus') as hook_status, + JSON_EXTRACT(Properties, '$.TargetOperations') as target_operations, + JSON_EXTRACT(Properties, '$.FailureMode') as failure_mode, + JSON_EXTRACT(Properties, '$.TargetFilters') as target_filters, + JSON_EXTRACT(Properties, '$.StackFilters') as stack_filters, + JSON_EXTRACT(Properties, '$.Alias') as alias, + JSON_EXTRACT(Properties, '$.HookArn') as hook_arn, + JSON_EXTRACT(Properties, '$.ExecutionRole') as execution_role + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::LambdaHook' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.LambdaFunction') as lambda_function, + JSON_EXTRACT(detail.Properties, '$.HookStatus') as hook_status, + JSON_EXTRACT(detail.Properties, '$.TargetOperations') as target_operations, + JSON_EXTRACT(detail.Properties, '$.FailureMode') as failure_mode, + JSON_EXTRACT(detail.Properties, '$.TargetFilters') as target_filters, + JSON_EXTRACT(detail.Properties, '$.StackFilters') as stack_filters, + JSON_EXTRACT(detail.Properties, '$.Alias') as alias, + JSON_EXTRACT(detail.Properties, '$.HookArn') as hook_arn, + JSON_EXTRACT(detail.Properties, '$.ExecutionRole') as execution_role + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CloudFormation::LambdaHook' + AND detail.data__TypeName = 'AWS::CloudFormation::LambdaHook' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LambdaFunction') as lambda_function, + json_extract_path_text(Properties, 'HookStatus') as hook_status, + json_extract_path_text(Properties, 'TargetOperations') as target_operations, + json_extract_path_text(Properties, 'FailureMode') as failure_mode, + json_extract_path_text(Properties, 'TargetFilters') as target_filters, + json_extract_path_text(Properties, 'StackFilters') as stack_filters, + json_extract_path_text(Properties, 'Alias') as alias, + json_extract_path_text(Properties, 'HookArn') as hook_arn, + json_extract_path_text(Properties, 'ExecutionRole') as execution_role + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFormation::LambdaHook' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'LambdaFunction') as lambda_function, + json_extract_path_text(detail.Properties, 'HookStatus') as hook_status, + json_extract_path_text(detail.Properties, 'TargetOperations') as target_operations, + json_extract_path_text(detail.Properties, 'FailureMode') as failure_mode, + json_extract_path_text(detail.Properties, 'TargetFilters') as target_filters, + json_extract_path_text(detail.Properties, 'StackFilters') as stack_filters, + json_extract_path_text(detail.Properties, 'Alias') as alias, + json_extract_path_text(detail.Properties, 'HookArn') as hook_arn, + json_extract_path_text(detail.Properties, 'ExecutionRole') as execution_role + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CloudFormation::LambdaHook' + AND detail.data__TypeName = 'AWS::CloudFormation::LambdaHook' + AND listing.region = 'us-east-1' + lambda_hooks_list_only: + name: lambda_hooks_list_only + id: aws.cloudformation.lambda_hooks_list_only + x-cfn-schema-name: LambdaHook + x-cfn-type-name: AWS::CloudFormation::LambdaHook + x-identifiers: + - HookArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.HookArn') as hook_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::LambdaHook' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'HookArn') as hook_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFormation::LambdaHook' + AND region = 'us-east-1' module_default_versions: name: module_default_versions id: aws.cloudformation.module_default_versions @@ -4406,6 +5559,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' description: Success + /?Action=CreateResource&Version=2021-09-30&__GuardHook&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateGuardHook + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateGuardHookRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__HookDefaultVersion&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -4532,6 +5727,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__LambdaHook&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateLambdaHook + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateLambdaHookRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__ModuleDefaultVersion&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/cloudfront.yaml b/providers/src/aws/v00.00.00000/services/cloudfront.yaml index 6a8ea09f..32eae328 100644 --- a/providers/src/aws/v00.00.00000/services/cloudfront.yaml +++ b/providers/src/aws/v00.00.00000/services/cloudfront.yaml @@ -385,27 +385,123 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + AnycastIpList: + type: object + properties: + AnycastIpList: + $ref: '#/components/schemas/AnycastIpList' + ETag: + type: string + Id: + type: string + IpCount: + type: integer + Name: + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9-_]{1,64}$ + type: string + Tags: + $ref: '#/components/schemas/Tags' + required: + - IpCount + - Name + x-stackql-resource-name: anycast_ip_list + description: Definition of AWS::CloudFront::AnycastIpList Resource Type + x-type-name: AWS::CloudFront::AnycastIpList + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - IpCount + - Name + - Tags + x-read-only-properties: + - AnycastIpList + - ETag + - Id + x-required-properties: + - IpCount + - Name + x-tagging: + cloudFormationSystemTags: false + permissions: + - cloudfront:TagResource + - cloudfront:ListTagsForResource + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: false + taggable: true + x-required-permissions: + create: + - cloudfront:CreateAnycastIpList + - cloudfront:TagResource + delete: + - cloudfront:DeleteAnycastIpList + - cloudfront:GetAnycastIpList + list: + - cloudfront:ListAnycastIpLists + read: + - cloudfront:GetAnycastIpList + - cloudfront:ListTagsForResource + Tag: + additionalProperties: false + properties: + Key: + type: string + description: |- + A string that contains ``Tag`` key. + The string length should be between 1 and 128 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``. + Value: + type: string + description: |- + A string that contains an optional ``Tag`` value. + The string length should be between 0 and 256 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``. + required: + - Value + - Key + type: object + description: A complex type that contains ``Tag`` key and ``Tag`` value. + Tags: + additionalProperties: false + properties: + Items: + items: + $ref: '#/components/schemas/Tag' + type: array + type: object CachePolicyConfig: additionalProperties: false properties: Comment: type: string + description: A comment to describe the cache policy. The comment cannot be longer than 128 characters. DefaultTTL: minimum: 0 multipleOf: 1 type: number + description: >- + The default amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. CloudFront uses this value as the object's time to live (TTL) only when the origin does *not* send ``Cache-Control`` or ``Expires`` headers with the object. For more information, see [Managing How Long Content Stays in an Edge Cache + (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*. + The default value for this field is 86400 seconds (one day). If the value of ``MinTTL`` is more than 86400 seconds, then the default value for this field is the same as the value of ``MinTTL``. MaxTTL: minimum: 0 multipleOf: 1 type: number + description: >- + The maximum amount of time, in seconds, that objects stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. CloudFront uses this value only when the origin sends ``Cache-Control`` or ``Expires`` headers with the object. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront + Developer Guide*. + The default value for this field is 31536000 seconds (one year). If the value of ``MinTTL`` or ``DefaultTTL`` is more than 31536000 seconds, then the default value for this field is the same as the value of ``DefaultTTL``. MinTTL: minimum: 0 multipleOf: 1 type: number + description: The minimum amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*. Name: type: string + description: A unique name to identify the cache policy. ParametersInCacheKeyAndForwardedToOrigin: $ref: '#/components/schemas/ParametersInCacheKeyAndForwardedToOrigin' + description: The HTTP headers, cookies, and URL query strings to include in the cache key. The values included in the cache key are also included in requests that CloudFront sends to the origin. required: - Name - MinTTL @@ -413,80 +509,147 @@ components: - DefaultTTL - ParametersInCacheKeyAndForwardedToOrigin type: object + description: |- + A cache policy configuration. + This configuration determines the following: + + The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer. + + The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache. + + The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find a valid object in its cache that matches the request's cache key. If you want to send values to the origin but *not* include them in the cache key, use ``OriginRequestPolicy``. CookiesConfig: additionalProperties: false properties: CookieBehavior: pattern: ^(none|whitelist|all|allExcept)$ type: string + description: |- + Determines whether cookies in viewer requests are included in requests that CloudFront sends to the origin. Valid values are: + + ``none`` – No cookies in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any cookies that are listed in a ``CachePolicy`` *are* included in origin requests. + + ``whitelist`` – Only the cookies in viewer requests that are listed in the ``CookieNames`` type are included in requests that CloudFront sends to the origin. + + ``all`` – All cookies in viewer requests are included in requests that CloudFront sends to the origin. + + ``allExcept`` – All cookies in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``CookieNames`` type, which are not included. Cookies: items: type: string type: array uniqueItems: false + description: Contains a list of cookie names. required: - CookieBehavior type: object + description: An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in requests that CloudFront sends to the origin. HeadersConfig: additionalProperties: false properties: HeaderBehavior: pattern: ^(none|whitelist|allViewer|allViewerAndWhitelistCloudFront|allExcept)$ type: string + description: |- + Determines whether any HTTP headers are included in requests that CloudFront sends to the origin. Valid values are: + + ``none`` – No HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any headers that are listed in a ``CachePolicy`` *are* included in origin requests. + + ``whitelist`` – Only the HTTP headers that are listed in the ``Headers`` type are included in requests that CloudFront sends to the origin. + + ``allViewer`` – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. + + ``allViewerAndWhitelistCloudFront`` – All HTTP headers in viewer requests and the additional CloudFront headers that are listed in the ``Headers`` type are included in requests that CloudFront sends to the origin. The additional headers are added by CloudFront. + + ``allExcept`` – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``Headers`` type, which are not included. Headers: items: type: string type: array uniqueItems: false + description: Contains a list of HTTP header names. required: - HeaderBehavior type: object + description: An object that determines whether any HTTP headers (and if so, which headers) are included in requests that CloudFront sends to the origin. ParametersInCacheKeyAndForwardedToOrigin: additionalProperties: false properties: CookiesConfig: $ref: '#/components/schemas/CookiesConfig' + description: An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the cache key and in requests that CloudFront sends to the origin. EnableAcceptEncodingBrotli: type: boolean + description: |- + A flag that can affect whether the ``Accept-Encoding`` HTTP header is included in the cache key and included in requests that CloudFront sends to the origin. + This field is related to the ``EnableAcceptEncodingGzip`` field. If one or both of these fields is ``true`` *and* the viewer request includes the ``Accept-Encoding`` header, then CloudFront does the following: + + Normalizes the value of the viewer's ``Accept-Encoding`` header + + Includes the normalized header in the cache key + + Includes the normalized header in the request to the origin, if a request is necessary + + For more information, see [Compression support](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-policy-compressed-objects) in the *Amazon CloudFront Developer Guide*. + If you set this value to ``true``, and this cache behavior also has an origin request policy attached, do not include the ``Accept-Encoding`` header in the origin request policy. CloudFront always includes the ``Accept-Encoding`` header in origin requests when the value of this field is ``true``, so including this header in an origin request policy has no effect. + If both of these fields are ``false``, then CloudFront treats the ``Accept-Encoding`` header the same as any other HTTP header in the viewer request. By default, it's not included in the cache key and it's not included in origin requests. In this case, you can manually add ``Accept-Encoding`` to the headers whitelist like any other HTTP header. EnableAcceptEncodingGzip: type: boolean + description: |- + A flag that can affect whether the ``Accept-Encoding`` HTTP header is included in the cache key and included in requests that CloudFront sends to the origin. + This field is related to the ``EnableAcceptEncodingBrotli`` field. If one or both of these fields is ``true`` *and* the viewer request includes the ``Accept-Encoding`` header, then CloudFront does the following: + + Normalizes the value of the viewer's ``Accept-Encoding`` header + + Includes the normalized header in the cache key + + Includes the normalized header in the request to the origin, if a request is necessary + + For more information, see [Compression support](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-policy-compressed-objects) in the *Amazon CloudFront Developer Guide*. + If you set this value to ``true``, and this cache behavior also has an origin request policy attached, do not include the ``Accept-Encoding`` header in the origin request policy. CloudFront always includes the ``Accept-Encoding`` header in origin requests when the value of this field is ``true``, so including this header in an origin request policy has no effect. + If both of these fields are ``false``, then CloudFront treats the ``Accept-Encoding`` header the same as any other HTTP header in the viewer request. By default, it's not included in the cache key and it's not included in origin requests. In this case, you can manually add ``Accept-Encoding`` to the headers whitelist like any other HTTP header. HeadersConfig: $ref: '#/components/schemas/HeadersConfig' + description: An object that determines whether any HTTP headers (and if so, which headers) are included in the cache key and in requests that CloudFront sends to the origin. QueryStringsConfig: $ref: '#/components/schemas/QueryStringsConfig' + description: An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the cache key and in requests that CloudFront sends to the origin. required: - EnableAcceptEncodingGzip - HeadersConfig - CookiesConfig - QueryStringsConfig type: object + description: |- + This object determines the values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer. + The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find an object in its cache that matches the request's cache key. If you want to send values to the origin but *not* include them in the cache key, use ``OriginRequestPolicy``. QueryStringsConfig: additionalProperties: false properties: QueryStringBehavior: pattern: ^(none|whitelist|all|allExcept)$ type: string + description: |- + Determines whether any URL query strings in viewer requests are included in requests that CloudFront sends to the origin. Valid values are: + + ``none`` – No query strings in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any query strings that are listed in a ``CachePolicy`` *are* included in origin requests. + + ``whitelist`` – Only the query strings in viewer requests that are listed in the ``QueryStringNames`` type are included in requests that CloudFront sends to the origin. + + ``all`` – All query strings in viewer requests are included in requests that CloudFront sends to the origin. + + ``allExcept`` – All query strings in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``QueryStringNames`` type, which are not included. QueryStrings: items: type: string type: array uniqueItems: false + description: Contains a list of query string names. required: - QueryStringBehavior type: object + description: An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in requests that CloudFront sends to the origin. CachePolicy: type: object properties: CachePolicyConfig: $ref: '#/components/schemas/CachePolicyConfig' + description: The cache policy configuration. Id: type: string + description: '' LastModifiedTime: type: string + description: '' required: - CachePolicyConfig x-stackql-resource-name: cache_policy - description: Resource Type definition for AWS::CloudFront::CachePolicy + description: |- + A cache policy. + When it's attached to a cache behavior, the cache policy determines the following: + + The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer. + + The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache. + + The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find a valid object in its cache that matches the request's cache key. If you want to send values to the origin but *not* include them in the cache key, use ``OriginRequestPolicy``. x-type-name: AWS::CloudFront::CachePolicy x-stackql-primary-identifier: - Id @@ -518,22 +681,27 @@ components: properties: Comment: type: string + description: A comment to describe the origin access identity. The comment cannot be longer than 128 characters. required: - Comment type: object + description: Origin access identity configuration. Send a ``GET`` request to the ``/CloudFront API version/CloudFront/identity ID/config`` resource. CloudFrontOriginAccessIdentity: type: object properties: CloudFrontOriginAccessIdentityConfig: $ref: '#/components/schemas/CloudFrontOriginAccessIdentityConfig' + description: The current configuration information for the identity. Id: type: string + description: '' S3CanonicalUserId: type: string + description: '' required: - CloudFrontOriginAccessIdentityConfig x-stackql-resource-name: cloud_front_origin_access_identity - description: Resource Type definition for AWS::CloudFront::CloudFrontOriginAccessIdentity + description: The request to create a new origin access identity (OAI). An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content. For more information, see [Restricting Access to Amazon S3 Content by Using an Origin Access Identity](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html) in the *Amazon CloudFront Developer Guide*. x-type-name: AWS::CloudFront::CloudFrontOriginAccessIdentity x-stackql-primary-identifier: - Id @@ -565,6 +733,7 @@ components: properties: Enabled: type: boolean + description: A Boolean that indicates whether this continuous deployment policy is enabled (in effect). When this value is ``true``, this policy is enabled and in effect. When this value is ``false``, this policy is not enabled and has no effect. SingleHeaderPolicyConfig: additionalProperties: false properties: @@ -580,6 +749,7 @@ components: - Header - Value type: object + description: This configuration determines which HTTP requests are sent to the staging distribution. If the HTTP request contains a header and value that matches what you specify here, the request is sent to the staging distribution. Otherwise the request is sent to the primary distribution. SingleWeightPolicyConfig: additionalProperties: false properties: @@ -593,6 +763,7 @@ components: required: - Weight type: object + description: This configuration determines the percentage of HTTP requests that are sent to the staging distribution. StagingDistributionDnsNames: x-insertionOrder: true items: @@ -600,17 +771,21 @@ components: minItems: 1 type: array uniqueItems: true + description: 'The CloudFront domain name of the staging distribution. For example: ``d111111abcdef8.cloudfront.net``.' TrafficConfig: $ref: '#/components/schemas/TrafficConfig' + description: Contains the parameters for routing production traffic from your primary to staging distributions. Type: enum: - SingleWeight - SingleHeader type: string + description: The type of traffic configuration. required: - Enabled - StagingDistributionDnsNames type: object + description: Contains the configuration for a continuous deployment policy. SessionStickinessConfig: additionalProperties: false properties: @@ -619,15 +794,18 @@ components: minimum: 300 multipleOf: 1 type: integer + description: The amount of time after which you want sessions to cease if no requests are received. Allowed values are 300–3600 seconds (5–60 minutes). MaximumTTL: maximum: 3600 minimum: 300 multipleOf: 1 type: integer + description: The maximum amount of time to consider requests from the viewer as being part of the same session. Allowed values are 300–3600 seconds (5–60 minutes). required: - IdleTTL - MaximumTTL type: object + description: Session stickiness provides the ability to define multiple requests from a single viewer as a single session. This prevents the potentially inconsistent experience of sending some of a given user's requests to your staging distribution, while others are sent to your primary distribution. Define the session duration using TTL values. SingleHeaderConfig: additionalProperties: false properties: @@ -635,55 +813,71 @@ components: maxLength: 256 minLength: 1 type: string + description: The request header name that you want CloudFront to send to your staging distribution. The header must contain the prefix ``aws-cf-cd-``. Value: maxLength: 1783 minLength: 1 type: string + description: The request header value. required: - Header - Value type: object + description: Determines which HTTP requests are sent to the staging distribution. SingleWeightConfig: additionalProperties: false properties: SessionStickinessConfig: $ref: '#/components/schemas/SessionStickinessConfig' + description: Session stickiness provides the ability to define multiple requests from a single viewer as a single session. This prevents the potentially inconsistent experience of sending some of a given user's requests to your staging distribution, while others are sent to your primary distribution. Define the session duration using TTL values. Weight: maximum: 1 minimum: 0 multipleOf: 0.01 type: number + description: The percentage of traffic to send to a staging distribution, expressed as a decimal number between 0 and 0.15. For example, a value of 0.10 means 10% of traffic is sent to the staging distribution. required: - Weight type: object + description: This configuration determines the percentage of HTTP requests that are sent to the staging distribution. TrafficConfig: additionalProperties: false properties: SingleHeaderConfig: $ref: '#/components/schemas/SingleHeaderConfig' + description: Determines which HTTP requests are sent to the staging distribution. SingleWeightConfig: $ref: '#/components/schemas/SingleWeightConfig' + description: Contains the percentage of traffic to send to the staging distribution. Type: enum: - SingleWeight - SingleHeader type: string + description: The type of traffic configuration. required: - Type type: object + description: The traffic configuration of your continuous deployment. ContinuousDeploymentPolicy: type: object properties: ContinuousDeploymentPolicyConfig: $ref: '#/components/schemas/ContinuousDeploymentPolicyConfig' + description: Contains the configuration for a continuous deployment policy. Id: type: string + description: '' LastModifiedTime: type: string + description: '' required: - ContinuousDeploymentPolicyConfig x-stackql-resource-name: continuous_deployment_policy - description: Resource Type definition for AWS::CloudFront::ContinuousDeploymentPolicy + description: |- + Creates a continuous deployment policy that routes a subset of production traffic from a primary distribution to a staging distribution. + After you create and update a staging distribution, you can use a continuous deployment policy to incrementally move traffic to the staging distribution. This enables you to test changes to a distribution's configuration before moving all of your production traffic to the new configuration. + For more information, see [Using CloudFront continuous deployment to safely test CDN configuration changes](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/continuous-deployment.html) in the *Amazon CloudFront Developer Guide*. x-type-name: AWS::CloudFront::ContinuousDeploymentPolicy x-stackql-primary-identifier: - Id @@ -775,6 +969,9 @@ components: type: array uniqueItems: false description: A list of CloudFront functions that are associated with this cache behavior. CloudFront functions must be published to the ``LIVE`` stage to associate them with a cache behavior. + GrpcConfig: + $ref: '#/components/schemas/GrpcConfig' + description: The gRPC configuration for your cache behavior. LambdaFunctionAssociations: items: $ref: '#/components/schemas/LambdaFunctionAssociation' @@ -855,7 +1052,7 @@ components: A complex type that describes how CloudFront processes requests. You must create at least as many cache behaviors (including the default cache behavior) as you have origins if you want CloudFront to serve objects from all of the origins. Each cache behavior specifies the one origin from which you want CloudFront to get objects. If you have two origins and only the default cache behavior, the default cache behavior will cause CloudFront to get objects from one of the origins, but the other origin is never used. For the current quota (formerly known as limit) on the number of cache behaviors that you can add to a distribution, see [Quotas](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) in the *Amazon CloudFront Developer Guide*. - If you don't want to specify any cache behaviors, include only an empty ``CacheBehaviors`` element. Don't include an empty ``CacheBehavior`` element because this is invalid. + If you don't want to specify any cache behaviors, include only an empty ``CacheBehaviors`` element. Don't specify an empty individual ``CacheBehavior`` element, because this is invalid. For more information, see [CacheBehaviors](https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CacheBehaviors.html). To delete all cache behaviors in an existing distribution, update the distribution configuration and include only an empty ``CacheBehaviors`` element. To add, change, or remove one or more cache behaviors, update the distribution configuration and specify all of the cache behaviors that you want to include in the updated distribution. For more information about cache behaviors, see [Cache Behavior Settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesCacheBehavior) in the *Amazon CloudFront Developer Guide*. @@ -945,7 +1142,7 @@ components: type: integer description: |- Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 5 seconds. - For more information, see [Origin Keep-alive Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide*. + For more information, see [Keep-alive timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide*. OriginProtocolPolicy: type: string description: |- @@ -958,7 +1155,7 @@ components: type: integer description: |- Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout*. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 30 seconds. - For more information, see [Origin Response Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide*. + For more information, see [Response timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide*. OriginSSLProtocols: default: - TLSv1 @@ -1039,7 +1236,10 @@ components: $ref: '#/components/schemas/FunctionAssociation' type: array uniqueItems: false - description: A list of CloudFront functions that are associated with this cache behavior. CloudFront functions must be published to the ``LIVE`` stage to associate them with a cache behavior. + description: A list of CloudFront functions that are associated with this cache behavior. Your functions must be published to the ``LIVE`` stage to associate them with a cache behavior. + GrpcConfig: + $ref: '#/components/schemas/GrpcConfig' + description: The gRPC configuration for your cache behavior. LambdaFunctionAssociations: items: $ref: '#/components/schemas/LambdaFunctionAssociation' @@ -1121,12 +1321,17 @@ components: type: array uniqueItems: false description: A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution. + AnycastIpListId: + type: string + description: '' CNAMEs: items: type: string type: array uniqueItems: false - description: '' + description: |- + An alias for the CF distribution's domain name. + This property is legacy. We recommend that you use [Aliases](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-aliases) instead. CacheBehaviors: items: $ref: '#/components/schemas/CacheBehavior' @@ -1153,20 +1358,23 @@ components: For more information about custom error pages, see [Customizing Error Responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) in the *Amazon CloudFront Developer Guide*. CustomOrigin: $ref: '#/components/schemas/LegacyCustomOrigin' - description: '' + description: |- + The user-defined HTTP server that serves as the origin for content that CF distributes. + This property is legacy. We recommend that you use [Origin](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html) instead. DefaultCacheBehavior: $ref: '#/components/schemas/DefaultCacheBehavior' description: A complex type that describes the default cache behavior if you don't specify a ``CacheBehavior`` element or if files don't match any of the values of ``PathPattern`` in ``CacheBehavior`` elements. You must create exactly one default cache behavior. DefaultRootObject: default: '' type: string - description: |- - The object that you want CloudFront to request from your origin (for example, ``index.html``) when a viewer requests the root URL for your distribution (``https://www.example.com``) instead of an object in your distribution (``https://www.example.com/product-description.html``). Specifying a default root object avoids exposing the contents of your distribution. - Specify only the object name, for example, ``index.html``. Don't add a ``/`` before the object name. + description: >- + When a viewer requests the root URL for your distribution, the default root object is the object that you want CloudFront to request from your origin. For example, if your root URL is ``https://www.example.com``, you can specify CloudFront to return the ``index.html`` file as the default root object. You can specify a default root object so that viewers see a specific file or object, instead of another object in your distribution (for example, + ``https://www.example.com/product-description.html``). A default root object avoids exposing the contents of your distribution. + You can specify the object name or a path to the object name (for example, ``index.html`` or ``exampleFolderName/index.html``). Your string can't begin with a forward slash (``/``). Only specify the object name or the path to the object. If you don't want to specify a default root object when you create a distribution, include an empty ``DefaultRootObject`` element. To delete the default root object from an existing distribution, update the distribution configuration and include an empty ``DefaultRootObject`` element. To replace the default root object, update the distribution configuration and specify the new object. - For more information about the default root object, see [Creating a Default Root Object](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html) in the *Amazon CloudFront Developer Guide*. + For more information about the default root object, see [Specify a default root object](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html) in the *Amazon CloudFront Developer Guide*. Enabled: type: boolean description: From this field, you can enable or disable the selected distribution. @@ -1174,7 +1382,7 @@ components: default: http1.1 type: string description: |- - (Optional) Specify the maximum HTTP version(s) that you want viewers to use to communicate with CF. The default value for new distributions is ``http1.1``. + (Optional) Specify the HTTP version(s) that you want viewers to use to communicate with CF. The default value for new distributions is ``http1.1``. For viewers and CF to use HTTP/2, viewers must support TLSv1.2 or later, and must support Server Name Indication (SNI). For viewers and CF to use HTTP/3, viewers must support TLSv1.3 and Server Name Indication (SNI). CF supports HTTP/3 connection migration to allow the viewer to switch networks without losing connection. For more information about connection migration, see [Connection Migration](https://docs.aws.amazon.com/https://www.rfc-editor.org/rfc/rfc9000.html#name-connection-migration) at RFC 9000. For more information about supported TLSv1.3 ciphers, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html). IPV6Enabled: @@ -1195,14 +1403,18 @@ components: For more information about logging, see [Access Logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) in the *Amazon CloudFront Developer Guide*. OriginGroups: $ref: '#/components/schemas/OriginGroups' - description: A complex type that contains information about origin groups for this distribution. + description: |- + A complex type that contains information about origin groups for this distribution. + Specify a value for either the ``Origins`` or ``OriginGroups`` property. Origins: items: $ref: '#/components/schemas/Origin' type: array x-insertionOrder: false uniqueItems: false - description: A complex type that contains information about origins for this distribution. + description: |- + A complex type that contains information about origins for this distribution. + Specify a value for either the ``Origins`` or ``OriginGroups`` property. PriceClass: default: PriceClass_All type: string @@ -1218,7 +1430,9 @@ components: description: A complex type that identifies ways in which you want to restrict distribution of your content. S3Origin: $ref: '#/components/schemas/LegacyS3Origin' - description: '' + description: |- + The origin as an S3 bucket. + This property is legacy. We recommend that you use [Origin](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html) instead. Staging: type: boolean description: A Boolean that indicates whether this is a staging distribution. When this value is ``true``, this is a staging distribution. When this value is ``false``, this is not a staging distribution. @@ -1231,7 +1445,7 @@ components: default: '' type: string description: |- - A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``473e64fd-f30b-4765-81a0-62ad96dd167a``. + A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``a1b2c3d4-5678-90ab-cdef-EXAMPLE11111``. WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html). required: - Enabled @@ -1324,6 +1538,19 @@ components: - RestrictionType type: object description: A complex type that controls the countries in which your content is distributed. CF determines the location of your users using ``MaxMind`` GeoIP databases. To disable geo restriction, remove the [Restrictions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-restrictions) property from your stack template. + GrpcConfig: + additionalProperties: false + properties: + Enabled: + type: boolean + description: Enables your CloudFront distribution to receive gRPC requests and to proxy them directly to your origins. + required: + - Enabled + type: object + description: |- + Amazon CloudFront supports gRPC, an open-source remote procedure call (RPC) framework built on HTTP/2. gRPC offers bi-directional streaming and binary protocol that buffers payloads, making it suitable for applications that require low latency communications. + To enable your distribution to handle gRPC requests, you must include HTTP/2 as one of the supported ``HTTP`` versions and allow ``HTTP`` methods, including ``POST``. + For more information, see [Using gRPC with CloudFront distributions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-using-grpc.html) in the *Amazon CloudFront Developer Guide*. LambdaFunctionAssociation: additionalProperties: false properties: @@ -1349,50 +1576,58 @@ components: properties: DNSName: type: string - description: '' + description: The domain name assigned to your CF distribution. HTTPPort: default: 80 type: integer - description: '' + description: The HTTP port that CF uses to connect to the origin. Specify the HTTP port that the origin listens on. HTTPSPort: default: 443 type: integer - description: '' + description: The HTTPS port that CF uses to connect to the origin. Specify the HTTPS port that the origin listens on. OriginProtocolPolicy: type: string - description: '' + description: Specifies the protocol (HTTP or HTTPS) that CF uses to connect to the origin. OriginSSLProtocols: items: type: string type: array uniqueItems: false - description: '' + description: |- + The minimum SSL/TLS protocol version that CF uses when communicating with your origin server over HTTPs. + For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the *Developer Guide*. required: - DNSName - OriginProtocolPolicy - OriginSSLProtocols type: object - description: '' + description: |- + A custom origin. A custom origin is any origin that is *not* an S3 bucket, with one exception. An S3 bucket that is [configured with static website hosting](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) *is* a custom origin. + This property is legacy. We recommend that you use [Origin](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html) instead. LegacyS3Origin: additionalProperties: false properties: DNSName: type: string - description: '' + description: The domain name assigned to your CF distribution. OriginAccessIdentity: default: '' type: string - description: '' + description: |- + The CF origin access identity to associate with the distribution. Use an origin access identity to configure the distribution so that end users can only access objects in an S3 through CF. + This property is legacy. We recommend that you use [OriginAccessControl](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html) instead. required: - DNSName type: object - description: '' + description: |- + The origin as an S3 bucket. + This property is legacy. We recommend that you use [Origin](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html) instead. Logging: additionalProperties: false properties: Bucket: type: string - description: The Amazon S3 bucket to store the access logs in, for example, ``myawslogbucket.s3.amazonaws.com``. + description: The Amazon S3 bucket to store the access logs in, for example, ``amzn-s3-demo-bucket.s3.amazonaws.com``. IncludeCookies: default: false type: boolean @@ -1401,10 +1636,10 @@ components: default: '' type: string description: An optional string that you want CloudFront to prefix to the access log ``filenames`` for this distribution, for example, ``myprefix/``. If you want to enable logging, but you don't want to specify a prefix, you still must include an empty ``Prefix`` element in the ``Logging`` element. - required: - - Bucket type: object - description: A complex type that controls whether access logs are written for the distribution. + description: |- + A complex type that specifies whether access logs are written for the distribution. + If you already enabled standard logging (legacy) and you want to enable standard logging (v2) to send your access logs to Amazon S3, we recommend that you specify a *different* Amazon S3 bucket or use a *separate path* in the same bucket (for example, use a log prefix or partitioning). This helps you keep track of which log files are associated with which logging subscription and prevents log files from overwriting each other. For more information, see [Standard logging (access logs)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) in the *Amazon CloudFront Developer Guide*. Origin: additionalProperties: false properties: @@ -1502,12 +1737,17 @@ components: Members: $ref: '#/components/schemas/OriginGroupMembers' description: A complex type that contains information about the origins in an origin group. + SelectionCriteria: + $ref: '#/components/schemas/OriginGroupSelectionCriteria' + description: The selection criteria for the origin group. For more information, see [Create an origin group](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html#concept_origin_groups.creating) in the *Amazon CloudFront Developer Guide*. required: - Id - FailoverCriteria - Members type: object - description: An origin group includes two origins (a primary origin and a second origin to failover to) and a failover criteria that you specify. You create an origin group to support origin failover in CloudFront. When you create or update a distribution, you can specify the origin group instead of a single origin, and CloudFront will failover from the primary origin to the second origin under the failover conditions that you've chosen. + description: |- + An origin group includes two origins (a primary origin and a secondary origin to failover to) and a failover criteria that you specify. You create an origin group to support origin failover in CloudFront. When you create or update a distribution, you can specify the origin group instead of a single origin, and CloudFront will failover from the primary origin to the secondary origin under the failover conditions that you've chosen. + Optionally, you can choose selection criteria for your origin group to specify how your origins are selected when your distribution routes viewer requests. OriginGroupFailoverCriteria: additionalProperties: false properties: @@ -1545,6 +1785,11 @@ components: - Items type: object description: A complex data type for the origins included in an origin group. + OriginGroupSelectionCriteria: + enum: + - default + - media-quality-based + type: string OriginGroups: additionalProperties: false properties: @@ -1596,9 +1841,10 @@ components: default: '' type: string description: |- - The CloudFront origin access identity to associate with the origin. Use an origin access identity to configure the origin so that viewers can *only* access objects in an Amazon S3 bucket through CloudFront. The format of the value is: - origin-access-identity/cloudfront/*ID-of-origin-access-identity* - where ``ID-of-origin-access-identity`` is the value that CloudFront returned in the ``ID`` element when you created the origin access identity. + If you're using origin access control (OAC) instead of origin access identity, specify an empty ``OriginAccessIdentity`` element. For more information, see [Restricting access to an](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-origin.html) in the *Amazon CloudFront Developer Guide*. + The CloudFront origin access identity to associate with the origin. Use an origin access identity to configure the origin so that viewers can *only* access objects in an Amazon S3 bucket through CloudFront. The format of the value is: + ``origin-access-identity/cloudfront/ID-of-origin-access-identity`` + The ``ID-of-origin-access-identity`` is the value that CloudFront returned in the ``ID`` element when you created the origin access identity. If you want viewers to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty ``OriginAccessIdentity`` element. To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty ``OriginAccessIdentity`` element. To replace the origin access identity, update the distribution configuration and specify the new origin access identity. @@ -1622,24 +1868,6 @@ components: - Items type: object description: A complex data type for the status codes that you specify that, when returned by a primary origin, trigger CloudFront to failover to a second origin. - Tag: - additionalProperties: false - properties: - Key: - type: string - description: |- - A string that contains ``Tag`` key. - The string length should be between 1 and 128 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``. - Value: - type: string - description: |- - A string that contains an optional ``Tag`` value. - The string length should be between 0 and 256 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``. - required: - - Value - - Key - type: object - description: A complex type that contains ``Tag`` key and ``Tag`` value. ViewerCertificate: additionalProperties: false properties: @@ -1765,54 +1993,74 @@ components: properties: Comment: type: string + description: A comment to describe the function. Runtime: type: string + description: The function's runtime environment version. KeyValueStoreAssociations: items: $ref: '#/components/schemas/KeyValueStoreAssociation' type: array uniqueItems: true + description: The configuration for the key value store associations. required: - Comment - Runtime type: object + description: Contains configuration information about a CloudFront function. FunctionMetadata: additionalProperties: false properties: FunctionARN: type: string + description: The Amazon Resource Name (ARN) of the function. The ARN uniquely identifies the function. type: object + description: Contains metadata about a CloudFront function. KeyValueStoreAssociation: additionalProperties: false properties: KeyValueStoreARN: type: string + description: The Amazon Resource Name (ARN) of the key value store association. required: - KeyValueStoreARN type: object + description: The key value store association. Function: type: object properties: AutoPublish: type: boolean + description: A flag that determines whether to automatically publish the function to the ``LIVE`` stage when it’s created. To automatically publish to the ``LIVE`` stage, set this property to ``true``. FunctionARN: type: string + description: '' FunctionCode: type: string + description: The function code. For more information about writing a CloudFront function, see [Writing function code for CloudFront Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/writing-function-code.html) in the *Amazon CloudFront Developer Guide*. FunctionConfig: $ref: '#/components/schemas/FunctionConfig' + description: Contains configuration information about a CloudFront function. FunctionMetadata: $ref: '#/components/schemas/FunctionMetadata' + description: Contains metadata about a CloudFront function. Name: type: string + description: A name to identify the function. Stage: type: string + description: '' required: - Name - FunctionConfig - FunctionCode x-stackql-resource-name: function - description: Resource Type definition for AWS::CloudFront::Function + description: |- + Creates a CF function. + To create a function, you provide the function code and some configuration information about the function. The response contains an Amazon Resource Name (ARN) that uniquely identifies the function, and the function’s stage. + By default, when you create a function, it’s in the ``DEVELOPMENT`` stage. In this stage, you can [test the function](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/test-function.html) in the CF console (or with ``TestFunction`` in the CF API). + When you’re ready to use your function with a CF distribution, publish the function to the ``LIVE`` stage. You can do this in the CF console, with ``PublishFunction`` in the CF API, or by updating the ``AWS::CloudFront::Function`` resource with the ``AutoPublish`` property set to ``true``. When the function is published to the ``LIVE`` stage, you can attach it to a distribution’s cache behavior, using the function’s ARN. + To automatically publish the function to the ``LIVE`` stage when it’s created, set the ``AutoPublish`` property to ``true``. x-type-name: AWS::CloudFront::Function x-stackql-primary-identifier: - FunctionARN @@ -1853,30 +2101,41 @@ components: properties: Comment: type: string + description: A comment to describe the key group. The comment cannot be longer than 128 characters. Items: items: type: string type: array uniqueItems: false + description: A list of the identifiers of the public keys in the key group. Name: type: string + description: A name to identify the key group. required: - Name - Items type: object + description: |- + A key group configuration. + A key group contains a list of public keys that you can use with [CloudFront signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html). KeyGroup: type: object properties: Id: type: string + description: '' KeyGroupConfig: $ref: '#/components/schemas/KeyGroupConfig' + description: The key group configuration. LastModifiedTime: type: string + description: '' required: - KeyGroupConfig x-stackql-resource-name: key_group - description: Resource Type definition for AWS::CloudFront::KeyGroup + description: |- + A key group. + A key group contains a list of public keys that you can use with [CloudFront signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html). x-type-name: AWS::CloudFront::KeyGroup x-stackql-primary-identifier: - Id @@ -1908,31 +2167,40 @@ components: properties: SourceType: type: string + description: The source type of the import source for the key value store. SourceArn: type: string + description: The Amazon Resource Name (ARN) of the import source for the key value store. required: - SourceType - SourceArn type: object + description: The import source for the key value store. KeyValueStore: type: object properties: Arn: type: string + description: '' Id: type: string + description: '' Status: type: string + description: '' Name: type: string + description: The name of the key value store. Comment: type: string + description: A comment for the key value store. ImportSource: $ref: '#/components/schemas/ImportSource' + description: The import source for the key value store. required: - Name x-stackql-resource-name: key_value_store - description: Resource Type definition for AWS::CloudFront::KeyValueStore + description: The key value store. Use this to separate data from function code, allowing you to update data without having to publish a new version of a function. The key value store holds keys and their corresponding values. x-type-name: AWS::CloudFront::KeyValueStore x-stackql-primary-identifier: - Name @@ -1973,13 +2241,15 @@ components: properties: DistributionId: type: string + description: The ID of the distribution that you are enabling metrics for. MonitoringSubscription: $ref: '#/components/schemas/MonitoringSubscription' + description: A subscription configuration for additional CloudWatch metrics. required: - DistributionId - MonitoringSubscription x-stackql-resource-name: monitoring_subscription - description: Resource Type definition for AWS::CloudFront::MonitoringSubscription + description: A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution. x-type-name: AWS::CloudFront::MonitoringSubscription x-stackql-primary-identifier: - DistributionId @@ -2008,42 +2278,63 @@ components: - Enabled - Disabled type: string + description: A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. required: - RealtimeMetricsSubscriptionStatus type: object + description: A subscription configuration for additional CloudWatch metrics. OriginAccessControlConfig: additionalProperties: false properties: Description: type: string + description: A description of the origin access control. Name: type: string + description: A name to identify the origin access control. You can specify up to 64 characters. OriginAccessControlOriginType: pattern: ^(s3|mediastore|lambda|mediapackagev2)$ type: string + description: The type of origin that this origin access control is for. SigningBehavior: pattern: ^(never|no-override|always)$ type: string + description: |- + Specifies which requests CloudFront signs (adds authentication information to). Specify ``always`` for the most common use case. For more information, see [origin access control advanced settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#oac-advanced-settings) in the *Amazon CloudFront Developer Guide*. + This field can have one of the following values: + + ``always`` – CloudFront signs all origin requests, overwriting the ``Authorization`` header from the viewer request if one exists. + + ``never`` – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control. + + ``no-override`` – If the viewer request doesn't contain the ``Authorization`` header, then CloudFront signs the origin request. If the viewer request contains the ``Authorization`` header, then CloudFront doesn't sign the origin request and instead passes along the ``Authorization`` header from the viewer request. *WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.* SigningProtocol: pattern: ^(sigv4)$ type: string + description: The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests. The only valid value is ``sigv4``. required: - Name - SigningProtocol - SigningBehavior - OriginAccessControlOriginType type: object + description: |- + Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin. + This makes it possible to block public access to the origin, allowing viewers (users) to access the origin's content only through CloudFront. + For more information about using a CloudFront origin access control, see [Restricting access to an origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-origin.html) in the *Amazon CloudFront Developer Guide*. OriginAccessControl: type: object properties: Id: type: string + description: '' OriginAccessControlConfig: $ref: '#/components/schemas/OriginAccessControlConfig' + description: The origin access control. required: - OriginAccessControlConfig x-stackql-resource-name: origin_access_control - description: Resource Type definition for AWS::CloudFront::OriginAccessControl + description: |- + Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin. + This makes it possible to block public access to the origin, allowing viewers (users) to access the origin's content only through CloudFront. + For more information about using a CloudFront origin access control, see [Restricting access to an origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-origin.html) in the *Amazon CloudFront Developer Guide*. x-type-name: AWS::CloudFront::OriginAccessControl x-stackql-primary-identifier: - Id @@ -2074,33 +2365,56 @@ components: properties: Comment: type: string + description: A comment to describe the origin request policy. The comment cannot be longer than 128 characters. CookiesConfig: $ref: '#/components/schemas/CookiesConfig' + description: The cookies from viewer requests to include in origin requests. HeadersConfig: $ref: '#/components/schemas/HeadersConfig' + description: The HTTP headers to include in origin requests. These can include headers from viewer requests and additional headers added by CloudFront. Name: type: string + description: A unique name to identify the origin request policy. QueryStringsConfig: $ref: '#/components/schemas/QueryStringsConfig' + description: The URL query strings from viewer requests to include in origin requests. required: - Name - HeadersConfig - CookiesConfig - QueryStringsConfig type: object + description: |- + An origin request policy configuration. + This configuration determines the values that CloudFront includes in requests that it sends to the origin. Each request that CloudFront sends to the origin includes the following: + + The request body and the URL path (without the domain name) from the viewer request. + + The headers that CloudFront automatically includes in every origin request, including ``Host``, ``User-Agent``, and ``X-Amz-Cf-Id``. + + All HTTP headers, cookies, and URL query strings that are specified in the cache policy or the origin request policy. These can include items from the viewer request and, in the case of headers, additional ones that are added by CloudFront. + + CloudFront sends a request when it can't find an object in its cache that matches the request. If you want to send values to the origin and also include them in the cache key, use ``CachePolicy``. OriginRequestPolicy: type: object properties: Id: type: string + description: '' LastModifiedTime: type: string + description: '' OriginRequestPolicyConfig: $ref: '#/components/schemas/OriginRequestPolicyConfig' + description: The origin request policy configuration. required: - OriginRequestPolicyConfig x-stackql-resource-name: origin_request_policy - description: Resource Type definition for AWS::CloudFront::OriginRequestPolicy + description: |- + An origin request policy. + When it's attached to a cache behavior, the origin request policy determines the values that CloudFront includes in requests that it sends to the origin. Each request that CloudFront sends to the origin includes the following: + + The request body and the URL path (without the domain name) from the viewer request. + + The headers that CloudFront automatically includes in every origin request, including ``Host``, ``User-Agent``, and ``X-Amz-Cf-Id``. + + All HTTP headers, cookies, and URL query strings that are specified in the cache policy or the origin request policy. These can include items from the viewer request and, in the case of headers, additional ones that are added by CloudFront. + + CloudFront sends a request when it can't find an object in its cache that matches the request. If you want to send values to the origin and also include them in the cache key, use ``CachePolicy``. x-type-name: AWS::CloudFront::OriginRequestPolicy x-stackql-primary-identifier: - Id @@ -2132,30 +2446,38 @@ components: properties: CallerReference: type: string + description: A string included in the request to help make sure that the request can't be replayed. Comment: type: string + description: A comment to describe the public key. The comment cannot be longer than 128 characters. EncodedKey: type: string + description: The public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html), or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html). Name: type: string + description: A name to help identify the public key. required: - CallerReference - Name - EncodedKey type: object + description: Configuration information about a public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html), or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html). PublicKey: type: object properties: CreatedTime: type: string + description: '' Id: type: string + description: '' PublicKeyConfig: $ref: '#/components/schemas/PublicKeyConfig' + description: Configuration information about a public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html), or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html). required: - PublicKeyConfig x-stackql-resource-name: public_key - description: Resource Type definition for AWS::CloudFront::PublicKey + description: A public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html), or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html). x-type-name: AWS::CloudFront::PublicKey x-stackql-primary-identifier: - Id @@ -2187,54 +2509,69 @@ components: properties: KinesisStreamConfig: $ref: '#/components/schemas/KinesisStreamConfig' + description: Contains information about the Amazon Kinesis data stream where you are sending real-time log data. StreamType: type: string + description: The type of data stream where you are sending real-time log data. The only valid value is ``Kinesis``. required: - KinesisStreamConfig - StreamType type: object + description: Contains information about the Amazon Kinesis data stream where you are sending real-time log data in a real-time log configuration. KinesisStreamConfig: additionalProperties: false properties: RoleArn: type: string + description: |- + The Amazon Resource Name (ARN) of an IAMlong (IAM) role that CloudFront can use to send real-time log data to your Kinesis data stream. + For more information the IAM role, see [Real-time log configuration IAM role](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-iam-role) in the *Amazon CloudFront Developer Guide*. StreamArn: type: string + description: The Amazon Resource Name (ARN) of the Kinesis data stream where you are sending real-time log data. required: - RoleArn - StreamArn type: object + description: Contains information about the Amazon Kinesis data stream where you are sending real-time log data. RealtimeLogConfig: type: object properties: Arn: type: string + description: '' EndPoints: items: $ref: '#/components/schemas/EndPoint' minItems: 1 type: array uniqueItems: false + description: Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration. Fields: items: type: string minItems: 1 type: array uniqueItems: false + description: |- + A list of fields that are included in each real-time log record. In an API response, the fields are provided in the same order in which they are sent to the Amazon Kinesis data stream. + For more information about fields, see [Real-time log configuration fields](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields) in the *Amazon CloudFront Developer Guide*. Name: type: string + description: The unique name of this real-time log configuration. SamplingRate: maximum: 100 minimum: 1 multipleOf: 1 type: number + description: The sampling rate for this real-time log configuration. The sampling rate determines the percentage of viewer requests that are represented in the real-time log data. The sampling rate is an integer between 1 and 100, inclusive. required: - Name - EndPoints - Fields - SamplingRate x-stackql-resource-name: realtime_log_config - description: Resource Type definition for AWS::CloudFront::RealtimeLogConfig + description: A real-time log configuration. x-type-name: AWS::CloudFront::RealtimeLogConfig x-stackql-primary-identifier: - Arn @@ -2275,9 +2612,13 @@ components: items: type: string type: array + description: The list of HTTP header names. You can specify ``*`` to allow all headers. required: - Items type: object + description: |- + A list of HTTP header names that CloudFront includes as values for the ``Access-Control-Allow-Headers`` HTTP response header. + For more information about the ``Access-Control-Allow-Headers`` HTTP response header, see [Access-Control-Allow-Headers](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) in the MDN Web Docs. AccessControlAllowMethods: additionalProperties: false properties: @@ -2286,9 +2627,24 @@ components: items: type: string type: array + description: |- + The list of HTTP methods. Valid values are: + + ``GET`` + + ``DELETE`` + + ``HEAD`` + + ``OPTIONS`` + + ``PATCH`` + + ``POST`` + + ``PUT`` + + ``ALL`` + + ``ALL`` is a special value that includes all of the listed HTTP methods. required: - Items type: object + description: |- + A list of HTTP methods that CloudFront includes as values for the ``Access-Control-Allow-Methods`` HTTP response header. + For more information about the ``Access-Control-Allow-Methods`` HTTP response header, see [Access-Control-Allow-Methods](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) in the MDN Web Docs. AccessControlAllowOrigins: additionalProperties: false properties: @@ -2297,9 +2653,13 @@ components: items: type: string type: array + description: The list of origins (domain names). You can specify ``*`` to allow all origins. required: - Items type: object + description: |- + A list of origins (domain names) that CloudFront can use as the value for the ``Access-Control-Allow-Origin`` HTTP response header. + For more information about the ``Access-Control-Allow-Origin`` HTTP response header, see [Access-Control-Allow-Origin](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) in the MDN Web Docs. AccessControlExposeHeaders: additionalProperties: false properties: @@ -2308,45 +2668,79 @@ components: items: type: string type: array + description: The list of HTTP headers. You can specify ``*`` to expose all headers. required: - Items type: object + description: |- + A list of HTTP headers that CloudFront includes as values for the ``Access-Control-Expose-Headers`` HTTP response header. + For more information about the ``Access-Control-Expose-Headers`` HTTP response header, see [Access-Control-Expose-Headers](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) in the MDN Web Docs. ContentSecurityPolicy: additionalProperties: false properties: ContentSecurityPolicy: type: string + description: |- + The policy directives and their values that CloudFront includes as values for the ``Content-Security-Policy`` HTTP response header. + For more information about the ``Content-Security-Policy`` HTTP response header, see [Content-Security-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in the MDN Web Docs. Override: type: boolean + description: A Boolean that determines whether CloudFront overrides the ``Content-Security-Policy`` HTTP response header received from the origin with the one specified in this response headers policy. required: - Override - ContentSecurityPolicy type: object + description: |- + The policy directives and their values that CloudFront includes as values for the ``Content-Security-Policy`` HTTP response header. + For more information about the ``Content-Security-Policy`` HTTP response header, see [Content-Security-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in the MDN Web Docs. ContentTypeOptions: additionalProperties: false properties: Override: type: boolean + description: A Boolean that determines whether CloudFront overrides the ``X-Content-Type-Options`` HTTP response header received from the origin with the one specified in this response headers policy. required: - Override type: object + description: |- + Determines whether CloudFront includes the ``X-Content-Type-Options`` HTTP response header with its value set to ``nosniff``. + For more information about the ``X-Content-Type-Options`` HTTP response header, see [X-Content-Type-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options) in the MDN Web Docs. CorsConfig: additionalProperties: false properties: AccessControlAllowCredentials: type: boolean + description: |- + A Boolean that CloudFront uses as the value for the ``Access-Control-Allow-Credentials`` HTTP response header. + For more information about the ``Access-Control-Allow-Credentials`` HTTP response header, see [Access-Control-Allow-Credentials](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials) in the MDN Web Docs. AccessControlAllowHeaders: $ref: '#/components/schemas/AccessControlAllowHeaders' + description: |- + A list of HTTP header names that CloudFront includes as values for the ``Access-Control-Allow-Headers`` HTTP response header. + For more information about the ``Access-Control-Allow-Headers`` HTTP response header, see [Access-Control-Allow-Headers](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) in the MDN Web Docs. AccessControlAllowMethods: $ref: '#/components/schemas/AccessControlAllowMethods' + description: |- + A list of HTTP methods that CloudFront includes as values for the ``Access-Control-Allow-Methods`` HTTP response header. + For more information about the ``Access-Control-Allow-Methods`` HTTP response header, see [Access-Control-Allow-Methods](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) in the MDN Web Docs. AccessControlAllowOrigins: $ref: '#/components/schemas/AccessControlAllowOrigins' + description: |- + A list of origins (domain names) that CloudFront can use as the value for the ``Access-Control-Allow-Origin`` HTTP response header. + For more information about the ``Access-Control-Allow-Origin`` HTTP response header, see [Access-Control-Allow-Origin](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) in the MDN Web Docs. AccessControlExposeHeaders: $ref: '#/components/schemas/AccessControlExposeHeaders' + description: |- + A list of HTTP headers that CloudFront includes as values for the ``Access-Control-Expose-Headers`` HTTP response header. + For more information about the ``Access-Control-Expose-Headers`` HTTP response header, see [Access-Control-Expose-Headers](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) in the MDN Web Docs. AccessControlMaxAgeSec: type: integer + description: |- + A number that CloudFront uses as the value for the ``Access-Control-Max-Age`` HTTP response header. + For more information about the ``Access-Control-Max-Age`` HTTP response header, see [Access-Control-Max-Age](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age) in the MDN Web Docs. OriginOverride: type: boolean + description: A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy. required: - AccessControlAllowOrigins - AccessControlAllowHeaders @@ -2354,20 +2748,27 @@ components: - AccessControlAllowCredentials - OriginOverride type: object + description: |- + A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy. + For more information about CORS, see [Cross-Origin Resource Sharing (CORS)](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) in the MDN Web Docs. CustomHeader: additionalProperties: false properties: Header: type: string + description: The HTTP response header name. Override: type: boolean + description: A Boolean that determines whether CloudFront overrides a response header with the same name received from the origin with the header specified here. Value: type: string + description: The value for the HTTP response header. required: - Header - Value - Override type: object + description: An HTTP response header name and its value. CloudFront includes this header in HTTP responses that it sends for requests that match a cache behavior that's associated with this response headers policy. CustomHeadersConfig: additionalProperties: false properties: @@ -2377,41 +2778,59 @@ components: $ref: '#/components/schemas/CustomHeader' type: array uniqueItems: false + description: The list of HTTP response headers and their values. required: - Items type: object + description: A list of HTTP response header names and their values. CloudFront includes these headers in HTTP responses that it sends for requests that match a cache behavior that's associated with this response headers policy. FrameOptions: additionalProperties: false properties: FrameOption: pattern: ^(DENY|SAMEORIGIN)$ type: string + description: |- + The value of the ``X-Frame-Options`` HTTP response header. Valid values are ``DENY`` and ``SAMEORIGIN``. + For more information about these values, see [X-Frame-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs. Override: type: boolean + description: A Boolean that determines whether CloudFront overrides the ``X-Frame-Options`` HTTP response header received from the origin with the one specified in this response headers policy. required: - Override - FrameOption type: object + description: |- + Determines whether CloudFront includes the ``X-Frame-Options`` HTTP response header and the header's value. + For more information about the ``X-Frame-Options`` HTTP response header, see [X-Frame-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs. ReferrerPolicy: additionalProperties: false properties: Override: type: boolean + description: A Boolean that determines whether CloudFront overrides the ``Referrer-Policy`` HTTP response header received from the origin with the one specified in this response headers policy. ReferrerPolicy: pattern: ^(no-referrer|no-referrer-when-downgrade|origin|origin-when-cross-origin|same-origin|strict-origin|strict-origin-when-cross-origin|unsafe-url)$ type: string + description: |- + Determines whether CloudFront includes the ``Referrer-Policy`` HTTP response header and the header's value. + For more information about the ``Referrer-Policy`` HTTP response header, see [Referrer-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs. required: - Override - ReferrerPolicy type: object + description: |- + Determines whether CloudFront includes the ``Referrer-Policy`` HTTP response header and the header's value. + For more information about the ``Referrer-Policy`` HTTP response header, see [Referrer-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs. RemoveHeader: additionalProperties: false properties: Header: type: string + description: The HTTP header name. required: - Header type: object + description: The name of an HTTP header that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to. RemoveHeadersConfig: additionalProperties: false properties: @@ -2421,102 +2840,170 @@ components: $ref: '#/components/schemas/RemoveHeader' type: array uniqueItems: true + description: The list of HTTP header names. required: - Items type: object + description: A list of HTTP header names that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to. ResponseHeadersPolicyConfig: additionalProperties: false properties: Comment: type: string + description: |- + A comment to describe the response headers policy. + The comment cannot be longer than 128 characters. CorsConfig: $ref: '#/components/schemas/CorsConfig' + description: A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CustomHeadersConfig: $ref: '#/components/schemas/CustomHeadersConfig' + description: A configuration for a set of custom HTTP response headers. Name: type: string + description: |- + A name to identify the response headers policy. + The name must be unique for response headers policies in this AWS-account. RemoveHeadersConfig: $ref: '#/components/schemas/RemoveHeadersConfig' + description: A configuration for a set of HTTP headers to remove from the HTTP response. SecurityHeadersConfig: $ref: '#/components/schemas/SecurityHeadersConfig' + description: A configuration for a set of security-related HTTP response headers. ServerTimingHeadersConfig: $ref: '#/components/schemas/ServerTimingHeadersConfig' + description: A configuration for enabling the ``Server-Timing`` header in HTTP responses sent from CloudFront. required: - Name type: object + description: |- + A response headers policy configuration. + A response headers policy configuration contains metadata about the response headers policy, and configurations for sets of HTTP response headers. SecurityHeadersConfig: additionalProperties: false properties: ContentSecurityPolicy: $ref: '#/components/schemas/ContentSecurityPolicy' + description: |- + The policy directives and their values that CloudFront includes as values for the ``Content-Security-Policy`` HTTP response header. + For more information about the ``Content-Security-Policy`` HTTP response header, see [Content-Security-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in the MDN Web Docs. ContentTypeOptions: $ref: '#/components/schemas/ContentTypeOptions' + description: |- + Determines whether CloudFront includes the ``X-Content-Type-Options`` HTTP response header with its value set to ``nosniff``. + For more information about the ``X-Content-Type-Options`` HTTP response header, see [X-Content-Type-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options) in the MDN Web Docs. FrameOptions: $ref: '#/components/schemas/FrameOptions' + description: |- + Determines whether CloudFront includes the ``X-Frame-Options`` HTTP response header and the header's value. + For more information about the ``X-Frame-Options`` HTTP response header, see [X-Frame-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs. ReferrerPolicy: $ref: '#/components/schemas/ReferrerPolicy' + description: |- + Determines whether CloudFront includes the ``Referrer-Policy`` HTTP response header and the header's value. + For more information about the ``Referrer-Policy`` HTTP response header, see [Referrer-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs. StrictTransportSecurity: $ref: '#/components/schemas/StrictTransportSecurity' + description: |- + Determines whether CloudFront includes the ``Strict-Transport-Security`` HTTP response header and the header's value. + For more information about the ``Strict-Transport-Security`` HTTP response header, see [Security headers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/understanding-response-headers-policies.html#understanding-response-headers-policies-security) in the *Amazon CloudFront Developer Guide* and [Strict-Transport-Security](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) in the MDN Web Docs. XSSProtection: $ref: '#/components/schemas/XSSProtection' + description: |- + Determines whether CloudFront includes the ``X-XSS-Protection`` HTTP response header and the header's value. + For more information about the ``X-XSS-Protection`` HTTP response header, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs. required: [] type: object + description: A configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy. ServerTimingHeadersConfig: additionalProperties: false properties: Enabled: type: boolean + description: A Boolean that determines whether CloudFront adds the ``Server-Timing`` header to HTTP responses that it sends in response to requests that match a cache behavior that's associated with this response headers policy. SamplingRate: maximum: 100 minimum: 0 multipleOf: 0.0001 type: number + description: >- + A number 0–100 (inclusive) that specifies the percentage of responses that you want CloudFront to add the ``Server-Timing`` header to. When you set the sampling rate to 100, CloudFront adds the ``Server-Timing`` header to the HTTP response for every request that matches the cache behavior that this response headers policy is attached to. When you set it to 50, CloudFront adds the header to 50% of the responses for requests that match the cache behavior. You can set the sampling rate + to any number 0–100 with up to four decimal places. required: - Enabled type: object + description: A configuration for enabling the ``Server-Timing`` header in HTTP responses sent from CloudFront. StrictTransportSecurity: additionalProperties: false properties: AccessControlMaxAgeSec: type: integer + description: A number that CloudFront uses as the value for the ``max-age`` directive in the ``Strict-Transport-Security`` HTTP response header. IncludeSubdomains: type: boolean + description: A Boolean that determines whether CloudFront includes the ``includeSubDomains`` directive in the ``Strict-Transport-Security`` HTTP response header. Override: type: boolean + description: A Boolean that determines whether CloudFront overrides the ``Strict-Transport-Security`` HTTP response header received from the origin with the one specified in this response headers policy. Preload: type: boolean + description: A Boolean that determines whether CloudFront includes the ``preload`` directive in the ``Strict-Transport-Security`` HTTP response header. required: - Override - AccessControlMaxAgeSec type: object + description: |- + Determines whether CloudFront includes the ``Strict-Transport-Security`` HTTP response header and the header's value. + For more information about the ``Strict-Transport-Security`` HTTP response header, see [Strict-Transport-Security](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) in the MDN Web Docs. XSSProtection: additionalProperties: false properties: ModeBlock: type: boolean + description: |- + A Boolean that determines whether CloudFront includes the ``mode=block`` directive in the ``X-XSS-Protection`` header. + For more information about this directive, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs. Override: type: boolean + description: A Boolean that determines whether CloudFront overrides the ``X-XSS-Protection`` HTTP response header received from the origin with the one specified in this response headers policy. Protection: type: boolean + description: |- + A Boolean that determines the value of the ``X-XSS-Protection`` HTTP response header. When this setting is ``true``, the value of the ``X-XSS-Protection`` header is ``1``. When this setting is ``false``, the value of the ``X-XSS-Protection`` header is ``0``. + For more information about these settings, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs. ReportUri: type: string + description: |- + A reporting URI, which CloudFront uses as the value of the ``report`` directive in the ``X-XSS-Protection`` header. + You cannot specify a ``ReportUri`` when ``ModeBlock`` is ``true``. + For more information about using a reporting URL, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs. required: - Override - Protection type: object + description: |- + Determines whether CloudFront includes the ``X-XSS-Protection`` HTTP response header and the header's value. + For more information about the ``X-XSS-Protection`` HTTP response header, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs. ResponseHeadersPolicy: type: object properties: Id: type: string + description: '' LastModifiedTime: type: string + description: '' ResponseHeadersPolicyConfig: $ref: '#/components/schemas/ResponseHeadersPolicyConfig' + description: A response headers policy configuration. required: - ResponseHeadersPolicyConfig x-stackql-resource-name: response_headers_policy - description: Resource Type definition for AWS::CloudFront::ResponseHeadersPolicy + description: |- + A response headers policy. + A response headers policy contains information about a set of HTTP response headers. + After you create a response headers policy, you can use its ID to attach it to one or more cache behaviors in a CloudFront distribution. When it's attached to a cache behavior, the response headers policy affects the HTTP headers that CloudFront includes in HTTP responses to requests that match the cache behavior. CloudFront adds or removes response headers according to the configuration of the response headers policy. + For more information, see [Adding or removing HTTP headers in CloudFront responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/modifying-response-headers.html) in the *Amazon CloudFront Developer Guide*. x-type-name: AWS::CloudFront::ResponseHeadersPolicy x-stackql-primary-identifier: - Id @@ -2543,6 +3030,38 @@ components: update: - cloudfront:UpdateResponseHeadersPolicy - cloudfront:GetResponseHeadersPolicy + CreateAnycastIpListRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AnycastIpList: + $ref: '#/components/schemas/AnycastIpList' + ETag: + type: string + Id: + type: string + IpCount: + type: integer + Name: + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9-_]{1,64}$ + type: string + Tags: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateAnycastIpListRequest + type: object + required: [] CreateCachePolicyRequest: properties: ClientToken: @@ -2558,10 +3077,13 @@ components: properties: CachePolicyConfig: $ref: '#/components/schemas/CachePolicyConfig' + description: The cache policy configuration. Id: type: string + description: '' LastModifiedTime: type: string + description: '' x-stackQL-stringOnly: true x-title: CreateCachePolicyRequest type: object @@ -2581,10 +3103,13 @@ components: properties: CloudFrontOriginAccessIdentityConfig: $ref: '#/components/schemas/CloudFrontOriginAccessIdentityConfig' + description: The current configuration information for the identity. Id: type: string + description: '' S3CanonicalUserId: type: string + description: '' x-stackQL-stringOnly: true x-title: CreateCloudFrontOriginAccessIdentityRequest type: object @@ -2604,10 +3129,13 @@ components: properties: ContinuousDeploymentPolicyConfig: $ref: '#/components/schemas/ContinuousDeploymentPolicyConfig' + description: Contains the configuration for a continuous deployment policy. Id: type: string + description: '' LastModifiedTime: type: string + description: '' x-stackQL-stringOnly: true x-title: CreateContinuousDeploymentPolicyRequest type: object @@ -2659,18 +3187,25 @@ components: properties: AutoPublish: type: boolean + description: A flag that determines whether to automatically publish the function to the ``LIVE`` stage when it’s created. To automatically publish to the ``LIVE`` stage, set this property to ``true``. FunctionARN: type: string + description: '' FunctionCode: type: string + description: The function code. For more information about writing a CloudFront function, see [Writing function code for CloudFront Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/writing-function-code.html) in the *Amazon CloudFront Developer Guide*. FunctionConfig: $ref: '#/components/schemas/FunctionConfig' + description: Contains configuration information about a CloudFront function. FunctionMetadata: $ref: '#/components/schemas/FunctionMetadata' + description: Contains metadata about a CloudFront function. Name: type: string + description: A name to identify the function. Stage: type: string + description: '' x-stackQL-stringOnly: true x-title: CreateFunctionRequest type: object @@ -2690,10 +3225,13 @@ components: properties: Id: type: string + description: '' KeyGroupConfig: $ref: '#/components/schemas/KeyGroupConfig' + description: The key group configuration. LastModifiedTime: type: string + description: '' x-stackQL-stringOnly: true x-title: CreateKeyGroupRequest type: object @@ -2713,16 +3251,22 @@ components: properties: Arn: type: string + description: '' Id: type: string + description: '' Status: type: string + description: '' Name: type: string + description: The name of the key value store. Comment: type: string + description: A comment for the key value store. ImportSource: $ref: '#/components/schemas/ImportSource' + description: The import source for the key value store. x-stackQL-stringOnly: true x-title: CreateKeyValueStoreRequest type: object @@ -2742,8 +3286,10 @@ components: properties: DistributionId: type: string + description: The ID of the distribution that you are enabling metrics for. MonitoringSubscription: $ref: '#/components/schemas/MonitoringSubscription' + description: A subscription configuration for additional CloudWatch metrics. x-stackQL-stringOnly: true x-title: CreateMonitoringSubscriptionRequest type: object @@ -2763,8 +3309,10 @@ components: properties: Id: type: string + description: '' OriginAccessControlConfig: $ref: '#/components/schemas/OriginAccessControlConfig' + description: The origin access control. x-stackQL-stringOnly: true x-title: CreateOriginAccessControlRequest type: object @@ -2784,10 +3332,13 @@ components: properties: Id: type: string + description: '' LastModifiedTime: type: string + description: '' OriginRequestPolicyConfig: $ref: '#/components/schemas/OriginRequestPolicyConfig' + description: The origin request policy configuration. x-stackQL-stringOnly: true x-title: CreateOriginRequestPolicyRequest type: object @@ -2807,10 +3358,13 @@ components: properties: CreatedTime: type: string + description: '' Id: type: string + description: '' PublicKeyConfig: $ref: '#/components/schemas/PublicKeyConfig' + description: Configuration information about a public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html), or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html). x-stackQL-stringOnly: true x-title: CreatePublicKeyRequest type: object @@ -2830,25 +3384,32 @@ components: properties: Arn: type: string + description: '' EndPoints: items: $ref: '#/components/schemas/EndPoint' minItems: 1 type: array uniqueItems: false + description: Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration. Fields: items: type: string minItems: 1 type: array uniqueItems: false + description: |- + A list of fields that are included in each real-time log record. In an API response, the fields are provided in the same order in which they are sent to the Amazon Kinesis data stream. + For more information about fields, see [Real-time log configuration fields](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields) in the *Amazon CloudFront Developer Guide*. Name: type: string + description: The unique name of this real-time log configuration. SamplingRate: maximum: 100 minimum: 1 multipleOf: 1 type: number + description: The sampling rate for this real-time log configuration. The sampling rate determines the percentage of viewer requests that are represented in the real-time log data. The sampling rate is an integer between 1 and 100, inclusive. x-stackQL-stringOnly: true x-title: CreateRealtimeLogConfigRequest type: object @@ -2868,10 +3429,13 @@ components: properties: Id: type: string + description: '' LastModifiedTime: type: string + description: '' ResponseHeadersPolicyConfig: $ref: '#/components/schemas/ResponseHeadersPolicyConfig' + description: A response headers policy configuration. x-stackQL-stringOnly: true x-title: CreateResponseHeadersPolicyRequest type: object @@ -2884,6 +3448,200 @@ components: description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: + anycast_ip_lists: + name: anycast_ip_lists + id: aws.cloudfront.anycast_ip_lists + x-cfn-schema-name: AnycastIpList + x-cfn-type-name: AWS::CloudFront::AnycastIpList + x-identifiers: + - Id + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AnycastIpList&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudFront::AnycastIpList" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudFront::AnycastIpList" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/anycast_ip_lists/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/anycast_ip_lists/methods/delete_resource' + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AnycastIpList') as anycast_ip_list, + JSON_EXTRACT(Properties, '$.ETag') as e_tag, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.IpCount') as ip_count, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::AnycastIpList' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AnycastIpList') as anycast_ip_list, + JSON_EXTRACT(detail.Properties, '$.ETag') as e_tag, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.IpCount') as ip_count, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CloudFront::AnycastIpList' + AND detail.data__TypeName = 'AWS::CloudFront::AnycastIpList' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AnycastIpList') as anycast_ip_list, + json_extract_path_text(Properties, 'ETag') as e_tag, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'IpCount') as ip_count, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudFront::AnycastIpList' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AnycastIpList') as anycast_ip_list, + json_extract_path_text(detail.Properties, 'ETag') as e_tag, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'IpCount') as ip_count, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CloudFront::AnycastIpList' + AND detail.data__TypeName = 'AWS::CloudFront::AnycastIpList' + AND listing.region = 'us-east-1' + anycast_ip_lists_list_only: + name: anycast_ip_lists_list_only + id: aws.cloudfront.anycast_ip_lists_list_only + x-cfn-schema-name: AnycastIpList + x-cfn-type-name: AWS::CloudFront::AnycastIpList + x-identifiers: + - Id + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::AnycastIpList' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudFront::AnycastIpList' + AND region = 'us-east-1' + anycast_ip_list_tags: + name: anycast_ip_list_tags + id: aws.cloudfront.anycast_ip_list_tags + x-cfn-schema-name: AnycastIpList + x-cfn-type-name: AWS::CloudFront::AnycastIpList + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AnycastIpList') as anycast_ip_list, + JSON_EXTRACT(detail.Properties, '$.ETag') as e_tag, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.IpCount') as ip_count, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::CloudFront::AnycastIpList' + AND detail.data__TypeName = 'AWS::CloudFront::AnycastIpList' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AnycastIpList') as anycast_ip_list, + json_extract_path_text(detail.Properties, 'ETag') as e_tag, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'IpCount') as ip_count, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::CloudFront::AnycastIpList' + AND detail.data__TypeName = 'AWS::CloudFront::AnycastIpList' + AND listing.region = 'us-east-1' cache_policies: name: cache_policies id: aws.cloudfront.cache_policies @@ -4882,6 +5640,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' description: Success + /?Action=CreateResource&Version=2021-09-30&__AnycastIpList&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateAnycastIpList + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateAnycastIpListRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__CachePolicy&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/cloudtrail.yaml b/providers/src/aws/v00.00.00000/services/cloudtrail.yaml index eaddc47a..bda8f940 100644 --- a/providers/src/aws/v00.00.00000/services/cloudtrail.yaml +++ b/providers/src/aws/v00.00.00000/services/cloudtrail.yaml @@ -425,15 +425,15 @@ components: pattern: (^[a-zA-Z0-9._\-]+$) Tag: description: An arbitrary set of tags (key-value pairs) for this trail. - type: object additionalProperties: false + type: object properties: - Key: - description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' - type: string Value: description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' type: string + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string required: - Value - Key @@ -500,109 +500,276 @@ components: - CloudTrail:DeleteChannel list: - CloudTrail:ListChannels + RefreshSchedule: + description: Configures the automatic refresh schedule for the dashboard. Includes the frequency unit (DAYS or HOURS) and value, as well as the status (ENABLED or DISABLED) of the refresh schedule. + type: object + additionalProperties: false + properties: + Frequency: + type: object + additionalProperties: false + properties: + Unit: + description: The frequency unit. Supported values are HOURS and DAYS. + type: string + enum: + - HOURS + - DAYS + Value: + description: The frequency value. + type: integer + required: + - Unit + - Value + TimeOfDay: + type: string + description: StartTime of the automatic schedule refresh. + pattern: ^[0-9]{2}:[0-9]{2} + Status: + type: string + description: The status of the schedule. Supported values are ENABLED and DISABLED. + enum: + - ENABLED + - DISABLED + required: [] + QueryParameter: + type: string + description: 'The value of the QueryParameter. Possible values: $StartTime$, $EndTime$, $Period$.' + minLength: 1 + maxLength: 1024 + pattern: .* + Widget: + description: The dashboard widget + type: object + additionalProperties: false + properties: + QueryStatement: + description: The SQL query statement on one or more event data stores. + type: string + minLength: 1 + maxLength: 10000 + pattern: (?s).* + QueryParameters: + description: 'The placeholder keys in the QueryStatement. For example: $StartTime$, $EndTime$, $Period$.' + type: array + items: + $ref: '#/components/schemas/QueryParameter' + minItems: 1 + maxItems: 10 + uniqueItems: false + x-insertionOrder: true + ViewProperties: + description: The view properties of the widget. + type: object + additionalProperties: false + x-patternProperties: + ^[a-zA-Z0-9._-]{3,128}$: + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9._\- ]+$ + required: + - QueryStatement + Dashboard: + type: object + properties: + Widgets: + description: List of widgets on the dashboard + type: array + items: + $ref: '#/components/schemas/Widget' + uniqueItems: true + x-insertionOrder: true + CreatedTimestamp: + description: The timestamp of the dashboard creation. + $ref: '#/components/schemas/Timestamp' + DashboardArn: + description: The ARN of the dashboard. + type: string + pattern: ^[a-zA-Z0-9._/\-:]+$ + RefreshSchedule: + description: Configures the automatic refresh schedule for the dashboard. Includes the frequency unit (DAYS or HOURS) and value, as well as the status (ENABLED or DISABLED) of the refresh schedule. + $ref: '#/components/schemas/RefreshSchedule' + Name: + description: The name of the dashboard. + type: string + pattern: ^[a-zA-Z0-9_\-]+$ + Status: + description: The status of the dashboard. Values are CREATING, CREATED, UPDATING, UPDATED and DELETING. + type: string + enum: + - CREATING + - CREATED + - UPDATING + - UPDATED + - DELETING + TerminationProtectionEnabled: + description: Indicates whether the dashboard is protected from termination. + type: boolean + Type: + description: The type of the dashboard. Values are CUSTOM and MANAGED. + type: string + enum: + - MANAGED + - CUSTOM + UpdatedTimestamp: + description: The timestamp showing when the dashboard was updated, if applicable. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp. + $ref: '#/components/schemas/Timestamp' + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: [] + x-stackql-resource-name: dashboard + description: The Amazon CloudTrail dashboard resource allows customers to manage managed dashboards and create custom dashboards. You can manually refresh custom and managed dashboards. For custom dashboards, you can also set up an automatic refresh schedule and modify dashboard widgets. + x-type-name: AWS::CloudTrail::Dashboard + x-stackql-primary-identifier: + - DashboardArn + x-read-only-properties: + - DashboardArn + - CreatedTimestamp + - UpdatedTimestamp + - Status + - Type + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - CloudTrail:AddTags + - CloudTrail:RemoveTags + - CloudTrail:ListTags + x-required-permissions: + create: + - CloudTrail:CreateDashboard + - CloudTrail:AddTags + - CloudTrail:StartQuery + - CloudTrail:StartDashboardRefresh + read: + - CloudTrail:GetDashboard + - CloudTrail:ListDashboards + - CloudTrail:ListTags + update: + - CloudTrail:UpdateDashboard + - CloudTrail:AddTags + - CloudTrail:RemoveTags + - CloudTrail:StartQuery + - CloudTrail:StartDashboardRefresh + delete: + - CloudTrail:DeleteDashboard + - CloudTrail:UpdateDashboard + list: + - CloudTrail:ListDashboards + - CloudTrail:GetDashboard + - CloudTrail:ListTags AdvancedFieldSelector: description: A single selector statement in an advanced event selector. - type: object additionalProperties: false + type: object properties: Field: + minLength: 1 + pattern: ([\w|\d|\.|_]+) description: A field in an event record on which to filter events to be logged. Supported fields include readOnly, eventCategory, eventSource (for management events), eventName, resources.type, and resources.ARN. type: string - pattern: ([\w|\d|\.|_]+) - minLength: 1 maxLength: 1000 Equals: - description: An operator that includes events that match the exact value of the event record field specified as the value of Field. This is the only valid operator that you can use with the readOnly, eventCategory, and resources.type fields. - type: array + minItems: 1 uniqueItems: true + description: An operator that includes events that match the exact value of the event record field specified as the value of Field. This is the only valid operator that you can use with the readOnly, eventCategory, and resources.type fields. x-insertionOrder: false - minItems: 1 + type: array items: - type: string - pattern: (.+) minLength: 1 + pattern: (.+) + type: string maxLength: 2048 - StartsWith: - description: An operator that includes events that match the first few characters of the event record field specified as the value of Field. - type: array + NotStartsWith: + minItems: 1 uniqueItems: true + description: An operator that excludes events that match the first few characters of the event record field specified as the value of Field. x-insertionOrder: false - minItems: 1 + type: array items: - type: string - pattern: (.+) minLength: 1 + pattern: (.+) + type: string maxLength: 2048 - EndsWith: - description: An operator that includes events that match the last few characters of the event record field specified as the value of Field. - type: array + NotEndsWith: + minItems: 1 uniqueItems: true + description: An operator that excludes events that match the last few characters of the event record field specified as the value of Field. x-insertionOrder: false - minItems: 1 + type: array items: - type: string - pattern: (.+) minLength: 1 + pattern: (.+) + type: string maxLength: 2048 - NotEquals: - description: An operator that excludes events that match the exact value of the event record field specified as the value of Field. - type: array + StartsWith: + minItems: 1 uniqueItems: true + description: An operator that includes events that match the first few characters of the event record field specified as the value of Field. x-insertionOrder: false - minItems: 1 + type: array items: - type: string - pattern: (.+) minLength: 1 + pattern: (.+) + type: string maxLength: 2048 - NotStartsWith: - description: An operator that excludes events that match the first few characters of the event record field specified as the value of Field. - type: array + EndsWith: + minItems: 1 uniqueItems: true + description: An operator that includes events that match the last few characters of the event record field specified as the value of Field. x-insertionOrder: false - minItems: 1 + type: array items: - type: string - pattern: (.+) minLength: 1 + pattern: (.+) + type: string maxLength: 2048 - NotEndsWith: - description: An operator that excludes events that match the last few characters of the event record field specified as the value of Field. - type: array + NotEquals: + minItems: 1 uniqueItems: true + description: An operator that excludes events that match the exact value of the event record field specified as the value of Field. x-insertionOrder: false - minItems: 1 + type: array items: - type: string - pattern: (.+) minLength: 1 + pattern: (.+) + type: string maxLength: 2048 required: - Field AdvancedEventSelector: description: Advanced event selectors let you create fine-grained selectors for the following AWS CloudTrail event record fields. They help you control costs by logging only those events that are important to you. - type: object additionalProperties: false + type: object properties: - Name: - description: An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets". - type: string - minLength: 1 - maxLength: 1000 FieldSelectors: - description: Contains all selector statements in an advanced event selector. - type: array + minItems: 1 uniqueItems: true + description: Contains all selector statements in an advanced event selector. x-insertionOrder: false - minItems: 1 + type: array items: $ref: '#/components/schemas/AdvancedFieldSelector' + Name: + minLength: 1 + description: An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets". + type: string + maxLength: 1000 required: - FieldSelectors InsightSelector: description: A string that contains insight types that are logged on a trail. - type: object additionalProperties: false + type: object properties: InsightType: description: The type of insight to log on a trail. @@ -781,34 +948,11 @@ components: - CloudTrail:GetResourcePolicy delete: - CloudTrail:DeleteResourcePolicy - DataResource: - description: CloudTrail supports data event logging for Amazon S3 objects and AWS Lambda functions. You can specify up to 250 resources for an individual event selector, but the total number of data resources cannot exceed 250 across all event selectors in a trail. This limit does not apply if you configure resource logging for all data events. - type: object - additionalProperties: false - properties: - Type: - description: The resource type in which you want to log data events. You can specify AWS::S3::Object or AWS::Lambda::Function resources. - type: string - Values: - description: An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified objects. - type: array - uniqueItems: true - x-insertionOrder: false - items: - type: string - required: - - Type EventSelector: description: The type of email sending events to publish to the event destination. - type: object additionalProperties: false + type: object properties: - DataResources: - type: array - uniqueItems: true - x-insertionOrder: false - items: - $ref: '#/components/schemas/DataResource' IncludeManagementEvents: description: Specify if you want your event selector to include management events for your trail. type: boolean @@ -820,91 +964,114 @@ components: - ReadOnly - WriteOnly ExcludeManagementEventSources: + uniqueItems: true description: An optional list of service event sources from which you do not want management events to be logged on your trail. In this release, the list can be empty (disables the filter), or it can filter out AWS Key Management Service events by containing "kms.amazonaws.com". By default, ExcludeManagementEventSources is empty, and AWS KMS events are included in events that are logged to your trail. + x-insertionOrder: false type: array + items: + type: string + DataResources: uniqueItems: true x-insertionOrder: false + type: array items: - type: string - Trail: + $ref: '#/components/schemas/DataResource' + DataResource: + description: CloudTrail supports data event logging for Amazon S3 objects and AWS Lambda functions. You can specify up to 250 resources for an individual event selector, but the total number of data resources cannot exceed 250 across all event selectors in a trail. This limit does not apply if you configure resource logging for all data events. + additionalProperties: false type: object properties: - CloudWatchLogsLogGroupArn: - description: Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn. - type: string - CloudWatchLogsRoleArn: - description: Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. + Type: + description: The resource type in which you want to log data events. You can specify AWS::S3::Object or AWS::Lambda::Function resources. type: string - EnableLogFileValidation: - description: Specifies whether log file validation is enabled. The default is false. - type: boolean - AdvancedEventSelectors: - description: The advanced event selectors that were used to select events for the data store. - type: array - items: - $ref: '#/components/schemas/AdvancedEventSelector' + Values: uniqueItems: true + description: An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified objects. x-insertionOrder: false + type: array + items: + type: string + required: + - Type + Trail: + type: object + properties: + IncludeGlobalServiceEvents: + description: Specifies whether the trail is publishing events from global services such as IAM to the log files. + type: boolean EventSelectors: + maxItems: 5 + uniqueItems: true description: >- Use event selectors to further specify the management and data event settings for your trail. By default, trails created without specific event selectors will be configured to log all read and write management events, and no data events. When an event occurs in your account, CloudTrail evaluates the event selector for all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail doesn't log the event. You can configure up to five event selectors for a trail. + x-insertionOrder: false type: array items: $ref: '#/components/schemas/EventSelector' - maxItems: 5 - uniqueItems: true - x-insertionOrder: false - IncludeGlobalServiceEvents: - description: Specifies whether the trail is publishing events from global services such as IAM to the log files. - type: boolean - IsLogging: - description: Whether the CloudTrail is currently logging AWS API calls. - type: boolean - IsMultiRegionTrail: - description: >- - Specifies whether the trail applies only to the current region or to all regions. The default is false. If the trail exists only in the current region and this value is set to true, shadow trails (replications of the trail) will be created in the other regions. If the trail exists in all regions and this value is set to false, the trail will remain in the region where it was created, and its shadow trails in other regions will be deleted. As a best practice, consider using trails - that log events in all regions. - type: boolean - IsOrganizationTrail: - description: Specifies whether the trail is created for all accounts in an organization in AWS Organizations, or only for the current AWS account. The default is false, and cannot be true unless the call is made on behalf of an AWS account that is the master account for an organization in AWS Organizations. - type: boolean KMSKeyId: description: Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by 'alias/', a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier. type: string - S3BucketName: - description: Specifies the name of the Amazon S3 bucket designated for publishing log files. See Amazon S3 Bucket Naming Requirements. + CloudWatchLogsRoleArn: + description: Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. type: string S3KeyPrefix: description: Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is 200 characters. type: string maxLength: 200 - SnsTopicName: - description: Specifies the name of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters. - type: string - maxLength: 256 - Tags: - type: array - uniqueItems: false + AdvancedEventSelectors: + uniqueItems: true + description: The advanced event selectors that were used to select events for the data store. x-insertionOrder: false + type: array items: - $ref: '#/components/schemas/Tag' + $ref: '#/components/schemas/AdvancedEventSelector' TrailName: - type: string - pattern: (^[a-zA-Z0-9]$)|(^[a-zA-Z0-9]([a-zA-Z0-9\._-])*[a-zA-Z0-9]$) minLength: 3 - maxLength: 128 - Arn: - type: string - SnsTopicArn: + pattern: (^[a-zA-Z0-9]$)|(^[a-zA-Z0-9]([a-zA-Z0-9\._-])*[a-zA-Z0-9]$) type: string + maxLength: 128 + IsOrganizationTrail: + description: Specifies whether the trail is created for all accounts in an organization in AWS Organizations, or only for the current AWS account. The default is false, and cannot be true unless the call is made on behalf of an AWS account that is the master account for an organization in AWS Organizations. + type: boolean InsightSelectors: + uniqueItems: true description: Lets you enable Insights event logging by specifying the Insights selectors that you want to enable on an existing trail. + x-insertionOrder: false type: array items: $ref: '#/components/schemas/InsightSelector' - uniqueItems: true + CloudWatchLogsLogGroupArn: + description: Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn. + type: string + SnsTopicName: + description: Specifies the name of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters. + type: string + maxLength: 256 + IsMultiRegionTrail: + description: >- + Specifies whether the trail applies only to the current region or to all regions. The default is false. If the trail exists only in the current region and this value is set to true, shadow trails (replications of the trail) will be created in the other regions. If the trail exists in all regions and this value is set to false, the trail will remain in the region where it was created, and its shadow trails in other regions will be deleted. As a best practice, consider using trails + that log events in all regions. + type: boolean + S3BucketName: + description: Specifies the name of the Amazon S3 bucket designated for publishing log files. See Amazon S3 Bucket Naming Requirements. + type: string + SnsTopicArn: + type: string + EnableLogFileValidation: + description: Specifies whether log file validation is enabled. The default is false. + type: boolean + Arn: + type: string + Tags: + uniqueItems: false x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + IsLogging: + description: Whether the CloudTrail is currently logging AWS API calls. + type: boolean required: - S3BucketName - IsLogging @@ -922,11 +1089,23 @@ components: - S3BucketName - IsLogging x-tagging: + permissions: + - CloudTrail:AddTags + - CloudTrail:RemoveTags + - CloudTrail:ListTags taggable: true tagOnCreate: true tagUpdatable: true + tagProperty: /properties/Tags cloudFormationSystemTags: false x-required-permissions: + read: + - CloudTrail:GetTrail + - CloudTrail:GetTrailStatus + - CloudTrail:ListTags + - CloudTrail:GetEventSelectors + - CloudTrail:GetInsightSelectors + - CloudTrail:DescribeTrails create: - CloudTrail:CreateTrail - CloudTrail:StartLogging @@ -938,13 +1117,6 @@ components: - iam:CreateServiceLinkedRole - organizations:DescribeOrganization - organizations:ListAWSServiceAccessForOrganization - read: - - CloudTrail:GetTrail - - CloudTrail:GetTrailStatus - - CloudTrail:ListTags - - CloudTrail:GetEventSelectors - - CloudTrail:GetInsightSelectors - - CloudTrail:DescribeTrails update: - CloudTrail:UpdateTrail - CloudTrail:StartLogging @@ -960,8 +1132,6 @@ components: - organizations:ListAWSServiceAccessForOrganization - CloudTrail:GetTrail - CloudTrail:DescribeTrails - delete: - - CloudTrail:DeleteTrail list: - CloudTrail:ListTrails - CloudTrail:GetTrail @@ -970,6 +1140,8 @@ components: - CloudTrail:GetEventSelectors - CloudTrail:GetInsightSelectors - CloudTrail:DescribeTrails + delete: + - CloudTrail:DeleteTrail CreateChannelRequest: properties: ClientToken: @@ -1012,6 +1184,71 @@ components: x-title: CreateChannelRequest type: object required: [] + CreateDashboardRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Widgets: + description: List of widgets on the dashboard + type: array + items: + $ref: '#/components/schemas/Widget' + uniqueItems: true + x-insertionOrder: true + CreatedTimestamp: + description: The timestamp of the dashboard creation. + $ref: '#/components/schemas/Timestamp' + DashboardArn: + description: The ARN of the dashboard. + type: string + pattern: ^[a-zA-Z0-9._/\-:]+$ + RefreshSchedule: + description: Configures the automatic refresh schedule for the dashboard. Includes the frequency unit (DAYS or HOURS) and value, as well as the status (ENABLED or DISABLED) of the refresh schedule. + $ref: '#/components/schemas/RefreshSchedule' + Name: + description: The name of the dashboard. + type: string + pattern: ^[a-zA-Z0-9_\-]+$ + Status: + description: The status of the dashboard. Values are CREATING, CREATED, UPDATING, UPDATED and DELETING. + type: string + enum: + - CREATING + - CREATED + - UPDATING + - UPDATED + - DELETING + TerminationProtectionEnabled: + description: Indicates whether the dashboard is protected from termination. + type: boolean + Type: + description: The type of the dashboard. Values are CUSTOM and MANAGED. + type: string + enum: + - MANAGED + - CUSTOM + UpdatedTimestamp: + description: The timestamp showing when the dashboard was updated, if applicable. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp. + $ref: '#/components/schemas/Timestamp' + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateDashboardRequest + type: object + required: [] CreateEventDataStoreRequest: properties: ClientToken: @@ -1130,82 +1367,82 @@ components: DesiredState: type: object properties: - CloudWatchLogsLogGroupArn: - description: Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn. + IncludeGlobalServiceEvents: + description: Specifies whether the trail is publishing events from global services such as IAM to the log files. + type: boolean + EventSelectors: + maxItems: 5 + uniqueItems: true + description: >- + Use event selectors to further specify the management and data event settings for your trail. By default, trails created without specific event selectors will be configured to log all read and write management events, and no data events. When an event occurs in your account, CloudTrail evaluates the event selector for all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the + trail doesn't log the event. You can configure up to five event selectors for a trail. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/EventSelector' + KMSKeyId: + description: Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by 'alias/', a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier. type: string CloudWatchLogsRoleArn: description: Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. type: string - EnableLogFileValidation: - description: Specifies whether log file validation is enabled. The default is false. - type: boolean + S3KeyPrefix: + description: Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is 200 characters. + type: string + maxLength: 200 AdvancedEventSelectors: + uniqueItems: true description: The advanced event selectors that were used to select events for the data store. + x-insertionOrder: false type: array items: $ref: '#/components/schemas/AdvancedEventSelector' + TrailName: + minLength: 3 + pattern: (^[a-zA-Z0-9]$)|(^[a-zA-Z0-9]([a-zA-Z0-9\._-])*[a-zA-Z0-9]$) + type: string + maxLength: 128 + IsOrganizationTrail: + description: Specifies whether the trail is created for all accounts in an organization in AWS Organizations, or only for the current AWS account. The default is false, and cannot be true unless the call is made on behalf of an AWS account that is the master account for an organization in AWS Organizations. + type: boolean + InsightSelectors: uniqueItems: true + description: Lets you enable Insights event logging by specifying the Insights selectors that you want to enable on an existing trail. x-insertionOrder: false - EventSelectors: - description: >- - Use event selectors to further specify the management and data event settings for your trail. By default, trails created without specific event selectors will be configured to log all read and write management events, and no data events. When an event occurs in your account, CloudTrail evaluates the event selector for all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the - trail doesn't log the event. You can configure up to five event selectors for a trail. type: array items: - $ref: '#/components/schemas/EventSelector' - maxItems: 5 - uniqueItems: true - x-insertionOrder: false - IncludeGlobalServiceEvents: - description: Specifies whether the trail is publishing events from global services such as IAM to the log files. - type: boolean - IsLogging: - description: Whether the CloudTrail is currently logging AWS API calls. - type: boolean + $ref: '#/components/schemas/InsightSelector' + CloudWatchLogsLogGroupArn: + description: Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn. + type: string + SnsTopicName: + description: Specifies the name of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters. + type: string + maxLength: 256 IsMultiRegionTrail: description: >- Specifies whether the trail applies only to the current region or to all regions. The default is false. If the trail exists only in the current region and this value is set to true, shadow trails (replications of the trail) will be created in the other regions. If the trail exists in all regions and this value is set to false, the trail will remain in the region where it was created, and its shadow trails in other regions will be deleted. As a best practice, consider using trails that log events in all regions. type: boolean - IsOrganizationTrail: - description: Specifies whether the trail is created for all accounts in an organization in AWS Organizations, or only for the current AWS account. The default is false, and cannot be true unless the call is made on behalf of an AWS account that is the master account for an organization in AWS Organizations. - type: boolean - KMSKeyId: - description: Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by 'alias/', a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier. - type: string S3BucketName: description: Specifies the name of the Amazon S3 bucket designated for publishing log files. See Amazon S3 Bucket Naming Requirements. type: string - S3KeyPrefix: - description: Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is 200 characters. + SnsTopicArn: type: string - maxLength: 200 - SnsTopicName: - description: Specifies the name of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters. + EnableLogFileValidation: + description: Specifies whether log file validation is enabled. The default is false. + type: boolean + Arn: type: string - maxLength: 256 Tags: - type: array uniqueItems: false x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - TrailName: - type: string - pattern: (^[a-zA-Z0-9]$)|(^[a-zA-Z0-9]([a-zA-Z0-9\._-])*[a-zA-Z0-9]$) - minLength: 3 - maxLength: 128 - Arn: - type: string - SnsTopicArn: - type: string - InsightSelectors: - description: Lets you enable Insights event logging by specifying the Insights selectors that you want to enable on an existing trail. type: array items: - $ref: '#/components/schemas/InsightSelector' - uniqueItems: true - x-insertionOrder: false + $ref: '#/components/schemas/Tag' + IsLogging: + description: Whether the CloudTrail is currently logging AWS API calls. + type: boolean x-stackQL-stringOnly: true x-title: CreateTrailRequest type: object @@ -1224,7 +1461,208 @@ components: x-cfn-schema-name: Channel x-cfn-type-name: AWS::CloudTrail::Channel x-identifiers: - - ChannelArn + - ChannelArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Channel&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudTrail::Channel" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudTrail::Channel" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudTrail::Channel" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/channels/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/channels/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/channels/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.Destinations') as destinations, + JSON_EXTRACT(Properties, '$.ChannelArn') as channel_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::Channel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Source') as source, + JSON_EXTRACT(detail.Properties, '$.Destinations') as destinations, + JSON_EXTRACT(detail.Properties, '$.ChannelArn') as channel_arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CloudTrail::Channel' + AND detail.data__TypeName = 'AWS::CloudTrail::Channel' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'Destinations') as destinations, + json_extract_path_text(Properties, 'ChannelArn') as channel_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::Channel' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Source') as source, + json_extract_path_text(detail.Properties, 'Destinations') as destinations, + json_extract_path_text(detail.Properties, 'ChannelArn') as channel_arn, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CloudTrail::Channel' + AND detail.data__TypeName = 'AWS::CloudTrail::Channel' + AND listing.region = 'us-east-1' + channels_list_only: + name: channels_list_only + id: aws.cloudtrail.channels_list_only + x-cfn-schema-name: Channel + x-cfn-type-name: AWS::CloudTrail::Channel + x-identifiers: + - ChannelArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ChannelArn') as channel_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudTrail::Channel' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ChannelArn') as channel_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudTrail::Channel' + AND region = 'us-east-1' + channel_tags: + name: channel_tags + id: aws.cloudtrail.channel_tags + x-cfn-schema-name: Channel + x-cfn-type-name: AWS::CloudTrail::Channel + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Source') as source, + JSON_EXTRACT(detail.Properties, '$.Destinations') as destinations, + JSON_EXTRACT(detail.Properties, '$.ChannelArn') as channel_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::CloudTrail::Channel' + AND detail.data__TypeName = 'AWS::CloudTrail::Channel' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Source') as source, + json_extract_path_text(detail.Properties, 'Destinations') as destinations, + json_extract_path_text(detail.Properties, 'ChannelArn') as channel_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::CloudTrail::Channel' + AND detail.data__TypeName = 'AWS::CloudTrail::Channel' + AND listing.region = 'us-east-1' + dashboards: + name: dashboards + id: aws.cloudtrail.dashboards + x-cfn-schema-name: Dashboard + x-cfn-type-name: AWS::CloudTrail::Dashboard + x-identifiers: + - DashboardArn x-type: cloud_control methods: create_resource: @@ -1232,12 +1670,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Channel&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Dashboard&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CloudTrail::Channel" + "TypeName": "AWS::CloudTrail::Dashboard" } response: mediaType: application/json @@ -1249,7 +1687,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CloudTrail::Channel" + "TypeName": "AWS::CloudTrail::Dashboard" } response: mediaType: application/json @@ -1261,18 +1699,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::CloudTrail::Channel" + "TypeName": "AWS::CloudTrail::Dashboard" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/channels/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/dashboards/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/channels/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/dashboards/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/channels/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/dashboards/methods/update_resource' config: views: select: @@ -1281,30 +1719,40 @@ components: SELECT region, data__Identifier, + JSON_EXTRACT(Properties, '$.Widgets') as widgets, + JSON_EXTRACT(Properties, '$.CreatedTimestamp') as created_timestamp, + JSON_EXTRACT(Properties, '$.DashboardArn') as dashboard_arn, + JSON_EXTRACT(Properties, '$.RefreshSchedule') as refresh_schedule, JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.Source') as source, - JSON_EXTRACT(Properties, '$.Destinations') as destinations, - JSON_EXTRACT(Properties, '$.ChannelArn') as channel_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.TerminationProtectionEnabled') as termination_protection_enabled, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.UpdatedTimestamp') as updated_timestamp, JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::Channel' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::Dashboard' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, + JSON_EXTRACT(detail.Properties, '$.Widgets') as widgets, + JSON_EXTRACT(detail.Properties, '$.CreatedTimestamp') as created_timestamp, + JSON_EXTRACT(detail.Properties, '$.DashboardArn') as dashboard_arn, + JSON_EXTRACT(detail.Properties, '$.RefreshSchedule') as refresh_schedule, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Source') as source, - JSON_EXTRACT(detail.Properties, '$.Destinations') as destinations, - JSON_EXTRACT(detail.Properties, '$.ChannelArn') as channel_arn, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.TerminationProtectionEnabled') as termination_protection_enabled, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.UpdatedTimestamp') as updated_timestamp, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::CloudTrail::Channel' - AND detail.data__TypeName = 'AWS::CloudTrail::Channel' + WHERE listing.data__TypeName = 'AWS::CloudTrail::Dashboard' + AND detail.data__TypeName = 'AWS::CloudTrail::Dashboard' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -1312,38 +1760,48 @@ components: SELECT region, data__Identifier, + json_extract_path_text(Properties, 'Widgets') as widgets, + json_extract_path_text(Properties, 'CreatedTimestamp') as created_timestamp, + json_extract_path_text(Properties, 'DashboardArn') as dashboard_arn, + json_extract_path_text(Properties, 'RefreshSchedule') as refresh_schedule, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'Source') as source, - json_extract_path_text(Properties, 'Destinations') as destinations, - json_extract_path_text(Properties, 'ChannelArn') as channel_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'TerminationProtectionEnabled') as termination_protection_enabled, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'UpdatedTimestamp') as updated_timestamp, json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::Channel' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::Dashboard' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, + json_extract_path_text(detail.Properties, 'Widgets') as widgets, + json_extract_path_text(detail.Properties, 'CreatedTimestamp') as created_timestamp, + json_extract_path_text(detail.Properties, 'DashboardArn') as dashboard_arn, + json_extract_path_text(detail.Properties, 'RefreshSchedule') as refresh_schedule, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Source') as source, - json_extract_path_text(detail.Properties, 'Destinations') as destinations, - json_extract_path_text(detail.Properties, 'ChannelArn') as channel_arn, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'TerminationProtectionEnabled') as termination_protection_enabled, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'UpdatedTimestamp') as updated_timestamp, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::CloudTrail::Channel' - AND detail.data__TypeName = 'AWS::CloudTrail::Channel' + WHERE listing.data__TypeName = 'AWS::CloudTrail::Dashboard' + AND detail.data__TypeName = 'AWS::CloudTrail::Dashboard' AND listing.region = 'us-east-1' - channels_list_only: - name: channels_list_only - id: aws.cloudtrail.channels_list_only - x-cfn-schema-name: Channel - x-cfn-type-name: AWS::CloudTrail::Channel + dashboards_list_only: + name: dashboards_list_only + id: aws.cloudtrail.dashboards_list_only + x-cfn-schema-name: Dashboard + x-cfn-type-name: AWS::CloudTrail::Dashboard x-identifiers: - - ChannelArn + - DashboardArn x-type: cloud_control_view methods: {} sqlVerbs: @@ -1357,22 +1815,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.ChannelArn') as channel_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudTrail::Channel' + JSON_EXTRACT(Properties, '$.DashboardArn') as dashboard_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudTrail::Dashboard' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'ChannelArn') as channel_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudTrail::Channel' + json_extract_path_text(Properties, 'DashboardArn') as dashboard_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudTrail::Dashboard' AND region = 'us-east-1' - channel_tags: - name: channel_tags - id: aws.cloudtrail.channel_tags - x-cfn-schema-name: Channel - x-cfn-type-name: AWS::CloudTrail::Channel + dashboard_tags: + name: dashboard_tags + id: aws.cloudtrail.dashboard_tags + x-cfn-schema-name: Dashboard + x-cfn-type-name: AWS::CloudTrail::Dashboard x-type: cloud_control_view methods: {} sqlVerbs: @@ -1388,17 +1846,22 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Widgets') as widgets, + JSON_EXTRACT(detail.Properties, '$.CreatedTimestamp') as created_timestamp, + JSON_EXTRACT(detail.Properties, '$.DashboardArn') as dashboard_arn, + JSON_EXTRACT(detail.Properties, '$.RefreshSchedule') as refresh_schedule, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Source') as source, - JSON_EXTRACT(detail.Properties, '$.Destinations') as destinations, - JSON_EXTRACT(detail.Properties, '$.ChannelArn') as channel_arn + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.TerminationProtectionEnabled') as termination_protection_enabled, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.UpdatedTimestamp') as updated_timestamp FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::CloudTrail::Channel' - AND detail.data__TypeName = 'AWS::CloudTrail::Channel' + WHERE listing.data__TypeName = 'AWS::CloudTrail::Dashboard' + AND detail.data__TypeName = 'AWS::CloudTrail::Dashboard' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -1407,17 +1870,22 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Widgets') as widgets, + json_extract_path_text(detail.Properties, 'CreatedTimestamp') as created_timestamp, + json_extract_path_text(detail.Properties, 'DashboardArn') as dashboard_arn, + json_extract_path_text(detail.Properties, 'RefreshSchedule') as refresh_schedule, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Source') as source, - json_extract_path_text(detail.Properties, 'Destinations') as destinations, - json_extract_path_text(detail.Properties, 'ChannelArn') as channel_arn + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'TerminationProtectionEnabled') as termination_protection_enabled, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'UpdatedTimestamp') as updated_timestamp FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::CloudTrail::Channel' - AND detail.data__TypeName = 'AWS::CloudTrail::Channel' + WHERE listing.data__TypeName = 'AWS::CloudTrail::Dashboard' + AND detail.data__TypeName = 'AWS::CloudTrail::Dashboard' AND listing.region = 'us-east-1' event_data_stores: name: event_data_stores @@ -1840,24 +2308,24 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, - JSON_EXTRACT(Properties, '$.CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, - JSON_EXTRACT(Properties, '$.EnableLogFileValidation') as enable_log_file_validation, - JSON_EXTRACT(Properties, '$.AdvancedEventSelectors') as advanced_event_selectors, - JSON_EXTRACT(Properties, '$.EventSelectors') as event_selectors, JSON_EXTRACT(Properties, '$.IncludeGlobalServiceEvents') as include_global_service_events, - JSON_EXTRACT(Properties, '$.IsLogging') as is_logging, - JSON_EXTRACT(Properties, '$.IsMultiRegionTrail') as is_multi_region_trail, - JSON_EXTRACT(Properties, '$.IsOrganizationTrail') as is_organization_trail, + JSON_EXTRACT(Properties, '$.EventSelectors') as event_selectors, JSON_EXTRACT(Properties, '$.KMSKeyId') as kms_key_id, - JSON_EXTRACT(Properties, '$.S3BucketName') as s3_bucket_name, + JSON_EXTRACT(Properties, '$.CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, JSON_EXTRACT(Properties, '$.S3KeyPrefix') as s3_key_prefix, - JSON_EXTRACT(Properties, '$.SnsTopicName') as sns_topic_name, - JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AdvancedEventSelectors') as advanced_event_selectors, JSON_EXTRACT(Properties, '$.TrailName') as trail_name, - JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.IsOrganizationTrail') as is_organization_trail, + JSON_EXTRACT(Properties, '$.InsightSelectors') as insight_selectors, + JSON_EXTRACT(Properties, '$.CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, + JSON_EXTRACT(Properties, '$.SnsTopicName') as sns_topic_name, + JSON_EXTRACT(Properties, '$.IsMultiRegionTrail') as is_multi_region_trail, + JSON_EXTRACT(Properties, '$.S3BucketName') as s3_bucket_name, JSON_EXTRACT(Properties, '$.SnsTopicArn') as sns_topic_arn, - JSON_EXTRACT(Properties, '$.InsightSelectors') as insight_selectors + JSON_EXTRACT(Properties, '$.EnableLogFileValidation') as enable_log_file_validation, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.IsLogging') as is_logging FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::Trail' AND data__Identifier = '' AND region = 'us-east-1' @@ -1866,24 +2334,24 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, - JSON_EXTRACT(detail.Properties, '$.CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, - JSON_EXTRACT(detail.Properties, '$.EnableLogFileValidation') as enable_log_file_validation, - JSON_EXTRACT(detail.Properties, '$.AdvancedEventSelectors') as advanced_event_selectors, - JSON_EXTRACT(detail.Properties, '$.EventSelectors') as event_selectors, JSON_EXTRACT(detail.Properties, '$.IncludeGlobalServiceEvents') as include_global_service_events, - JSON_EXTRACT(detail.Properties, '$.IsLogging') as is_logging, - JSON_EXTRACT(detail.Properties, '$.IsMultiRegionTrail') as is_multi_region_trail, - JSON_EXTRACT(detail.Properties, '$.IsOrganizationTrail') as is_organization_trail, + JSON_EXTRACT(detail.Properties, '$.EventSelectors') as event_selectors, JSON_EXTRACT(detail.Properties, '$.KMSKeyId') as kms_key_id, - JSON_EXTRACT(detail.Properties, '$.S3BucketName') as s3_bucket_name, + JSON_EXTRACT(detail.Properties, '$.CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, JSON_EXTRACT(detail.Properties, '$.S3KeyPrefix') as s3_key_prefix, - JSON_EXTRACT(detail.Properties, '$.SnsTopicName') as sns_topic_name, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.AdvancedEventSelectors') as advanced_event_selectors, JSON_EXTRACT(detail.Properties, '$.TrailName') as trail_name, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.IsOrganizationTrail') as is_organization_trail, + JSON_EXTRACT(detail.Properties, '$.InsightSelectors') as insight_selectors, + JSON_EXTRACT(detail.Properties, '$.CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, + JSON_EXTRACT(detail.Properties, '$.SnsTopicName') as sns_topic_name, + JSON_EXTRACT(detail.Properties, '$.IsMultiRegionTrail') as is_multi_region_trail, + JSON_EXTRACT(detail.Properties, '$.S3BucketName') as s3_bucket_name, JSON_EXTRACT(detail.Properties, '$.SnsTopicArn') as sns_topic_arn, - JSON_EXTRACT(detail.Properties, '$.InsightSelectors') as insight_selectors + JSON_EXTRACT(detail.Properties, '$.EnableLogFileValidation') as enable_log_file_validation, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.IsLogging') as is_logging FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1897,24 +2365,24 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, - json_extract_path_text(Properties, 'CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, - json_extract_path_text(Properties, 'EnableLogFileValidation') as enable_log_file_validation, - json_extract_path_text(Properties, 'AdvancedEventSelectors') as advanced_event_selectors, - json_extract_path_text(Properties, 'EventSelectors') as event_selectors, json_extract_path_text(Properties, 'IncludeGlobalServiceEvents') as include_global_service_events, - json_extract_path_text(Properties, 'IsLogging') as is_logging, - json_extract_path_text(Properties, 'IsMultiRegionTrail') as is_multi_region_trail, - json_extract_path_text(Properties, 'IsOrganizationTrail') as is_organization_trail, + json_extract_path_text(Properties, 'EventSelectors') as event_selectors, json_extract_path_text(Properties, 'KMSKeyId') as kms_key_id, - json_extract_path_text(Properties, 'S3BucketName') as s3_bucket_name, + json_extract_path_text(Properties, 'CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, json_extract_path_text(Properties, 'S3KeyPrefix') as s3_key_prefix, - json_extract_path_text(Properties, 'SnsTopicName') as sns_topic_name, - json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AdvancedEventSelectors') as advanced_event_selectors, json_extract_path_text(Properties, 'TrailName') as trail_name, - json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'IsOrganizationTrail') as is_organization_trail, + json_extract_path_text(Properties, 'InsightSelectors') as insight_selectors, + json_extract_path_text(Properties, 'CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, + json_extract_path_text(Properties, 'SnsTopicName') as sns_topic_name, + json_extract_path_text(Properties, 'IsMultiRegionTrail') as is_multi_region_trail, + json_extract_path_text(Properties, 'S3BucketName') as s3_bucket_name, json_extract_path_text(Properties, 'SnsTopicArn') as sns_topic_arn, - json_extract_path_text(Properties, 'InsightSelectors') as insight_selectors + json_extract_path_text(Properties, 'EnableLogFileValidation') as enable_log_file_validation, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'IsLogging') as is_logging FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudTrail::Trail' AND data__Identifier = '' AND region = 'us-east-1' @@ -1923,24 +2391,24 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, - json_extract_path_text(detail.Properties, 'CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, - json_extract_path_text(detail.Properties, 'EnableLogFileValidation') as enable_log_file_validation, - json_extract_path_text(detail.Properties, 'AdvancedEventSelectors') as advanced_event_selectors, - json_extract_path_text(detail.Properties, 'EventSelectors') as event_selectors, json_extract_path_text(detail.Properties, 'IncludeGlobalServiceEvents') as include_global_service_events, - json_extract_path_text(detail.Properties, 'IsLogging') as is_logging, - json_extract_path_text(detail.Properties, 'IsMultiRegionTrail') as is_multi_region_trail, - json_extract_path_text(detail.Properties, 'IsOrganizationTrail') as is_organization_trail, + json_extract_path_text(detail.Properties, 'EventSelectors') as event_selectors, json_extract_path_text(detail.Properties, 'KMSKeyId') as kms_key_id, - json_extract_path_text(detail.Properties, 'S3BucketName') as s3_bucket_name, + json_extract_path_text(detail.Properties, 'CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, json_extract_path_text(detail.Properties, 'S3KeyPrefix') as s3_key_prefix, - json_extract_path_text(detail.Properties, 'SnsTopicName') as sns_topic_name, - json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'AdvancedEventSelectors') as advanced_event_selectors, json_extract_path_text(detail.Properties, 'TrailName') as trail_name, - json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'IsOrganizationTrail') as is_organization_trail, + json_extract_path_text(detail.Properties, 'InsightSelectors') as insight_selectors, + json_extract_path_text(detail.Properties, 'CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, + json_extract_path_text(detail.Properties, 'SnsTopicName') as sns_topic_name, + json_extract_path_text(detail.Properties, 'IsMultiRegionTrail') as is_multi_region_trail, + json_extract_path_text(detail.Properties, 'S3BucketName') as s3_bucket_name, json_extract_path_text(detail.Properties, 'SnsTopicArn') as sns_topic_arn, - json_extract_path_text(detail.Properties, 'InsightSelectors') as insight_selectors + json_extract_path_text(detail.Properties, 'EnableLogFileValidation') as enable_log_file_validation, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'IsLogging') as is_logging FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1999,23 +2467,23 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, - JSON_EXTRACT(detail.Properties, '$.CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, - JSON_EXTRACT(detail.Properties, '$.EnableLogFileValidation') as enable_log_file_validation, - JSON_EXTRACT(detail.Properties, '$.AdvancedEventSelectors') as advanced_event_selectors, - JSON_EXTRACT(detail.Properties, '$.EventSelectors') as event_selectors, JSON_EXTRACT(detail.Properties, '$.IncludeGlobalServiceEvents') as include_global_service_events, - JSON_EXTRACT(detail.Properties, '$.IsLogging') as is_logging, - JSON_EXTRACT(detail.Properties, '$.IsMultiRegionTrail') as is_multi_region_trail, - JSON_EXTRACT(detail.Properties, '$.IsOrganizationTrail') as is_organization_trail, + JSON_EXTRACT(detail.Properties, '$.EventSelectors') as event_selectors, JSON_EXTRACT(detail.Properties, '$.KMSKeyId') as kms_key_id, - JSON_EXTRACT(detail.Properties, '$.S3BucketName') as s3_bucket_name, + JSON_EXTRACT(detail.Properties, '$.CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, JSON_EXTRACT(detail.Properties, '$.S3KeyPrefix') as s3_key_prefix, - JSON_EXTRACT(detail.Properties, '$.SnsTopicName') as sns_topic_name, + JSON_EXTRACT(detail.Properties, '$.AdvancedEventSelectors') as advanced_event_selectors, JSON_EXTRACT(detail.Properties, '$.TrailName') as trail_name, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.IsOrganizationTrail') as is_organization_trail, + JSON_EXTRACT(detail.Properties, '$.InsightSelectors') as insight_selectors, + JSON_EXTRACT(detail.Properties, '$.CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, + JSON_EXTRACT(detail.Properties, '$.SnsTopicName') as sns_topic_name, + JSON_EXTRACT(detail.Properties, '$.IsMultiRegionTrail') as is_multi_region_trail, + JSON_EXTRACT(detail.Properties, '$.S3BucketName') as s3_bucket_name, JSON_EXTRACT(detail.Properties, '$.SnsTopicArn') as sns_topic_arn, - JSON_EXTRACT(detail.Properties, '$.InsightSelectors') as insight_selectors + JSON_EXTRACT(detail.Properties, '$.EnableLogFileValidation') as enable_log_file_validation, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.IsLogging') as is_logging FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2031,23 +2499,23 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, - json_extract_path_text(detail.Properties, 'CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, - json_extract_path_text(detail.Properties, 'EnableLogFileValidation') as enable_log_file_validation, - json_extract_path_text(detail.Properties, 'AdvancedEventSelectors') as advanced_event_selectors, - json_extract_path_text(detail.Properties, 'EventSelectors') as event_selectors, json_extract_path_text(detail.Properties, 'IncludeGlobalServiceEvents') as include_global_service_events, - json_extract_path_text(detail.Properties, 'IsLogging') as is_logging, - json_extract_path_text(detail.Properties, 'IsMultiRegionTrail') as is_multi_region_trail, - json_extract_path_text(detail.Properties, 'IsOrganizationTrail') as is_organization_trail, + json_extract_path_text(detail.Properties, 'EventSelectors') as event_selectors, json_extract_path_text(detail.Properties, 'KMSKeyId') as kms_key_id, - json_extract_path_text(detail.Properties, 'S3BucketName') as s3_bucket_name, + json_extract_path_text(detail.Properties, 'CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, json_extract_path_text(detail.Properties, 'S3KeyPrefix') as s3_key_prefix, - json_extract_path_text(detail.Properties, 'SnsTopicName') as sns_topic_name, + json_extract_path_text(detail.Properties, 'AdvancedEventSelectors') as advanced_event_selectors, json_extract_path_text(detail.Properties, 'TrailName') as trail_name, - json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'IsOrganizationTrail') as is_organization_trail, + json_extract_path_text(detail.Properties, 'InsightSelectors') as insight_selectors, + json_extract_path_text(detail.Properties, 'CloudWatchLogsLogGroupArn') as cloud_watch_logs_log_group_arn, + json_extract_path_text(detail.Properties, 'SnsTopicName') as sns_topic_name, + json_extract_path_text(detail.Properties, 'IsMultiRegionTrail') as is_multi_region_trail, + json_extract_path_text(detail.Properties, 'S3BucketName') as s3_bucket_name, json_extract_path_text(detail.Properties, 'SnsTopicArn') as sns_topic_arn, - json_extract_path_text(detail.Properties, 'InsightSelectors') as insight_selectors + json_extract_path_text(detail.Properties, 'EnableLogFileValidation') as enable_log_file_validation, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'IsLogging') as is_logging FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2241,6 +2709,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Dashboard&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDashboard + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDashboardRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__EventDataStore&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/cloudwatch.yaml b/providers/src/aws/v00.00.00000/services/cloudwatch.yaml index 19138a03..998c2b4f 100644 --- a/providers/src/aws/v00.00.00000/services/cloudwatch.yaml +++ b/providers/src/aws/v00.00.00000/services/cloudwatch.yaml @@ -905,7 +905,7 @@ components: Value: description: String which you can use to describe or define the tag. type: string - minLength: 1 + minLength: 0 maxLength: 256 required: - Key @@ -944,7 +944,7 @@ components: description: |- The period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric. Valid values are 10, 30, 60, and any multiple of 60. For an alarm based on a math expression, you can't specify ``Period``, and instead you use the ``Metrics`` parameter. - *Minimum:* 10 + *Minimum:* 10 type: integer EvaluationPeriods: description: |- @@ -1020,7 +1020,9 @@ components: description: The value to compare with the specified statistic. type: number Tags: - description: '' + description: |- + A list of key-value pairs to associate with the alarm. You can associate as many as 50 tags with an alarm. To be able to associate tags with the alarm when you create the alarm, you must have the ``cloudwatch:TagResource`` permission. + Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values. type: array maxItems: 50 uniqueItems: true @@ -1050,6 +1052,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - cloudwatch:TagResource + - cloudwatch:UntagResource + - cloudwatch:ListTagsForResource x-required-permissions: create: - cloudwatch:PutMetricAlarm @@ -1165,6 +1171,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - cloudwatch:TagResource + - cloudwatch:UntagResource + - cloudwatch:ListTagsForResource x-required-permissions: create: - cloudwatch:DescribeAlarms @@ -1183,6 +1193,44 @@ components: - cloudwatch:DeleteAlarms list: - cloudwatch:DescribeAlarms + Dashboard: + type: object + properties: + DashboardName: + type: string + description: The name of the dashboard. The name must be between 1 and 255 characters. If you do not specify a name, one will be generated automatically. + DashboardBody: + type: string + description: The detailed information about the dashboard in JSON format, including the widgets to include and their location on the dashboard + required: + - DashboardBody + x-stackql-resource-name: dashboard + description: Resource Type definition for AWS::CloudWatch::Dashboard + x-type-name: AWS::CloudWatch::Dashboard + x-stackql-primary-identifier: + - DashboardName + x-create-only-properties: + - DashboardName + x-required-properties: + - DashboardBody + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cloudwatch:PutDashboard + - cloudwatch:GetDashboard + read: + - cloudwatch:GetDashboard + update: + - cloudwatch:PutDashboard + delete: + - cloudwatch:DeleteDashboards + - cloudwatch:GetDashboard + list: + - cloudwatch:ListDashboards MetricStreamFilter: description: This structure defines the metrics that will be streamed. type: object @@ -1319,10 +1367,6 @@ components: IncludeLinkedAccountsMetrics: description: If you are creating a metric stream in a monitoring account, specify true to include metrics from source accounts that are linked to this monitoring account, in the metric stream. The default is false. type: boolean - required: - - FirehoseArn - - RoleArn - - OutputFormat x-stackql-resource-name: metric_stream description: Resource Type definition for Metric Stream x-type-name: AWS::CloudWatch::MetricStream @@ -1337,10 +1381,6 @@ components: - CreationDate - LastUpdateDate - State - x-required-properties: - - FirehoseArn - - RoleArn - - OutputFormat x-taggable: true x-required-permissions: create: @@ -1405,7 +1445,7 @@ components: description: |- The period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric. Valid values are 10, 30, 60, and any multiple of 60. For an alarm based on a math expression, you can't specify ``Period``, and instead you use the ``Metrics`` parameter. - *Minimum:* 10 + *Minimum:* 10 type: integer EvaluationPeriods: description: |- @@ -1481,7 +1521,9 @@ components: description: The value to compare with the specified statistic. type: number Tags: - description: '' + description: |- + A list of key-value pairs to associate with the alarm. You can associate as many as 50 tags with an alarm. To be able to associate tags with the alarm when you create the alarm, you must have the ``cloudwatch:TagResource`` permission. + Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values. type: array maxItems: 50 uniqueItems: true @@ -1578,6 +1620,29 @@ components: x-title: CreateCompositeAlarmRequest type: object required: [] + CreateDashboardRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DashboardName: + type: string + description: The name of the dashboard. The name must be between 1 and 255 characters. If you do not specify a name, one will be generated automatically. + DashboardBody: + type: string + description: The detailed information about the dashboard in JSON format, including the widgets to include and their location on the dashboard + x-stackQL-stringOnly: true + x-title: CreateDashboardRequest + type: object + required: [] CreateMetricStreamRequest: properties: ClientToken: @@ -2340,6 +2405,144 @@ components: WHERE listing.data__TypeName = 'AWS::CloudWatch::CompositeAlarm' AND detail.data__TypeName = 'AWS::CloudWatch::CompositeAlarm' AND listing.region = 'us-east-1' + dashboards: + name: dashboards + id: aws.cloudwatch.dashboards + x-cfn-schema-name: Dashboard + x-cfn-type-name: AWS::CloudWatch::Dashboard + x-identifiers: + - DashboardName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Dashboard&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudWatch::Dashboard" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudWatch::Dashboard" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CloudWatch::Dashboard" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/dashboards/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/dashboards/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/dashboards/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DashboardName') as dashboard_name, + JSON_EXTRACT(Properties, '$.DashboardBody') as dashboard_body + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudWatch::Dashboard' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.DashboardName') as dashboard_name, + JSON_EXTRACT(detail.Properties, '$.DashboardBody') as dashboard_body + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CloudWatch::Dashboard' + AND detail.data__TypeName = 'AWS::CloudWatch::Dashboard' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DashboardName') as dashboard_name, + json_extract_path_text(Properties, 'DashboardBody') as dashboard_body + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CloudWatch::Dashboard' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'DashboardName') as dashboard_name, + json_extract_path_text(detail.Properties, 'DashboardBody') as dashboard_body + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CloudWatch::Dashboard' + AND detail.data__TypeName = 'AWS::CloudWatch::Dashboard' + AND listing.region = 'us-east-1' + dashboards_list_only: + name: dashboards_list_only + id: aws.cloudwatch.dashboards_list_only + x-cfn-schema-name: Dashboard + x-cfn-type-name: AWS::CloudWatch::Dashboard + x-identifiers: + - DashboardName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DashboardName') as dashboard_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudWatch::Dashboard' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DashboardName') as dashboard_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CloudWatch::Dashboard' + AND region = 'us-east-1' metric_streams: name: metric_streams id: aws.cloudwatch.metric_streams @@ -2816,6 +3019,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Dashboard&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDashboard + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDashboardRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__MetricStream&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/codeartifact.yaml b/providers/src/aws/v00.00.00000/services/codeartifact.yaml index 961a4b92..f5e4bfcc 100644 --- a/providers/src/aws/v00.00.00000/services/codeartifact.yaml +++ b/providers/src/aws/v00.00.00000/services/codeartifact.yaml @@ -463,6 +463,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - codeartifact:ListTagsForResource + - codeartifact:UntagResource + - codeartifact:TagResource x-required-permissions: create: - codeartifact:CreateDomain @@ -470,16 +474,19 @@ components: - codeartifact:PutDomainPermissionsPolicy - codeartifact:GetDomainPermissionsPolicy - codeartifact:TagResource + - codeartifact:ListTagsForResource read: - codeartifact:DescribeDomain - codeartifact:GetDomainPermissionsPolicy - codeartifact:ListTagsForResource update: + - codeartifact:DescribeDomain - codeartifact:PutDomainPermissionsPolicy - codeartifact:DeleteDomainPermissionsPolicy - codeartifact:GetDomainPermissionsPolicy - codeartifact:TagResource - codeartifact:UntagResource + - codeartifact:ListTagsForResource delete: - codeartifact:DeleteDomain - codeartifact:DescribeDomain @@ -590,6 +597,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - codeartifact:ListTagsForResource + - codeartifact:UntagResource + - codeartifact:TagResource x-required-permissions: create: - codeartifact:CreatePackageGroup @@ -695,20 +706,27 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - codeartifact:ListTagsForResource + - codeartifact:UntagResource + - codeartifact:TagResource x-required-permissions: create: - codeartifact:CreateRepository - codeartifact:DescribeRepository - codeartifact:PutRepositoryPermissionsPolicy + - codeartifact:GetRepositoryPermissionsPolicy - codeartifact:AssociateExternalConnection - codeartifact:AssociateWithDownstreamRepository - codeartifact:TagResource + - codeartifact:ListTagsForResource read: - codeartifact:DescribeRepository - codeartifact:GetRepositoryPermissionsPolicy - codeartifact:ListTagsForResource update: - codeartifact:PutRepositoryPermissionsPolicy + - codeartifact:GetRepositoryPermissionsPolicy - codeartifact:DeleteRepositoryPermissionsPolicy - codeartifact:AssociateExternalConnection - codeartifact:DisassociateExternalConnection @@ -717,6 +735,7 @@ components: - codeartifact:AssociateWithDownstreamRepository - codeartifact:TagResource - codeartifact:UntagResource + - codeartifact:ListTagsForResource delete: - codeartifact:DeleteRepository - codeartifact:DescribeRepository diff --git a/providers/src/aws/v00.00.00000/services/codebuild.yaml b/providers/src/aws/v00.00.00000/services/codebuild.yaml index 29494552..6255bb7d 100644 --- a/providers/src/aws/v00.00.00000/services/codebuild.yaml +++ b/providers/src/aws/v00.00.00000/services/codebuild.yaml @@ -420,6 +420,79 @@ components: x-insertionOrder: false items: type: string + ProxyConfiguration: + type: object + additionalProperties: false + properties: + DefaultBehavior: + type: string + enum: + - ALLOW_ALL + - DENY_ALL + OrderedProxyRules: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/FleetProxyRule' + FleetProxyRule: + type: object + additionalProperties: false + properties: + Type: + type: string + enum: + - DOMAIN + - IP + Effect: + type: string + enum: + - ALLOW + - DENY + Entities: + type: array + x-insertionOrder: false + items: + type: string + ScalingConfigurationInput: + type: object + additionalProperties: false + properties: + MaxCapacity: + type: integer + minimum: 1 + ScalingType: + type: string + enum: + - TARGET_TRACKING_SCALING + TargetTrackingScalingConfigs: + type: array + items: + $ref: '#/components/schemas/TargetTrackingScalingConfiguration' + TargetTrackingScalingConfiguration: + type: object + additionalProperties: false + properties: + MetricType: + type: string + enum: + - FLEET_UTILIZATION_RATE + TargetValue: + type: number + ComputeConfiguration: + type: object + additionalProperties: false + properties: + vCpu: + type: integer + memory: + type: integer + disk: + type: integer + machineType: + type: string + enum: + - GENERAL + - NVME Fleet: type: object properties: @@ -438,13 +511,16 @@ components: - LINUX_CONTAINER - LINUX_GPU_CONTAINER - ARM_CONTAINER + - MAC_ARM ComputeType: type: string enum: - BUILD_GENERAL1_SMALL - BUILD_GENERAL1_MEDIUM - BUILD_GENERAL1_LARGE + - BUILD_GENERAL1_XLARGE - BUILD_GENERAL1_2XLARGE + - ATTRIBUTE_BASED_COMPUTE OverflowBehavior: type: string enum: @@ -455,6 +531,8 @@ components: pattern: ^(?:arn:)[a-zA-Z+-=,._:/@]+$ FleetVpcConfig: $ref: '#/components/schemas/VpcConfig' + FleetProxyConfiguration: + $ref: '#/components/schemas/ProxyConfiguration' Tags: type: array x-insertionOrder: false @@ -463,6 +541,13 @@ components: Arn: type: string minLength: 1 + ImageId: + type: string + pattern: ^((aws/codebuild/[A-Za-z-]+:[0-9]+(-[0-9._]+)?)|ami-[a-z0-9]{1,1020})$ + ScalingConfiguration: + $ref: '#/components/schemas/ScalingConfigurationInput' + ComputeConfiguration: + $ref: '#/components/schemas/ComputeConfiguration' x-stackql-resource-name: fleet description: Resource Type definition for AWS::CodeBuild::Fleet x-type-name: AWS::CodeBuild::Fleet @@ -520,13 +605,16 @@ components: - LINUX_CONTAINER - LINUX_GPU_CONTAINER - ARM_CONTAINER + - MAC_ARM ComputeType: type: string enum: - BUILD_GENERAL1_SMALL - BUILD_GENERAL1_MEDIUM - BUILD_GENERAL1_LARGE + - BUILD_GENERAL1_XLARGE - BUILD_GENERAL1_2XLARGE + - ATTRIBUTE_BASED_COMPUTE OverflowBehavior: type: string enum: @@ -537,6 +625,8 @@ components: pattern: ^(?:arn:)[a-zA-Z+-=,._:/@]+$ FleetVpcConfig: $ref: '#/components/schemas/VpcConfig' + FleetProxyConfiguration: + $ref: '#/components/schemas/ProxyConfiguration' Tags: type: array x-insertionOrder: false @@ -545,6 +635,13 @@ components: Arn: type: string minLength: 1 + ImageId: + type: string + pattern: ^((aws/codebuild/[A-Za-z-]+:[0-9]+(-[0-9._]+)?)|ami-[a-z0-9]{1,1020})$ + ScalingConfiguration: + $ref: '#/components/schemas/ScalingConfigurationInput' + ComputeConfiguration: + $ref: '#/components/schemas/ComputeConfiguration' x-stackQL-stringOnly: true x-title: CreateFleetRequest type: object @@ -627,8 +724,12 @@ components: JSON_EXTRACT(Properties, '$.OverflowBehavior') as overflow_behavior, JSON_EXTRACT(Properties, '$.FleetServiceRole') as fleet_service_role, JSON_EXTRACT(Properties, '$.FleetVpcConfig') as fleet_vpc_config, + JSON_EXTRACT(Properties, '$.FleetProxyConfiguration') as fleet_proxy_configuration, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.Arn') as arn + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ImageId') as image_id, + JSON_EXTRACT(Properties, '$.ScalingConfiguration') as scaling_configuration, + JSON_EXTRACT(Properties, '$.ComputeConfiguration') as compute_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeBuild::Fleet' AND data__Identifier = '' AND region = 'us-east-1' @@ -644,8 +745,12 @@ components: JSON_EXTRACT(detail.Properties, '$.OverflowBehavior') as overflow_behavior, JSON_EXTRACT(detail.Properties, '$.FleetServiceRole') as fleet_service_role, JSON_EXTRACT(detail.Properties, '$.FleetVpcConfig') as fleet_vpc_config, + JSON_EXTRACT(detail.Properties, '$.FleetProxyConfiguration') as fleet_proxy_configuration, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ImageId') as image_id, + JSON_EXTRACT(detail.Properties, '$.ScalingConfiguration') as scaling_configuration, + JSON_EXTRACT(detail.Properties, '$.ComputeConfiguration') as compute_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -666,8 +771,12 @@ components: json_extract_path_text(Properties, 'OverflowBehavior') as overflow_behavior, json_extract_path_text(Properties, 'FleetServiceRole') as fleet_service_role, json_extract_path_text(Properties, 'FleetVpcConfig') as fleet_vpc_config, + json_extract_path_text(Properties, 'FleetProxyConfiguration') as fleet_proxy_configuration, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'Arn') as arn + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ImageId') as image_id, + json_extract_path_text(Properties, 'ScalingConfiguration') as scaling_configuration, + json_extract_path_text(Properties, 'ComputeConfiguration') as compute_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodeBuild::Fleet' AND data__Identifier = '' AND region = 'us-east-1' @@ -683,8 +792,12 @@ components: json_extract_path_text(detail.Properties, 'OverflowBehavior') as overflow_behavior, json_extract_path_text(detail.Properties, 'FleetServiceRole') as fleet_service_role, json_extract_path_text(detail.Properties, 'FleetVpcConfig') as fleet_vpc_config, + json_extract_path_text(detail.Properties, 'FleetProxyConfiguration') as fleet_proxy_configuration, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'Arn') as arn + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ImageId') as image_id, + json_extract_path_text(detail.Properties, 'ScalingConfiguration') as scaling_configuration, + json_extract_path_text(detail.Properties, 'ComputeConfiguration') as compute_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -750,7 +863,11 @@ components: JSON_EXTRACT(detail.Properties, '$.OverflowBehavior') as overflow_behavior, JSON_EXTRACT(detail.Properties, '$.FleetServiceRole') as fleet_service_role, JSON_EXTRACT(detail.Properties, '$.FleetVpcConfig') as fleet_vpc_config, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn + JSON_EXTRACT(detail.Properties, '$.FleetProxyConfiguration') as fleet_proxy_configuration, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ImageId') as image_id, + JSON_EXTRACT(detail.Properties, '$.ScalingConfiguration') as scaling_configuration, + JSON_EXTRACT(detail.Properties, '$.ComputeConfiguration') as compute_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -773,7 +890,11 @@ components: json_extract_path_text(detail.Properties, 'OverflowBehavior') as overflow_behavior, json_extract_path_text(detail.Properties, 'FleetServiceRole') as fleet_service_role, json_extract_path_text(detail.Properties, 'FleetVpcConfig') as fleet_vpc_config, - json_extract_path_text(detail.Properties, 'Arn') as arn + json_extract_path_text(detail.Properties, 'FleetProxyConfiguration') as fleet_proxy_configuration, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ImageId') as image_id, + json_extract_path_text(detail.Properties, 'ScalingConfiguration') as scaling_configuration, + json_extract_path_text(detail.Properties, 'ComputeConfiguration') as compute_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/codedeploy.yaml b/providers/src/aws/v00.00.00000/services/codedeploy.yaml index 1250f1d4..3790b64c 100644 --- a/providers/src/aws/v00.00.00000/services/codedeploy.yaml +++ b/providers/src/aws/v00.00.00000/services/codedeploy.yaml @@ -426,6 +426,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - codedeploy:TagResource + - codedeploy:UntagResource x-required-permissions: create: - codedeploy:CreateApplication diff --git a/providers/src/aws/v00.00.00000/services/codeguruprofiler.yaml b/providers/src/aws/v00.00.00000/services/codeguruprofiler.yaml index 6a8c0a48..14808f0c 100644 --- a/providers/src/aws/v00.00.00000/services/codeguruprofiler.yaml +++ b/providers/src/aws/v00.00.00000/services/codeguruprofiler.yaml @@ -485,6 +485,16 @@ components: - Arn x-required-properties: - ProfilingGroupName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - codeguru-profiler:TagResource + - codeguru-profiler:ListTagsForResource + - codeguru-profiler:UntagResource x-required-permissions: create: - sns:Publish @@ -495,8 +505,11 @@ components: read: - codeguru-profiler:DescribeProfilingGroup - codeguru-profiler:ListTagsForResource + - codeguru-profiler:GetNotificationConfiguration + - codeguru-profiler:GetPolicy update: - sns:Publish + - codeguru-profiler:DescribeProfilingGroup - codeguru-profiler:AddNotificationChannels - codeguru-profiler:GetNotificationConfiguration - codeguru-profiler:RemoveNotificationChannel @@ -511,6 +524,8 @@ components: list: - codeguru-profiler:ListProfilingGroups - codeguru-profiler:ListTagsForResource + - codeguru-profiler:GetNotificationConfiguration + - codeguru-profiler:GetPolicy CreateProfilingGroupRequest: properties: ClientToken: diff --git a/providers/src/aws/v00.00.00000/services/codepipeline.yaml b/providers/src/aws/v00.00.00000/services/codepipeline.yaml index c2230671..c56859e8 100644 --- a/providers/src/aws/v00.00.00000/services/codepipeline.yaml +++ b/providers/src/aws/v00.00.00000/services/codepipeline.yaml @@ -450,12 +450,15 @@ components: description: The URL of a sign-up page where users can sign up for an external service and perform initial configuration of the action provided by that service. type: string Tag: + description: A tag is a key-value pair that is used to manage the resource. type: object additionalProperties: false properties: Value: + description: The tag's value. type: string Key: + description: The tag's key. type: string required: - Value @@ -551,6 +554,581 @@ components: - codepipeline:ListActionTypes list: - codepipeline:ListActionTypes + BlockerDeclaration: + description: Reserved for future use. + type: object + additionalProperties: false + properties: + Name: + description: Reserved for future use. + type: string + Type: + description: Reserved for future use. + type: string + enum: + - Schedule + required: + - Type + - Name + GitConfiguration: + description: A type of trigger configuration for Git-based source actions. + type: object + additionalProperties: false + properties: + Push: + description: The field where the repository event that will start the pipeline, such as pushing Git tags, is specified with details. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/GitPushFilter' + SourceActionName: + description: The name of the pipeline source action where the trigger configuration, such as Git tags, is specified. The trigger configuration will start the pipeline upon the specified change only. + type: string + PullRequest: + description: The field where the repository event that will start the pipeline is specified as pull requests. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/GitPullRequestFilter' + required: + - SourceActionName + ActionTypeId: + description: Represents information about an action type. + type: object + additionalProperties: false + properties: + Owner: + description: 'The creator of the action being called. There are three valid values for the Owner field in the action category section within your pipeline structure: AWS, ThirdParty, and Custom.' + type: string + Category: + description: A category defines what kind of action can be taken in the stage, and constrains the provider type for the action. Valid categories are limited to one of the values below. + type: string + enum: + - Source + - Build + - Test + - Deploy + - Invoke + - Approval + - Compute + Version: + description: A string that describes the action version. + type: string + Provider: + description: The provider of the service being called by the action. Valid providers are determined by the action category. For example, an action in the Deploy category type might have a provider of CodeDeploy, which would be specified as CodeDeploy. + type: string + required: + - Owner + - Category + - Version + - Provider + ArtifactStoreMap: + description: A mapping of artifactStore objects and their corresponding AWS Regions. There must be an artifact store for the pipeline Region and for each cross-region action in the pipeline. + type: object + additionalProperties: false + properties: + ArtifactStore: + $ref: '#/components/schemas/ArtifactStore' + Region: + description: The action declaration's AWS Region, such as us-east-1. + type: string + required: + - ArtifactStore + - Region + PipelineTriggerDeclaration: + description: Represents information about the specified trigger configuration, such as the filter criteria and the source stage for the action that contains the trigger. + type: object + additionalProperties: false + properties: + GitConfiguration: + $ref: '#/components/schemas/GitConfiguration' + ProviderType: + description: The source provider for the event, such as connections configured for a repository with Git tags, for the specified trigger configuration. + type: string + enum: + - CodeStarSourceConnection + required: + - ProviderType + EncryptionKey: + description: Represents information about the key used to encrypt data in the artifact store, such as an AWS Key Management Service (AWS KMS) key + type: object + additionalProperties: false + properties: + Type: + description: The type of encryption key, such as an AWS KMS key. When creating or updating a pipeline, the value must be set to 'KMS'. + type: string + Id: + description: The ID used to identify the key. For an AWS KMS key, you can use the key ID, the key ARN, or the alias ARN. + type: string + required: + - Type + - Id + GitPullRequestFilter: + description: The event criteria for the pull request trigger configuration, such as the lists of branches or file paths to include and exclude. + type: object + additionalProperties: false + properties: + FilePaths: + $ref: '#/components/schemas/GitFilePathFilterCriteria' + Events: + description: The field that specifies which pull request events to filter on (opened, updated, closed) for the trigger configuration. + type: array + uniqueItems: true + items: + type: string + Branches: + $ref: '#/components/schemas/GitBranchFilterCriteria' + GitPushFilter: + description: The event criteria that specify when a specified repository event will start the pipeline for the specified trigger configuration, such as the lists of Git tags to include and exclude. + type: object + additionalProperties: false + properties: + FilePaths: + $ref: '#/components/schemas/GitFilePathFilterCriteria' + Branches: + $ref: '#/components/schemas/GitBranchFilterCriteria' + Tags: + $ref: '#/components/schemas/GitTagFilterCriteria' + ActionDeclaration: + description: Represents information about an action declaration. + type: object + additionalProperties: false + properties: + ActionTypeId: + $ref: '#/components/schemas/ActionTypeId' + Configuration: + description: The action's configuration. These are key-value pairs that specify input values for an action. + type: object + InputArtifacts: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/InputArtifact' + OutputArtifacts: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/OutputArtifact' + Commands: + description: The shell commands to run with your compute action in CodePipeline. + type: array + uniqueItems: false + items: + type: string + OutputVariables: + description: The list of variables that are to be exported from the compute action. + type: array + uniqueItems: true + items: + type: string + Region: + description: The action declaration's AWS Region, such as us-east-1. + type: string + Namespace: + description: The variable namespace associated with the action. All variables produced as output by this action fall under this namespace. + type: string + RoleArn: + description: The ARN of the IAM service role that performs the declared action. This is assumed through the roleArn for the pipeline. + type: string + pattern: arn:aws(-[\w]+)*:iam::[0-9]{12}:role/.* + RunOrder: + description: The order in which actions are run. + type: integer + Name: + description: The action declaration's name. + type: string + TimeoutInMinutes: + description: A timeout duration in minutes that can be applied against the ActionType’s default timeout value specified in Quotas for AWS CodePipeline. This attribute is available only to the manual approval ActionType. + type: integer + required: + - ActionTypeId + - Name + GitFilePathFilterCriteria: + description: The Git repository file paths specified as filter criteria to start the pipeline. + type: object + additionalProperties: false + properties: + Includes: + description: The list of patterns of Git repository file paths that, when a commit is pushed, are to be included as criteria that starts the pipeline. + type: array + uniqueItems: true + items: + type: string + Excludes: + description: The list of patterns of Git repository file paths that, when a commit is pushed, are to be excluded from starting the pipeline. + type: array + uniqueItems: true + items: + type: string + StageDeclaration: + description: Represents information about a stage and its definition. + type: object + additionalProperties: false + properties: + Blockers: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/BlockerDeclaration' + Actions: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/ActionDeclaration' + Name: + description: The name of the stage. + type: string + OnFailure: + type: object + description: The method to use when a stage has not completed successfully + $ref: '#/components/schemas/FailureConditions' + OnSuccess: + type: object + description: The method to use when a stage has completed successfully + $ref: '#/components/schemas/SuccessConditions' + BeforeEntry: + type: object + description: The method to use before stage runs. + $ref: '#/components/schemas/BeforeEntryConditions' + required: + - Actions + - Name + InputArtifact: + description: Represents information about an artifact to be worked on, such as a test or build artifact. + type: object + additionalProperties: false + properties: + Name: + description: The name of the artifact to be worked on (for example, "My App"). + type: string + required: + - Name + ArtifactStore: + description: The S3 bucket where artifacts for the pipeline are stored. + type: object + additionalProperties: false + properties: + Type: + description: The type of the artifact store, such as S3. + enum: + - S3 + type: string + EncryptionKey: + $ref: '#/components/schemas/EncryptionKey' + Location: + description: The S3 bucket used for storing the artifacts for a pipeline. You can specify the name of an S3 bucket but not a folder in the bucket. A folder to contain the pipeline artifacts is created for you based on the name of the pipeline. You can use any S3 bucket in the same AWS Region as the pipeline to store your pipeline artifacts. + type: string + required: + - Type + - Location + VariableDeclaration: + description: A variable declared at the pipeline level. + type: object + additionalProperties: false + properties: + DefaultValue: + description: The value of a pipeline-level variable. + type: string + Description: + description: The description of a pipeline-level variable. It's used to add additional context about the variable, and not being used at time when pipeline executes. + type: string + Name: + description: The name of a pipeline-level variable. + type: string + required: + - Name + StageTransition: + description: The name of the pipeline in which you want to disable the flow of artifacts from one stage to another. + type: object + additionalProperties: false + properties: + StageName: + description: The name of the stage where you want to disable the inbound or outbound transition of artifacts. + type: string + Reason: + description: The reason given to the user that a stage is disabled, such as waiting for manual approval or manual tests. This message is displayed in the pipeline console UI. + type: string + required: + - StageName + - Reason + GitTagFilterCriteria: + description: The Git tags specified as filter criteria for whether a Git tag repository event will start the pipeline. + type: object + additionalProperties: false + properties: + Includes: + description: The list of patterns of Git tags that, when pushed, are to be included as criteria that starts the pipeline. + type: array + uniqueItems: true + items: + type: string + Excludes: + description: The list of patterns of Git tags that, when pushed, are to be excluded from starting the pipeline. + type: array + uniqueItems: true + items: + type: string + GitBranchFilterCriteria: + description: The Git repository branches specified as filter criteria to start the pipeline. + type: object + additionalProperties: false + properties: + Includes: + description: The list of patterns of Git branches that, when a commit is pushed, are to be included as criteria that starts the pipeline. + type: array + uniqueItems: true + items: + type: string + Excludes: + description: The list of patterns of Git branches that, when a commit is pushed, are to be excluded from starting the pipeline. + type: array + uniqueItems: true + items: + type: string + OutputArtifact: + description: Represents information about the output of an action. + type: object + additionalProperties: false + properties: + Name: + description: The name of the output of an artifact, such as "My App". + type: string + Files: + description: The files that you want to associate with the output artifact that will be exported from the compute action. + type: array + uniqueItems: true + items: + type: string + required: + - Name + FailureConditions: + description: The configuration that specifies the result, such as rollback, to occur upon stage failure + type: object + additionalProperties: false + properties: + Result: + type: string + description: The specified result for when the failure conditions are met, such as rolling back the stage + enum: + - ROLLBACK + - RETRY + RetryConfiguration: + description: The configuration that specifies the retry configuration for a stage + type: object + additionalProperties: false + properties: + RetryMode: + type: string + description: The specified retry mode type for the given stage. FAILED_ACTIONS will retry only the failed actions. ALL_ACTIONS will retry both failed and successful + enum: + - ALL_ACTIONS + - FAILED_ACTIONS + Conditions: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Condition' + SuccessConditions: + description: The configuration that specifies the result, such as rollback, to occur upon stage failure + type: object + additionalProperties: false + properties: + Conditions: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Condition' + BeforeEntryConditions: + description: The configuration that specifies the rules to run before stage starts. + type: object + additionalProperties: false + properties: + Conditions: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Condition' + Condition: + description: Represents information about condition. + type: object + additionalProperties: false + properties: + Result: + type: string + description: The specified result for when the failure conditions are met, such as rolling back the stage + Rules: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/RuleDeclaration' + RuleDeclaration: + description: Represents information about condition. + type: object + additionalProperties: false + properties: + RuleTypeId: + $ref: '#/components/schemas/RuleTypeId' + Configuration: + description: The rule's configuration. These are key-value pairs that specify input values for a rule. + type: object + InputArtifacts: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/InputArtifact' + Region: + description: The rule declaration's AWS Region, such as us-east-1. + type: string + RoleArn: + description: The ARN of the IAM service role that performs the declared rule. This is assumed through the roleArn for the pipeline. + type: string + pattern: arn:aws(-[\w]+)*:iam::[0-9]{12}:role/.* + Name: + description: The rule declaration's name. + type: string + RuleTypeId: + description: Represents information about a rule type. + type: object + additionalProperties: false + properties: + Owner: + description: The creator of the rule being called. Only AWS is supported. + type: string + Category: + description: A category for the provider type for the rule. + type: string + Version: + description: A string that describes the rule version. + type: string + Provider: + description: The provider of the service being called by the rule. + type: string + Pipeline: + type: object + properties: + ArtifactStores: + description: A mapping of artifactStore objects and their corresponding AWS Regions. There must be an artifact store for the pipeline Region and for each cross-region action in the pipeline. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/ArtifactStoreMap' + DisableInboundStageTransitions: + description: Represents the input of a DisableStageTransition action. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/StageTransition' + Stages: + description: Represents information about a stage and its definition. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/StageDeclaration' + ExecutionMode: + description: The method that the pipeline will use to handle multiple executions. The default mode is SUPERSEDED. + enum: + - QUEUED + - SUPERSEDED + - PARALLEL + default: SUPERSEDED + type: string + RestartExecutionOnUpdate: + description: Indicates whether to rerun the CodePipeline pipeline after you update it. + type: boolean + Triggers: + description: The trigger configuration specifying a type of event, such as Git tags, that starts the pipeline. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/PipelineTriggerDeclaration' + RoleArn: + description: The Amazon Resource Name (ARN) for CodePipeline to use to either perform actions with no actionRoleArn, or to use to assume roles for actions with an actionRoleArn + type: string + pattern: arn:aws(-[\w]+)*:iam::[0-9]{12}:role/.* + Name: + description: The name of the pipeline. + type: string + Variables: + description: A list that defines the pipeline variables for a pipeline resource. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9@\-_]+. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/VariableDeclaration' + Version: + description: The version of the pipeline. + type: string + ArtifactStore: + description: The S3 bucket where artifacts for the pipeline are stored. + $ref: '#/components/schemas/ArtifactStore' + PipelineType: + description: CodePipeline provides the following pipeline types, which differ in characteristics and price, so that you can tailor your pipeline features and cost to the needs of your applications. + type: string + enum: + - V1 + - V2 + Tags: + description: Specifies the tags applied to the pipeline. + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - Stages + - RoleArn + x-stackql-resource-name: pipeline + description: The AWS::CodePipeline::Pipeline resource creates a CodePipeline pipeline that describes how software changes go through a release process. + x-type-name: AWS::CodePipeline::Pipeline + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-write-only-properties: + - RestartExecutionOnUpdate + x-read-only-properties: + - Version + x-required-properties: + - Stages + - RoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - codepipeline:TagResource + - codepipeline:UntagResource + x-required-permissions: + create: + - iam:GetRole + - iam:PassRole + - codepipeline:GetPipeline + - codepipeline:CreatePipeline + - codepipeline:DisableStageTransition + - codepipeline:GetPipelineState + - codepipeline:TagResource + - codestar-connections:PassConnection + read: + - codepipeline:GetPipeline + - codepipeline:ListTagsForResource + - codepipeline:GetPipelineState + update: + - iam:GetRole + - iam:PassRole + - codepipeline:EnableStageTransition + - codepipeline:StartPipelineExecution + - codepipeline:GetPipeline + - codepipeline:UpdatePipeline + - codepipeline:GetPipelineState + - codepipeline:DisableStageTransition + - codepipeline:TagResource + - codepipeline:UntagResource + - codestar-connections:PassConnection + delete: + - codepipeline:GetPipeline + - codepipeline:DeletePipeline + list: + - codepipeline:ListPipelines CreateCustomActionTypeRequest: properties: ClientToken: @@ -602,6 +1180,89 @@ components: x-title: CreateCustomActionTypeRequest type: object required: [] + CreatePipelineRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ArtifactStores: + description: A mapping of artifactStore objects and their corresponding AWS Regions. There must be an artifact store for the pipeline Region and for each cross-region action in the pipeline. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/ArtifactStoreMap' + DisableInboundStageTransitions: + description: Represents the input of a DisableStageTransition action. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/StageTransition' + Stages: + description: Represents information about a stage and its definition. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/StageDeclaration' + ExecutionMode: + description: The method that the pipeline will use to handle multiple executions. The default mode is SUPERSEDED. + enum: + - QUEUED + - SUPERSEDED + - PARALLEL + default: SUPERSEDED + type: string + RestartExecutionOnUpdate: + description: Indicates whether to rerun the CodePipeline pipeline after you update it. + type: boolean + Triggers: + description: The trigger configuration specifying a type of event, such as Git tags, that starts the pipeline. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/PipelineTriggerDeclaration' + RoleArn: + description: The Amazon Resource Name (ARN) for CodePipeline to use to either perform actions with no actionRoleArn, or to use to assume roles for actions with an actionRoleArn + type: string + pattern: arn:aws(-[\w]+)*:iam::[0-9]{12}:role/.* + Name: + description: The name of the pipeline. + type: string + Variables: + description: A list that defines the pipeline variables for a pipeline resource. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9@\-_]+. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/VariableDeclaration' + Version: + description: The version of the pipeline. + type: string + ArtifactStore: + description: The S3 bucket where artifacts for the pipeline are stored. + $ref: '#/components/schemas/ArtifactStore' + PipelineType: + description: CodePipeline provides the following pipeline types, which differ in characteristics and price, so that you can tailor your pipeline features and cost to the needs of your applications. + type: string + enum: + - V1 + - V2 + Tags: + description: Specifies the tags applied to the pipeline. + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreatePipelineRequest + type: object + required: [] securitySchemes: hmac: type: apiKey @@ -843,6 +1504,255 @@ components: WHERE listing.data__TypeName = 'AWS::CodePipeline::CustomActionType' AND detail.data__TypeName = 'AWS::CodePipeline::CustomActionType' AND listing.region = 'us-east-1' + pipelines: + name: pipelines + id: aws.codepipeline.pipelines + x-cfn-schema-name: Pipeline + x-cfn-type-name: AWS::CodePipeline::Pipeline + x-identifiers: + - Name + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Pipeline&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CodePipeline::Pipeline" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CodePipeline::Pipeline" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CodePipeline::Pipeline" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/pipelines/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/pipelines/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/pipelines/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ArtifactStores') as artifact_stores, + JSON_EXTRACT(Properties, '$.DisableInboundStageTransitions') as disable_inbound_stage_transitions, + JSON_EXTRACT(Properties, '$.Stages') as stages, + JSON_EXTRACT(Properties, '$.ExecutionMode') as execution_mode, + JSON_EXTRACT(Properties, '$.RestartExecutionOnUpdate') as restart_execution_on_update, + JSON_EXTRACT(Properties, '$.Triggers') as triggers, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Variables') as variables, + JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.ArtifactStore') as artifact_store, + JSON_EXTRACT(Properties, '$.PipelineType') as pipeline_type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodePipeline::Pipeline' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ArtifactStores') as artifact_stores, + JSON_EXTRACT(detail.Properties, '$.DisableInboundStageTransitions') as disable_inbound_stage_transitions, + JSON_EXTRACT(detail.Properties, '$.Stages') as stages, + JSON_EXTRACT(detail.Properties, '$.ExecutionMode') as execution_mode, + JSON_EXTRACT(detail.Properties, '$.RestartExecutionOnUpdate') as restart_execution_on_update, + JSON_EXTRACT(detail.Properties, '$.Triggers') as triggers, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Variables') as variables, + JSON_EXTRACT(detail.Properties, '$.Version') as version, + JSON_EXTRACT(detail.Properties, '$.ArtifactStore') as artifact_store, + JSON_EXTRACT(detail.Properties, '$.PipelineType') as pipeline_type, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CodePipeline::Pipeline' + AND detail.data__TypeName = 'AWS::CodePipeline::Pipeline' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ArtifactStores') as artifact_stores, + json_extract_path_text(Properties, 'DisableInboundStageTransitions') as disable_inbound_stage_transitions, + json_extract_path_text(Properties, 'Stages') as stages, + json_extract_path_text(Properties, 'ExecutionMode') as execution_mode, + json_extract_path_text(Properties, 'RestartExecutionOnUpdate') as restart_execution_on_update, + json_extract_path_text(Properties, 'Triggers') as triggers, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Variables') as variables, + json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'ArtifactStore') as artifact_store, + json_extract_path_text(Properties, 'PipelineType') as pipeline_type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CodePipeline::Pipeline' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ArtifactStores') as artifact_stores, + json_extract_path_text(detail.Properties, 'DisableInboundStageTransitions') as disable_inbound_stage_transitions, + json_extract_path_text(detail.Properties, 'Stages') as stages, + json_extract_path_text(detail.Properties, 'ExecutionMode') as execution_mode, + json_extract_path_text(detail.Properties, 'RestartExecutionOnUpdate') as restart_execution_on_update, + json_extract_path_text(detail.Properties, 'Triggers') as triggers, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Variables') as variables, + json_extract_path_text(detail.Properties, 'Version') as version, + json_extract_path_text(detail.Properties, 'ArtifactStore') as artifact_store, + json_extract_path_text(detail.Properties, 'PipelineType') as pipeline_type, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CodePipeline::Pipeline' + AND detail.data__TypeName = 'AWS::CodePipeline::Pipeline' + AND listing.region = 'us-east-1' + pipelines_list_only: + name: pipelines_list_only + id: aws.codepipeline.pipelines_list_only + x-cfn-schema-name: Pipeline + x-cfn-type-name: AWS::CodePipeline::Pipeline + x-identifiers: + - Name + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodePipeline::Pipeline' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CodePipeline::Pipeline' + AND region = 'us-east-1' + pipeline_tags: + name: pipeline_tags + id: aws.codepipeline.pipeline_tags + x-cfn-schema-name: Pipeline + x-cfn-type-name: AWS::CodePipeline::Pipeline + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ArtifactStores') as artifact_stores, + JSON_EXTRACT(detail.Properties, '$.DisableInboundStageTransitions') as disable_inbound_stage_transitions, + JSON_EXTRACT(detail.Properties, '$.Stages') as stages, + JSON_EXTRACT(detail.Properties, '$.ExecutionMode') as execution_mode, + JSON_EXTRACT(detail.Properties, '$.RestartExecutionOnUpdate') as restart_execution_on_update, + JSON_EXTRACT(detail.Properties, '$.Triggers') as triggers, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Variables') as variables, + JSON_EXTRACT(detail.Properties, '$.Version') as version, + JSON_EXTRACT(detail.Properties, '$.ArtifactStore') as artifact_store, + JSON_EXTRACT(detail.Properties, '$.PipelineType') as pipeline_type + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::CodePipeline::Pipeline' + AND detail.data__TypeName = 'AWS::CodePipeline::Pipeline' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ArtifactStores') as artifact_stores, + json_extract_path_text(detail.Properties, 'DisableInboundStageTransitions') as disable_inbound_stage_transitions, + json_extract_path_text(detail.Properties, 'Stages') as stages, + json_extract_path_text(detail.Properties, 'ExecutionMode') as execution_mode, + json_extract_path_text(detail.Properties, 'RestartExecutionOnUpdate') as restart_execution_on_update, + json_extract_path_text(detail.Properties, 'Triggers') as triggers, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Variables') as variables, + json_extract_path_text(detail.Properties, 'Version') as version, + json_extract_path_text(detail.Properties, 'ArtifactStore') as artifact_store, + json_extract_path_text(detail.Properties, 'PipelineType') as pipeline_type + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::CodePipeline::Pipeline' + AND detail.data__TypeName = 'AWS::CodePipeline::Pipeline' + AND listing.region = 'us-east-1' paths: /?Action=CreateResource&Version=2021-09-30: parameters: @@ -1028,6 +1938,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Pipeline&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreatePipeline + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreatePipelineRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params diff --git a/providers/src/aws/v00.00.00000/services/codestarconnections.yaml b/providers/src/aws/v00.00.00000/services/codestarconnections.yaml index 209cdacc..bd7eea15 100644 --- a/providers/src/aws/v00.00.00000/services/codestarconnections.yaml +++ b/providers/src/aws/v00.00.00000/services/codestarconnections.yaml @@ -550,6 +550,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - codestar-connections:UntagResource + - codestar-connections:ListTagsForResource + - codestar-connections:TagResource x-required-permissions: update: - codestar-connections:GetConnection diff --git a/providers/src/aws/v00.00.00000/services/cognito.yaml b/providers/src/aws/v00.00.00000/services/cognito.yaml index 9724f380..60282041 100644 --- a/providers/src/aws/v00.00.00000/services/cognito.yaml +++ b/providers/src/aws/v00.00.00000/services/cognito.yaml @@ -385,6 +385,24 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false PushSync: type: object additionalProperties: false @@ -461,6 +479,13 @@ components: type: string AllowClassicFlow: type: boolean + IdentityPoolTags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' required: - AllowUnauthenticatedIdentities x-stackql-resource-name: identity_pool @@ -478,15 +503,20 @@ components: x-required-properties: - AllowUnauthenticatedIdentities x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false + taggable: true + tagOnCreate: true + tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/IdentityPoolTags + permissions: + - cognito-identity:TagResource + - cognito-identity:UntagResource x-required-permissions: create: - cognito-identity:CreateIdentityPool - cognito-sync:SetIdentityPoolConfiguration - cognito-sync:SetCognitoEvents + - cognito-identity:TagResource - iam:PassRole read: - cognito-identity:DescribeIdentityPool @@ -495,6 +525,8 @@ components: - cognito-identity:DescribeIdentityPool - cognito-sync:SetIdentityPoolConfiguration - cognito-sync:SetCognitoEvents + - cognito-identity:TagResource + - cognito-identity:UntagResource - iam:PassRole delete: - cognito-identity:DeleteIdentityPool @@ -647,6 +679,18 @@ components: LogGroupArn: type: string additionalProperties: false + S3Configuration: + type: object + properties: + BucketArn: + type: string + additionalProperties: false + FirehoseConfiguration: + type: object + properties: + StreamArn: + type: string + additionalProperties: false LogConfiguration: type: object properties: @@ -656,6 +700,10 @@ components: type: string CloudWatchLogsConfiguration: $ref: '#/components/schemas/CloudWatchLogsConfiguration' + S3Configuration: + $ref: '#/components/schemas/S3Configuration' + FirehoseConfiguration: + $ref: '#/components/schemas/FirehoseConfiguration' additionalProperties: false LogConfigurations: type: array @@ -700,6 +748,13 @@ components: - logs:PutResourcePolicy - logs:DescribeResourcePolicies - logs:DescribeLogGroups + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - s3:ListBucket + - s3:PutObject + - s3:GetBucketAcl + - firehose:TagDeliveryStream + - iam:CreateServiceLinkedRole read: - cognito-idp:GetLogDeliveryConfiguration update: @@ -713,6 +768,13 @@ components: - logs:PutResourcePolicy - logs:DescribeResourcePolicies - logs:DescribeLogGroups + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - s3:ListBucket + - s3:PutObject + - s3:GetBucketAcl + - firehose:TagDeliveryStream + - iam:CreateServiceLinkedRole delete: - cognito-idp:GetLogDeliveryConfiguration - cognito-idp:SetLogDeliveryConfiguration @@ -724,6 +786,127 @@ components: - logs:PutResourcePolicy - logs:DescribeResourcePolicies - logs:DescribeLogGroups + - s3:GetBucketPolicy + - s3:PutBucketPolicy + - s3:ListBucket + - s3:PutObject + - s3:GetBucketAcl + - firehose:TagDeliveryStream + - iam:CreateServiceLinkedRole + ManagedLoginBrandingIdType: + type: string + pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[4][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$ + CategoryType: + type: string + enum: + - FAVICON_ICO + - FAVICON_SVG + - EMAIL_GRAPHIC + - SMS_GRAPHIC + - AUTH_APP_GRAPHIC + - PASSWORD_GRAPHIC + - PASSKEY_GRAPHIC + - PAGE_HEADER_LOGO + - PAGE_HEADER_BACKGROUND + - PAGE_FOOTER_LOGO + - PAGE_FOOTER_BACKGROUND + - PAGE_BACKGROUND + - FORM_BACKGROUND + - FORM_LOGO + - IDP_BUTTON_ICON + ColorModeType: + type: string + enum: + - LIGHT + - DARK + - DYNAMIC + ExtensionType: + type: string + enum: + - ICO + - JPEG + - PNG + - SVG + - WEBP + BytesType: + type: string + maxLength: 1000000 + ResourceIdType: + type: string + pattern: ^[\w\- ]+$ + minLength: 1 + maxLength: 40 + AssetType: + type: object + properties: + Category: + $ref: '#/components/schemas/CategoryType' + ColorMode: + $ref: '#/components/schemas/ColorModeType' + Extension: + $ref: '#/components/schemas/ExtensionType' + Bytes: + $ref: '#/components/schemas/BytesType' + ResourceId: + $ref: '#/components/schemas/ResourceIdType' + additionalProperties: false + required: + - Category + - ColorMode + - Extension + AssetList: + type: array + items: + $ref: '#/components/schemas/AssetType' + ManagedLoginBranding: + type: object + properties: + UserPoolId: + type: string + ClientId: + type: string + UseCognitoProvidedValues: + type: boolean + Settings: + type: object + Assets: + $ref: '#/components/schemas/AssetList' + ManagedLoginBrandingId: + $ref: '#/components/schemas/ManagedLoginBrandingIdType' + ReturnMergedResources: + type: boolean + required: + - UserPoolId + x-stackql-resource-name: managed_login_branding + description: Resource Type definition for AWS::Cognito::ManagedLoginBranding + x-type-name: AWS::Cognito::ManagedLoginBranding + x-stackql-primary-identifier: + - UserPoolId + - ManagedLoginBrandingId + x-create-only-properties: + - UserPoolId + - ClientId + x-write-only-properties: + - ClientId + - ReturnMergedResources + x-read-only-properties: + - ManagedLoginBrandingId + x-required-properties: + - UserPoolId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-idp:CreateManagedLoginBranding + read: + - cognito-idp:DescribeManagedLoginBranding + update: + - cognito-idp:UpdateManagedLoginBranding + delete: + - cognito-idp:DeleteManagedLoginBranding PasswordPolicy: type: object properties: @@ -739,12 +922,24 @@ components: type: boolean TemporaryPasswordValidityDays: type: integer + PasswordHistorySize: + type: integer + additionalProperties: false + SignInPolicy: + type: object + properties: + AllowedFirstAuthFactors: + type: array + items: + type: string additionalProperties: false Policies: type: object properties: PasswordPolicy: $ref: '#/components/schemas/PasswordPolicy' + SignInPolicy: + $ref: '#/components/schemas/SignInPolicy' additionalProperties: false InviteMessageTemplate: type: object @@ -936,11 +1131,19 @@ components: SmsMessage: type: string additionalProperties: false + AdvancedSecurityAdditionalFlows: + type: object + properties: + CustomAuthMode: + type: string + additionalProperties: false UserPoolAddOns: type: object properties: AdvancedSecurityMode: type: string + AdvancedSecurityAdditionalFlows: + $ref: '#/components/schemas/AdvancedSecurityAdditionalFlows' additionalProperties: false UserPool: type: object @@ -993,12 +1196,28 @@ components: type: string minLength: 6 maxLength: 140 + EmailAuthenticationMessage: + type: string + minLength: 6 + maxLength: 20000 + EmailAuthenticationSubject: + type: string + minLength: 1 + maxLength: 140 SmsConfiguration: $ref: '#/components/schemas/SmsConfiguration' SmsVerificationMessage: type: string minLength: 6 maxLength: 140 + WebAuthnRelyingPartyID: + type: string + minLength: 1 + maxLength: 63 + WebAuthnUserVerification: + type: string + minLength: 1 + maxLength: 9 Schema: type: array items: @@ -1025,8 +1244,14 @@ components: type: string UserPoolId: type: string + UserPoolTier: + type: string + enum: + - LITE + - ESSENTIALS + - PLUS x-stackql-resource-name: user_pool - description: Resource Type definition for AWS::Cognito::UserPool + description: Definition of AWS::Cognito::UserPool Resource Type x-type-name: AWS::Cognito::UserPool x-stackql-primary-identifier: - UserPoolId @@ -1043,6 +1268,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/UserPoolTags + permissions: + - cognito-idp:ListTagsForResource + - cognito-idp:UntagResource + - cognito-idp:TagResource x-required-permissions: create: - cognito-idp:CreateUserPool @@ -1051,8 +1280,10 @@ components: - cognito-idp:DescribeUserPool - kms:CreateGrant - iam:CreateServiceLinkedRole + - cognito-idp:TagResource read: - cognito-idp:DescribeUserPool + - cognito-idp:GetUserPoolMfaConfig update: - cognito-idp:UpdateUserPool - cognito-idp:ListTagsForResource @@ -1061,6 +1292,7 @@ components: - cognito-idp:SetUserPoolMfaConfig - cognito-idp:AddCustomAttributes - cognito-idp:DescribeUserPool + - cognito-idp:GetUserPoolMfaConfig - iam:PassRole delete: - cognito-idp:DeleteUserPool @@ -1260,6 +1492,127 @@ components: - iam:PutRolePolicy list: - cognito-idp:ListGroups + UserPoolIdentityProvider: + type: object + properties: + UserPoolId: + type: string + ProviderName: + type: string + ProviderType: + type: string + ProviderDetails: + type: object + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + additionalProperties: false + IdpIdentifiers: + type: array + items: + type: string + AttributeMapping: + type: object + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + additionalProperties: false + required: + - UserPoolId + - ProviderName + - ProviderType + - ProviderDetails + x-stackql-resource-name: user_pool_identity_provider + description: Resource Type definition for AWS::Cognito::UserPoolIdentityProvider + x-type-name: AWS::Cognito::UserPoolIdentityProvider + x-stackql-primary-identifier: + - UserPoolId + - ProviderName + x-create-only-properties: + - UserPoolId + - ProviderName + - ProviderType + x-required-properties: + - UserPoolId + - ProviderName + - ProviderType + - ProviderDetails + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-idp:CreateIdentityProvider + - cognito-idp:DescribeIdentityProvider + read: + - cognito-idp:DescribeIdentityProvider + update: + - cognito-idp:UpdateIdentityProvider + - cognito-idp:DescribeIdentityProvider + delete: + - cognito-idp:DeleteIdentityProvider + - cognito-idp:DescribeIdentityProvider + list: + - cognito-idp:ListIdentityProviders + ResourceServerScopeType: + type: object + properties: + ScopeDescription: + type: string + ScopeName: + type: string + required: + - ScopeDescription + - ScopeName + additionalProperties: false + UserPoolResourceServer: + type: object + properties: + UserPoolId: + type: string + Identifier: + type: string + Name: + type: string + Scopes: + type: array + items: + $ref: '#/components/schemas/ResourceServerScopeType' + required: + - UserPoolId + - Identifier + - Name + x-stackql-resource-name: user_pool_resource_server + description: Resource Type definition for AWS::Cognito::UserPoolResourceServer + x-type-name: AWS::Cognito::UserPoolResourceServer + x-stackql-primary-identifier: + - UserPoolId + - Identifier + x-create-only-properties: + - UserPoolId + - Identifier + x-required-properties: + - UserPoolId + - Identifier + - Name + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-idp:CreateResourceServer + read: + - cognito-idp:DescribeResourceServer + update: + - cognito-idp:UpdateResourceServer + delete: + - cognito-idp:DeleteResourceServer + list: + - cognito-idp:ListResourceServers RiskExceptionConfigurationType: type: object properties: @@ -1403,6 +1756,46 @@ components: delete: - cognito-idp:SetRiskConfiguration - cognito-idp:DescribeRiskConfiguration + UserPoolUICustomizationAttachment: + type: object + properties: + UserPoolId: + type: string + ClientId: + type: string + CSS: + type: string + required: + - UserPoolId + - ClientId + x-stackql-resource-name: user_poolui_customization_attachment + description: Resource Type definition for AWS::Cognito::UserPoolUICustomizationAttachment + x-type-name: AWS::Cognito::UserPoolUICustomizationAttachment + x-stackql-primary-identifier: + - UserPoolId + - ClientId + x-create-only-properties: + - UserPoolId + - ClientId + x-required-properties: + - UserPoolId + - ClientId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - cognito-idp:SetUICustomization + - cognito-idp:GetUICustomization + read: + - cognito-idp:GetUICustomization + update: + - cognito-idp:SetUICustomization + delete: + - cognito-idp:SetUICustomization + - cognito-idp:GetUICustomization AttributeType: type: object properties: @@ -1574,6 +1967,13 @@ components: type: string AllowClassicFlow: type: boolean + IdentityPoolTags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true x-title: CreateIdentityPoolRequest type: object @@ -1657,6 +2057,37 @@ components: x-title: CreateLogDeliveryConfigurationRequest type: object required: [] + CreateManagedLoginBrandingRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + UserPoolId: + type: string + ClientId: + type: string + UseCognitoProvidedValues: + type: boolean + Settings: + type: object + Assets: + $ref: '#/components/schemas/AssetList' + ManagedLoginBrandingId: + $ref: '#/components/schemas/ManagedLoginBrandingIdType' + ReturnMergedResources: + type: boolean + x-stackQL-stringOnly: true + x-title: CreateManagedLoginBrandingRequest + type: object + required: [] CreateUserPoolRequest: properties: ClientToken: @@ -1718,12 +2149,28 @@ components: type: string minLength: 6 maxLength: 140 + EmailAuthenticationMessage: + type: string + minLength: 6 + maxLength: 20000 + EmailAuthenticationSubject: + type: string + minLength: 1 + maxLength: 140 SmsConfiguration: $ref: '#/components/schemas/SmsConfiguration' SmsVerificationMessage: type: string minLength: 6 maxLength: 140 + WebAuthnRelyingPartyID: + type: string + minLength: 1 + maxLength: 63 + WebAuthnUserVerification: + type: string + minLength: 1 + maxLength: 9 Schema: type: array items: @@ -1750,6 +2197,12 @@ components: type: string UserPoolId: type: string + UserPoolTier: + type: string + enum: + - LITE + - ESSENTIALS + - PLUS x-stackQL-stringOnly: true x-title: CreateUserPoolRequest type: object @@ -1876,7 +2329,7 @@ components: x-title: CreateUserPoolGroupRequest type: object required: [] - CreateUserPoolRiskConfigurationAttachmentRequest: + CreateUserPoolIdentityProviderRequest: properties: ClientToken: type: string @@ -1891,7 +2344,73 @@ components: properties: UserPoolId: type: string - ClientId: + ProviderName: + type: string + ProviderType: + type: string + ProviderDetails: + type: object + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + additionalProperties: false + IdpIdentifiers: + type: array + items: + type: string + AttributeMapping: + type: object + x-patternProperties: + ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$: + type: string + additionalProperties: false + x-stackQL-stringOnly: true + x-title: CreateUserPoolIdentityProviderRequest + type: object + required: [] + CreateUserPoolResourceServerRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + UserPoolId: + type: string + Identifier: + type: string + Name: + type: string + Scopes: + type: array + items: + $ref: '#/components/schemas/ResourceServerScopeType' + x-stackQL-stringOnly: true + x-title: CreateUserPoolResourceServerRequest + type: object + required: [] + CreateUserPoolRiskConfigurationAttachmentRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + UserPoolId: + type: string + ClientId: type: string RiskExceptionConfiguration: $ref: '#/components/schemas/RiskExceptionConfigurationType' @@ -1903,6 +2422,29 @@ components: x-title: CreateUserPoolRiskConfigurationAttachmentRequest type: object required: [] + CreateUserPoolUICustomizationAttachmentRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + UserPoolId: + type: string + ClientId: + type: string + CSS: + type: string + x-stackQL-stringOnly: true + x-title: CreateUserPoolUICustomizationAttachmentRequest + type: object + required: [] CreateUserPoolUserRequest: properties: ClientToken: @@ -2052,7 +2594,8 @@ components: JSON_EXTRACT(Properties, '$.AllowUnauthenticatedIdentities') as allow_unauthenticated_identities, JSON_EXTRACT(Properties, '$.SamlProviderARNs') as saml_provider_arns, JSON_EXTRACT(Properties, '$.OpenIdConnectProviderARNs') as open_id_connect_provider_arns, - JSON_EXTRACT(Properties, '$.AllowClassicFlow') as allow_classic_flow + JSON_EXTRACT(Properties, '$.AllowClassicFlow') as allow_classic_flow, + JSON_EXTRACT(Properties, '$.IdentityPoolTags') as identity_pool_tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::IdentityPool' AND data__Identifier = '' AND region = 'us-east-1' @@ -2073,7 +2616,8 @@ components: JSON_EXTRACT(detail.Properties, '$.AllowUnauthenticatedIdentities') as allow_unauthenticated_identities, JSON_EXTRACT(detail.Properties, '$.SamlProviderARNs') as saml_provider_arns, JSON_EXTRACT(detail.Properties, '$.OpenIdConnectProviderARNs') as open_id_connect_provider_arns, - JSON_EXTRACT(detail.Properties, '$.AllowClassicFlow') as allow_classic_flow + JSON_EXTRACT(detail.Properties, '$.AllowClassicFlow') as allow_classic_flow, + JSON_EXTRACT(detail.Properties, '$.IdentityPoolTags') as identity_pool_tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2099,7 +2643,8 @@ components: json_extract_path_text(Properties, 'AllowUnauthenticatedIdentities') as allow_unauthenticated_identities, json_extract_path_text(Properties, 'SamlProviderARNs') as saml_provider_arns, json_extract_path_text(Properties, 'OpenIdConnectProviderARNs') as open_id_connect_provider_arns, - json_extract_path_text(Properties, 'AllowClassicFlow') as allow_classic_flow + json_extract_path_text(Properties, 'AllowClassicFlow') as allow_classic_flow, + json_extract_path_text(Properties, 'IdentityPoolTags') as identity_pool_tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::IdentityPool' AND data__Identifier = '' AND region = 'us-east-1' @@ -2120,7 +2665,8 @@ components: json_extract_path_text(detail.Properties, 'AllowUnauthenticatedIdentities') as allow_unauthenticated_identities, json_extract_path_text(detail.Properties, 'SamlProviderARNs') as saml_provider_arns, json_extract_path_text(detail.Properties, 'OpenIdConnectProviderARNs') as open_id_connect_provider_arns, - json_extract_path_text(detail.Properties, 'AllowClassicFlow') as allow_classic_flow + json_extract_path_text(detail.Properties, 'AllowClassicFlow') as allow_classic_flow, + json_extract_path_text(detail.Properties, 'IdentityPoolTags') as identity_pool_tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2536,6 +3082,96 @@ components: FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::LogDeliveryConfiguration' AND data__Identifier = '' AND region = 'us-east-1' + managed_login_brandings: + name: managed_login_brandings + id: aws.cognito.managed_login_brandings + x-cfn-schema-name: ManagedLoginBranding + x-cfn-type-name: AWS::Cognito::ManagedLoginBranding + x-identifiers: + - UserPoolId + - ManagedLoginBrandingId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ManagedLoginBranding&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cognito::ManagedLoginBranding" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cognito::ManagedLoginBranding" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cognito::ManagedLoginBranding" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/managed_login_brandings/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/managed_login_brandings/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/managed_login_brandings/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.ClientId') as client_id, + JSON_EXTRACT(Properties, '$.UseCognitoProvidedValues') as use_cognito_provided_values, + JSON_EXTRACT(Properties, '$.Settings') as settings, + JSON_EXTRACT(Properties, '$.Assets') as assets, + JSON_EXTRACT(Properties, '$.ManagedLoginBrandingId') as managed_login_branding_id, + JSON_EXTRACT(Properties, '$.ReturnMergedResources') as return_merged_resources + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::ManagedLoginBranding' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'ClientId') as client_id, + json_extract_path_text(Properties, 'UseCognitoProvidedValues') as use_cognito_provided_values, + json_extract_path_text(Properties, 'Settings') as settings, + json_extract_path_text(Properties, 'Assets') as assets, + json_extract_path_text(Properties, 'ManagedLoginBrandingId') as managed_login_branding_id, + json_extract_path_text(Properties, 'ReturnMergedResources') as return_merged_resources + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::ManagedLoginBranding' + AND data__Identifier = '|' + AND region = 'us-east-1' user_pools: name: user_pools id: aws.cognito.user_pools @@ -2615,8 +3251,12 @@ components: JSON_EXTRACT(Properties, '$.MfaConfiguration') as mfa_configuration, JSON_EXTRACT(Properties, '$.EnabledMfas') as enabled_mfas, JSON_EXTRACT(Properties, '$.SmsAuthenticationMessage') as sms_authentication_message, + JSON_EXTRACT(Properties, '$.EmailAuthenticationMessage') as email_authentication_message, + JSON_EXTRACT(Properties, '$.EmailAuthenticationSubject') as email_authentication_subject, JSON_EXTRACT(Properties, '$.SmsConfiguration') as sms_configuration, JSON_EXTRACT(Properties, '$.SmsVerificationMessage') as sms_verification_message, + JSON_EXTRACT(Properties, '$.WebAuthnRelyingPartyID') as web_authn_relying_party_id, + JSON_EXTRACT(Properties, '$.WebAuthnUserVerification') as web_authn_user_verification, JSON_EXTRACT(Properties, '$.Schema') as _schema, JSON_EXTRACT(Properties, '$.UsernameConfiguration') as username_configuration, JSON_EXTRACT(Properties, '$.UserAttributeUpdateSettings') as user_attribute_update_settings, @@ -2626,7 +3266,8 @@ components: JSON_EXTRACT(Properties, '$.ProviderName') as provider_name, JSON_EXTRACT(Properties, '$.ProviderURL') as provider_url, JSON_EXTRACT(Properties, '$.Arn') as arn, - JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.UserPoolTier') as user_pool_tier FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPool' AND data__Identifier = '' AND region = 'us-east-1' @@ -2651,8 +3292,12 @@ components: JSON_EXTRACT(detail.Properties, '$.MfaConfiguration') as mfa_configuration, JSON_EXTRACT(detail.Properties, '$.EnabledMfas') as enabled_mfas, JSON_EXTRACT(detail.Properties, '$.SmsAuthenticationMessage') as sms_authentication_message, + JSON_EXTRACT(detail.Properties, '$.EmailAuthenticationMessage') as email_authentication_message, + JSON_EXTRACT(detail.Properties, '$.EmailAuthenticationSubject') as email_authentication_subject, JSON_EXTRACT(detail.Properties, '$.SmsConfiguration') as sms_configuration, JSON_EXTRACT(detail.Properties, '$.SmsVerificationMessage') as sms_verification_message, + JSON_EXTRACT(detail.Properties, '$.WebAuthnRelyingPartyID') as web_authn_relying_party_id, + JSON_EXTRACT(detail.Properties, '$.WebAuthnUserVerification') as web_authn_user_verification, JSON_EXTRACT(detail.Properties, '$.Schema') as _schema, JSON_EXTRACT(detail.Properties, '$.UsernameConfiguration') as username_configuration, JSON_EXTRACT(detail.Properties, '$.UserAttributeUpdateSettings') as user_attribute_update_settings, @@ -2662,7 +3307,8 @@ components: JSON_EXTRACT(detail.Properties, '$.ProviderName') as provider_name, JSON_EXTRACT(detail.Properties, '$.ProviderURL') as provider_url, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.UserPoolId') as user_pool_id + JSON_EXTRACT(detail.Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(detail.Properties, '$.UserPoolTier') as user_pool_tier FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2692,8 +3338,12 @@ components: json_extract_path_text(Properties, 'MfaConfiguration') as mfa_configuration, json_extract_path_text(Properties, 'EnabledMfas') as enabled_mfas, json_extract_path_text(Properties, 'SmsAuthenticationMessage') as sms_authentication_message, + json_extract_path_text(Properties, 'EmailAuthenticationMessage') as email_authentication_message, + json_extract_path_text(Properties, 'EmailAuthenticationSubject') as email_authentication_subject, json_extract_path_text(Properties, 'SmsConfiguration') as sms_configuration, json_extract_path_text(Properties, 'SmsVerificationMessage') as sms_verification_message, + json_extract_path_text(Properties, 'WebAuthnRelyingPartyID') as web_authn_relying_party_id, + json_extract_path_text(Properties, 'WebAuthnUserVerification') as web_authn_user_verification, json_extract_path_text(Properties, 'Schema') as _schema, json_extract_path_text(Properties, 'UsernameConfiguration') as username_configuration, json_extract_path_text(Properties, 'UserAttributeUpdateSettings') as user_attribute_update_settings, @@ -2703,7 +3353,8 @@ components: json_extract_path_text(Properties, 'ProviderName') as provider_name, json_extract_path_text(Properties, 'ProviderURL') as provider_url, json_extract_path_text(Properties, 'Arn') as arn, - json_extract_path_text(Properties, 'UserPoolId') as user_pool_id + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'UserPoolTier') as user_pool_tier FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPool' AND data__Identifier = '' AND region = 'us-east-1' @@ -2728,8 +3379,12 @@ components: json_extract_path_text(detail.Properties, 'MfaConfiguration') as mfa_configuration, json_extract_path_text(detail.Properties, 'EnabledMfas') as enabled_mfas, json_extract_path_text(detail.Properties, 'SmsAuthenticationMessage') as sms_authentication_message, + json_extract_path_text(detail.Properties, 'EmailAuthenticationMessage') as email_authentication_message, + json_extract_path_text(detail.Properties, 'EmailAuthenticationSubject') as email_authentication_subject, json_extract_path_text(detail.Properties, 'SmsConfiguration') as sms_configuration, json_extract_path_text(detail.Properties, 'SmsVerificationMessage') as sms_verification_message, + json_extract_path_text(detail.Properties, 'WebAuthnRelyingPartyID') as web_authn_relying_party_id, + json_extract_path_text(detail.Properties, 'WebAuthnUserVerification') as web_authn_user_verification, json_extract_path_text(detail.Properties, 'Schema') as _schema, json_extract_path_text(detail.Properties, 'UsernameConfiguration') as username_configuration, json_extract_path_text(detail.Properties, 'UserAttributeUpdateSettings') as user_attribute_update_settings, @@ -2739,7 +3394,8 @@ components: json_extract_path_text(detail.Properties, 'ProviderName') as provider_name, json_extract_path_text(detail.Properties, 'ProviderURL') as provider_url, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'UserPoolId') as user_pool_id + json_extract_path_text(detail.Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(detail.Properties, 'UserPoolTier') as user_pool_tier FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3166,14 +3822,14 @@ components: json_extract_path_text(Properties, 'GroupName') as group_name FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPoolGroup' AND region = 'us-east-1' - user_pool_risk_configuration_attachments: - name: user_pool_risk_configuration_attachments - id: aws.cognito.user_pool_risk_configuration_attachments - x-cfn-schema-name: UserPoolRiskConfigurationAttachment - x-cfn-type-name: AWS::Cognito::UserPoolRiskConfigurationAttachment + user_pool_identity_providers: + name: user_pool_identity_providers + id: aws.cognito.user_pool_identity_providers + x-cfn-schema-name: UserPoolIdentityProvider + x-cfn-type-name: AWS::Cognito::UserPoolIdentityProvider x-identifiers: - UserPoolId - - ClientId + - ProviderName x-type: cloud_control methods: create_resource: @@ -3181,12 +3837,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__UserPoolRiskConfigurationAttachment&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__UserPoolIdentityProvider&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Cognito::UserPoolRiskConfigurationAttachment" + "TypeName": "AWS::Cognito::UserPoolIdentityProvider" } response: mediaType: application/json @@ -3198,7 +3854,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Cognito::UserPoolRiskConfigurationAttachment" + "TypeName": "AWS::Cognito::UserPoolIdentityProvider" } response: mediaType: application/json @@ -3210,18 +3866,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Cognito::UserPoolRiskConfigurationAttachment" + "TypeName": "AWS::Cognito::UserPoolIdentityProvider" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/user_pool_risk_configuration_attachments/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/user_pool_identity_providers/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/user_pool_risk_configuration_attachments/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/user_pool_identity_providers/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/user_pool_risk_configuration_attachments/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/user_pool_identity_providers/methods/update_resource' config: views: select: @@ -3231,35 +3887,107 @@ components: region, data__Identifier, JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, - JSON_EXTRACT(Properties, '$.ClientId') as client_id, - JSON_EXTRACT(Properties, '$.RiskExceptionConfiguration') as risk_exception_configuration, - JSON_EXTRACT(Properties, '$.CompromisedCredentialsRiskConfiguration') as compromised_credentials_risk_configuration, - JSON_EXTRACT(Properties, '$.AccountTakeoverRiskConfiguration') as account_takeover_risk_configuration - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolRiskConfigurationAttachment' - AND data__Identifier = '|' + JSON_EXTRACT(Properties, '$.ProviderName') as provider_name, + JSON_EXTRACT(Properties, '$.ProviderType') as provider_type, + JSON_EXTRACT(Properties, '$.ProviderDetails') as provider_details, + JSON_EXTRACT(Properties, '$.IdpIdentifiers') as idp_identifiers, + JSON_EXTRACT(Properties, '$.AttributeMapping') as attribute_mapping + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolIdentityProvider' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: - predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(detail.Properties, '$.ProviderName') as provider_name, + JSON_EXTRACT(detail.Properties, '$.ProviderType') as provider_type, + JSON_EXTRACT(detail.Properties, '$.ProviderDetails') as provider_details, + JSON_EXTRACT(detail.Properties, '$.IdpIdentifiers') as idp_identifiers, + JSON_EXTRACT(detail.Properties, '$.AttributeMapping') as attribute_mapping + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Cognito::UserPoolIdentityProvider' + AND detail.data__TypeName = 'AWS::Cognito::UserPoolIdentityProvider' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'ProviderName') as provider_name, + json_extract_path_text(Properties, 'ProviderType') as provider_type, + json_extract_path_text(Properties, 'ProviderDetails') as provider_details, + json_extract_path_text(Properties, 'IdpIdentifiers') as idp_identifiers, + json_extract_path_text(Properties, 'AttributeMapping') as attribute_mapping + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolIdentityProvider' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(detail.Properties, 'ProviderName') as provider_name, + json_extract_path_text(detail.Properties, 'ProviderType') as provider_type, + json_extract_path_text(detail.Properties, 'ProviderDetails') as provider_details, + json_extract_path_text(detail.Properties, 'IdpIdentifiers') as idp_identifiers, + json_extract_path_text(detail.Properties, 'AttributeMapping') as attribute_mapping + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Cognito::UserPoolIdentityProvider' + AND detail.data__TypeName = 'AWS::Cognito::UserPoolIdentityProvider' + AND listing.region = 'us-east-1' + user_pool_identity_providers_list_only: + name: user_pool_identity_providers_list_only + id: aws.cognito.user_pool_identity_providers_list_only + x-cfn-schema-name: UserPoolIdentityProvider + x-cfn-type-name: AWS::Cognito::UserPoolIdentityProvider + x-identifiers: + - UserPoolId + - ProviderName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.ProviderName') as provider_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPoolIdentityProvider' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" ddl: |- SELECT region, - data__Identifier, json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, - json_extract_path_text(Properties, 'ClientId') as client_id, - json_extract_path_text(Properties, 'RiskExceptionConfiguration') as risk_exception_configuration, - json_extract_path_text(Properties, 'CompromisedCredentialsRiskConfiguration') as compromised_credentials_risk_configuration, - json_extract_path_text(Properties, 'AccountTakeoverRiskConfiguration') as account_takeover_risk_configuration - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolRiskConfigurationAttachment' - AND data__Identifier = '|' + json_extract_path_text(Properties, 'ProviderName') as provider_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPoolIdentityProvider' AND region = 'us-east-1' - user_pool_users: - name: user_pool_users - id: aws.cognito.user_pool_users - x-cfn-schema-name: UserPoolUser - x-cfn-type-name: AWS::Cognito::UserPoolUser + user_pool_resource_servers: + name: user_pool_resource_servers + id: aws.cognito.user_pool_resource_servers + x-cfn-schema-name: UserPoolResourceServer + x-cfn-type-name: AWS::Cognito::UserPoolResourceServer x-identifiers: - UserPoolId - - Username + - Identifier x-type: cloud_control methods: create_resource: @@ -3267,12 +3995,24 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__UserPoolUser&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__UserPoolResourceServer&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Cognito::UserPoolUser" + "TypeName": "AWS::Cognito::UserPoolResourceServer" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cognito::UserPoolResourceServer" } response: mediaType: application/json @@ -3284,17 +4024,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Cognito::UserPoolUser" + "TypeName": "AWS::Cognito::UserPoolResourceServer" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/user_pool_users/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/user_pool_resource_servers/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/user_pool_users/methods/delete_resource' - update: [] + - $ref: '#/components/x-stackQL-resources/user_pool_resource_servers/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/user_pool_resource_servers/methods/update_resource' config: views: select: @@ -3303,9 +4044,314 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.DesiredDeliveryMediums') as desired_delivery_mediums, - JSON_EXTRACT(Properties, '$.ForceAliasCreation') as force_alias_creation, - JSON_EXTRACT(Properties, '$.UserAttributes') as user_attributes, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.Identifier') as identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Scopes') as scopes + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolResourceServer' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Scopes') as scopes + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Cognito::UserPoolResourceServer' + AND detail.data__TypeName = 'AWS::Cognito::UserPoolResourceServer' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'Identifier') as identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Scopes') as scopes + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolResourceServer' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Scopes') as scopes + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Cognito::UserPoolResourceServer' + AND detail.data__TypeName = 'AWS::Cognito::UserPoolResourceServer' + AND listing.region = 'us-east-1' + user_pool_resource_servers_list_only: + name: user_pool_resource_servers_list_only + id: aws.cognito.user_pool_resource_servers_list_only + x-cfn-schema-name: UserPoolResourceServer + x-cfn-type-name: AWS::Cognito::UserPoolResourceServer + x-identifiers: + - UserPoolId + - Identifier + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.Identifier') as identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPoolResourceServer' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'Identifier') as identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Cognito::UserPoolResourceServer' + AND region = 'us-east-1' + user_pool_risk_configuration_attachments: + name: user_pool_risk_configuration_attachments + id: aws.cognito.user_pool_risk_configuration_attachments + x-cfn-schema-name: UserPoolRiskConfigurationAttachment + x-cfn-type-name: AWS::Cognito::UserPoolRiskConfigurationAttachment + x-identifiers: + - UserPoolId + - ClientId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__UserPoolRiskConfigurationAttachment&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cognito::UserPoolRiskConfigurationAttachment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cognito::UserPoolRiskConfigurationAttachment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cognito::UserPoolRiskConfigurationAttachment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/user_pool_risk_configuration_attachments/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/user_pool_risk_configuration_attachments/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/user_pool_risk_configuration_attachments/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.ClientId') as client_id, + JSON_EXTRACT(Properties, '$.RiskExceptionConfiguration') as risk_exception_configuration, + JSON_EXTRACT(Properties, '$.CompromisedCredentialsRiskConfiguration') as compromised_credentials_risk_configuration, + JSON_EXTRACT(Properties, '$.AccountTakeoverRiskConfiguration') as account_takeover_risk_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolRiskConfigurationAttachment' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'ClientId') as client_id, + json_extract_path_text(Properties, 'RiskExceptionConfiguration') as risk_exception_configuration, + json_extract_path_text(Properties, 'CompromisedCredentialsRiskConfiguration') as compromised_credentials_risk_configuration, + json_extract_path_text(Properties, 'AccountTakeoverRiskConfiguration') as account_takeover_risk_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolRiskConfigurationAttachment' + AND data__Identifier = '|' + AND region = 'us-east-1' + user_poolui_customization_attachments: + name: user_poolui_customization_attachments + id: aws.cognito.user_poolui_customization_attachments + x-cfn-schema-name: UserPoolUICustomizationAttachment + x-cfn-type-name: AWS::Cognito::UserPoolUICustomizationAttachment + x-identifiers: + - UserPoolId + - ClientId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__UserPoolUICustomizationAttachment&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cognito::UserPoolUICustomizationAttachment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cognito::UserPoolUICustomizationAttachment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cognito::UserPoolUICustomizationAttachment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/user_poolui_customization_attachments/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/user_poolui_customization_attachments/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/user_poolui_customization_attachments/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, + JSON_EXTRACT(Properties, '$.ClientId') as client_id, + JSON_EXTRACT(Properties, '$.CSS') as c_ss + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolUICustomizationAttachment' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'UserPoolId') as user_pool_id, + json_extract_path_text(Properties, 'ClientId') as client_id, + json_extract_path_text(Properties, 'CSS') as c_ss + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Cognito::UserPoolUICustomizationAttachment' + AND data__Identifier = '|' + AND region = 'us-east-1' + user_pool_users: + name: user_pool_users + id: aws.cognito.user_pool_users + x-cfn-schema-name: UserPoolUser + x-cfn-type-name: AWS::Cognito::UserPoolUser + x-identifiers: + - UserPoolId + - Username + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__UserPoolUser&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cognito::UserPoolUser" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Cognito::UserPoolUser" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/user_pool_users/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/user_pool_users/methods/delete_resource' + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DesiredDeliveryMediums') as desired_delivery_mediums, + JSON_EXTRACT(Properties, '$.ForceAliasCreation') as force_alias_creation, + JSON_EXTRACT(Properties, '$.UserAttributes') as user_attributes, JSON_EXTRACT(Properties, '$.MessageAction') as message_action, JSON_EXTRACT(Properties, '$.Username') as username, JSON_EXTRACT(Properties, '$.UserPoolId') as user_pool_id, @@ -3786,6 +4832,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__ManagedLoginBranding&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateManagedLoginBranding + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateManagedLoginBrandingRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__UserPool&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -3912,6 +5000,90 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__UserPoolIdentityProvider&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateUserPoolIdentityProvider + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateUserPoolIdentityProviderRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__UserPoolResourceServer&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateUserPoolResourceServer + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateUserPoolResourceServerRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__UserPoolRiskConfigurationAttachment&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -3954,6 +5126,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__UserPoolUICustomizationAttachment&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateUserPoolUICustomizationAttachment + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateUserPoolUICustomizationAttachmentRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__UserPoolUser&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/comprehend.yaml b/providers/src/aws/v00.00.00000/services/comprehend.yaml index cc70822c..afc26113 100644 --- a/providers/src/aws/v00.00.00000/services/comprehend.yaml +++ b/providers/src/aws/v00.00.00000/services/comprehend.yaml @@ -632,6 +632,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - comprehend:TagResource + - comprehend:UntagResource x-required-permissions: create: - iam:PassRole diff --git a/providers/src/aws/v00.00.00000/services/config.yaml b/providers/src/aws/v00.00.00000/services/config.yaml index bcb80f24..70c7ac36 100644 --- a/providers/src/aws/v00.00.00000/services/config.yaml +++ b/providers/src/aws/v00.00.00000/services/config.yaml @@ -448,6 +448,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - config:TagResource + - config:UntagResource + - config:ListTagsForResource x-required-permissions: create: - config:DescribeAggregationAuthorizations @@ -733,6 +737,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - config:TagResource + - config:UntagResource + - config:ListTagsForResource x-required-permissions: create: - config:PutConfigurationAggregator @@ -1026,6 +1034,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - config:TagResource + - config:UntagResource + - config:ListTagsForResource x-required-permissions: create: - config:PutStoredQuery diff --git a/providers/src/aws/v00.00.00000/services/connect.yaml b/providers/src/aws/v00.00.00000/services/connect.yaml index edc34761..4c87bb93 100644 --- a/providers/src/aws/v00.00.00000/services/connect.yaml +++ b/providers/src/aws/v00.00.00000/services/connect.yaml @@ -385,6 +385,118 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Key: + type: string + description: The key name of the tag. You can specify a value that is 1 to 128 Unicode characters + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + minLength: 1 + maxLength: 128 + Value: + type: string + description: The value for the tag. . You can specify a value that is maximum of 256 Unicode characters + maxLength: 256 + required: + - Key + - Value + AgentStatus: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + AgentStatusArn: + description: The Amazon Resource Name (ARN) of the agent status. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/agent-state/[-a-zA-Z0-9]*$ + Description: + description: The description of the status. + type: string + minLength: 1 + maxLength: 250 + Name: + description: The name of the status. + type: string + minLength: 1 + maxLength: 127 + DisplayOrder: + description: The display order of the status. + type: integer + minimum: 1 + maximum: 50 + State: + type: string + description: The state of the status. + enum: + - ENABLED + - DISABLED + Type: + type: string + description: The type of agent status. + enum: + - ROUTABLE + - CUSTOM + - OFFLINE + ResetOrderNumber: + type: boolean + description: A number indicating the reset order of the agent status. + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + LastModifiedRegion: + description: Last modified region. + type: string + pattern: '[a-z]{2}(-[a-z]+){1,2}(-[0-9])?' + LastModifiedTime: + description: Last modified time. + type: number + required: + - InstanceArn + - Name + - State + x-stackql-resource-name: agent_status + description: Resource Type definition for AWS::Connect::AgentStatus + x-type-name: AWS::Connect::AgentStatus + x-stackql-primary-identifier: + - AgentStatusArn + x-read-only-properties: + - AgentStatusArn + - LastModifiedRegion + - LastModifiedTime + x-required-properties: + - InstanceArn + - Name + - State + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - connect:CreateAgentStatus + - connect:TagResource + - connect:ListAgentStatuses + read: + - connect:DescribeAgentStatus + delete: [] + update: + - connect:UpdateAgentStatus + - connect:UntagResource + - connect:TagResource + list: + - connect:ListAgentStatuses Origin: description: Domain name to be added to the allowlist of instance type: string @@ -434,24 +546,6 @@ components: - connect:ListApprovedOrigins list: - connect:ListApprovedOrigins - Tag: - description: A key-value pair to associate with a resource. - type: object - additionalProperties: false - properties: - Key: - type: string - description: The key name of the tag. You can specify a value that is 1 to 128 Unicode characters - pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ - minLength: 1 - maxLength: 128 - Value: - type: string - description: The value for the tag. . You can specify a value that is maximum of 256 Unicode characters - maxLength: 256 - required: - - Key - - Value ContactFlow: type: object properties: @@ -500,6 +594,7 @@ components: - OUTBOUND_WHISPER - AGENT_TRANSFER - QUEUE_TRANSFER + - CAMPAIGN Tags: description: One or more tags. type: array @@ -533,6 +628,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - connect:ListTagsForResource + - connect:UntagResource + - connect:TagResource x-required-permissions: create: - connect:CreateContactFlow @@ -618,6 +717,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - connect:ListTagsForResource + - connect:UntagResource + - connect:TagResource x-required-permissions: create: - connect:CreateContactFlowModule @@ -634,6 +737,93 @@ components: - connect:UntagResource list: - connect:ListContactFlowModules + EmailAddress: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:(aws|aws-us-gov):connect:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{1,20}:instance/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + minLength: 1 + maxLength: 250 + EmailAddressArn: + description: The identifier of the email address. + type: string + pattern: ^arn:(aws|aws-us-gov):connect:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{1,20}:instance/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/email-address/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + Description: + description: A description for the email address. + type: string + pattern: (^[\S].*[\S]$)|(^[\S]$) + minLength: 1 + maxLength: 250 + EmailAddress: + description: Email address to be created for this instance + type: string + pattern: ([^\s@]+@[^\s@]+\.[^\s@]+) + minLength: 1 + maxLength: 255 + DisplayName: + description: The display name for the email address. + type: string + pattern: (^[\S].*[\S]$)|(^[\S]$) + minLength: 0 + maxLength: 256 + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: One or more tags. + items: + $ref: '#/components/schemas/Tag' + required: + - InstanceArn + - EmailAddress + x-stackql-resource-name: email_address + description: Resource Type definition for AWS::Connect::EmailAddress + x-type-name: AWS::Connect::EmailAddress + x-stackql-primary-identifier: + - EmailAddressArn + x-create-only-properties: + - EmailAddress + x-read-only-properties: + - EmailAddressArn + x-required-properties: + - InstanceArn + - EmailAddress + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - connect:TagResource + - connect:UntagResource + x-required-permissions: + create: + - connect:CreateEmailAddress + - connect:TagResource + - connect:ListIntegrationAssociations + - ses:GetEmailIdentity + - ses:DescribeReceiptRule + - ses:UpdateReceiptRule + - iam:PassRole + read: + - connect:DescribeEmailAddress + update: + - connect:UpdateEmailAddressMetadata + - connect:TagResource + - connect:UntagResource + delete: + - connect:DeleteEmailAddress + - connect:UntagResource + - iam:PassRole + - ses:DescribeReceiptRule + - ses:UpdateReceiptRule + list: + - connect:DescribeEmailAddress + - connect:SearchEmailAddresses RefId: description: The identifier to reference the item. type: string @@ -649,45 +839,51 @@ components: minimum: 0 maximum: 10 EvaluationFormBaseItem: - description: The evaluation form base item. + description: An item at the root level. All items must be sections. type: object additionalProperties: false properties: Section: - description: The evaluation form section item + description: A subsection or inner section of an item. $ref: '#/components/schemas/EvaluationFormSection' required: - Section EvaluationFormItem: - description: The evaluation form item. + description: Items that are part of the evaluation form. The total number of sections and questions must not exceed 100 each. Questions must be contained in a section. type: object additionalProperties: false properties: Section: - description: The evaluation form section item + description: The information of the section. $ref: '#/components/schemas/EvaluationFormSection' Question: - description: The evaluation form question item + description: The information of the question. $ref: '#/components/schemas/EvaluationFormQuestion' EvaluationFormSection: - description: The evaluation form section. + description: Information about a section from an evaluation form. A section can contain sections and/or questions. Evaluation forms can only contain sections and subsections (two level nesting). type: object additionalProperties: false properties: Title: - description: The title of the section. + description: |- + The title of the section. + *Length Constraints*: Minimum length of 1. Maximum length of 128. type: string minLength: 1 maxLength: 128 Instructions: - description: The instructions for the section. + description: The instructions of the section. type: string maxLength: 1024 RefId: - description: The identifier to reference the section. + description: |- + The identifier of the section. An identifier must be unique within the evaluation form. + *Length Constraints*: Minimum length of 1. Maximum length of 40. $ref: '#/components/schemas/RefId' Items: - description: The list of section items. + description: |- + The items of the section. + *Minimum*: 1 type: array x-insertionOrder: true minItems: 1 @@ -695,38 +891,44 @@ components: items: $ref: '#/components/schemas/EvaluationFormItem' Weight: - description: The item weight used for scoring. + description: |- + The scoring weight of the section. + *Minimum*: 0 + *Maximum*: 100 $ref: '#/components/schemas/Weight' required: - RefId - Title EvaluationFormNumericQuestionOption: - description: The option ranges used for scoring in numeric questions. + description: Information about the option range used for scoring in numeric questions. type: object additionalProperties: false properties: MinValue: - description: The minimum value of the option range. + description: The minimum answer value of the range option. type: integer MaxValue: - description: The maximum value of the option range. + description: The maximum answer value of the range option. type: integer Score: - description: The score of the option range. + description: |- + The score assigned to answer values within the range option. + *Minimum*: 0 + *Maximum*: 10 $ref: '#/components/schemas/Score' AutomaticFail: - description: The flag to mark the option as automatic fail. + description: The flag to mark the option as automatic fail. If an automatic fail answer is provided, the overall evaluation gets a score of 0. type: boolean required: - MinValue - MaxValue NumericQuestionPropertyValueAutomation: - description: The automation property name of the question. + description: Information about the property value used in automation of a numeric questions. type: object additionalProperties: false properties: Label: - description: The automation property label. + description: The property label of the automation. type: string enum: - OVERALL_CUSTOMER_SENTIMENT_SCORE @@ -740,28 +942,28 @@ components: required: - Label EvaluationFormNumericQuestionAutomation: - description: The automation properties for the numeric question. + description: Information about the automation configuration in numeric questions. type: object additionalProperties: false properties: PropertyValue: - description: The automation property name of the question. + description: The property value of the automation. $ref: '#/components/schemas/NumericQuestionPropertyValueAutomation' required: - PropertyValue EvaluationFormNumericQuestionProperties: - description: The properties of the numeric question. + description: Information about properties for a numeric question in an evaluation form. type: object additionalProperties: false properties: MinValue: - description: The minimum value for answers of the question. + description: The minimum answer value. type: integer MaxValue: - description: The maximum value for answers of the question. + description: The maximum answer value. type: integer Options: - description: The list of option ranges used for scoring. + description: The scoring options of the numeric question. type: array x-insertionOrder: true minItems: 1 @@ -769,51 +971,64 @@ components: items: $ref: '#/components/schemas/EvaluationFormNumericQuestionOption' Automation: - description: The automation properties for the numeric question. + description: The automation properties of the numeric question. $ref: '#/components/schemas/EvaluationFormNumericQuestionAutomation' required: - MinValue - MaxValue EvaluationFormSingleSelectQuestionAutomationOption: - description: The automation option for the single-select question. + description: The automation options of the single select question. type: object additionalProperties: false properties: RuleCategory: - description: The automation option based on Rules categories. + description: The automation option based on a rule category for the single select question. $ref: '#/components/schemas/SingleSelectQuestionRuleCategoryAutomation' required: - RuleCategory SingleSelectQuestionRuleCategoryAutomation: - description: The automation option based on Rules categories. + description: |- + Information about the automation option based on a rule category for a single select question. + *Length Constraints*: Minimum length of 1. Maximum length of 50. type: object additionalProperties: false properties: Category: - description: The category name as defined in Rules. + description: |- + The category name, as defined in Rules. + *Minimum*: 1 + *Maximum*: 50 type: string minLength: 1 maxLength: 50 Condition: - description: The automation condition applied on contact categories. + description: |- + The condition to apply for the automation option. If the condition is PRESENT, then the option is applied when the contact data includes the category. Similarly, if the condition is NOT_PRESENT, then the option is applied when the contact data does not include the category. + *Allowed values*: ``PRESENT`` | ``NOT_PRESENT`` + *Maximum*: 50 type: string enum: - PRESENT - NOT_PRESENT OptionRefId: - description: The option identifier referencing the option to be selected when the automation option is triggered. + description: |- + The identifier of the answer option. An identifier must be unique within the question. + *Length Constraints*: Minimum length of 1. Maximum length of 40. $ref: '#/components/schemas/RefId' required: - Category - Condition - OptionRefId EvaluationFormSingleSelectQuestionAutomation: - description: The automation properties for the single-select question. + description: Information about the automation configuration in single select questions. Automation options are evaluated in order, and the first matched option is applied. If no automation option matches, and there is a default option, then the default option is applied. type: object additionalProperties: false properties: Options: - description: The answer options for the automation. + description: |- + The automation options of the single select question. + *Minimum*: 1 + *Maximum*: 20 type: array x-insertionOrder: true minItems: 1 @@ -821,39 +1036,51 @@ components: items: $ref: '#/components/schemas/EvaluationFormSingleSelectQuestionAutomationOption' DefaultOptionRefId: - description: The option reference identifier of the default answer. + description: |- + The identifier of the default answer option, when none of the automation options match the criteria. + *Length Constraints*: Minimum length of 1. Maximum length of 40. $ref: '#/components/schemas/RefId' required: - Options EvaluationFormSingleSelectQuestionOption: - description: The option for a question. + description: Information about the automation configuration in single select questions. type: object additionalProperties: false properties: RefId: - description: The identifier used to reference the option. + description: |- + The identifier of the answer option. An identifier must be unique within the question. + *Length Constraints*: Minimum length of 1. Maximum length of 40. $ref: '#/components/schemas/RefId' Text: - description: The title of the option. + description: |- + The title of the answer option. + *Length Constraints*: Minimum length of 1. Maximum length of 128. type: string minLength: 1 maxLength: 128 Score: - description: The score of the option. + description: |- + The score assigned to the answer option. + *Minimum*: 0 + *Maximum*: 10 $ref: '#/components/schemas/Score' AutomaticFail: - description: The flag to mark the option as automatic fail. + description: The flag to mark the option as automatic fail. If an automatic fail answer is provided, the overall evaluation gets a score of 0. type: boolean required: - RefId - Text EvaluationFormSingleSelectQuestionProperties: - description: The properties of the single-select question. + description: Information about the options in single select questions. type: object additionalProperties: false properties: Options: - description: The list of options for the question. + description: |- + The answer options of the single select question. + *Minimum*: 2 + *Maximum*: 256 type: array x-insertionOrder: true minItems: 2 @@ -861,18 +1088,20 @@ components: items: $ref: '#/components/schemas/EvaluationFormSingleSelectQuestionOption' DisplayAs: - description: The display mode of the single-select question. + description: |- + The display mode of the single select question. + *Allowed values*: ``DROPDOWN`` | ``RADIO`` type: string enum: - DROPDOWN - RADIO Automation: - description: The automation properties for the single-select question. + description: The display mode of the single select question. $ref: '#/components/schemas/EvaluationFormSingleSelectQuestionAutomation' required: - Options EvaluationFormQuestionTypeProperties: - description: The properties of the question. + description: Information about properties for a question in an evaluation form. The question type properties must be either for a numeric question or a single select question. type: object additionalProperties: false properties: @@ -880,58 +1109,73 @@ components: description: The properties of the numeric question. $ref: '#/components/schemas/EvaluationFormNumericQuestionProperties' SingleSelect: - description: The properties of the single-select question. + description: The properties of the numeric question. $ref: '#/components/schemas/EvaluationFormSingleSelectQuestionProperties' EvaluationFormQuestion: - description: The evaluation form question. + description: Information about a question from an evaluation form. type: object additionalProperties: false properties: Title: - description: The title of the question. + description: |- + The title of the question. + *Length Constraints*: Minimum length of 1. Maximum length of 350. type: string minLength: 1 maxLength: 350 Instructions: - description: The instructions for the question. + description: |- + The instructions of the section. + *Length Constraints*: Minimum length of 0. Maximum length of 1024. type: string maxLength: 1024 RefId: - description: The identifier used to reference the question. + description: |- + The identifier of the question. An identifier must be unique within the evaluation form. + *Length Constraints*: Minimum length of 1. Maximum length of 40. $ref: '#/components/schemas/RefId' NotApplicableEnabled: description: The flag to enable not applicable answers to the question. type: boolean QuestionType: - description: The type of the question. + description: |- + The type of the question. + *Allowed values*: ``NUMERIC`` | ``SINGLESELECT`` | ``TEXT`` type: string enum: - NUMERIC - SINGLESELECT - TEXT QuestionTypeProperties: - description: The properties of the question + description: The properties of the type of question. Text questions do not have to define question type properties. $ref: '#/components/schemas/EvaluationFormQuestionTypeProperties' Weight: - description: The question weight used for scoring. + description: |- + The scoring weight of the section. + *Minimum*: 0 + *Maximum*: 100 $ref: '#/components/schemas/Weight' required: - RefId - Title - QuestionType ScoringStrategy: - description: The scoring strategy. + description: A scoring strategy of the evaluation form. type: object additionalProperties: false properties: Mode: - description: The scoring mode. + description: |- + The scoring mode of the evaluation form. + *Allowed values*: ``QUESTION_ONLY`` | ``SECTION_ONLY`` type: string enum: - QUESTION_ONLY - SECTION_ONLY Status: - description: The scoring status. + description: |- + The scoring status of the evaluation form. + *Allowed values*: ``ENABLED`` | ``DISABLED`` type: string enum: - ENABLED @@ -943,24 +1187,29 @@ components: type: object properties: Title: - description: The title of the evaluation form. + description: A title of the evaluation form. type: string minLength: 1 maxLength: 128 Description: - description: The description of the evaluation form. + description: |- + The description of the evaluation form. + *Length Constraints*: Minimum length of 0. Maximum length of 1024. type: string maxLength: 1024 EvaluationFormArn: - description: The Amazon Resource Name (ARN) for the evaluation form. + description: '' type: string pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/evaluation-form/[-a-zA-Z0-9]*$ InstanceArn: - description: The Amazon Resource Name (ARN) of the instance. + description: The identifier of the Amazon Connect instance. type: string pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ Items: - description: The list of evaluation form items. + description: |- + Items that are part of the evaluation form. The total number of sections and questions must not exceed 100 each. Questions must be contained in a section. + *Minimum size*: 1 + *Maximum size*: 100 type: array x-insertionOrder: true minItems: 1 @@ -968,17 +1217,19 @@ components: items: $ref: '#/components/schemas/EvaluationFormBaseItem' ScoringStrategy: - description: The scoring strategy. + description: A scoring strategy of the evaluation form. $ref: '#/components/schemas/ScoringStrategy' Status: - description: The status of the evaluation form. + description: |- + The status of the evaluation form. + *Allowed values*: ``DRAFT`` | ``ACTIVE`` type: string default: DRAFT enum: - DRAFT - ACTIVE Tags: - description: One or more tags. + description: 'The tags used to organize, track, or control access for this resource. For example, { "tags": {"key1":"value1", "key2":"value2"} }.' type: array maxItems: 50 uniqueItems: true @@ -991,7 +1242,7 @@ components: - Items - Status x-stackql-resource-name: evaluation_form - description: Resource Type definition for AWS::Connect::EvaluationForm + description: Creates an evaluation form for the specified CON instance. x-type-name: AWS::Connect::EvaluationForm x-stackql-primary-identifier: - EvaluationFormArn @@ -1008,6 +1259,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - connect:ListTagsForResource + - connect:UntagResource + - connect:TagResource x-required-permissions: create: - connect:CreateEvaluationForm @@ -1072,6 +1327,102 @@ components: - Day - StartTime - EndTime + OverrideTimeSlice: + description: The start time or end time for an an hours of operation override. + type: object + additionalProperties: false + properties: + Hours: + type: integer + description: The hours. + minimum: 0 + maximum: 23 + Minutes: + type: integer + description: The minutes. + minimum: 0 + maximum: 59 + required: + - Hours + - Minutes + HoursOfOperationOverrideConfig: + description: Contains information about the hours of operation override. + type: object + additionalProperties: false + properties: + Day: + type: string + description: The day that the hours of operation override applies to. + enum: + - SUNDAY + - MONDAY + - TUESDAY + - WEDNESDAY + - THURSDAY + - FRIDAY + - SATURDAY + StartTime: + description: The new start time that your contact center opens for the overriden days. + $ref: '#/components/schemas/OverrideTimeSlice' + EndTime: + description: The new end time that your contact center closes for the overriden days. + $ref: '#/components/schemas/OverrideTimeSlice' + required: + - Day + - StartTime + - EndTime + HoursOfOperationOverride: + description: Overrides attached to the hours of operation. + type: object + additionalProperties: false + properties: + OverrideName: + $ref: '#/components/schemas/OverrideName' + OverrideDescription: + $ref: '#/components/schemas/OverrideDescription' + EffectiveFrom: + $ref: '#/components/schemas/EffectiveFrom' + EffectiveTill: + $ref: '#/components/schemas/EffectiveTill' + OverrideConfig: + $ref: '#/components/schemas/OverrideConfig' + HoursOfOperationOverrideId: + $ref: '#/components/schemas/HoursOfOperationOverrideId' + required: + - OverrideName + - EffectiveFrom + - EffectiveTill + - OverrideConfig + OverrideName: + description: The name of the hours of operation override. + type: string + minLength: 1 + maxLength: 127 + OverrideDescription: + description: The description of the hours of operation override. + type: string + minLength: 1 + maxLength: 250 + EffectiveFrom: + description: The date from which the hours of operation override would be effective. + type: string + pattern: ^\d{4}-\d{2}-\d{2}$ + EffectiveTill: + description: The date till which the hours of operation override would be effective. + type: string + pattern: ^\d{4}-\d{2}-\d{2}$ + OverrideConfig: + description: 'Configuration information for the hours of operation override: day, start time, and end time.' + type: array + maxItems: 100 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/HoursOfOperationOverrideConfig' + HoursOfOperationOverrideId: + description: The Resource Identifier for the hours of operation override. + type: string + pattern: ^[-a-zA-Z0-9]*$ HoursOfOperation: type: object properties: @@ -1112,6 +1463,13 @@ components: x-insertionOrder: false items: $ref: '#/components/schemas/Tag' + HoursOfOperationOverrides: + description: One or more hours of operation overrides assigned to an hour of operation. + type: array + maxItems: 50 + x-insertionOrder: false + items: + $ref: '#/components/schemas/HoursOfOperationOverride' required: - InstanceArn - Name @@ -1135,17 +1493,26 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - connect:TagResource + - connect:UntagResource x-required-permissions: create: - connect:CreateHoursOfOperation - connect:TagResource + - connect:CreateHoursOfOperationOverride read: - connect:DescribeHoursOfOperation + - connect:ListHoursOfOperationOverrides delete: - connect:DeleteHoursOfOperation - connect:UntagResource update: - connect:UpdateHoursOfOperation + - connect:CreateHoursOfOperationOverride + - connect:UpdateHoursOfOperationOverride + - connect:DeleteHoursOfOperationOverride + - connect:ListHoursOfOperationOverrides - connect:TagResource - connect:UntagResource list: @@ -1784,6 +2151,10 @@ components: pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$ minLength: 1 maxLength: 500 + OutboundEmailAddressId: + description: The email address connect resource ID. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/email-address/[-a-zA-Z0-9]*$ Key: description: A valid security key in PEM format. type: string @@ -1800,6 +2171,13 @@ components: $ref: '#/components/schemas/OutboundCallerIdNumberArn' OutboundFlowArn: $ref: '#/components/schemas/OutboundFlowArn' + OutboundEmailConfig: + description: The outbound email address ID. + type: object + additionalProperties: false + properties: + OutboundEmailAddressId: + $ref: '#/components/schemas/OutboundEmailAddressId' QuickConnectArn: description: The Amazon Resource Name (ARN) for the quick connect. type: string @@ -1832,6 +2210,9 @@ components: OutboundCallerConfig: description: The outbound caller ID name, number, and outbound whisper flow. $ref: '#/components/schemas/OutboundCallerConfig' + OutboundEmailConfig: + description: The outbound email address ID. + $ref: '#/components/schemas/OutboundEmailConfig' QueueArn: description: The Amazon Resource Name (ARN) for the queue. type: string @@ -1846,7 +2227,6 @@ components: description: The quick connects available to agents who are working the queue. type: array minItems: 1 - maxItems: 50 x-insertionOrder: false items: $ref: '#/components/schemas/QuickConnectArn' @@ -1886,6 +2266,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - connect:TagResource + - connect:UntagResource x-required-permissions: create: - connect:CreateQueue @@ -1901,6 +2284,7 @@ components: - connect:UpdateQueueMaxContacts - connect:UpdateQueueName - connect:UpdateQueueOutboundCallerConfig + - connect:UpdateQueueOutboundEmailConfig - connect:UpdateQueueStatus - connect:AssociateQueueQuickConnects - connect:DisassociateQueueQuickConnects @@ -2274,13 +2658,13 @@ components: type: object properties: UserTags: - description: The collection of recipients who are identified by user tags + description: 'The tags used to organize, track, or control access for this resource. For example, { "tags": {"key1":"value1", "key2":"value2"} }. CON users with the specified tags will be notified.' x-patternProperties: ^(?=.{1,128}$).+$: type: string additionalProperties: false UserArns: - description: The list of recipients by user arns. + description: The Amazon Resource Name (ARN) of the user account. type: array minItems: 1 maxItems: 5 @@ -2290,12 +2674,13 @@ components: $ref: '#/components/schemas/UserArn' additionalProperties: false Reference: - description: A contact reference. + description: Information about the reference when the ``referenceType`` is ``URL``. Otherwise, null. (Supports variable injection in the ``Value`` field.) type: object properties: Value: type: string pattern: ^(/|https:) + description: A valid value for the reference. For example, for a URL reference, a formatted URL that is displayed to an agent in the Contact Control Panel (CCP). Type: type: string enum: @@ -2305,30 +2690,33 @@ components: - STRING - DATE - EMAIL + description: |- + The type of the reference. ``DATE`` must be of type Epoch timestamp. + *Allowed values*: ``URL`` | ``ATTACHMENT`` | ``NUMBER`` | ``STRING`` | ``DATE`` | ``EMAIL`` required: - Value - Type additionalProperties: false TaskAction: - description: The definition of task action. + description: 'Information about the task action. This field is required if ``TriggerEventSource`` is one of the following values: ``OnZendeskTicketCreate`` | ``OnZendeskTicketStatusUpdate`` | ``OnSalesforceCaseCreate``' type: object properties: Name: - description: The name which appears in the agent's Contact Control Panel (CCP). + description: The name. Supports variable injection. For more information, see [JSONPath reference](https://docs.aws.amazon.com/connect/latest/adminguide/contact-lens-variable-injection.html) in the *Administrators Guide*. type: string minLength: 1 maxLength: 512 Description: - description: The description which appears in the agent's Contact Control Panel (CCP). + description: The description. Supports variable injection. For more information, see [JSONPath reference](https://docs.aws.amazon.com/connect/latest/adminguide/contact-lens-variable-injection.html) in the *Administrators Guide*. type: string minLength: 0 maxLength: 4096 ContactFlowArn: - description: The Amazon Resource Name (ARN) of the contact flow. + description: The Amazon Resource Name (ARN) of the flow. type: string pattern: ^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$ References: - description: A formatted URL that is shown to an agent in the Contact Control Panel (CCP). + description: Information about the reference when the ``referenceType`` is ``URL``. Otherwise, null. ``URL`` is the only accepted type. (Supports variable injection in the ``Value`` field.) x-patternProperties: ^(?=.{1,4096}$).+$: $ref: '#/components/schemas/Reference' @@ -2337,12 +2725,23 @@ components: - Name - ContactFlowArn additionalProperties: false + SubmitAutoEvaluationAction: + description: '' + type: object + properties: + EvaluationFormArn: + description: '' + type: string + pattern: ^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/evaluation-form/[-a-zA-Z0-9]*$ + required: + - EvaluationFormArn + additionalProperties: false EventBridgeAction: - description: The definition for event bridge action. + description: The EV action definition. type: object properties: Name: - description: The name of the event bridge action. + description: The name. type: string pattern: ^[a-zA-Z0-9._-]{1,100}$ required: @@ -2352,31 +2751,36 @@ components: description: The definition for assigning contact category action. type: object SendNotificationAction: - description: The definition for sending notification action. + description: Information about the send notification action. type: object properties: DeliveryMethod: - description: The means of delivery. + description: |- + Notification delivery method. + *Allowed value*: ``EMAIL`` type: string enum: - EMAIL Subject: - description: The subject of notification. + description: The subject of the email if the delivery method is ``EMAIL``. Supports variable injection. For more information, see [JSONPath reference](https://docs.aws.amazon.com/connect/latest/adminguide/contact-lens-variable-injection.html) in the *Administrators Guide*. type: string minLength: 1 maxLength: 200 Content: - description: The content of notification. + description: Notification content. Supports variable injection. For more information, see [JSONPath reference](https://docs.aws.amazon.com/connect/latest/adminguide/contact-lens-variable-injection.html) in the *Administrators Guide*. type: string minLength: 1 maxLength: 1024 ContentType: - description: The type of content. + description: |- + Content type format. + *Allowed value*: ``PLAIN_TEXT`` type: string enum: - PLAIN_TEXT Recipient: $ref: '#/components/schemas/NotificationRecipientType' + description: Notification recipient. required: - DeliveryMethod - Content @@ -2384,13 +2788,14 @@ components: - ContentType additionalProperties: false CreateCaseAction: - description: The definition for create case action. + description: '' type: object properties: Fields: $ref: '#/components/schemas/Fields' + description: '' TemplateId: - description: The Id of template. + description: '' type: string minLength: 1 maxLength: 500 @@ -2399,11 +2804,12 @@ components: - TemplateId additionalProperties: false UpdateCaseAction: - description: The definition for update case action. + description: '' type: object properties: Fields: $ref: '#/components/schemas/Fields' + description: '' required: - Fields additionalProperties: false @@ -2429,11 +2835,11 @@ components: minItems: 1 maxItems: 1 RuleTriggerEventSource: - description: The event source that will trigger the rule. + description: The name of the event source. type: object properties: EventSourceName: - description: The name of event source. + description: The name of the event source. type: string enum: - OnContactEvaluationSubmit @@ -2448,7 +2854,7 @@ components: - OnCaseCreate - OnCaseUpdate IntegrationAssociationArn: - description: The Amazon Resource Name (ARN) for the AppIntegration association. + description: 'The Amazon Resource Name (ARN) of the integration association. ``IntegrationAssociationArn`` is required if ``TriggerEventSource`` is one of the following values: ``OnZendeskTicketCreate`` | ``OnZendeskTicketStatusUpdate`` | ``OnSalesforceCaseCreate``' type: string pattern: ^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/integration-association/[-a-zA-Z0-9]*$ required: @@ -2499,24 +2905,43 @@ components: $ref: '#/components/schemas/EndAssociatedTasksAction' minItems: 1 maxItems: 1 + SubmitAutoEvaluationActions: + description: This action will submit an auto contact evaluation when a rule is triggered. + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/SubmitAutoEvaluationAction' + minItems: 1 + maxItems: 1 Actions: - description: The list of actions that will be executed when a rule is triggered. + description: A list of actions to be run when the rule is triggered. type: object properties: AssignContactCategoryActions: $ref: '#/components/schemas/AssignContactCategoryActions' + description: Information about the contact category action. The syntax can be empty, for example, ``{}``. EventBridgeActions: $ref: '#/components/schemas/EventBridgeActions' + description: Information about the EV action. TaskActions: $ref: '#/components/schemas/TaskActions' + description: 'Information about the task action. This field is required if ``TriggerEventSource`` is one of the following values: ``OnZendeskTicketCreate`` | ``OnZendeskTicketStatusUpdate`` | ``OnSalesforceCaseCreate``' SendNotificationActions: $ref: '#/components/schemas/SendNotificationActions' + description: Information about the send notification action. CreateCaseActions: $ref: '#/components/schemas/CreateCaseActions' + description: '' UpdateCaseActions: $ref: '#/components/schemas/UpdateCaseActions' + description: '' EndAssociatedTasksActions: $ref: '#/components/schemas/EndAssociatedTasksActions' + description: '' + SubmitAutoEvaluationActions: + $ref: '#/components/schemas/SubmitAutoEvaluationActions' + description: '' additionalProperties: false Rule: type: object @@ -2526,7 +2951,7 @@ components: type: string pattern: ^[a-zA-Z0-9._-]{1,200}$ RuleArn: - description: The Amazon Resource Name (ARN) of the rule. + description: '' type: string pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/rule/[-a-zA-Z0-9]*$ InstanceArn: @@ -2534,22 +2959,24 @@ components: type: string pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ TriggerEventSource: - description: The event source that triggers the rule. + description: The event source to trigger the rule. $ref: '#/components/schemas/RuleTriggerEventSource' Function: - description: The conditions of a rule. + description: The conditions of the rule. type: string Actions: - description: The list of actions that will be executed when a rule is triggered. + description: A list of actions to be run when the rule is triggered. $ref: '#/components/schemas/Actions' PublishStatus: - description: The publish status of a rule, either draft or published. + description: |- + The publish status of the rule. + *Allowed values*: ``DRAFT`` | ``PUBLISHED`` type: string enum: - DRAFT - PUBLISHED Tags: - description: One or more tags. + description: 'The tags used to organize, track, or control access for this resource. For example, { "tags": {"key1":"value1", "key2":"value2"} }.' type: array maxItems: 50 uniqueItems: true @@ -2564,7 +2991,7 @@ components: - Actions - PublishStatus x-stackql-resource-name: rule - description: Resource Type definition for AWS:Connect::Rule + description: Creates a rule for the specified CON instance. x-type-name: AWS::Connect::Rule x-stackql-primary-identifier: - RuleArn @@ -2828,6 +3255,8 @@ components: - BOOLEAN - SINGLE_SELECT - EMAIL + - EXPIRY_DURATION + - SELF_ASSIGN FieldIdentifier: description: the identifier (name) for the task template field type: object @@ -2932,8 +3361,12 @@ components: description: The identifier of the contact flow. type: string pattern: ^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$ - Constraints: - description: The constraints for the task template + SelfAssignContactFlowArn: + description: The identifier of the contact flow. + type: string + pattern: ^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$ + Constraints: + description: The constraints for the task template type: object additionalProperties: false properties: @@ -3361,6 +3794,134 @@ components: - connect:UntagResource list: - connect:ListUserHierarchyGroups + Name: + description: The name of the hierarchy level. + type: string + HierarchyLevelArn: + description: The Amazon Resource Name (ARN) of the hierarchy level. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/agent-group-level/[-0-9]*$ + HierarchyLevelId: + description: The identifier of the hierarchy level. + type: string + LevelOne: + description: Information about level one. + type: object + additionalProperties: false + properties: + HierarchyLevelArn: + $ref: '#/components/schemas/HierarchyLevelArn' + HierarchyLevelId: + $ref: '#/components/schemas/HierarchyLevelId' + Name: + $ref: '#/components/schemas/Name' + required: + - Name + LevelTwo: + description: Information about level two. + type: object + additionalProperties: false + properties: + HierarchyLevelArn: + $ref: '#/components/schemas/HierarchyLevelArn' + HierarchyLevelId: + $ref: '#/components/schemas/HierarchyLevelId' + Name: + $ref: '#/components/schemas/Name' + required: + - Name + LevelThree: + description: Information about level three. + type: object + additionalProperties: false + properties: + HierarchyLevelArn: + $ref: '#/components/schemas/HierarchyLevelArn' + HierarchyLevelId: + $ref: '#/components/schemas/HierarchyLevelId' + Name: + $ref: '#/components/schemas/Name' + required: + - Name + LevelFour: + description: Information about level four. + type: object + additionalProperties: false + properties: + HierarchyLevelArn: + $ref: '#/components/schemas/HierarchyLevelArn' + HierarchyLevelId: + $ref: '#/components/schemas/HierarchyLevelId' + Name: + $ref: '#/components/schemas/Name' + required: + - Name + LevelFive: + description: Information about level five. + type: object + additionalProperties: false + properties: + HierarchyLevelArn: + $ref: '#/components/schemas/HierarchyLevelArn' + HierarchyLevelId: + $ref: '#/components/schemas/HierarchyLevelId' + Name: + $ref: '#/components/schemas/Name' + required: + - Name + UserHierarchyStructure: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + UserHierarchyStructureArn: + description: The identifier of the User Hierarchy Structure. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/user-hierarchy-structure + UserHierarchyStructure: + description: Information about the hierarchy structure. + type: object + additionalProperties: false + properties: + LevelOne: + $ref: '#/components/schemas/LevelOne' + LevelTwo: + $ref: '#/components/schemas/LevelTwo' + LevelThree: + $ref: '#/components/schemas/LevelThree' + LevelFour: + $ref: '#/components/schemas/LevelFour' + LevelFive: + $ref: '#/components/schemas/LevelFive' + required: + - InstanceArn + x-stackql-resource-name: user_hierarchy_structure + description: Resource Type definition for AWS::Connect::UserHierarchyStructure + x-type-name: AWS::Connect::UserHierarchyStructure + x-stackql-primary-identifier: + - UserHierarchyStructureArn + x-create-only-properties: + - InstanceArn + x-read-only-properties: + - UserHierarchyStructureArn + x-required-properties: + - InstanceArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - connect:UpdateUserHierarchyStructure + read: + - connect:DescribeUserHierarchyStructure + delete: + - connect:UpdateUserHierarchyStructure + update: + - connect:UpdateUserHierarchyStructure View: type: object properties: @@ -3499,7 +4060,6 @@ components: - ViewVersionArn x-create-only-properties: - ViewArn - - VersionDescription - ViewContentSha256 x-read-only-properties: - ViewVersionArn @@ -3521,6 +4081,77 @@ components: update: [] delete: - connect:DeleteViewVersion + CreateAgentStatusRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + AgentStatusArn: + description: The Amazon Resource Name (ARN) of the agent status. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/agent-state/[-a-zA-Z0-9]*$ + Description: + description: The description of the status. + type: string + minLength: 1 + maxLength: 250 + Name: + description: The name of the status. + type: string + minLength: 1 + maxLength: 127 + DisplayOrder: + description: The display order of the status. + type: integer + minimum: 1 + maximum: 50 + State: + type: string + description: The state of the status. + enum: + - ENABLED + - DISABLED + Type: + type: string + description: The type of agent status. + enum: + - ROUTABLE + - CUSTOM + - OFFLINE + ResetOrderNumber: + type: boolean + description: A number indicating the reset order of the agent status. + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + LastModifiedRegion: + description: Last modified region. + type: string + pattern: '[a-z]{2}(-[a-z]+){1,2}(-[0-9])?' + LastModifiedTime: + description: Last modified time. + type: number + x-stackQL-stringOnly: true + x-title: CreateAgentStatusRequest + type: object + required: [] CreateApprovedOriginRequest: properties: ClientToken: @@ -3600,6 +4231,7 @@ components: - OUTBOUND_WHISPER - AGENT_TRANSFER - QUEUE_TRANSFER + - CAMPAIGN Tags: description: One or more tags. type: array @@ -3673,6 +4305,59 @@ components: x-title: CreateContactFlowModuleRequest type: object required: [] + CreateEmailAddressRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:(aws|aws-us-gov):connect:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{1,20}:instance/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + minLength: 1 + maxLength: 250 + EmailAddressArn: + description: The identifier of the email address. + type: string + pattern: ^arn:(aws|aws-us-gov):connect:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{1,20}:instance/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/email-address/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + Description: + description: A description for the email address. + type: string + pattern: (^[\S].*[\S]$)|(^[\S]$) + minLength: 1 + maxLength: 250 + EmailAddress: + description: Email address to be created for this instance + type: string + pattern: ([^\s@]+@[^\s@]+\.[^\s@]+) + minLength: 1 + maxLength: 255 + DisplayName: + description: The display name for the email address. + type: string + pattern: (^[\S].*[\S]$)|(^[\S]$) + minLength: 0 + maxLength: 256 + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: One or more tags. + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateEmailAddressRequest + type: object + required: [] CreateEvaluationFormRequest: properties: ClientToken: @@ -3687,24 +4372,29 @@ components: type: object properties: Title: - description: The title of the evaluation form. + description: A title of the evaluation form. type: string minLength: 1 maxLength: 128 Description: - description: The description of the evaluation form. + description: |- + The description of the evaluation form. + *Length Constraints*: Minimum length of 0. Maximum length of 1024. type: string maxLength: 1024 EvaluationFormArn: - description: The Amazon Resource Name (ARN) for the evaluation form. + description: '' type: string pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/evaluation-form/[-a-zA-Z0-9]*$ InstanceArn: - description: The Amazon Resource Name (ARN) of the instance. + description: The identifier of the Amazon Connect instance. type: string pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ Items: - description: The list of evaluation form items. + description: |- + Items that are part of the evaluation form. The total number of sections and questions must not exceed 100 each. Questions must be contained in a section. + *Minimum size*: 1 + *Maximum size*: 100 type: array x-insertionOrder: true minItems: 1 @@ -3712,17 +4402,19 @@ components: items: $ref: '#/components/schemas/EvaluationFormBaseItem' ScoringStrategy: - description: The scoring strategy. + description: A scoring strategy of the evaluation form. $ref: '#/components/schemas/ScoringStrategy' Status: - description: The status of the evaluation form. + description: |- + The status of the evaluation form. + *Allowed values*: ``DRAFT`` | ``ACTIVE`` type: string default: DRAFT enum: - DRAFT - ACTIVE Tags: - description: One or more tags. + description: 'The tags used to organize, track, or control access for this resource. For example, { "tags": {"key1":"value1", "key2":"value2"} }.' type: array maxItems: 50 uniqueItems: true @@ -3783,6 +4475,13 @@ components: x-insertionOrder: false items: $ref: '#/components/schemas/Tag' + HoursOfOperationOverrides: + description: One or more hours of operation overrides assigned to an hour of operation. + type: array + maxItems: 50 + x-insertionOrder: false + items: + $ref: '#/components/schemas/HoursOfOperationOverride' x-stackQL-stringOnly: true x-title: CreateHoursOfOperationRequest type: object @@ -4040,6 +4739,9 @@ components: OutboundCallerConfig: description: The outbound caller ID name, number, and outbound whisper flow. $ref: '#/components/schemas/OutboundCallerConfig' + OutboundEmailConfig: + description: The outbound email address ID. + $ref: '#/components/schemas/OutboundEmailConfig' QueueArn: description: The Amazon Resource Name (ARN) for the queue. type: string @@ -4054,7 +4756,6 @@ components: description: The quick connects available to agents who are working the queue. type: array minItems: 1 - maxItems: 50 x-insertionOrder: false items: $ref: '#/components/schemas/QuickConnectArn' @@ -4213,7 +4914,7 @@ components: type: string pattern: ^[a-zA-Z0-9._-]{1,200}$ RuleArn: - description: The Amazon Resource Name (ARN) of the rule. + description: '' type: string pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/rule/[-a-zA-Z0-9]*$ InstanceArn: @@ -4221,22 +4922,24 @@ components: type: string pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ TriggerEventSource: - description: The event source that triggers the rule. + description: The event source to trigger the rule. $ref: '#/components/schemas/RuleTriggerEventSource' Function: - description: The conditions of a rule. + description: The conditions of the rule. type: string Actions: - description: The list of actions that will be executed when a rule is triggered. + description: A list of actions to be run when the rule is triggered. $ref: '#/components/schemas/Actions' PublishStatus: - description: The publish status of a rule, either draft or published. + description: |- + The publish status of the rule. + *Allowed values*: ``DRAFT`` | ``PUBLISHED`` type: string enum: - DRAFT - PUBLISHED Tags: - description: One or more tags. + description: 'The tags used to organize, track, or control access for this resource. For example, { "tags": {"key1":"value1", "key2":"value2"} }.' type: array maxItems: 50 uniqueItems: true @@ -4402,6 +5105,10 @@ components: description: The identifier of the contact flow. type: string pattern: ^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$ + SelfAssignContactFlowArn: + description: The identifier of the contact flow. + type: string + pattern: ^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$ Constraints: description: The constraints for the task template type: object @@ -4616,6 +5323,46 @@ components: x-title: CreateUserHierarchyGroupRequest type: object required: [] + CreateUserHierarchyStructureRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + InstanceArn: + description: The identifier of the Amazon Connect instance. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$ + UserHierarchyStructureArn: + description: The identifier of the User Hierarchy Structure. + type: string + pattern: ^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/user-hierarchy-structure + UserHierarchyStructure: + description: Information about the hierarchy structure. + type: object + additionalProperties: false + properties: + LevelOne: + $ref: '#/components/schemas/LevelOne' + LevelTwo: + $ref: '#/components/schemas/LevelTwo' + LevelThree: + $ref: '#/components/schemas/LevelThree' + LevelFour: + $ref: '#/components/schemas/LevelFour' + LevelFive: + $ref: '#/components/schemas/LevelFive' + x-stackQL-stringOnly: true + x-title: CreateUserHierarchyStructureRequest + type: object + required: [] CreateViewRequest: properties: ClientToken: @@ -4740,14 +5487,13 @@ components: description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: - approved_origins: - name: approved_origins - id: aws.connect.approved_origins - x-cfn-schema-name: ApprovedOrigin - x-cfn-type-name: AWS::Connect::ApprovedOrigin + agent_statuses: + name: agent_statuses + id: aws.connect.agent_statuses + x-cfn-schema-name: AgentStatus + x-cfn-type-name: AWS::Connect::AgentStatus x-identifiers: - - InstanceId - - Origin + - AgentStatusArn x-type: cloud_control methods: create_resource: @@ -4755,34 +5501,34 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ApprovedOrigin&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AgentStatus&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Connect::ApprovedOrigin" + "TypeName": "AWS::Connect::AgentStatus" } response: mediaType: application/json openAPIDocKey: '200' - delete_resource: + update_resource: operation: - $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Connect::ApprovedOrigin" + "TypeName": "AWS::Connect::AgentStatus" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/approved_origins/methods/create_resource' - delete: - - $ref: '#/components/x-stackQL-resources/approved_origins/methods/delete_resource' - update: [] + - $ref: '#/components/x-stackQL-resources/agent_statuses/methods/create_resource' + delete: [] + update: + - $ref: '#/components/x-stackQL-resources/agent_statuses/methods/update_resource' config: views: select: @@ -4791,24 +5537,42 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Origin') as origin, - JSON_EXTRACT(Properties, '$.InstanceId') as instance_id - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ApprovedOrigin' - AND data__Identifier = '|' + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.AgentStatusArn') as agent_status_arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.DisplayOrder') as display_order, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.ResetOrderNumber') as reset_order_number, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.LastModifiedRegion') as last_modified_region, + JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::AgentStatus' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Origin') as origin, - JSON_EXTRACT(detail.Properties, '$.InstanceId') as instance_id + JSON_EXTRACT(detail.Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(detail.Properties, '$.AgentStatusArn') as agent_status_arn, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.DisplayOrder') as display_order, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.ResetOrderNumber') as reset_order_number, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.LastModifiedRegion') as last_modified_region, + JSON_EXTRACT(detail.Properties, '$.LastModifiedTime') as last_modified_time FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Connect::ApprovedOrigin' - AND detail.data__TypeName = 'AWS::Connect::ApprovedOrigin' + WHERE listing.data__TypeName = 'AWS::Connect::AgentStatus' + AND detail.data__TypeName = 'AWS::Connect::AgentStatus' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -4816,18 +5580,225 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Origin') as origin, - json_extract_path_text(Properties, 'InstanceId') as instance_id - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ApprovedOrigin' - AND data__Identifier = '|' + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'AgentStatusArn') as agent_status_arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'DisplayOrder') as display_order, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'ResetOrderNumber') as reset_order_number, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'LastModifiedRegion') as last_modified_region, + json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::AgentStatus' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Origin') as origin, - json_extract_path_text(detail.Properties, 'InstanceId') as instance_id + json_extract_path_text(detail.Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(detail.Properties, 'AgentStatusArn') as agent_status_arn, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'DisplayOrder') as display_order, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'ResetOrderNumber') as reset_order_number, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'LastModifiedRegion') as last_modified_region, + json_extract_path_text(detail.Properties, 'LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Connect::AgentStatus' + AND detail.data__TypeName = 'AWS::Connect::AgentStatus' + AND listing.region = 'us-east-1' + agent_statuses_list_only: + name: agent_statuses_list_only + id: aws.connect.agent_statuses_list_only + x-cfn-schema-name: AgentStatus + x-cfn-type-name: AWS::Connect::AgentStatus + x-identifiers: + - AgentStatusArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AgentStatusArn') as agent_status_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::AgentStatus' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AgentStatusArn') as agent_status_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::AgentStatus' + AND region = 'us-east-1' + agent_status_tags: + name: agent_status_tags + id: aws.connect.agent_status_tags + x-cfn-schema-name: AgentStatus + x-cfn-type-name: AWS::Connect::AgentStatus + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(detail.Properties, '$.AgentStatusArn') as agent_status_arn, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.DisplayOrder') as display_order, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.ResetOrderNumber') as reset_order_number, + JSON_EXTRACT(detail.Properties, '$.LastModifiedRegion') as last_modified_region, + JSON_EXTRACT(detail.Properties, '$.LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Connect::AgentStatus' + AND detail.data__TypeName = 'AWS::Connect::AgentStatus' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(detail.Properties, 'AgentStatusArn') as agent_status_arn, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'DisplayOrder') as display_order, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'ResetOrderNumber') as reset_order_number, + json_extract_path_text(detail.Properties, 'LastModifiedRegion') as last_modified_region, + json_extract_path_text(detail.Properties, 'LastModifiedTime') as last_modified_time + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Connect::AgentStatus' + AND detail.data__TypeName = 'AWS::Connect::AgentStatus' + AND listing.region = 'us-east-1' + approved_origins: + name: approved_origins + id: aws.connect.approved_origins + x-cfn-schema-name: ApprovedOrigin + x-cfn-type-name: AWS::Connect::ApprovedOrigin + x-identifiers: + - InstanceId + - Origin + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ApprovedOrigin&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Connect::ApprovedOrigin" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Connect::ApprovedOrigin" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/approved_origins/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/approved_origins/methods/delete_resource' + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Origin') as origin, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ApprovedOrigin' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Origin') as origin, + JSON_EXTRACT(detail.Properties, '$.InstanceId') as instance_id + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Connect::ApprovedOrigin' + AND detail.data__TypeName = 'AWS::Connect::ApprovedOrigin' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Origin') as origin, + json_extract_path_text(Properties, 'InstanceId') as instance_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ApprovedOrigin' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Origin') as origin, + json_extract_path_text(detail.Properties, 'InstanceId') as instance_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -5094,7 +6065,226 @@ components: x-cfn-schema-name: ContactFlowModule x-cfn-type-name: AWS::Connect::ContactFlowModule x-identifiers: - - ContactFlowModuleArn + - ContactFlowModuleArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ContactFlowModule&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Connect::ContactFlowModule" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Connect::ContactFlowModule" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Connect::ContactFlowModule" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/contact_flow_modules/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/contact_flow_modules/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/contact_flow_modules/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.ContactFlowModuleArn') as contact_flow_module_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ContactFlowModule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(detail.Properties, '$.ContactFlowModuleArn') as contact_flow_module_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Content') as content, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Connect::ContactFlowModule' + AND detail.data__TypeName = 'AWS::Connect::ContactFlowModule' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'ContactFlowModuleArn') as contact_flow_module_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ContactFlowModule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(detail.Properties, 'ContactFlowModuleArn') as contact_flow_module_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Content') as content, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Connect::ContactFlowModule' + AND detail.data__TypeName = 'AWS::Connect::ContactFlowModule' + AND listing.region = 'us-east-1' + contact_flow_modules_list_only: + name: contact_flow_modules_list_only + id: aws.connect.contact_flow_modules_list_only + x-cfn-schema-name: ContactFlowModule + x-cfn-type-name: AWS::Connect::ContactFlowModule + x-identifiers: + - ContactFlowModuleArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ContactFlowModuleArn') as contact_flow_module_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::ContactFlowModule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ContactFlowModuleArn') as contact_flow_module_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::ContactFlowModule' + AND region = 'us-east-1' + contact_flow_module_tags: + name: contact_flow_module_tags + id: aws.connect.contact_flow_module_tags + x-cfn-schema-name: ContactFlowModule + x-cfn-type-name: AWS::Connect::ContactFlowModule + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(detail.Properties, '$.ContactFlowModuleArn') as contact_flow_module_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Content') as content, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.Status') as status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Connect::ContactFlowModule' + AND detail.data__TypeName = 'AWS::Connect::ContactFlowModule' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(detail.Properties, 'ContactFlowModuleArn') as contact_flow_module_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Content') as content, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'Status') as status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Connect::ContactFlowModule' + AND detail.data__TypeName = 'AWS::Connect::ContactFlowModule' + AND listing.region = 'us-east-1' + email_addresses: + name: email_addresses + id: aws.connect.email_addresses + x-cfn-schema-name: EmailAddress + x-cfn-type-name: AWS::Connect::EmailAddress + x-identifiers: + - EmailAddressArn x-type: cloud_control methods: create_resource: @@ -5102,12 +6292,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ContactFlowModule&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__EmailAddress&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Connect::ContactFlowModule" + "TypeName": "AWS::Connect::EmailAddress" } response: mediaType: application/json @@ -5119,7 +6309,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Connect::ContactFlowModule" + "TypeName": "AWS::Connect::EmailAddress" } response: mediaType: application/json @@ -5131,18 +6321,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Connect::ContactFlowModule" + "TypeName": "AWS::Connect::EmailAddress" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/contact_flow_modules/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/email_addresses/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/contact_flow_modules/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/email_addresses/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/contact_flow_modules/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/email_addresses/methods/update_resource' config: views: select: @@ -5152,15 +6342,13 @@ components: region, data__Identifier, JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, - JSON_EXTRACT(Properties, '$.ContactFlowModuleArn') as contact_flow_module_arn, - JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.EmailAddressArn') as email_address_arn, JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.State') as state, - JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.EmailAddress') as email_address, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ContactFlowModule' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::EmailAddress' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" @@ -5168,19 +6356,17 @@ components: SELECT detail.region, JSON_EXTRACT(detail.Properties, '$.InstanceArn') as instance_arn, - JSON_EXTRACT(detail.Properties, '$.ContactFlowModuleArn') as contact_flow_module_arn, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Content') as content, + JSON_EXTRACT(detail.Properties, '$.EmailAddressArn') as email_address_arn, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.State') as state, - JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.EmailAddress') as email_address, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Connect::ContactFlowModule' - AND detail.data__TypeName = 'AWS::Connect::ContactFlowModule' + WHERE listing.data__TypeName = 'AWS::Connect::EmailAddress' + AND detail.data__TypeName = 'AWS::Connect::EmailAddress' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -5189,15 +6375,13 @@ components: region, data__Identifier, json_extract_path_text(Properties, 'InstanceArn') as instance_arn, - json_extract_path_text(Properties, 'ContactFlowModuleArn') as contact_flow_module_arn, - json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'EmailAddressArn') as email_address_arn, json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'State') as state, - json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'EmailAddress') as email_address, + json_extract_path_text(Properties, 'DisplayName') as display_name, json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::ContactFlowModule' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::EmailAddress' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -5205,27 +6389,25 @@ components: SELECT detail.region, json_extract_path_text(detail.Properties, 'InstanceArn') as instance_arn, - json_extract_path_text(detail.Properties, 'ContactFlowModuleArn') as contact_flow_module_arn, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Content') as content, + json_extract_path_text(detail.Properties, 'EmailAddressArn') as email_address_arn, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'State') as state, - json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'EmailAddress') as email_address, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Connect::ContactFlowModule' - AND detail.data__TypeName = 'AWS::Connect::ContactFlowModule' + WHERE listing.data__TypeName = 'AWS::Connect::EmailAddress' + AND detail.data__TypeName = 'AWS::Connect::EmailAddress' AND listing.region = 'us-east-1' - contact_flow_modules_list_only: - name: contact_flow_modules_list_only - id: aws.connect.contact_flow_modules_list_only - x-cfn-schema-name: ContactFlowModule - x-cfn-type-name: AWS::Connect::ContactFlowModule + email_addresses_list_only: + name: email_addresses_list_only + id: aws.connect.email_addresses_list_only + x-cfn-schema-name: EmailAddress + x-cfn-type-name: AWS::Connect::EmailAddress x-identifiers: - - ContactFlowModuleArn + - EmailAddressArn x-type: cloud_control_view methods: {} sqlVerbs: @@ -5239,22 +6421,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.ContactFlowModuleArn') as contact_flow_module_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::ContactFlowModule' + JSON_EXTRACT(Properties, '$.EmailAddressArn') as email_address_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::EmailAddress' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'ContactFlowModuleArn') as contact_flow_module_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::ContactFlowModule' + json_extract_path_text(Properties, 'EmailAddressArn') as email_address_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Connect::EmailAddress' AND region = 'us-east-1' - contact_flow_module_tags: - name: contact_flow_module_tags - id: aws.connect.contact_flow_module_tags - x-cfn-schema-name: ContactFlowModule - x-cfn-type-name: AWS::Connect::ContactFlowModule + email_address_tags: + name: email_address_tags + id: aws.connect.email_address_tags + x-cfn-schema-name: EmailAddress + x-cfn-type-name: AWS::Connect::EmailAddress x-type: cloud_control_view methods: {} sqlVerbs: @@ -5271,19 +6453,17 @@ components: JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.InstanceArn') as instance_arn, - JSON_EXTRACT(detail.Properties, '$.ContactFlowModuleArn') as contact_flow_module_arn, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Content') as content, + JSON_EXTRACT(detail.Properties, '$.EmailAddressArn') as email_address_arn, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.State') as state, - JSON_EXTRACT(detail.Properties, '$.Status') as status + JSON_EXTRACT(detail.Properties, '$.EmailAddress') as email_address, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::Connect::ContactFlowModule' - AND detail.data__TypeName = 'AWS::Connect::ContactFlowModule' + WHERE listing.data__TypeName = 'AWS::Connect::EmailAddress' + AND detail.data__TypeName = 'AWS::Connect::EmailAddress' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -5293,19 +6473,17 @@ components: json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'InstanceArn') as instance_arn, - json_extract_path_text(detail.Properties, 'ContactFlowModuleArn') as contact_flow_module_arn, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Content') as content, + json_extract_path_text(detail.Properties, 'EmailAddressArn') as email_address_arn, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'State') as state, - json_extract_path_text(detail.Properties, 'Status') as status + json_extract_path_text(detail.Properties, 'EmailAddress') as email_address, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::Connect::ContactFlowModule' - AND detail.data__TypeName = 'AWS::Connect::ContactFlowModule' + WHERE listing.data__TypeName = 'AWS::Connect::EmailAddress' + AND detail.data__TypeName = 'AWS::Connect::EmailAddress' AND listing.region = 'us-east-1' evaluation_forms: name: evaluation_forms @@ -5595,7 +6773,8 @@ components: JSON_EXTRACT(Properties, '$.TimeZone') as time_zone, JSON_EXTRACT(Properties, '$.Config') as config, JSON_EXTRACT(Properties, '$.HoursOfOperationArn') as hours_of_operation_arn, - JSON_EXTRACT(Properties, '$.Tags') as tags + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.HoursOfOperationOverrides') as hours_of_operation_overrides FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::HoursOfOperation' AND data__Identifier = '' AND region = 'us-east-1' @@ -5610,7 +6789,8 @@ components: JSON_EXTRACT(detail.Properties, '$.TimeZone') as time_zone, JSON_EXTRACT(detail.Properties, '$.Config') as config, JSON_EXTRACT(detail.Properties, '$.HoursOfOperationArn') as hours_of_operation_arn, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.HoursOfOperationOverrides') as hours_of_operation_overrides FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -5630,7 +6810,8 @@ components: json_extract_path_text(Properties, 'TimeZone') as time_zone, json_extract_path_text(Properties, 'Config') as config, json_extract_path_text(Properties, 'HoursOfOperationArn') as hours_of_operation_arn, - json_extract_path_text(Properties, 'Tags') as tags + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'HoursOfOperationOverrides') as hours_of_operation_overrides FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::HoursOfOperation' AND data__Identifier = '' AND region = 'us-east-1' @@ -5645,7 +6826,8 @@ components: json_extract_path_text(detail.Properties, 'TimeZone') as time_zone, json_extract_path_text(detail.Properties, 'Config') as config, json_extract_path_text(detail.Properties, 'HoursOfOperationArn') as hours_of_operation_arn, - json_extract_path_text(detail.Properties, 'Tags') as tags + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'HoursOfOperationOverrides') as hours_of_operation_overrides FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -5709,7 +6891,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.TimeZone') as time_zone, JSON_EXTRACT(detail.Properties, '$.Config') as config, - JSON_EXTRACT(detail.Properties, '$.HoursOfOperationArn') as hours_of_operation_arn + JSON_EXTRACT(detail.Properties, '$.HoursOfOperationArn') as hours_of_operation_arn, + JSON_EXTRACT(detail.Properties, '$.HoursOfOperationOverrides') as hours_of_operation_overrides FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -5730,7 +6913,8 @@ components: json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'TimeZone') as time_zone, json_extract_path_text(detail.Properties, 'Config') as config, - json_extract_path_text(detail.Properties, 'HoursOfOperationArn') as hours_of_operation_arn + json_extract_path_text(detail.Properties, 'HoursOfOperationArn') as hours_of_operation_arn, + json_extract_path_text(detail.Properties, 'HoursOfOperationOverrides') as hours_of_operation_overrides FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -6711,6 +7895,7 @@ components: JSON_EXTRACT(Properties, '$.MaxContacts') as max_contacts, JSON_EXTRACT(Properties, '$.Name') as name, JSON_EXTRACT(Properties, '$.OutboundCallerConfig') as outbound_caller_config, + JSON_EXTRACT(Properties, '$.OutboundEmailConfig') as outbound_email_config, JSON_EXTRACT(Properties, '$.QueueArn') as queue_arn, JSON_EXTRACT(Properties, '$.Status') as status, JSON_EXTRACT(Properties, '$.QuickConnectArns') as quick_connect_arns, @@ -6730,6 +7915,7 @@ components: JSON_EXTRACT(detail.Properties, '$.MaxContacts') as max_contacts, JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.OutboundCallerConfig') as outbound_caller_config, + JSON_EXTRACT(detail.Properties, '$.OutboundEmailConfig') as outbound_email_config, JSON_EXTRACT(detail.Properties, '$.QueueArn') as queue_arn, JSON_EXTRACT(detail.Properties, '$.Status') as status, JSON_EXTRACT(detail.Properties, '$.QuickConnectArns') as quick_connect_arns, @@ -6754,6 +7940,7 @@ components: json_extract_path_text(Properties, 'MaxContacts') as max_contacts, json_extract_path_text(Properties, 'Name') as name, json_extract_path_text(Properties, 'OutboundCallerConfig') as outbound_caller_config, + json_extract_path_text(Properties, 'OutboundEmailConfig') as outbound_email_config, json_extract_path_text(Properties, 'QueueArn') as queue_arn, json_extract_path_text(Properties, 'Status') as status, json_extract_path_text(Properties, 'QuickConnectArns') as quick_connect_arns, @@ -6773,6 +7960,7 @@ components: json_extract_path_text(detail.Properties, 'MaxContacts') as max_contacts, json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'OutboundCallerConfig') as outbound_caller_config, + json_extract_path_text(detail.Properties, 'OutboundEmailConfig') as outbound_email_config, json_extract_path_text(detail.Properties, 'QueueArn') as queue_arn, json_extract_path_text(detail.Properties, 'Status') as status, json_extract_path_text(detail.Properties, 'QuickConnectArns') as quick_connect_arns, @@ -6842,6 +8030,7 @@ components: JSON_EXTRACT(detail.Properties, '$.MaxContacts') as max_contacts, JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.OutboundCallerConfig') as outbound_caller_config, + JSON_EXTRACT(detail.Properties, '$.OutboundEmailConfig') as outbound_email_config, JSON_EXTRACT(detail.Properties, '$.QueueArn') as queue_arn, JSON_EXTRACT(detail.Properties, '$.Status') as status, JSON_EXTRACT(detail.Properties, '$.QuickConnectArns') as quick_connect_arns, @@ -6867,6 +8056,7 @@ components: json_extract_path_text(detail.Properties, 'MaxContacts') as max_contacts, json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'OutboundCallerConfig') as outbound_caller_config, + json_extract_path_text(detail.Properties, 'OutboundEmailConfig') as outbound_email_config, json_extract_path_text(detail.Properties, 'QueueArn') as queue_arn, json_extract_path_text(detail.Properties, 'Status') as status, json_extract_path_text(detail.Properties, 'QuickConnectArns') as quick_connect_arns, @@ -7858,6 +9048,7 @@ components: JSON_EXTRACT(Properties, '$.Name') as name, JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.ContactFlowArn') as contact_flow_arn, + JSON_EXTRACT(Properties, '$.SelfAssignContactFlowArn') as self_assign_contact_flow_arn, JSON_EXTRACT(Properties, '$.Constraints') as constraints, JSON_EXTRACT(Properties, '$.Defaults') as defaults, JSON_EXTRACT(Properties, '$.Fields') as fields, @@ -7877,6 +9068,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.ContactFlowArn') as contact_flow_arn, + JSON_EXTRACT(detail.Properties, '$.SelfAssignContactFlowArn') as self_assign_contact_flow_arn, JSON_EXTRACT(detail.Properties, '$.Constraints') as constraints, JSON_EXTRACT(detail.Properties, '$.Defaults') as defaults, JSON_EXTRACT(detail.Properties, '$.Fields') as fields, @@ -7901,6 +9093,7 @@ components: json_extract_path_text(Properties, 'Name') as name, json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'ContactFlowArn') as contact_flow_arn, + json_extract_path_text(Properties, 'SelfAssignContactFlowArn') as self_assign_contact_flow_arn, json_extract_path_text(Properties, 'Constraints') as constraints, json_extract_path_text(Properties, 'Defaults') as defaults, json_extract_path_text(Properties, 'Fields') as fields, @@ -7920,6 +9113,7 @@ components: json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'ContactFlowArn') as contact_flow_arn, + json_extract_path_text(detail.Properties, 'SelfAssignContactFlowArn') as self_assign_contact_flow_arn, json_extract_path_text(detail.Properties, 'Constraints') as constraints, json_extract_path_text(detail.Properties, 'Defaults') as defaults, json_extract_path_text(detail.Properties, 'Fields') as fields, @@ -7989,6 +9183,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.ContactFlowArn') as contact_flow_arn, + JSON_EXTRACT(detail.Properties, '$.SelfAssignContactFlowArn') as self_assign_contact_flow_arn, JSON_EXTRACT(detail.Properties, '$.Constraints') as constraints, JSON_EXTRACT(detail.Properties, '$.Defaults') as defaults, JSON_EXTRACT(detail.Properties, '$.Fields') as fields, @@ -8014,6 +9209,7 @@ components: json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'ContactFlowArn') as contact_flow_arn, + json_extract_path_text(detail.Properties, 'SelfAssignContactFlowArn') as self_assign_contact_flow_arn, json_extract_path_text(detail.Properties, 'Constraints') as constraints, json_extract_path_text(detail.Properties, 'Defaults') as defaults, json_extract_path_text(detail.Properties, 'Fields') as fields, @@ -8684,6 +9880,87 @@ components: WHERE listing.data__TypeName = 'AWS::Connect::UserHierarchyGroup' AND detail.data__TypeName = 'AWS::Connect::UserHierarchyGroup' AND listing.region = 'us-east-1' + user_hierarchy_structures: + name: user_hierarchy_structures + id: aws.connect.user_hierarchy_structures + x-cfn-schema-name: UserHierarchyStructure + x-cfn-type-name: AWS::Connect::UserHierarchyStructure + x-identifiers: + - UserHierarchyStructureArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__UserHierarchyStructure&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Connect::UserHierarchyStructure" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Connect::UserHierarchyStructure" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Connect::UserHierarchyStructure" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/user_hierarchy_structures/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/user_hierarchy_structures/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/user_hierarchy_structures/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InstanceArn') as instance_arn, + JSON_EXTRACT(Properties, '$.UserHierarchyStructureArn') as user_hierarchy_structure_arn, + JSON_EXTRACT(Properties, '$.UserHierarchyStructure') as user_hierarchy_structure + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::UserHierarchyStructure' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InstanceArn') as instance_arn, + json_extract_path_text(Properties, 'UserHierarchyStructureArn') as user_hierarchy_structure_arn, + json_extract_path_text(Properties, 'UserHierarchyStructure') as user_hierarchy_structure + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Connect::UserHierarchyStructure' + AND data__Identifier = '' + AND region = 'us-east-1' views: name: views id: aws.connect.views @@ -9189,6 +10466,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' description: Success + /?Action=CreateResource&Version=2021-09-30&__AgentStatus&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateAgentStatus + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateAgentStatusRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__ApprovedOrigin&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -9315,6 +10634,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__EmailAddress&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateEmailAddress + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateEmailAddressRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__EvaluationForm&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -10029,6 +11390,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__UserHierarchyStructure&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateUserHierarchyStructure + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateUserHierarchyStructureRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__View&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/connectcampaigns.yaml b/providers/src/aws/v00.00.00000/services/connectcampaigns.yaml index 63d90c4f..d7ee01bd 100644 --- a/providers/src/aws/v00.00.00000/services/connectcampaigns.yaml +++ b/providers/src/aws/v00.00.00000/services/connectcampaigns.yaml @@ -560,6 +560,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - connect-campaigns:UntagResource + - connect-campaigns:TagResource x-required-permissions: create: - connect-campaigns:CreateCampaign diff --git a/providers/src/aws/v00.00.00000/services/connectcampaignsv2.yaml b/providers/src/aws/v00.00.00000/services/connectcampaignsv2.yaml new file mode 100644 index 00000000..3ada9b89 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/connectcampaignsv2.yaml @@ -0,0 +1,1431 @@ +openapi: 3.0.0 +info: + title: ConnectCampaignsV2 + version: 2.0.0 + x-serviceName: cloudcontrolapi +servers: + - url: https://cloudcontrolapi.{region}.amazonaws.com + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The CloudControlApi multi-region endpoint + - url: https://cloudcontrolapi.{region}.amazonaws.com.cn + variables: + region: + description: The AWS region + enum: + - cn-north-1 + - cn-northwest-1 + default: cn-north-1 + description: The CloudControlApi endpoint for China (Beijing) and China (Ningxia) +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + x-cloud-control-schemas: + AlreadyExistsException: {} + CancelResourceRequestInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: CancelResourceRequestInput + type: object + CancelResourceRequestOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + ClientToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + ClientTokenConflictException: {} + ConcurrentModificationException: {} + ConcurrentOperationException: {} + CreateResourceInput: + properties: + ClientToken: + type: string + DesiredState: + allOf: + - $ref: '#/components/x-cloud-control-schemas/Properties' + - description: >- +

Structured data format representing the desired state of the resource, consisting of that resource's properties and their desired values.

Cloud Control API currently supports JSON as a structured data format.

 
 <p>Specify the desired state as one of the following:</p> <ul> <li> <p>A JSON blob</p> </li> <li> <p>A local path containing the desired state in JSON data format</p>
+                </li> </ul> <p>For more information, see <a href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-create.html#resource-operations-create-desiredstate">Composing the desired state of the resource</a> in the <i>Amazon Web Services Cloud Control API User Guide</i>.</p> <p>For more information about the properties of a specific resource, refer to the related topic for the resource in the
+                <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Resource and property types reference</a> in the <i>CloudFormation Users Guide</i>.</p>
+ RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - DesiredState + title: CreateResourceInput + type: object + CreateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + DeleteResourceInput: + properties: + ClientToken: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - Identifier + title: DeleteResourceInput + type: object + DeleteResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + GeneralServiceException: {} + GetResourceInput: + properties: + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + required: + - TypeName + - Identifier + title: GetResourceInput + type: object + GetResourceOutput: + properties: + ResourceDescription: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + TypeName: + type: string + type: object + GetResourceRequestStatusInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: GetResourceRequestStatusInput + type: object + GetResourceRequestStatusOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + HandlerErrorCode: + enum: + - NotUpdatable + - InvalidRequest + - AccessDenied + - InvalidCredentials + - AlreadyExists + - NotFound + - ResourceConflict + - Throttling + - ServiceLimitExceeded + - NotStabilized + - GeneralServiceException + - ServiceInternalError + - ServiceTimeout + - NetworkFailure + - InternalFailure + type: string + HandlerFailureException: {} + HandlerInternalFailureException: {} + HandlerNextToken: + maxLength: 2048 + minLength: 1 + pattern: .+ + type: string + Identifier: + maxLength: 1024 + minLength: 1 + pattern: .+ + type: string + InvalidCredentialsException: {} + InvalidRequestException: {} + MaxResults: + maximum: 100 + minimum: 1 + type: integer + NetworkFailureException: {} + NextToken: + maxLength: 2048 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + NotStabilizedException: {} + NotUpdatableException: {} + Operation: + enum: + - CREATE + - DELETE + - UPDATE + type: string + OperationStatus: + enum: + - PENDING + - IN_PROGRESS + - SUCCESS + - FAILED + - CANCEL_IN_PROGRESS + - CANCEL_COMPLETE + type: string + OperationStatuses: + items: + $ref: '#/components/x-cloud-control-schemas/OperationStatus' + type: array + Operations: + items: + $ref: '#/components/x-cloud-control-schemas/Operation' + type: array + PatchDocument: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + PrivateTypeException: {} + ProgressEvent: + example: + ErrorCode: string + EventTime: number + Identifier: string + Operation: string + OperationStatus: string + RequestToken: string + ResourceModel: string + RetryAfter: number + StatusMessage: string + TypeName: string + properties: + ErrorCode: + type: string + EventTime: + type: number + Identifier: + type: string + Operation: + type: string + OperationStatus: + type: string + RequestToken: + type: string + ResourceModel: + type: string + RetryAfter: + type: number + StatusMessage: + type: string + TypeName: + type: string + type: object + Properties: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + RequestToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + RequestTokenNotFoundException: {} + ResourceConflictException: {} + ResourceDescription: + description: Represents information about a provisioned resource. + properties: + Identifier: + type: string + Properties: + type: string + type: object + ResourceDescriptions: + items: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + type: array + ResourceNotFoundException: {} + ResourceRequestStatusFilter: + description: The filter criteria to use in determining the requests returned. + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/OperationStatuses' + - description: >- +

The operation statuses to include in the filter.

  • PENDING: The operation has been requested, but not yet initiated.

  • IN_PROGRESS: The operation is in progress.

  • SUCCESS: The operation completed.

  • FAILED: The operation failed.

  • CANCEL_IN_PROGRESS: The operation is in the process of being canceled.

  • + CANCEL_COMPLETE: The operation has been canceled.

+ type: object + ResourceRequestStatusSummaries: + items: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: array + RoleArn: + maxLength: 2048 + minLength: 20 + pattern: arn:.+:iam::[0-9]{12}:role/.+ + type: string + ServiceInternalErrorException: {} + ServiceLimitExceededException: {} + StatusMessage: + maxLength: 1024 + minLength: 0 + pattern: '[\s\S]*' + type: string + ThrottlingException: {} + Timestamp: + format: date-time + type: string + TypeName: + maxLength: 196 + minLength: 10 + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}' + type: string + TypeNotFoundException: {} + TypeVersionId: + maxLength: 128 + minLength: 1 + pattern: '[A-Za-z0-9-]+' + type: string + UnsupportedActionException: {} + UpdateResourceInput: + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/PatchDocument' + required: + - Identifier + - PatchDocument + title: UpdateResourceInput + type: object + UpdateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + schemas: + CampaignName: + type: string + maxLength: 127 + minLength: 1 + description: Campaign name + InstanceId: + type: string + maxLength: 256 + minLength: 0 + description: Amazon Connect Instance Id + pattern: ^[a-zA-Z0-9_\-.]*$ + Capacity: + type: number + maximum: 1 + minimum: 0.01 + description: Allocates outbound capacity for the specific channel of this campaign between multiple active campaigns + QueueId: + type: string + maxLength: 500 + description: The queue for the call + ContactFlowId: + type: string + maxLength: 500 + description: The identifier of the contact flow for the outbound call + SourcePhoneNumber: + type: string + maxLength: 100 + description: The phone number associated with the Amazon Connect instance, in E.164 format. If you do not specify a source phone number, you must specify a queue. + Arn: + type: string + maxLength: 500 + minLength: 20 + description: Arn + pattern: ^arn:.*$ + EmailAddress: + type: string + maxLength: 255 + minLength: 1 + description: Email address used for Email messages + pattern: ^[\w-\.\+]+@([\w-]+\.)+[\w-]{2,4}$ + SourceEmailAddressDisplayName: + type: string + maxLength: 127 + minLength: 1 + description: The name of the source email address display name + BandwidthAllocation: + type: number + maximum: 1 + minimum: 0 + description: The bandwidth allocation of a queue resource. + TimeStamp: + type: string + description: Timestamp with no UTC offset or timezone + maxLength: 100 + TimeZone: + type: string + description: Time Zone Id in the IANA format + Iso8601Duration: + type: string + description: Time duration in ISO 8601 format + maxLength: 50 + minLength: 0 + pattern: ^[a-zA-Z0-9.]*$ + Iso8601Date: + type: string + description: Date in ISO 8601 format, e.g. 2024-01-01 + pattern: ^\d{4}-\d{2}-\d{2}$ + Iso8601Time: + type: string + description: Time in ISO 8601 format, e.g. T23:11 + pattern: ^T\d{2}:\d{2}$ + DayOfWeek: + type: string + description: Day of week + enum: + - MONDAY + - TUESDAY + - WEDNESDAY + - THURSDAY + - FRIDAY + - SATURDAY + - SUNDAY + PredictiveConfig: + type: object + description: Predictive config + properties: + BandwidthAllocation: + $ref: '#/components/schemas/BandwidthAllocation' + required: + - BandwidthAllocation + additionalProperties: false + ProgressiveConfig: + type: object + description: Progressive config + properties: + BandwidthAllocation: + $ref: '#/components/schemas/BandwidthAllocation' + required: + - BandwidthAllocation + additionalProperties: false + AgentlessConfig: + type: object + description: Agentless config + required: [] + additionalProperties: false + TelephonyOutboundMode: + type: object + description: Telephony Outbound Mode + properties: + ProgressiveConfig: + $ref: '#/components/schemas/ProgressiveConfig' + PredictiveConfig: + $ref: '#/components/schemas/PredictiveConfig' + AgentlessConfig: + $ref: '#/components/schemas/AgentlessConfig' + oneOf: + - required: + - ProgressiveConfig + - required: + - PredictiveConfig + - required: + - AgentlessConfig + additionalProperties: false + AnswerMachineDetectionConfig: + type: object + description: The configuration used for answering machine detection during outbound calls + properties: + EnableAnswerMachineDetection: + type: boolean + description: Flag to decided whether outbound calls should have answering machine detection enabled or not + AwaitAnswerMachinePrompt: + type: boolean + description: Enables detection of prompts (e.g., beep after after a voicemail greeting) + required: + - EnableAnswerMachineDetection + additionalProperties: false + TelephonyOutboundConfig: + type: object + description: Default Telephone Outbound config + properties: + ConnectContactFlowId: + $ref: '#/components/schemas/ContactFlowId' + ConnectSourcePhoneNumber: + $ref: '#/components/schemas/SourcePhoneNumber' + AnswerMachineDetectionConfig: + $ref: '#/components/schemas/AnswerMachineDetectionConfig' + required: + - ConnectContactFlowId + additionalProperties: false + TelephonyChannelSubtypeConfig: + type: object + description: Telephony Channel Subtype config + properties: + Capacity: + $ref: '#/components/schemas/Capacity' + ConnectQueueId: + $ref: '#/components/schemas/QueueId' + OutboundMode: + $ref: '#/components/schemas/TelephonyOutboundMode' + DefaultOutboundConfig: + $ref: '#/components/schemas/TelephonyOutboundConfig' + required: + - OutboundMode + - DefaultOutboundConfig + additionalProperties: false + SmsOutboundMode: + type: object + description: SMS Outbound Mode + properties: + AgentlessConfig: + $ref: '#/components/schemas/AgentlessConfig' + additionalProperties: false + SmsOutboundConfig: + type: object + description: Default SMS outbound config + properties: + ConnectSourcePhoneNumberArn: + $ref: '#/components/schemas/Arn' + WisdomTemplateArn: + $ref: '#/components/schemas/Arn' + required: + - ConnectSourcePhoneNumberArn + - WisdomTemplateArn + additionalProperties: false + SmsChannelSubtypeConfig: + type: object + description: SMS Channel Subtype config + properties: + Capacity: + $ref: '#/components/schemas/Capacity' + OutboundMode: + $ref: '#/components/schemas/SmsOutboundMode' + DefaultOutboundConfig: + $ref: '#/components/schemas/SmsOutboundConfig' + required: + - OutboundMode + - DefaultOutboundConfig + additionalProperties: false + EmailOutboundMode: + type: object + description: Email Outbound Mode + properties: + AgentlessConfig: + $ref: '#/components/schemas/AgentlessConfig' + additionalProperties: false + EmailOutboundConfig: + type: object + description: Default SMS outbound config + properties: + ConnectSourceEmailAddress: + $ref: '#/components/schemas/EmailAddress' + SourceEmailAddressDisplayName: + $ref: '#/components/schemas/SourceEmailAddressDisplayName' + WisdomTemplateArn: + $ref: '#/components/schemas/Arn' + required: + - ConnectSourceEmailAddress + - WisdomTemplateArn + additionalProperties: false + EmailChannelSubtypeConfig: + type: object + description: Email Channel Subtype config + properties: + Capacity: + $ref: '#/components/schemas/Capacity' + OutboundMode: + $ref: '#/components/schemas/EmailOutboundMode' + DefaultOutboundConfig: + $ref: '#/components/schemas/EmailOutboundConfig' + required: + - OutboundMode + - DefaultOutboundConfig + additionalProperties: false + ChannelSubtypeConfig: + type: object + description: The possible types of channel subtype config parameters + properties: + Telephony: + $ref: '#/components/schemas/TelephonyChannelSubtypeConfig' + Sms: + $ref: '#/components/schemas/SmsChannelSubtypeConfig' + Email: + $ref: '#/components/schemas/EmailChannelSubtypeConfig' + anyOf: + - required: + - Telephony + - required: + - Sms + - required: + - Email + additionalProperties: false + Source: + type: object + description: The possible source of the campaign + properties: + CustomerProfilesSegmentArn: + $ref: '#/components/schemas/Arn' + EventTrigger: + $ref: '#/components/schemas/EventTrigger' + oneOf: + - required: + - CustomerProfilesSegmentArn + - required: + - EventTrigger + additionalProperties: false + EventTrigger: + type: object + description: The event trigger of the campaign + properties: + CustomerProfilesDomainArn: + $ref: '#/components/schemas/Arn' + additionalProperties: false + TimeRange: + type: object + description: Time range in 24 hour format + properties: + StartTime: + $ref: '#/components/schemas/Iso8601Time' + EndTime: + $ref: '#/components/schemas/Iso8601Time' + required: + - StartTime + - EndTime + additionalProperties: false + TimeRangeList: + type: array + description: List of time range + items: + $ref: '#/components/schemas/TimeRange' + x-insertionOrder: false + DailyHour: + type: object + description: Daily Hour + properties: + Key: + $ref: '#/components/schemas/DayOfWeek' + Value: + $ref: '#/components/schemas/TimeRangeList' + additionalProperties: false + DailyHours: + type: array + uniqueItems: true + x-insertionOrder: false + description: Daily Hours map + items: + $ref: '#/components/schemas/DailyHour' + OpenHours: + type: object + description: Open Hours config + properties: + DailyHours: + $ref: '#/components/schemas/DailyHours' + required: + - DailyHours + additionalProperties: false + RestrictedPeriod: + type: object + description: Restricted period + properties: + Name: + type: string + maxLength: 127 + description: The name of a restricted period + StartDate: + $ref: '#/components/schemas/Iso8601Date' + EndDate: + $ref: '#/components/schemas/Iso8601Date' + required: + - StartDate + - EndDate + additionalProperties: false + RestrictedPeriodList: + type: array + description: List of restricted period + items: + $ref: '#/components/schemas/RestrictedPeriod' + x-insertionOrder: false + RestrictedPeriods: + type: object + description: Restricted period config + properties: + RestrictedPeriodList: + $ref: '#/components/schemas/RestrictedPeriodList' + oneOf: + - required: + - RestrictedPeriodList + additionalProperties: false + TimeWindow: + type: object + description: Time window config + properties: + OpenHours: + $ref: '#/components/schemas/OpenHours' + RestrictedPeriods: + $ref: '#/components/schemas/RestrictedPeriods' + required: + - OpenHours + additionalProperties: false + Schedule: + type: object + description: Campaign schedule + properties: + StartTime: + $ref: '#/components/schemas/TimeStamp' + EndTime: + $ref: '#/components/schemas/TimeStamp' + RefreshFrequency: + $ref: '#/components/schemas/Iso8601Duration' + required: + - StartTime + - EndTime + additionalProperties: false + LocalTimeZoneDetectionType: + type: string + description: Local TimeZone Detection method + enum: + - ZIP_CODE + - AREA_CODE + LocalTimeZoneDetection: + type: array + description: Local TimeZone Detection method list + items: + $ref: '#/components/schemas/LocalTimeZoneDetectionType' + x-insertionOrder: false + LocalTimeZoneConfig: + type: object + description: Local time zone config + properties: + DefaultTimeZone: + $ref: '#/components/schemas/TimeZone' + LocalTimeZoneDetection: + $ref: '#/components/schemas/LocalTimeZoneDetection' + additionalProperties: false + CommunicationTimeConfig: + type: object + description: Campaign communication time config + properties: + LocalTimeZoneConfig: + $ref: '#/components/schemas/LocalTimeZoneConfig' + Telephony: + $ref: '#/components/schemas/TimeWindow' + Sms: + $ref: '#/components/schemas/TimeWindow' + Email: + $ref: '#/components/schemas/TimeWindow' + required: + - LocalTimeZoneConfig + additionalProperties: false + CommunicationLimitTimeUnit: + type: string + description: The communication limit time unit + enum: + - DAY + CommunicationLimit: + type: object + description: Communication Limit + properties: + MaxCountPerRecipient: + type: integer + minimum: 1 + Frequency: + type: integer + minimum: 1 + Unit: + $ref: '#/components/schemas/CommunicationLimitTimeUnit' + required: + - MaxCountPerRecipient + - Frequency + - Unit + additionalProperties: false + CommunicationLimitList: + type: array + description: List of communication limit + items: + $ref: '#/components/schemas/CommunicationLimit' + x-insertionOrder: false + CommunicationLimits: + type: object + description: Communication limits + properties: + CommunicationLimitList: + $ref: '#/components/schemas/CommunicationLimitList' + additionalProperties: false + CommunicationLimitsConfig: + type: object + description: Communication limits config + properties: + AllChannelsSubtypes: + $ref: '#/components/schemas/CommunicationLimits' + additionalProperties: false + Tag: + type: object + properties: + Key: + type: string + description: The key name of the tag. + Value: + type: string + description: The value for the tag. + required: + - Key + - Value + additionalProperties: false + Campaign: + type: object + properties: + Arn: + type: string + maxLength: 256 + minLength: 0 + description: Amazon Connect Campaign Arn + pattern: ^arn:aws[-a-z0-9]*:connect-campaigns:[-a-z0-9]*:[0-9]{12}:campaign/[-a-zA-Z0-9]*$ + Name: + $ref: '#/components/schemas/CampaignName' + ConnectInstanceId: + $ref: '#/components/schemas/InstanceId' + ChannelSubtypeConfig: + $ref: '#/components/schemas/ChannelSubtypeConfig' + Source: + $ref: '#/components/schemas/Source' + ConnectCampaignFlowArn: + $ref: '#/components/schemas/Arn' + Schedule: + $ref: '#/components/schemas/Schedule' + CommunicationTimeConfig: + $ref: '#/components/schemas/CommunicationTimeConfig' + CommunicationLimitsOverride: + $ref: '#/components/schemas/CommunicationLimitsConfig' + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: One or more tags. + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - ConnectInstanceId + - ChannelSubtypeConfig + x-stackql-resource-name: campaign + description: Definition of AWS::ConnectCampaignsV2::Campaign Resource Type + x-type-name: AWS::ConnectCampaignsV2::Campaign + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - ConnectInstanceId + x-read-only-properties: + - Arn + x-required-properties: + - Name + - ConnectInstanceId + - ChannelSubtypeConfig + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - connect-campaigns:UntagResource + - connect-campaigns:TagResource + x-required-permissions: + create: + - connect-campaigns:CreateCampaign + - connect-campaigns:DescribeCampaign + - connect-campaigns:TagResource + - connect:DescribeContactFlow + - connect:DescribeEmailAddress + - connect:DescribeInstance + - connect:DescribePhoneNumber + - connect:DescribeQueue + - profile:GetSegmentDefinition + - wisdom:GetMessageTemplate + read: + - connect-campaigns:DescribeCampaign + delete: + - connect-campaigns:DeleteCampaign + - connect-campaigns:DeleteCampaignChannelSubtypeConfig + - connect-campaigns:DeleteCampaignCommunicationLimits + - connect-campaigns:DeleteCampaignCommunicationTime + list: + - connect-campaigns:ListCampaigns + update: + - connect-campaigns:DeleteCampaignChannelSubtypeConfig + - connect-campaigns:DeleteCampaignCommunicationLimits + - connect-campaigns:DeleteCampaignCommunicationTime + - connect-campaigns:UpdateCampaignChannelSubtypeConfig + - connect-campaigns:UpdateCampaignCommunicationLimits + - connect-campaigns:UpdateCampaignCommunicationTime + - connect-campaigns:UpdateCampaignName + - connect-campaigns:UpdateCampaignFlowAssociation + - connect-campaigns:UpdateCampaignSchedule + - connect-campaigns:UpdateCampaignSource + - connect-campaigns:TagResource + - connect-campaigns:UntagResource + - connect-campaigns:DescribeCampaign + - connect:DescribeContactFlow + - connect:DescribeEmailAddress + - connect:DescribePhoneNumber + - connect:DescribeQueue + - profile:GetSegmentDefinition + - wisdom:GetMessageTemplate + CreateCampaignRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + maxLength: 256 + minLength: 0 + description: Amazon Connect Campaign Arn + pattern: ^arn:aws[-a-z0-9]*:connect-campaigns:[-a-z0-9]*:[0-9]{12}:campaign/[-a-zA-Z0-9]*$ + Name: + $ref: '#/components/schemas/CampaignName' + ConnectInstanceId: + $ref: '#/components/schemas/InstanceId' + ChannelSubtypeConfig: + $ref: '#/components/schemas/ChannelSubtypeConfig' + Source: + $ref: '#/components/schemas/Source' + ConnectCampaignFlowArn: + $ref: '#/components/schemas/Arn' + Schedule: + $ref: '#/components/schemas/Schedule' + CommunicationTimeConfig: + $ref: '#/components/schemas/CommunicationTimeConfig' + CommunicationLimitsOverride: + $ref: '#/components/schemas/CommunicationLimitsConfig' + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: One or more tags. + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateCampaignRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + campaigns: + name: campaigns + id: aws.connectcampaignsv2.campaigns + x-cfn-schema-name: Campaign + x-cfn-type-name: AWS::ConnectCampaignsV2::Campaign + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Campaign&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ConnectCampaignsV2::Campaign" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ConnectCampaignsV2::Campaign" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ConnectCampaignsV2::Campaign" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/campaigns/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/campaigns/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/campaigns/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ConnectInstanceId') as connect_instance_id, + JSON_EXTRACT(Properties, '$.ChannelSubtypeConfig') as channel_subtype_config, + JSON_EXTRACT(Properties, '$.Source') as source, + JSON_EXTRACT(Properties, '$.ConnectCampaignFlowArn') as connect_campaign_flow_arn, + JSON_EXTRACT(Properties, '$.Schedule') as schedule, + JSON_EXTRACT(Properties, '$.CommunicationTimeConfig') as communication_time_config, + JSON_EXTRACT(Properties, '$.CommunicationLimitsOverride') as communication_limits_override, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ConnectCampaignsV2::Campaign' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ConnectInstanceId') as connect_instance_id, + JSON_EXTRACT(detail.Properties, '$.ChannelSubtypeConfig') as channel_subtype_config, + JSON_EXTRACT(detail.Properties, '$.Source') as source, + JSON_EXTRACT(detail.Properties, '$.ConnectCampaignFlowArn') as connect_campaign_flow_arn, + JSON_EXTRACT(detail.Properties, '$.Schedule') as schedule, + JSON_EXTRACT(detail.Properties, '$.CommunicationTimeConfig') as communication_time_config, + JSON_EXTRACT(detail.Properties, '$.CommunicationLimitsOverride') as communication_limits_override, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ConnectCampaignsV2::Campaign' + AND detail.data__TypeName = 'AWS::ConnectCampaignsV2::Campaign' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ConnectInstanceId') as connect_instance_id, + json_extract_path_text(Properties, 'ChannelSubtypeConfig') as channel_subtype_config, + json_extract_path_text(Properties, 'Source') as source, + json_extract_path_text(Properties, 'ConnectCampaignFlowArn') as connect_campaign_flow_arn, + json_extract_path_text(Properties, 'Schedule') as schedule, + json_extract_path_text(Properties, 'CommunicationTimeConfig') as communication_time_config, + json_extract_path_text(Properties, 'CommunicationLimitsOverride') as communication_limits_override, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ConnectCampaignsV2::Campaign' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ConnectInstanceId') as connect_instance_id, + json_extract_path_text(detail.Properties, 'ChannelSubtypeConfig') as channel_subtype_config, + json_extract_path_text(detail.Properties, 'Source') as source, + json_extract_path_text(detail.Properties, 'ConnectCampaignFlowArn') as connect_campaign_flow_arn, + json_extract_path_text(detail.Properties, 'Schedule') as schedule, + json_extract_path_text(detail.Properties, 'CommunicationTimeConfig') as communication_time_config, + json_extract_path_text(detail.Properties, 'CommunicationLimitsOverride') as communication_limits_override, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ConnectCampaignsV2::Campaign' + AND detail.data__TypeName = 'AWS::ConnectCampaignsV2::Campaign' + AND listing.region = 'us-east-1' + campaigns_list_only: + name: campaigns_list_only + id: aws.connectcampaignsv2.campaigns_list_only + x-cfn-schema-name: Campaign + x-cfn-type-name: AWS::ConnectCampaignsV2::Campaign + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ConnectCampaignsV2::Campaign' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ConnectCampaignsV2::Campaign' + AND region = 'us-east-1' + campaign_tags: + name: campaign_tags + id: aws.connectcampaignsv2.campaign_tags + x-cfn-schema-name: Campaign + x-cfn-type-name: AWS::ConnectCampaignsV2::Campaign + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ConnectInstanceId') as connect_instance_id, + JSON_EXTRACT(detail.Properties, '$.ChannelSubtypeConfig') as channel_subtype_config, + JSON_EXTRACT(detail.Properties, '$.Source') as source, + JSON_EXTRACT(detail.Properties, '$.ConnectCampaignFlowArn') as connect_campaign_flow_arn, + JSON_EXTRACT(detail.Properties, '$.Schedule') as schedule, + JSON_EXTRACT(detail.Properties, '$.CommunicationTimeConfig') as communication_time_config, + JSON_EXTRACT(detail.Properties, '$.CommunicationLimitsOverride') as communication_limits_override + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::ConnectCampaignsV2::Campaign' + AND detail.data__TypeName = 'AWS::ConnectCampaignsV2::Campaign' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ConnectInstanceId') as connect_instance_id, + json_extract_path_text(detail.Properties, 'ChannelSubtypeConfig') as channel_subtype_config, + json_extract_path_text(detail.Properties, 'Source') as source, + json_extract_path_text(detail.Properties, 'ConnectCampaignFlowArn') as connect_campaign_flow_arn, + json_extract_path_text(detail.Properties, 'Schedule') as schedule, + json_extract_path_text(detail.Properties, 'CommunicationTimeConfig') as communication_time_config, + json_extract_path_text(detail.Properties, 'CommunicationLimitsOverride') as communication_limits_override + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::ConnectCampaignsV2::Campaign' + AND detail.data__TypeName = 'AWS::ConnectCampaignsV2::Campaign' + AND listing.region = 'us-east-1' +paths: + /?Action=CreateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Campaign&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateCampaign + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateCampaignRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success +x-stackQL-config: + requestTranslate: + algorithm: drop_double_underscore_params + pagination: + requestToken: + key: NextToken + location: body + responseToken: + key: NextToken + location: body diff --git a/providers/src/aws/v00.00.00000/services/controltower.yaml b/providers/src/aws/v00.00.00000/services/controltower.yaml index f6081060..3e76f625 100644 --- a/providers/src/aws/v00.00.00000/services/controltower.yaml +++ b/providers/src/aws/v00.00.00000/services/controltower.yaml @@ -396,17 +396,17 @@ components: $ref: '#/components/schemas/AnyType' additionalProperties: false Tag: + additionalProperties: false type: object properties: - Key: + Value: + minLength: 0 type: string maxLength: 256 + Key: minLength: 1 - Value: type: string maxLength: 256 - minLength: 0 - additionalProperties: false AnyType: anyOf: - type: string @@ -639,6 +639,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - controltower:UntagResource + - controltower:TagResource + - controltower:ListTagsForResource x-required-permissions: create: - controltower:ListEnabledControls @@ -668,6 +672,8 @@ components: - organizations:ListTargetsForPolicy - organizations:DescribePolicy delete: + - controltower:ListEnabledControls + - controltower:GetEnabledControl - controltower:GetControlOperation - controltower:DisableControl - organizations:UpdatePolicy @@ -684,42 +690,42 @@ components: - controltower:ListTagsForResource list: - controltower:ListEnabledControls - LandingZoneDriftStatus: - type: string - enum: - - DRIFTED - - IN_SYNC LandingZoneStatus: type: string enum: - ACTIVE - PROCESSING - FAILED + LandingZoneDriftStatus: + type: string + enum: + - DRIFTED + - IN_SYNC LandingZone: type: object properties: - LandingZoneIdentifier: - type: string - Arn: - type: string - maxLength: 2048 - minLength: 20 - pattern: ^arn:aws[0-9a-zA-Z_\-:\/]+$ Status: $ref: '#/components/schemas/LandingZoneStatus' LatestAvailableVersion: + minLength: 3 + pattern: \d+.\d+ type: string maxLength: 10 + Version: minLength: 3 pattern: \d+.\d+ + type: string + maxLength: 10 DriftStatus: $ref: '#/components/schemas/LandingZoneDriftStatus' + Arn: + minLength: 20 + pattern: ^arn:aws[0-9a-zA-Z_\-:\/]+$ + type: string + maxLength: 2048 Manifest: {} - Version: + LandingZoneIdentifier: type: string - maxLength: 10 - minLength: 3 - pattern: \d+.\d+ Tags: type: array items: @@ -742,12 +748,19 @@ components: - Manifest - Version x-tagging: + permissions: + - controltower:UntagResource + - controltower:TagResource + - controltower:ListTagsForResource taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: true tagProperty: /properties/Tags + cloudFormationSystemTags: true x-required-permissions: + read: + - controltower:GetLandingZone + - controltower:ListTagsForResource create: - controltower:CreateLandingZone - controltower:GetLandingZoneOperation @@ -780,9 +793,6 @@ components: - sso:ListDirectoryAssociations - sso:StartPeregrine - sso:RegisterRegion - read: - - controltower:GetLandingZone - - controltower:ListTagsForResource update: - controltower:UpdateLandingZone - controltower:GetLandingZoneOperation @@ -816,6 +826,8 @@ components: - sso:ListDirectoryAssociations - sso:StartPeregrine - sso:RegisterRegion + list: + - controltower:ListLandingZones delete: - controltower:DeleteLandingZone - controltower:GetLandingZone @@ -839,8 +851,6 @@ components: - iam:DeleteRolePolicy - iam:DetachRolePolicy - iam:DeleteRole - list: - - controltower:ListLandingZones CreateEnabledBaselineRequest: properties: ClientToken: @@ -943,28 +953,28 @@ components: DesiredState: type: object properties: - LandingZoneIdentifier: - type: string - Arn: - type: string - maxLength: 2048 - minLength: 20 - pattern: ^arn:aws[0-9a-zA-Z_\-:\/]+$ Status: $ref: '#/components/schemas/LandingZoneStatus' LatestAvailableVersion: + minLength: 3 + pattern: \d+.\d+ type: string maxLength: 10 + Version: minLength: 3 pattern: \d+.\d+ + type: string + maxLength: 10 DriftStatus: $ref: '#/components/schemas/LandingZoneDriftStatus' + Arn: + minLength: 20 + pattern: ^arn:aws[0-9a-zA-Z_\-:\/]+$ + type: string + maxLength: 2048 Manifest: {} - Version: + LandingZoneIdentifier: type: string - maxLength: 10 - minLength: 3 - pattern: \d+.\d+ Tags: type: array items: @@ -1450,13 +1460,13 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.LandingZoneIdentifier') as landing_zone_identifier, - JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.Status') as status, JSON_EXTRACT(Properties, '$.LatestAvailableVersion') as latest_available_version, + JSON_EXTRACT(Properties, '$.Version') as version, JSON_EXTRACT(Properties, '$.DriftStatus') as drift_status, + JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.Manifest') as manifest, - JSON_EXTRACT(Properties, '$.Version') as version, + JSON_EXTRACT(Properties, '$.LandingZoneIdentifier') as landing_zone_identifier, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ControlTower::LandingZone' AND data__Identifier = '' @@ -1466,13 +1476,13 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.LandingZoneIdentifier') as landing_zone_identifier, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.Status') as status, JSON_EXTRACT(detail.Properties, '$.LatestAvailableVersion') as latest_available_version, + JSON_EXTRACT(detail.Properties, '$.Version') as version, JSON_EXTRACT(detail.Properties, '$.DriftStatus') as drift_status, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.Manifest') as manifest, - JSON_EXTRACT(detail.Properties, '$.Version') as version, + JSON_EXTRACT(detail.Properties, '$.LandingZoneIdentifier') as landing_zone_identifier, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -1487,13 +1497,13 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'LandingZoneIdentifier') as landing_zone_identifier, - json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'Status') as status, json_extract_path_text(Properties, 'LatestAvailableVersion') as latest_available_version, + json_extract_path_text(Properties, 'Version') as version, json_extract_path_text(Properties, 'DriftStatus') as drift_status, + json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'Manifest') as manifest, - json_extract_path_text(Properties, 'Version') as version, + json_extract_path_text(Properties, 'LandingZoneIdentifier') as landing_zone_identifier, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ControlTower::LandingZone' AND data__Identifier = '' @@ -1503,13 +1513,13 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'LandingZoneIdentifier') as landing_zone_identifier, - json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'Status') as status, json_extract_path_text(detail.Properties, 'LatestAvailableVersion') as latest_available_version, + json_extract_path_text(detail.Properties, 'Version') as version, json_extract_path_text(detail.Properties, 'DriftStatus') as drift_status, + json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'Manifest') as manifest, - json_extract_path_text(detail.Properties, 'Version') as version, + json_extract_path_text(detail.Properties, 'LandingZoneIdentifier') as landing_zone_identifier, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -1569,13 +1579,13 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.LandingZoneIdentifier') as landing_zone_identifier, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.Status') as status, JSON_EXTRACT(detail.Properties, '$.LatestAvailableVersion') as latest_available_version, + JSON_EXTRACT(detail.Properties, '$.Version') as version, JSON_EXTRACT(detail.Properties, '$.DriftStatus') as drift_status, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.Manifest') as manifest, - JSON_EXTRACT(detail.Properties, '$.Version') as version + JSON_EXTRACT(detail.Properties, '$.LandingZoneIdentifier') as landing_zone_identifier FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1591,13 +1601,13 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'LandingZoneIdentifier') as landing_zone_identifier, - json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'Status') as status, json_extract_path_text(detail.Properties, 'LatestAvailableVersion') as latest_available_version, + json_extract_path_text(detail.Properties, 'Version') as version, json_extract_path_text(detail.Properties, 'DriftStatus') as drift_status, + json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'Manifest') as manifest, - json_extract_path_text(detail.Properties, 'Version') as version + json_extract_path_text(detail.Properties, 'LandingZoneIdentifier') as landing_zone_identifier FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/customerprofiles.yaml b/providers/src/aws/v00.00.00000/services/customerprofiles.yaml index 7427385d..ca136a78 100644 --- a/providers/src/aws/v00.00.00000/services/customerprofiles.yaml +++ b/providers/src/aws/v00.00.00000/services/customerprofiles.yaml @@ -404,7 +404,7 @@ components: minLength: 1 maxLength: 255 Description: - description: The description of the calculated attribute. + description: The description of the event trigger. type: string minLength: 1 maxLength: 1000 @@ -525,21 +525,24 @@ components: - AVERAGE - MAX_OCCURRENCE Tag: + description: A key-value pair to associate with a resource. type: object properties: Key: type: string pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' minLength: 1 maxLength: 128 Value: type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' minLength: 0 maxLength: 256 - additionalProperties: false required: - Key - Value + additionalProperties: false Tags: description: An array of key-value pairs to apply to this resource. type: array @@ -602,6 +605,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - profile:TagResource + - profile:UntagResource + - profile:ListTagsForResource x-required-permissions: create: - profile:CreateCalculatedAttributeDefinition @@ -926,6 +933,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - profile:TagResource + - profile:UntagResource + - profile:ListTagsForResource x-required-permissions: create: - profile:CreateDomain @@ -1033,6 +1044,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - profile:TagResource + - profile:UntagResource + - profile:ListTagsForResource x-required-permissions: create: - profile:CreateEventStream @@ -1052,6 +1067,246 @@ components: - iam:DeleteRolePolicy list: - profile:ListEventStreams + EventTriggerName: + description: The unique name of the event trigger. + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + ObjectTypeName: + description: The unique name of the object type. + type: string + pattern: ^[a-zA-Z_][a-zA-Z_0-9-]*$ + minLength: 1 + maxLength: 255 + EventTriggerConditions: + description: A list of conditions that determine when an event should trigger the destination. + type: array + items: + $ref: '#/components/schemas/EventTriggerCondition' + x-insertionOrder: false + minItems: 1 + maxItems: 5 + EventTriggerCondition: + description: Specifies the circumstances under which the event should trigger the destination. + type: object + properties: + EventTriggerDimensions: + $ref: '#/components/schemas/EventTriggerDimensions' + LogicalOperator: + $ref: '#/components/schemas/EventTriggerLogicalOperator' + required: + - EventTriggerDimensions + - LogicalOperator + additionalProperties: false + EventTriggerDimensions: + description: A list of dimensions to be evaluated for the event. + type: array + items: + $ref: '#/components/schemas/EventTriggerDimension' + x-insertionOrder: false + minItems: 1 + maxItems: 10 + EventTriggerDimension: + description: A specific event dimension to be assessed. + type: object + properties: + ObjectAttributes: + $ref: '#/components/schemas/ObjectAttributes' + required: + - ObjectAttributes + additionalProperties: false + EventTriggerLogicalOperator: + description: The operator used to combine multiple dimensions. + type: string + enum: + - ANY + - ALL + - NONE + ObjectAttributes: + description: A list of object attributes to be evaluated. + type: array + items: + $ref: '#/components/schemas/ObjectAttribute' + x-insertionOrder: false + minItems: 1 + maxItems: 10 + ObjectAttribute: + description: The criteria that a specific object attribute must meet to trigger the destination. + type: object + properties: + Source: + description: An attribute contained within a source object. + type: string + minLength: 1 + maxLength: 1000 + FieldName: + description: A field defined within an object type. + type: string + pattern: ^[a-zA-Z0-9_.-]+$ + minLength: 1 + maxLength: 64 + ComparisonOperator: + description: The operator used to compare an attribute against a list of values. + type: string + enum: + - INCLUSIVE + - EXCLUSIVE + - CONTAINS + - BEGINS_WITH + - ENDS_WITH + - GREATER_THAN + - LESS_THAN + - GREATER_THAN_OR_EQUAL + - LESS_THAN_OR_EQUAL + - EQUAL + - BEFORE + - AFTER + - 'ON' + - BETWEEN + - NOT_BETWEEN + Values: + description: A list of attribute values used for comparison. + type: array + items: + type: string + minLength: 1 + maxLength: 255 + x-insertionOrder: false + minItems: 1 + maxItems: 10 + required: + - ComparisonOperator + - Values + additionalProperties: false + EventTriggerLimits: + description: Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. + type: object + properties: + EventExpiration: + $ref: '#/components/schemas/EventExpiration' + Periods: + $ref: '#/components/schemas/Periods' + additionalProperties: false + EventExpiration: + description: Specifies that an event will only trigger the destination if it is processed within a certain latency period. + type: integer + format: int64 + Periods: + description: A list of time periods during which the limits apply. + type: array + items: + $ref: '#/components/schemas/Period' + x-insertionOrder: false + minItems: 1 + maxItems: 4 + Period: + description: Defines a limit and the time period during which it is enforced. + type: object + properties: + Unit: + description: The unit of time. + type: string + enum: + - HOURS + - DAYS + - WEEKS + - MONTHS + Value: + description: The amount of time of the specified unit. + type: integer + minimum: 1 + maximum: 24 + MaxInvocationsPerProfile: + description: The maximum allowed number of destination invocations per profile. + type: integer + minimum: 1 + maximum: 1000 + Unlimited: + description: If set to true, there is no limit on the number of destination invocations per profile. The default is false. + type: boolean + required: + - Unit + - Value + additionalProperties: false + SegmentFilter: + description: The destination is triggered only for profiles that meet the criteria of a segment definition. + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + EventTrigger: + type: object + properties: + DomainName: + $ref: '#/components/schemas/DomainName' + EventTriggerName: + $ref: '#/components/schemas/EventTriggerName' + ObjectTypeName: + $ref: '#/components/schemas/ObjectTypeName' + Description: + $ref: '#/components/schemas/Description' + EventTriggerConditions: + $ref: '#/components/schemas/EventTriggerConditions' + EventTriggerLimits: + $ref: '#/components/schemas/EventTriggerLimits' + SegmentFilter: + $ref: '#/components/schemas/SegmentFilter' + CreatedAt: + description: The timestamp of when the event trigger was created. + type: string + LastUpdatedAt: + description: The timestamp of when the event trigger was most recently updated. + type: string + Tags: + $ref: '#/components/schemas/Tags' + required: + - DomainName + - EventTriggerName + - ObjectTypeName + - EventTriggerConditions + x-stackql-resource-name: event_trigger + description: An event trigger resource of Amazon Connect Customer Profiles + x-type-name: AWS::CustomerProfiles::EventTrigger + x-stackql-primary-identifier: + - DomainName + - EventTriggerName + x-create-only-properties: + - DomainName + - EventTriggerName + x-read-only-properties: + - CreatedAt + - LastUpdatedAt + x-required-properties: + - DomainName + - EventTriggerName + - ObjectTypeName + - EventTriggerConditions + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - profile:TagResource + - profile:UntagResource + - profile:ListTagsForResource + x-required-permissions: + create: + - profile:CreateEventTrigger + - profile:TagResource + read: + - profile:GetEventTrigger + update: + - profile:GetEventTrigger + - profile:UpdateEventTrigger + - profile:UntagResource + - profile:TagResource + delete: + - profile:DeleteEventTrigger + list: + - profile:ListEventTriggers Object: type: string maxLength: 512 @@ -1506,6 +1761,17 @@ components: type: array items: $ref: '#/components/schemas/ObjectTypeMapping' + EventTriggerNames: + description: A list of unique names for active event triggers associated with the integration. + type: array + items: + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + x-insertionOrder: false + minItems: 1 + maxItems: 1 required: - DomainName x-stackql-resource-name: integration @@ -1530,6 +1796,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - profile:TagResource + - profile:UntagResource + - profile:ListTagsForResource x-required-permissions: create: - profile:GetIntegration @@ -1743,6 +2013,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - profile:TagResource + - profile:UntagResource + - profile:ListTagsForResource x-required-permissions: create: - profile:GetProfileObjectType @@ -1759,115 +2033,510 @@ components: - profile:DeleteProfileObjectType list: - profile:ListProfileObjectTypes - CreateCalculatedAttributeDefinitionRequest: + ConditionOverrides: + description: Overrides the condition block within the original calculated attribute definition. + type: object properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - DomainName: - $ref: '#/components/schemas/DomainName' - CalculatedAttributeName: - $ref: '#/components/schemas/CalculatedAttributeName' - DisplayName: - $ref: '#/components/schemas/DisplayName' - Description: - $ref: '#/components/schemas/Description' - AttributeDetails: - $ref: '#/components/schemas/AttributeDetails' - Conditions: - $ref: '#/components/schemas/Conditions' - Statistic: - $ref: '#/components/schemas/Statistic' - CreatedAt: - description: The timestamp of when the calculated attribute definition was created. - type: string - LastUpdatedAt: - description: The timestamp of when the calculated attribute definition was most recently edited. - type: string - Tags: - $ref: '#/components/schemas/Tags' - x-stackQL-stringOnly: true - x-title: CreateCalculatedAttributeDefinitionRequest + Range: + $ref: '#/components/schemas/RangeOverride' + additionalProperties: false + RangeOverride: + description: Defines the range to be applied to the calculated attribute definition. type: object - required: [] - CreateDomainRequest: properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: + Start: + description: The starting point for this overridden range. + type: integer + minimum: 1 + maximum: 366 + End: + description: The ending point for this overridden range. + type: integer + minimum: 0 + maximum: 366 + Unit: + description: The unit to be applied to the range. type: string - DesiredState: - type: object - properties: - DomainName: - description: The unique name of the domain. - type: string - pattern: ^[a-zA-Z0-9_-]+$ - minLength: 1 - maxLength: 64 - DeadLetterQueueUrl: - description: The URL of the SQS dead letter queue - type: string - minLength: 0 - maxLength: 255 - DefaultEncryptionKey: - description: The default encryption key - type: string - minLength: 0 - maxLength: 255 - DefaultExpirationDays: - description: The default number of days until the data within the domain expires. - type: integer - minimum: 1 - maximum: 1098 - Matching: - $ref: '#/components/schemas/Matching' - RuleBasedMatching: - $ref: '#/components/schemas/RuleBasedMatching' - Stats: - $ref: '#/components/schemas/DomainStats' - Tags: - description: The tags (keys and values) associated with the domain - type: array - items: - $ref: '#/components/schemas/Tag' - minItems: 0 - maxItems: 50 - CreatedAt: - description: The time of this integration got created - type: string - LastUpdatedAt: - description: The time of this integration got last updated at - type: string - x-stackQL-stringOnly: true - x-title: CreateDomainRequest + enum: + - DAYS + required: + - Start + - Unit + additionalProperties: false + AddressDimension: + description: The address based criteria for the segment. type: object - required: [] - CreateEventStreamRequest: properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: + City: + $ref: '#/components/schemas/ProfileDimension' + Country: + $ref: '#/components/schemas/ProfileDimension' + County: + $ref: '#/components/schemas/ProfileDimension' + PostalCode: + $ref: '#/components/schemas/ProfileDimension' + Province: + $ref: '#/components/schemas/ProfileDimension' + State: + $ref: '#/components/schemas/ProfileDimension' + additionalProperties: false + AttributeDimension: + description: Specifies attribute based criteria for a segment. + type: object + properties: + DimensionType: + $ref: '#/components/schemas/AttributeDimensionType' + Values: + type: array + items: + type: string + maxLength: 255 + minLength: 1 + x-insertionOrder: false + minItems: 1 + maxItems: 50 + required: + - DimensionType + - Values + additionalProperties: false + AttributeDimensionType: + description: The type of segment dimension to use. + type: string + enum: + - INCLUSIVE + - EXCLUSIVE + - CONTAINS + - BEGINS_WITH + - ENDS_WITH + - BEFORE + - AFTER + - BETWEEN + - NOT_BETWEEN + - 'ON' + - GREATER_THAN + - LESS_THAN + - GREATER_THAN_OR_EQUAL + - LESS_THAN_OR_EQUAL + - EQUAL + CalculatedAttributeDimension: + description: Specifies calculated attribute based criteria for a segment. + type: object + properties: + DimensionType: + $ref: '#/components/schemas/AttributeDimensionType' + Values: + type: array + items: + type: string + minLength: 1 + maxLength: 255 + x-insertionOrder: false + minItems: 1 + maxItems: 50 + ConditionOverrides: + $ref: '#/components/schemas/ConditionOverrides' + required: + - DimensionType + - Values + additionalProperties: false + CustomAttributes: + description: One or more custom attributes to use as criteria for the segment. + type: object + x-patternProperties: + ^[a-zA-Z_][a-zA-Z_0-9-]*$: + $ref: '#/components/schemas/AttributeDimension' + additionalProperties: false + CalculatedCustomAttributes: + description: One or more calculated attributes to use as criteria for the segment. + type: object + x-patternProperties: + ^[a-zA-Z_][a-zA-Z_0-9-]*$: + $ref: '#/components/schemas/CalculatedAttributeDimension' + additionalProperties: false + DateDimension: + description: Specifies date based criteria for a segment. + type: object + properties: + DimensionType: + $ref: '#/components/schemas/DateDimensionType' + Values: + type: array + items: + type: string + x-insertionOrder: false + minItems: 1 + maxItems: 50 + required: + - DimensionType + - Values + additionalProperties: false + DateDimensionType: + description: The type of segment dimension to use for a date dimension. + type: string + enum: + - BEFORE + - AFTER + - BETWEEN + - NOT_BETWEEN + - 'ON' + Dimension: + description: The criteria that define the dimensions for the segment. + oneOf: + - type: object + title: ProfileAttributes + properties: + ProfileAttributes: + $ref: '#/components/schemas/ProfileAttributes' + required: + - ProfileAttributes + additionalProperties: false + - type: object + title: CalculatedAttributes + properties: + CalculatedAttributes: + $ref: '#/components/schemas/CalculatedCustomAttributes' + additionalProperties: false + ExtraLengthValueProfileDimension: + description: Specifies criteria for a segment using extended-length string values. + type: object + properties: + DimensionType: + $ref: '#/components/schemas/StringDimensionType' + Values: + type: array + items: + type: string + maxLength: 1000 + minLength: 1 + x-insertionOrder: false + minItems: 1 + maxItems: 50 + required: + - DimensionType + - Values + additionalProperties: false + Group: + description: An array that defines the set of segment criteria to evaluate when handling segment groups for the segment. + type: object + properties: + Dimensions: + type: array + items: + $ref: '#/components/schemas/Dimension' + SourceSegments: + type: array + items: + $ref: '#/components/schemas/SourceSegment' + SourceType: + $ref: '#/components/schemas/IncludeOptions' + Type: + $ref: '#/components/schemas/IncludeOptions' + additionalProperties: false + IncludeOptions: + description: Specifies the operator on how to handle multiple groups within the same segment. + type: string + enum: + - ALL + - ANY + - NONE + ProfileAttributes: + description: Specifies the dimension settings within profile attributes for a segment. + type: object + properties: + AccountNumber: + $ref: '#/components/schemas/ProfileDimension' + AdditionalInformation: + $ref: '#/components/schemas/ExtraLengthValueProfileDimension' + FirstName: + $ref: '#/components/schemas/ProfileDimension' + LastName: + $ref: '#/components/schemas/ProfileDimension' + MiddleName: + $ref: '#/components/schemas/ProfileDimension' + GenderString: + $ref: '#/components/schemas/ProfileDimension' + PartyTypeString: + $ref: '#/components/schemas/ProfileDimension' + BirthDate: + $ref: '#/components/schemas/DateDimension' + PhoneNumber: + $ref: '#/components/schemas/ProfileDimension' + BusinessName: + $ref: '#/components/schemas/ProfileDimension' + BusinessPhoneNumber: + $ref: '#/components/schemas/ProfileDimension' + HomePhoneNumber: + $ref: '#/components/schemas/ProfileDimension' + MobilePhoneNumber: + $ref: '#/components/schemas/ProfileDimension' + EmailAddress: + $ref: '#/components/schemas/ProfileDimension' + PersonalEmailAddress: + $ref: '#/components/schemas/ProfileDimension' + BusinessEmailAddress: + $ref: '#/components/schemas/ProfileDimension' + Address: + $ref: '#/components/schemas/AddressDimension' + ShippingAddress: + $ref: '#/components/schemas/AddressDimension' + MailingAddress: + $ref: '#/components/schemas/AddressDimension' + BillingAddress: + $ref: '#/components/schemas/AddressDimension' + Attributes: + $ref: '#/components/schemas/CustomAttributes' + additionalProperties: false + ProfileDimension: + description: Specifies profile based criteria for a segment. + type: object + properties: + DimensionType: + $ref: '#/components/schemas/StringDimensionType' + Values: + type: array + items: + type: string + maxLength: 255 + minLength: 1 + x-insertionOrder: false + minItems: 1 + maxItems: 50 + required: + - DimensionType + - Values + additionalProperties: false + SegmentGroup: + type: object + properties: + Groups: + type: array + items: + $ref: '#/components/schemas/Group' + Include: + $ref: '#/components/schemas/IncludeOptions' + additionalProperties: false + SourceSegment: + description: The base segment to build the segment on. + type: object + properties: + SegmentDefinitionName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + additionalProperties: false + StringDimensionType: + description: The type of segment dimension to use for a string dimension. + type: string + enum: + - INCLUSIVE + - EXCLUSIVE + - CONTAINS + - BEGINS_WITH + - ENDS_WITH + SegmentDefinition: + type: object + properties: + CreatedAt: + description: The time of this segment definition got created. + type: string + format: date-time + Description: + description: The description of the segment definition. + type: string + maxLength: 1000 + minLength: 1 + DisplayName: + description: The display name of the segment definition. + type: string + maxLength: 255 + minLength: 1 + DomainName: + description: The unique name of the domain. + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + SegmentDefinitionName: + description: The unique name of the segment definition. + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + SegmentGroups: + description: An array that defines the set of segment criteria to evaluate when handling segment groups for the segment. + $ref: '#/components/schemas/SegmentGroup' + SegmentDefinitionArn: + description: The Amazon Resource Name (ARN) of the segment definition. + type: string + maxLength: 255 + minLength: 1 + Tags: + description: The tags used to organize, track, or control access for this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + required: + - DomainName + - DisplayName + - SegmentDefinitionName + - SegmentGroups + x-stackql-resource-name: segment_definition + description: A segment definition resource of Amazon Connect Customer Profiles + x-type-name: AWS::CustomerProfiles::SegmentDefinition + x-stackql-primary-identifier: + - DomainName + - SegmentDefinitionName + x-create-only-properties: + - DomainName + - SegmentDefinitionName + - DisplayName + - SegmentGroups + x-read-only-properties: + - CreatedAt + - SegmentDefinitionArn + x-required-properties: + - DomainName + - DisplayName + - SegmentDefinitionName + - SegmentGroups + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - profile:TagResource + - profile:UntagResource + - profile:ListTagsForResource + x-required-permissions: + create: + - profile:CreateSegmentDefinition + - profile:TagResource + read: + - profile:GetSegmentDefinition + update: + - profile:GetSegmentDefinition + - profile:UntagResource + - profile:TagResource + delete: + - profile:DeleteSegmentDefinition + list: + - profile:ListSegmentDefinitions + CreateCalculatedAttributeDefinitionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DomainName: + $ref: '#/components/schemas/DomainName' + CalculatedAttributeName: + $ref: '#/components/schemas/CalculatedAttributeName' + DisplayName: + $ref: '#/components/schemas/DisplayName' + Description: + $ref: '#/components/schemas/Description' + AttributeDetails: + $ref: '#/components/schemas/AttributeDetails' + Conditions: + $ref: '#/components/schemas/Conditions' + Statistic: + $ref: '#/components/schemas/Statistic' + CreatedAt: + description: The timestamp of when the calculated attribute definition was created. + type: string + LastUpdatedAt: + description: The timestamp of when the calculated attribute definition was most recently edited. + type: string + Tags: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateCalculatedAttributeDefinitionRequest + type: object + required: [] + CreateDomainRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DomainName: + description: The unique name of the domain. + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + DeadLetterQueueUrl: + description: The URL of the SQS dead letter queue + type: string + minLength: 0 + maxLength: 255 + DefaultEncryptionKey: + description: The default encryption key + type: string + minLength: 0 + maxLength: 255 + DefaultExpirationDays: + description: The default number of days until the data within the domain expires. + type: integer + minimum: 1 + maximum: 1098 + Matching: + $ref: '#/components/schemas/Matching' + RuleBasedMatching: + $ref: '#/components/schemas/RuleBasedMatching' + Stats: + $ref: '#/components/schemas/DomainStats' + Tags: + description: The tags (keys and values) associated with the domain + type: array + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + CreatedAt: + description: The time of this integration got created + type: string + LastUpdatedAt: + description: The time of this integration got last updated at + type: string + x-stackQL-stringOnly: true + x-title: CreateDomainRequest + type: object + required: [] + CreateEventStreamRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: DomainName: description: The unique name of the domain. type: string @@ -1921,6 +2590,45 @@ components: x-title: CreateEventStreamRequest type: object required: [] + CreateEventTriggerRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DomainName: + $ref: '#/components/schemas/DomainName' + EventTriggerName: + $ref: '#/components/schemas/EventTriggerName' + ObjectTypeName: + $ref: '#/components/schemas/ObjectTypeName' + Description: + $ref: '#/components/schemas/Description' + EventTriggerConditions: + $ref: '#/components/schemas/EventTriggerConditions' + EventTriggerLimits: + $ref: '#/components/schemas/EventTriggerLimits' + SegmentFilter: + $ref: '#/components/schemas/SegmentFilter' + CreatedAt: + description: The timestamp of when the event trigger was created. + type: string + LastUpdatedAt: + description: The timestamp of when the event trigger was most recently updated. + type: string + Tags: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateEventTriggerRequest + type: object + required: [] CreateIntegrationRequest: properties: ClientToken: @@ -1971,6 +2679,17 @@ components: type: array items: $ref: '#/components/schemas/ObjectTypeMapping' + EventTriggerNames: + description: A list of unique names for active event triggers associated with the integration. + type: array + items: + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + x-insertionOrder: false + minItems: 1 + maxItems: 1 x-stackQL-stringOnly: true x-title: CreateIntegrationRequest type: object @@ -2058,6 +2777,66 @@ components: x-title: CreateObjectTypeRequest type: object required: [] + CreateSegmentDefinitionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + CreatedAt: + description: The time of this segment definition got created. + type: string + format: date-time + Description: + description: The description of the segment definition. + type: string + maxLength: 1000 + minLength: 1 + DisplayName: + description: The display name of the segment definition. + type: string + maxLength: 255 + minLength: 1 + DomainName: + description: The unique name of the domain. + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + SegmentDefinitionName: + description: The unique name of the segment definition. + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + SegmentGroups: + description: An array that defines the set of segment criteria to evaluate when handling segment groups for the segment. + $ref: '#/components/schemas/SegmentGroup' + SegmentDefinitionArn: + description: The Amazon Resource Name (ARN) of the segment definition. + type: string + maxLength: 255 + minLength: 1 + Tags: + description: The tags used to organize, track, or control access for this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + x-stackQL-stringOnly: true + x-title: CreateSegmentDefinitionRequest + type: object + required: [] securitySchemes: hmac: type: apiKey @@ -2730,8 +3509,241 @@ components: ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::CustomerProfiles::EventStream' - AND detail.data__TypeName = 'AWS::CustomerProfiles::EventStream' + WHERE listing.data__TypeName = 'AWS::CustomerProfiles::EventStream' + AND detail.data__TypeName = 'AWS::CustomerProfiles::EventStream' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'DomainName') as domain_name, + json_extract_path_text(detail.Properties, 'EventStreamName') as event_stream_name, + json_extract_path_text(detail.Properties, 'Uri') as uri, + json_extract_path_text(detail.Properties, 'EventStreamArn') as event_stream_arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'DestinationDetails') as destination_details + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::CustomerProfiles::EventStream' + AND detail.data__TypeName = 'AWS::CustomerProfiles::EventStream' + AND listing.region = 'us-east-1' + event_triggers: + name: event_triggers + id: aws.customerprofiles.event_triggers + x-cfn-schema-name: EventTrigger + x-cfn-type-name: AWS::CustomerProfiles::EventTrigger + x-identifiers: + - DomainName + - EventTriggerName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__EventTrigger&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CustomerProfiles::EventTrigger" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CustomerProfiles::EventTrigger" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CustomerProfiles::EventTrigger" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/event_triggers/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/event_triggers/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/event_triggers/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.EventTriggerName') as event_trigger_name, + JSON_EXTRACT(Properties, '$.ObjectTypeName') as object_type_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EventTriggerConditions') as event_trigger_conditions, + JSON_EXTRACT(Properties, '$.EventTriggerLimits') as event_trigger_limits, + JSON_EXTRACT(Properties, '$.SegmentFilter') as segment_filter, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::EventTrigger' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(detail.Properties, '$.EventTriggerName') as event_trigger_name, + JSON_EXTRACT(detail.Properties, '$.ObjectTypeName') as object_type_name, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.EventTriggerConditions') as event_trigger_conditions, + JSON_EXTRACT(detail.Properties, '$.EventTriggerLimits') as event_trigger_limits, + JSON_EXTRACT(detail.Properties, '$.SegmentFilter') as segment_filter, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CustomerProfiles::EventTrigger' + AND detail.data__TypeName = 'AWS::CustomerProfiles::EventTrigger' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'EventTriggerName') as event_trigger_name, + json_extract_path_text(Properties, 'ObjectTypeName') as object_type_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EventTriggerConditions') as event_trigger_conditions, + json_extract_path_text(Properties, 'EventTriggerLimits') as event_trigger_limits, + json_extract_path_text(Properties, 'SegmentFilter') as segment_filter, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::EventTrigger' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'DomainName') as domain_name, + json_extract_path_text(detail.Properties, 'EventTriggerName') as event_trigger_name, + json_extract_path_text(detail.Properties, 'ObjectTypeName') as object_type_name, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'EventTriggerConditions') as event_trigger_conditions, + json_extract_path_text(detail.Properties, 'EventTriggerLimits') as event_trigger_limits, + json_extract_path_text(detail.Properties, 'SegmentFilter') as segment_filter, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CustomerProfiles::EventTrigger' + AND detail.data__TypeName = 'AWS::CustomerProfiles::EventTrigger' + AND listing.region = 'us-east-1' + event_triggers_list_only: + name: event_triggers_list_only + id: aws.customerprofiles.event_triggers_list_only + x-cfn-schema-name: EventTrigger + x-cfn-type-name: AWS::CustomerProfiles::EventTrigger + x-identifiers: + - DomainName + - EventTriggerName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.EventTriggerName') as event_trigger_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::EventTrigger' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'EventTriggerName') as event_trigger_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::EventTrigger' + AND region = 'us-east-1' + event_trigger_tags: + name: event_trigger_tags + id: aws.customerprofiles.event_trigger_tags + x-cfn-schema-name: EventTrigger + x-cfn-type-name: AWS::CustomerProfiles::EventTrigger + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(detail.Properties, '$.EventTriggerName') as event_trigger_name, + JSON_EXTRACT(detail.Properties, '$.ObjectTypeName') as object_type_name, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.EventTriggerConditions') as event_trigger_conditions, + JSON_EXTRACT(detail.Properties, '$.EventTriggerLimits') as event_trigger_limits, + JSON_EXTRACT(detail.Properties, '$.SegmentFilter') as segment_filter, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedAt') as last_updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::CustomerProfiles::EventTrigger' + AND detail.data__TypeName = 'AWS::CustomerProfiles::EventTrigger' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -2741,19 +3753,21 @@ components: json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'DomainName') as domain_name, - json_extract_path_text(detail.Properties, 'EventStreamName') as event_stream_name, - json_extract_path_text(detail.Properties, 'Uri') as uri, - json_extract_path_text(detail.Properties, 'EventStreamArn') as event_stream_arn, + json_extract_path_text(detail.Properties, 'EventTriggerName') as event_trigger_name, + json_extract_path_text(detail.Properties, 'ObjectTypeName') as object_type_name, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'EventTriggerConditions') as event_trigger_conditions, + json_extract_path_text(detail.Properties, 'EventTriggerLimits') as event_trigger_limits, + json_extract_path_text(detail.Properties, 'SegmentFilter') as segment_filter, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'State') as state, - json_extract_path_text(detail.Properties, 'DestinationDetails') as destination_details + json_extract_path_text(detail.Properties, 'LastUpdatedAt') as last_updated_at FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::CustomerProfiles::EventStream' - AND detail.data__TypeName = 'AWS::CustomerProfiles::EventStream' + WHERE listing.data__TypeName = 'AWS::CustomerProfiles::EventTrigger' + AND detail.data__TypeName = 'AWS::CustomerProfiles::EventTrigger' AND listing.region = 'us-east-1' integrations: name: integrations @@ -2826,7 +3840,8 @@ components: JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.ObjectTypeNames') as object_type_names + JSON_EXTRACT(Properties, '$.ObjectTypeNames') as object_type_names, + JSON_EXTRACT(Properties, '$.EventTriggerNames') as event_trigger_names FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::Integration' AND data__Identifier = '|' AND region = 'us-east-1' @@ -2842,7 +3857,8 @@ components: JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.LastUpdatedAt') as last_updated_at, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.ObjectTypeNames') as object_type_names + JSON_EXTRACT(detail.Properties, '$.ObjectTypeNames') as object_type_names, + JSON_EXTRACT(detail.Properties, '$.EventTriggerNames') as event_trigger_names FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2863,7 +3879,8 @@ components: json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'ObjectTypeNames') as object_type_names + json_extract_path_text(Properties, 'ObjectTypeNames') as object_type_names, + json_extract_path_text(Properties, 'EventTriggerNames') as event_trigger_names FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::Integration' AND data__Identifier = '|' AND region = 'us-east-1' @@ -2879,7 +3896,8 @@ components: json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'LastUpdatedAt') as last_updated_at, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'ObjectTypeNames') as object_type_names + json_extract_path_text(detail.Properties, 'ObjectTypeNames') as object_type_names, + json_extract_path_text(detail.Properties, 'EventTriggerNames') as event_trigger_names FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2947,7 +3965,8 @@ components: JSON_EXTRACT(detail.Properties, '$.ObjectTypeName') as object_type_name, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.LastUpdatedAt') as last_updated_at, - JSON_EXTRACT(detail.Properties, '$.ObjectTypeNames') as object_type_names + JSON_EXTRACT(detail.Properties, '$.ObjectTypeNames') as object_type_names, + JSON_EXTRACT(detail.Properties, '$.EventTriggerNames') as event_trigger_names FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2969,7 +3988,8 @@ components: json_extract_path_text(detail.Properties, 'ObjectTypeName') as object_type_name, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'LastUpdatedAt') as last_updated_at, - json_extract_path_text(detail.Properties, 'ObjectTypeNames') as object_type_names + json_extract_path_text(detail.Properties, 'ObjectTypeNames') as object_type_names, + json_extract_path_text(detail.Properties, 'EventTriggerNames') as event_trigger_names FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3231,6 +4251,229 @@ components: WHERE listing.data__TypeName = 'AWS::CustomerProfiles::ObjectType' AND detail.data__TypeName = 'AWS::CustomerProfiles::ObjectType' AND listing.region = 'us-east-1' + segment_definitions: + name: segment_definitions + id: aws.customerprofiles.segment_definitions + x-cfn-schema-name: SegmentDefinition + x-cfn-type-name: AWS::CustomerProfiles::SegmentDefinition + x-identifiers: + - DomainName + - SegmentDefinitionName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__SegmentDefinition&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CustomerProfiles::SegmentDefinition" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CustomerProfiles::SegmentDefinition" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::CustomerProfiles::SegmentDefinition" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/segment_definitions/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/segment_definitions/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/segment_definitions/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.SegmentDefinitionName') as segment_definition_name, + JSON_EXTRACT(Properties, '$.SegmentGroups') as segment_groups, + JSON_EXTRACT(Properties, '$.SegmentDefinitionArn') as segment_definition_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::SegmentDefinition' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(detail.Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(detail.Properties, '$.SegmentDefinitionName') as segment_definition_name, + JSON_EXTRACT(detail.Properties, '$.SegmentGroups') as segment_groups, + JSON_EXTRACT(detail.Properties, '$.SegmentDefinitionArn') as segment_definition_arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CustomerProfiles::SegmentDefinition' + AND detail.data__TypeName = 'AWS::CustomerProfiles::SegmentDefinition' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'SegmentDefinitionName') as segment_definition_name, + json_extract_path_text(Properties, 'SegmentGroups') as segment_groups, + json_extract_path_text(Properties, 'SegmentDefinitionArn') as segment_definition_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::CustomerProfiles::SegmentDefinition' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, + json_extract_path_text(detail.Properties, 'DomainName') as domain_name, + json_extract_path_text(detail.Properties, 'SegmentDefinitionName') as segment_definition_name, + json_extract_path_text(detail.Properties, 'SegmentGroups') as segment_groups, + json_extract_path_text(detail.Properties, 'SegmentDefinitionArn') as segment_definition_arn, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::CustomerProfiles::SegmentDefinition' + AND detail.data__TypeName = 'AWS::CustomerProfiles::SegmentDefinition' + AND listing.region = 'us-east-1' + segment_definitions_list_only: + name: segment_definitions_list_only + id: aws.customerprofiles.segment_definitions_list_only + x-cfn-schema-name: SegmentDefinition + x-cfn-type-name: AWS::CustomerProfiles::SegmentDefinition + x-identifiers: + - DomainName + - SegmentDefinitionName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(Properties, '$.SegmentDefinitionName') as segment_definition_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::SegmentDefinition' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainName') as domain_name, + json_extract_path_text(Properties, 'SegmentDefinitionName') as segment_definition_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::CustomerProfiles::SegmentDefinition' + AND region = 'us-east-1' + segment_definition_tags: + name: segment_definition_tags + id: aws.customerprofiles.segment_definition_tags + x-cfn-schema-name: SegmentDefinition + x-cfn-type-name: AWS::CustomerProfiles::SegmentDefinition + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(detail.Properties, '$.DomainName') as domain_name, + JSON_EXTRACT(detail.Properties, '$.SegmentDefinitionName') as segment_definition_name, + JSON_EXTRACT(detail.Properties, '$.SegmentGroups') as segment_groups, + JSON_EXTRACT(detail.Properties, '$.SegmentDefinitionArn') as segment_definition_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::CustomerProfiles::SegmentDefinition' + AND detail.data__TypeName = 'AWS::CustomerProfiles::SegmentDefinition' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, + json_extract_path_text(detail.Properties, 'DomainName') as domain_name, + json_extract_path_text(detail.Properties, 'SegmentDefinitionName') as segment_definition_name, + json_extract_path_text(detail.Properties, 'SegmentGroups') as segment_groups, + json_extract_path_text(detail.Properties, 'SegmentDefinitionArn') as segment_definition_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::CustomerProfiles::SegmentDefinition' + AND detail.data__TypeName = 'AWS::CustomerProfiles::SegmentDefinition' + AND listing.region = 'us-east-1' paths: /?Action=CreateResource&Version=2021-09-30: parameters: @@ -3500,6 +4743,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__EventTrigger&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateEventTrigger + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateEventTriggerRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Integration&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -3584,6 +4869,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__SegmentDefinition&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateSegmentDefinition + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateSegmentDefinitionRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params diff --git a/providers/src/aws/v00.00.00000/services/databrew.yaml b/providers/src/aws/v00.00.00000/services/databrew.yaml index f83aa3d0..a5302860 100644 --- a/providers/src/aws/v00.00.00000/services/databrew.yaml +++ b/providers/src/aws/v00.00.00000/services/databrew.yaml @@ -502,6 +502,11 @@ components: description: 'Arn of the source of the dataset. For e.g.: AppFlow Flow ARN.' type: string additionalProperties: false + BucketOwner: + description: Bucket owner + type: string + minLength: 12 + maxLength: 12 PathOptions: description: Path options for dataset type: object @@ -674,6 +679,13 @@ components: Input: description: Input $ref: '#/components/schemas/Input' + Source: + description: Source type of the dataset + type: string + enum: + - S3 + - DATA-CATALOG + - DATABASE PathOptions: description: PathOptions $ref: '#/components/schemas/PathOptions' @@ -697,7 +709,16 @@ components: x-required-properties: - Name - Input - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - databrew:TagResource + - databrew:UntagResource + - databrew:ListTagsForResource x-required-permissions: create: - databrew:CreateDataset @@ -897,7 +918,16 @@ components: x-required-properties: - Name - Steps - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - databrew:TagResource + - databrew:UntagResource + - databrew:ListTagsForResource x-required-permissions: create: - databrew:CreateRecipe @@ -1177,7 +1207,16 @@ components: - Name - RoleArn - Type - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - databrew:TagResource + - databrew:UntagResource + - databrew:ListTagsForResource x-required-permissions: create: - databrew:CreateProfileJob @@ -1264,7 +1303,16 @@ components: - Name - RecipeName - RoleArn - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - databrew:TagResource + - databrew:UntagResource + - databrew:ListTagsForResource x-required-permissions: create: - databrew:CreateProject @@ -1704,11 +1752,21 @@ components: x-create-only-properties: - Name - TargetArn + - Tags x-required-properties: - Name - TargetArn - Rules - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - databrew:TagResource + - databrew:UntagResource + - databrew:ListTagsForResource x-required-permissions: create: - databrew:CreateRuleset @@ -1771,7 +1829,16 @@ components: x-required-properties: - Name - CronExpression - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - databrew:TagResource + - databrew:UntagResource + - databrew:ListTagsForResource x-required-permissions: create: - databrew:CreateSchedule @@ -1823,6 +1890,13 @@ components: Input: description: Input $ref: '#/components/schemas/Input' + Source: + description: Source type of the dataset + type: string + enum: + - S3 + - DATA-CATALOG + - DATABASE PathOptions: description: PathOptions $ref: '#/components/schemas/PathOptions' @@ -2182,6 +2256,7 @@ components: JSON_EXTRACT(Properties, '$.Format') as _format, JSON_EXTRACT(Properties, '$.FormatOptions') as format_options, JSON_EXTRACT(Properties, '$.Input') as input, + JSON_EXTRACT(Properties, '$.Source') as source, JSON_EXTRACT(Properties, '$.PathOptions') as path_options, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Dataset' @@ -2196,6 +2271,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Format') as _format, JSON_EXTRACT(detail.Properties, '$.FormatOptions') as format_options, JSON_EXTRACT(detail.Properties, '$.Input') as input, + JSON_EXTRACT(detail.Properties, '$.Source') as source, JSON_EXTRACT(detail.Properties, '$.PathOptions') as path_options, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing @@ -2215,6 +2291,7 @@ components: json_extract_path_text(Properties, 'Format') as _format, json_extract_path_text(Properties, 'FormatOptions') as format_options, json_extract_path_text(Properties, 'Input') as input, + json_extract_path_text(Properties, 'Source') as source, json_extract_path_text(Properties, 'PathOptions') as path_options, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataBrew::Dataset' @@ -2229,6 +2306,7 @@ components: json_extract_path_text(detail.Properties, 'Format') as _format, json_extract_path_text(detail.Properties, 'FormatOptions') as format_options, json_extract_path_text(detail.Properties, 'Input') as input, + json_extract_path_text(detail.Properties, 'Source') as source, json_extract_path_text(detail.Properties, 'PathOptions') as path_options, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing @@ -2293,6 +2371,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Format') as _format, JSON_EXTRACT(detail.Properties, '$.FormatOptions') as format_options, JSON_EXTRACT(detail.Properties, '$.Input') as input, + JSON_EXTRACT(detail.Properties, '$.Source') as source, JSON_EXTRACT(detail.Properties, '$.PathOptions') as path_options FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -2313,6 +2392,7 @@ components: json_extract_path_text(detail.Properties, 'Format') as _format, json_extract_path_text(detail.Properties, 'FormatOptions') as format_options, json_extract_path_text(detail.Properties, 'Input') as input, + json_extract_path_text(detail.Properties, 'Source') as source, json_extract_path_text(detail.Properties, 'PathOptions') as path_options FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail diff --git a/providers/src/aws/v00.00.00000/services/datasync.yaml b/providers/src/aws/v00.00.00000/services/datasync.yaml index b3816c77..22f84eee 100644 --- a/providers/src/aws/v00.00.00000/services/datasync.yaml +++ b/providers/src/aws/v00.00.00000/services/datasync.yaml @@ -413,7 +413,7 @@ components: type: string pattern: ^[a-zA-Z0-9\s+=._:@/-]+$ maxLength: 256 - minLength: 1 + minLength: 0 ActivationKey: description: Activation key of the Agent. type: string @@ -482,6 +482,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:CreateAgent @@ -607,6 +611,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:CreateLocationAzureBlob @@ -726,6 +734,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:CreateLocationEfs @@ -817,6 +829,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:CreateLocationFsxLustre @@ -984,6 +1000,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:CreateLocationFsxOntap @@ -1093,6 +1113,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:CreateLocationFsxOpenZfs @@ -1200,6 +1224,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:CreateLocationFsxWindows @@ -1379,6 +1407,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:CreateLocationHdfs @@ -1475,6 +1507,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:CreateLocationNfs @@ -1594,6 +1630,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:CreateLocationObjectStorage @@ -1804,6 +1844,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:CreateLocationSmb @@ -1939,6 +1983,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:AddStorageSystem @@ -2327,6 +2375,12 @@ components: type: string maxLength: 128 pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]*:[0-9]{12}:task/task-[0-9a-f]{17}$ + TaskMode: + description: Specifies the task mode for the task. + type: string + enum: + - BASIC + - ENHANCED Status: description: The status of the task that was described. type: string @@ -2351,6 +2405,7 @@ components: x-create-only-properties: - DestinationLocationArn - SourceLocationArn + - TaskMode x-read-only-properties: - TaskArn - Status @@ -2365,6 +2420,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - datasync:TagResource + - datasync:UntagResource + - datasync:ListTagsForResource x-required-permissions: create: - datasync:CreateTask @@ -2429,7 +2488,7 @@ components: type: string pattern: ^[a-zA-Z0-9\s+=._:@/-]+$ maxLength: 256 - minLength: 1 + minLength: 0 ActivationKey: description: Activation key of the Agent. type: string @@ -3381,6 +3440,12 @@ components: type: string maxLength: 128 pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\-0-9]*:[0-9]{12}:task/task-[0-9a-f]{17}$ + TaskMode: + description: Specifies the task mode for the task. + type: string + enum: + - BASIC + - ENHANCED Status: description: The status of the task that was described. type: string @@ -6412,6 +6477,7 @@ components: JSON_EXTRACT(Properties, '$.Schedule') as schedule, JSON_EXTRACT(Properties, '$.SourceLocationArn') as source_location_arn, JSON_EXTRACT(Properties, '$.TaskArn') as task_arn, + JSON_EXTRACT(Properties, '$.TaskMode') as task_mode, JSON_EXTRACT(Properties, '$.Status') as status, JSON_EXTRACT(Properties, '$.SourceNetworkInterfaceArns') as source_network_interface_arns, JSON_EXTRACT(Properties, '$.DestinationNetworkInterfaceArns') as destination_network_interface_arns @@ -6435,6 +6501,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Schedule') as schedule, JSON_EXTRACT(detail.Properties, '$.SourceLocationArn') as source_location_arn, JSON_EXTRACT(detail.Properties, '$.TaskArn') as task_arn, + JSON_EXTRACT(detail.Properties, '$.TaskMode') as task_mode, JSON_EXTRACT(detail.Properties, '$.Status') as status, JSON_EXTRACT(detail.Properties, '$.SourceNetworkInterfaceArns') as source_network_interface_arns, JSON_EXTRACT(detail.Properties, '$.DestinationNetworkInterfaceArns') as destination_network_interface_arns @@ -6463,6 +6530,7 @@ components: json_extract_path_text(Properties, 'Schedule') as schedule, json_extract_path_text(Properties, 'SourceLocationArn') as source_location_arn, json_extract_path_text(Properties, 'TaskArn') as task_arn, + json_extract_path_text(Properties, 'TaskMode') as task_mode, json_extract_path_text(Properties, 'Status') as status, json_extract_path_text(Properties, 'SourceNetworkInterfaceArns') as source_network_interface_arns, json_extract_path_text(Properties, 'DestinationNetworkInterfaceArns') as destination_network_interface_arns @@ -6486,6 +6554,7 @@ components: json_extract_path_text(detail.Properties, 'Schedule') as schedule, json_extract_path_text(detail.Properties, 'SourceLocationArn') as source_location_arn, json_extract_path_text(detail.Properties, 'TaskArn') as task_arn, + json_extract_path_text(detail.Properties, 'TaskMode') as task_mode, json_extract_path_text(detail.Properties, 'Status') as status, json_extract_path_text(detail.Properties, 'SourceNetworkInterfaceArns') as source_network_interface_arns, json_extract_path_text(detail.Properties, 'DestinationNetworkInterfaceArns') as destination_network_interface_arns @@ -6558,6 +6627,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Schedule') as schedule, JSON_EXTRACT(detail.Properties, '$.SourceLocationArn') as source_location_arn, JSON_EXTRACT(detail.Properties, '$.TaskArn') as task_arn, + JSON_EXTRACT(detail.Properties, '$.TaskMode') as task_mode, JSON_EXTRACT(detail.Properties, '$.Status') as status, JSON_EXTRACT(detail.Properties, '$.SourceNetworkInterfaceArns') as source_network_interface_arns, JSON_EXTRACT(detail.Properties, '$.DestinationNetworkInterfaceArns') as destination_network_interface_arns @@ -6587,6 +6657,7 @@ components: json_extract_path_text(detail.Properties, 'Schedule') as schedule, json_extract_path_text(detail.Properties, 'SourceLocationArn') as source_location_arn, json_extract_path_text(detail.Properties, 'TaskArn') as task_arn, + json_extract_path_text(detail.Properties, 'TaskMode') as task_mode, json_extract_path_text(detail.Properties, 'Status') as status, json_extract_path_text(detail.Properties, 'SourceNetworkInterfaceArns') as source_network_interface_arns, json_extract_path_text(detail.Properties, 'DestinationNetworkInterfaceArns') as destination_network_interface_arns diff --git a/providers/src/aws/v00.00.00000/services/datazone.yaml b/providers/src/aws/v00.00.00000/services/datazone.yaml index ef5ffb9f..bbd1c3c8 100644 --- a/providers/src/aws/v00.00.00000/services/datazone.yaml +++ b/providers/src/aws/v00.00.00000/services/datazone.yaml @@ -395,7 +395,7 @@ components: description: The data access role included in the configuration details of the AWS Glue data source. pattern: ^arn:aws[^:]*:iam::\d{12}:(role|role/service-role)/[\w+=,.@-]{1,128}$ DataSourceConfigurationInput: - description: Specifies the configuration of the data source. It can be set to either glueRunConfiguration or redshiftRunConfiguration. + description: Specifies the configuration of the data source. It can be set to either glueRunConfiguration or redshiftRunConfiguration or sageMakerRunConfiguration. oneOf: - type: object title: GlueRunConfiguration @@ -409,6 +409,12 @@ components: RedshiftRunConfiguration: $ref: '#/components/schemas/RedshiftRunConfigurationInput' additionalProperties: false + - type: object + title: SageMakerRunConfiguration + properties: + SageMakerRunConfiguration: + $ref: '#/components/schemas/SageMakerRunConfigurationInput' + additionalProperties: false DataSourceStatus: type: string description: The status of the data source. @@ -615,6 +621,16 @@ components: items: $ref: '#/components/schemas/RelationalFilterConfiguration' x-insertionOrder: false + SageMakerRunConfigurationInput: + type: object + description: The configuration details of the Amazon SageMaker data source. + properties: + TrackingAssets: + description: The tracking assets of the Amazon SageMaker run. + $ref: '#/components/schemas/TrackingAssets' + required: + - TrackingAssets + additionalProperties: false ScheduleConfiguration: type: object description: The schedule of the data source runs. @@ -631,6 +647,19 @@ components: additionalProperties: false Timezone: type: string + TrackingAssets: + type: object + description: The tracking assets of the Amazon SageMaker run. + x-patternProperties: + ^.{1,64}$: + type: array + items: + type: string + pattern: ^arn:aws[^:]*:sagemaker:[a-z]{2}-?(iso|gov)?-{1}[a-z]*-{1}[0-9]:\d{12}:[\w+=,.@-]{1,128}/[\w+=,.@-]{1,256}$ + minItems: 0 + maxItems: 500 + maxProperties: 1 + additionalProperties: false TypeRevision: type: string description: The revision of the metadata form type. @@ -916,6 +945,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - datazone:TagResource + - datazone:UntagResource x-required-permissions: create: - datazone:CreateDomain @@ -925,6 +957,8 @@ components: - sso:CreateManagedApplicationInstance - sso:DeleteManagedApplicationInstance - sso:PutApplicationAssignmentConfiguration + - sso:ListInstances + - iam:PassRole read: - datazone:GetDomain update: @@ -935,9 +969,14 @@ components: - sso:CreateManagedApplicationInstance - sso:DeleteManagedApplicationInstance - sso:PutApplicationAssignmentConfiguration + - sso:ListInstances + - iam:PassRole delete: - datazone:DeleteDomain - datazone:GetDomain + - sso:DeleteManagedApplicationInstance + - sso:PutApplicationAssignmentConfiguration + - sso:ListInstances list: - datazone:ListDomains EnvironmentParameter: @@ -979,6 +1018,14 @@ components: type: string description: The AWS region in which the Amazon DataZone environment is created. pattern: ^[a-z]{2}-[a-z]{4,10}-\d$ + EnvironmentAccountIdentifier: + type: string + description: The AWS account in which the Amazon DataZone environment is created. + pattern: ^\d{12}$ + EnvironmentAccountRegion: + type: string + description: The AWS region in which the Amazon DataZone environment is created. + pattern: ^[a-z]{2}-[a-z]{4,10}-\d$ CreatedAt: type: string description: The timestamp of when the environment was created. @@ -1005,11 +1052,11 @@ components: EnvironmentProfileId: type: string description: The ID of the environment profile with which the Amazon DataZone environment was created. - pattern: ^[a-zA-Z0-9_-]{1,36}$ + pattern: ^[a-zA-Z0-9_-]{0,36}$ EnvironmentProfileIdentifier: type: string description: The ID of the environment profile with which the Amazon DataZone environment would be created. - pattern: ^[a-zA-Z0-9_-]{1,36}$ + pattern: ^[a-zA-Z0-9_-]{0,36}$ GlossaryTerms: type: array x-insertionOrder: false @@ -1019,6 +1066,9 @@ components: pattern: ^[a-zA-Z0-9_-]{1,36}$ maxItems: 20 minItems: 1 + EnvironmentRoleArn: + type: string + description: Environment role arn for custom aws environment permissions Id: type: string description: The ID of the Amazon DataZone environment. @@ -1054,7 +1104,6 @@ components: items: $ref: '#/components/schemas/EnvironmentParameter' required: - - EnvironmentProfileIdentifier - Name - ProjectIdentifier - DomainIdentifier @@ -1071,10 +1120,15 @@ components: - EnvironmentProfileIdentifier - ProjectIdentifier - UserParameters + - EnvironmentAccountIdentifier + - EnvironmentAccountRegion x-write-only-properties: - EnvironmentProfileIdentifier - ProjectIdentifier - DomainIdentifier + - EnvironmentAccountIdentifier + - EnvironmentAccountRegion + - EnvironmentRoleArn x-read-only-properties: - AwsAccountId - AwsAccountRegion @@ -1089,7 +1143,6 @@ components: - Status - UpdatedAt x-required-properties: - - EnvironmentProfileIdentifier - Name - ProjectIdentifier - DomainIdentifier @@ -1100,17 +1153,124 @@ components: - datazone:CreateEnvironment - datazone:GetEnvironment - datazone:DeleteEnvironment + - datazone:AssociateEnvironmentRole + - iam:PassRole read: - datazone:GetEnvironment update: - datazone:UpdateEnvironment - datazone:GetEnvironment - datazone:DeleteEnvironment + - datazone:AssociateEnvironmentRole + - datazone:DisassociateEnvironmentRole + - iam:PassRole delete: - datazone:DeleteEnvironment - datazone:GetEnvironment list: - datazone:ListEnvironments + EnvironmentActionURI: + type: string + description: The URI of the console link specified as part of the environment action. + minLength: 1 + maxLength: 2048 + AwsConsoleLinkParameters: + type: object + description: The parameters of the console link specified as part of the environment action + properties: + Uri: + $ref: '#/components/schemas/EnvironmentActionURI' + additionalProperties: false + EnvironmentActions: + type: object + properties: + Description: + type: string + description: The description of the Amazon DataZone environment action. + maxLength: 2048 + DomainId: + type: string + description: The identifier of the Amazon DataZone domain in which the environment is created. + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + DomainIdentifier: + type: string + description: The identifier of the Amazon DataZone domain in which the environment would be created. + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + EnvironmentId: + type: string + description: The identifier of the Amazon DataZone environment in which the action is taking place + pattern: '[a-zA-Z0-9_-]{1,36}$' + maxLength: 36 + minLength: 1 + EnvironmentIdentifier: + type: string + description: The identifier of the Amazon DataZone environment in which the action is taking place + pattern: '[a-zA-Z0-9_-]{1,36}$' + maxLength: 36 + minLength: 1 + Id: + type: string + description: The ID of the Amazon DataZone environment action. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + maxLength: 36 + minLength: 1 + Identifier: + type: string + description: The ID of the Amazon DataZone environment action. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + maxLength: 36 + minLength: 1 + Name: + type: string + description: The name of the environment action. + maxLength: 64 + minLength: 1 + pattern: ^[\w -]+$ + Parameters: + description: The parameters of the environment action. + $ref: '#/components/schemas/AwsConsoleLinkParameters' + required: + - Name + x-stackql-resource-name: environment_actions + description: Definition of AWS::DataZone::EnvironmentActions Resource Type + x-type-name: AWS::DataZone::EnvironmentActions + x-stackql-primary-identifier: + - DomainId + - EnvironmentId + - Id + x-stackql-additional-identifiers: + - - EnvironmentIdentifier + x-create-only-properties: + - DomainIdentifier + - EnvironmentIdentifier + x-write-only-properties: + - EnvironmentIdentifier + - DomainIdentifier + - Identifier + x-read-only-properties: + - DomainId + - EnvironmentId + - Id + x-required-properties: + - Name + x-tagging: + taggable: false + x-required-permissions: + create: + - datazone:CreateEnvironmentAction + - datazone:GetEnvironmentAction + - datazone:DeleteEnvironmentAction + read: + - datazone:GetEnvironmentAction + update: + - datazone:UpdateEnvironmentAction + - datazone:GetEnvironmentAction + - datazone:DeleteEnvironmentAction + delete: + - datazone:DeleteEnvironmentAction + - datazone:GetEnvironmentAction + list: + - datazone:ListEnvironmentActions RegionalParameter: additionalProperties: false type: object @@ -1522,6 +1682,9 @@ components: enum: - PROJECT_OWNER - PROJECT_CONTRIBUTOR + - PROJECT_CATALOG_VIEWER + - PROJECT_CATALOG_CONSUMER + - PROJECT_CATALOG_STEWARD MemberIdentifierType: type: string enum: @@ -1702,7 +1865,6 @@ components: - AuthorizedPrincipals - DomainIdentifier - EnvironmentIdentifier - - ManageAccessRole - Name - SubscriptionTargetConfig - Type @@ -1734,7 +1896,6 @@ components: - AuthorizedPrincipals - DomainIdentifier - EnvironmentIdentifier - - ManageAccessRole - Name - SubscriptionTargetConfig - Type @@ -2105,6 +2266,14 @@ components: type: string description: The AWS region in which the Amazon DataZone environment is created. pattern: ^[a-z]{2}-[a-z]{4,10}-\d$ + EnvironmentAccountIdentifier: + type: string + description: The AWS account in which the Amazon DataZone environment is created. + pattern: ^\d{12}$ + EnvironmentAccountRegion: + type: string + description: The AWS region in which the Amazon DataZone environment is created. + pattern: ^[a-z]{2}-[a-z]{4,10}-\d$ CreatedAt: type: string description: The timestamp of when the environment was created. @@ -2131,11 +2300,11 @@ components: EnvironmentProfileId: type: string description: The ID of the environment profile with which the Amazon DataZone environment was created. - pattern: ^[a-zA-Z0-9_-]{1,36}$ + pattern: ^[a-zA-Z0-9_-]{0,36}$ EnvironmentProfileIdentifier: type: string description: The ID of the environment profile with which the Amazon DataZone environment would be created. - pattern: ^[a-zA-Z0-9_-]{1,36}$ + pattern: ^[a-zA-Z0-9_-]{0,36}$ GlossaryTerms: type: array x-insertionOrder: false @@ -2145,6 +2314,9 @@ components: pattern: ^[a-zA-Z0-9_-]{1,36}$ maxItems: 20 minItems: 1 + EnvironmentRoleArn: + type: string + description: Environment role arn for custom aws environment permissions Id: type: string description: The ID of the Amazon DataZone environment. @@ -2183,6 +2355,68 @@ components: x-title: CreateEnvironmentRequest type: object required: [] + CreateEnvironmentActionsRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Description: + type: string + description: The description of the Amazon DataZone environment action. + maxLength: 2048 + DomainId: + type: string + description: The identifier of the Amazon DataZone domain in which the environment is created. + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + DomainIdentifier: + type: string + description: The identifier of the Amazon DataZone domain in which the environment would be created. + pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$ + EnvironmentId: + type: string + description: The identifier of the Amazon DataZone environment in which the action is taking place + pattern: '[a-zA-Z0-9_-]{1,36}$' + maxLength: 36 + minLength: 1 + EnvironmentIdentifier: + type: string + description: The identifier of the Amazon DataZone environment in which the action is taking place + pattern: '[a-zA-Z0-9_-]{1,36}$' + maxLength: 36 + minLength: 1 + Id: + type: string + description: The ID of the Amazon DataZone environment action. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + maxLength: 36 + minLength: 1 + Identifier: + type: string + description: The ID of the Amazon DataZone environment action. + pattern: ^[a-zA-Z0-9_-]{1,36}$ + maxLength: 36 + minLength: 1 + Name: + type: string + description: The name of the environment action. + maxLength: 64 + minLength: 1 + pattern: ^[\w -]+$ + Parameters: + description: The parameters of the environment action. + $ref: '#/components/schemas/AwsConsoleLinkParameters' + x-stackQL-stringOnly: true + x-title: CreateEnvironmentActionsRequest + type: object + required: [] CreateEnvironmentBlueprintConfigurationRequest: properties: ClientToken: @@ -3124,6 +3358,8 @@ components: data__Identifier, JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, JSON_EXTRACT(Properties, '$.AwsAccountRegion') as aws_account_region, + JSON_EXTRACT(Properties, '$.EnvironmentAccountIdentifier') as environment_account_identifier, + JSON_EXTRACT(Properties, '$.EnvironmentAccountRegion') as environment_account_region, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.CreatedBy') as created_by, JSON_EXTRACT(Properties, '$.Description') as description, @@ -3133,6 +3369,7 @@ components: JSON_EXTRACT(Properties, '$.EnvironmentProfileId') as environment_profile_id, JSON_EXTRACT(Properties, '$.EnvironmentProfileIdentifier') as environment_profile_identifier, JSON_EXTRACT(Properties, '$.GlossaryTerms') as glossary_terms, + JSON_EXTRACT(Properties, '$.EnvironmentRoleArn') as environment_role_arn, JSON_EXTRACT(Properties, '$.Id') as id, JSON_EXTRACT(Properties, '$.Name') as name, JSON_EXTRACT(Properties, '$.ProjectId') as project_id, @@ -3151,6 +3388,8 @@ components: detail.region, JSON_EXTRACT(detail.Properties, '$.AwsAccountId') as aws_account_id, JSON_EXTRACT(detail.Properties, '$.AwsAccountRegion') as aws_account_region, + JSON_EXTRACT(detail.Properties, '$.EnvironmentAccountIdentifier') as environment_account_identifier, + JSON_EXTRACT(detail.Properties, '$.EnvironmentAccountRegion') as environment_account_region, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.CreatedBy') as created_by, JSON_EXTRACT(detail.Properties, '$.Description') as description, @@ -3160,6 +3399,7 @@ components: JSON_EXTRACT(detail.Properties, '$.EnvironmentProfileId') as environment_profile_id, JSON_EXTRACT(detail.Properties, '$.EnvironmentProfileIdentifier') as environment_profile_identifier, JSON_EXTRACT(detail.Properties, '$.GlossaryTerms') as glossary_terms, + JSON_EXTRACT(detail.Properties, '$.EnvironmentRoleArn') as environment_role_arn, JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.ProjectId') as project_id, @@ -3183,6 +3423,8 @@ components: data__Identifier, json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, json_extract_path_text(Properties, 'AwsAccountRegion') as aws_account_region, + json_extract_path_text(Properties, 'EnvironmentAccountIdentifier') as environment_account_identifier, + json_extract_path_text(Properties, 'EnvironmentAccountRegion') as environment_account_region, json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'CreatedBy') as created_by, json_extract_path_text(Properties, 'Description') as description, @@ -3192,6 +3434,7 @@ components: json_extract_path_text(Properties, 'EnvironmentProfileId') as environment_profile_id, json_extract_path_text(Properties, 'EnvironmentProfileIdentifier') as environment_profile_identifier, json_extract_path_text(Properties, 'GlossaryTerms') as glossary_terms, + json_extract_path_text(Properties, 'EnvironmentRoleArn') as environment_role_arn, json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'Name') as name, json_extract_path_text(Properties, 'ProjectId') as project_id, @@ -3210,6 +3453,8 @@ components: detail.region, json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, json_extract_path_text(detail.Properties, 'AwsAccountRegion') as aws_account_region, + json_extract_path_text(detail.Properties, 'EnvironmentAccountIdentifier') as environment_account_identifier, + json_extract_path_text(detail.Properties, 'EnvironmentAccountRegion') as environment_account_region, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'CreatedBy') as created_by, json_extract_path_text(detail.Properties, 'Description') as description, @@ -3219,6 +3464,7 @@ components: json_extract_path_text(detail.Properties, 'EnvironmentProfileId') as environment_profile_id, json_extract_path_text(detail.Properties, 'EnvironmentProfileIdentifier') as environment_profile_identifier, json_extract_path_text(detail.Properties, 'GlossaryTerms') as glossary_terms, + json_extract_path_text(detail.Properties, 'EnvironmentRoleArn') as environment_role_arn, json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'ProjectId') as project_id, @@ -3268,6 +3514,180 @@ components: json_extract_path_text(Properties, 'Id') as id FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::Environment' AND region = 'us-east-1' + environment_actions: + name: environment_actions + id: aws.datazone.environment_actions + x-cfn-schema-name: EnvironmentActions + x-cfn-type-name: AWS::DataZone::EnvironmentActions + x-identifiers: + - DomainId + - EnvironmentId + - Id + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__EnvironmentActions&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::DataZone::EnvironmentActions" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::DataZone::EnvironmentActions" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::DataZone::EnvironmentActions" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/environment_actions/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/environment_actions/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/environment_actions/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.DomainIdentifier') as domain_identifier, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(Properties, '$.EnvironmentIdentifier') as environment_identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Identifier') as identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Parameters') as parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::EnvironmentActions' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(detail.Properties, '$.DomainIdentifier') as domain_identifier, + JSON_EXTRACT(detail.Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(detail.Properties, '$.EnvironmentIdentifier') as environment_identifier, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Parameters') as parameters + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::DataZone::EnvironmentActions' + AND detail.data__TypeName = 'AWS::DataZone::EnvironmentActions' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'DomainIdentifier') as domain_identifier, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(Properties, 'EnvironmentIdentifier') as environment_identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Identifier') as identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Parameters') as parameters + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DataZone::EnvironmentActions' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DomainId') as domain_id, + json_extract_path_text(detail.Properties, 'DomainIdentifier') as domain_identifier, + json_extract_path_text(detail.Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(detail.Properties, 'EnvironmentIdentifier') as environment_identifier, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Parameters') as parameters + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::DataZone::EnvironmentActions' + AND detail.data__TypeName = 'AWS::DataZone::EnvironmentActions' + AND listing.region = 'us-east-1' + environment_actions_list_only: + name: environment_actions_list_only + id: aws.datazone.environment_actions_list_only + x-cfn-schema-name: EnvironmentActions + x-cfn-type-name: AWS::DataZone::EnvironmentActions + x-identifiers: + - DomainId + - EnvironmentId + - Id + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::EnvironmentActions' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DataZone::EnvironmentActions' + AND region = 'us-east-1' environment_blueprint_configurations: name: environment_blueprint_configurations id: aws.datazone.environment_blueprint_configurations @@ -4763,6 +5183,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__EnvironmentActions&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateEnvironmentActions + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateEnvironmentActionsRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__EnvironmentBlueprintConfiguration&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/deadline.yaml b/providers/src/aws/v00.00.00000/services/deadline.yaml index 1f99052d..1d7e4f8f 100644 --- a/providers/src/aws/v00.00.00000/services/deadline.yaml +++ b/providers/src/aws/v00.00.00000/services/deadline.yaml @@ -385,6 +385,24 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 127 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 255 + required: + - Key + - Value + additionalProperties: false Farm: type: object properties: @@ -405,7 +423,15 @@ components: pattern: ^arn:aws[-a-z]*:kms:.*:key/.* Arn: type: string - pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]+:farm/.+? + pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]+:farm/farm-[0-9a-z]{32}$ + Tags: + type: array + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true required: - DisplayName x-stackql-resource-name: farm @@ -421,20 +447,29 @@ components: x-required-properties: - DisplayName x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false - cloudFormationSystemTags: false + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - deadline:TagResource + - deadline:UntagResource + - deadline:ListTagsForResource x-required-permissions: create: - deadline:CreateFarm - deadline:GetFarm + - deadline:TagResource + - deadline:ListTagsForResource + - identitystore:ListGroupMembershipsForMember - kms:Encrypt - kms:Decrypt - kms:CreateGrant - kms:GenerateDataKey read: - deadline:GetFarm + - deadline:ListTagsForResource - identitystore:ListGroupMembershipsForMember - kms:Encrypt - kms:Decrypt @@ -443,6 +478,9 @@ components: update: - deadline:UpdateFarm - deadline:GetFarm + - deadline:TagResource + - deadline:UntagResource + - deadline:ListTagsForResource - identitystore:ListGroupMembershipsForMember - kms:Encrypt - kms:Decrypt @@ -575,6 +613,36 @@ components: maximum: 1000 minimum: 125 additionalProperties: false + AcceleratorSelection: + type: object + properties: + Name: + type: string + enum: + - t4 + - a10g + - l4 + - l40s + Runtime: + type: string + maxLength: 100 + minLength: 1 + required: + - Name + additionalProperties: false + AcceleratorCapabilities: + type: object + properties: + Selections: + type: array + items: + $ref: '#/components/schemas/AcceleratorSelection' + minItems: 1 + Count: + $ref: '#/components/schemas/AcceleratorCountRange' + required: + - Selections + additionalProperties: false Ec2MarketType: type: string enum: @@ -705,6 +773,8 @@ components: $ref: '#/components/schemas/CpuArchitectureType' RootEbsVolume: $ref: '#/components/schemas/Ec2EbsVolume' + AcceleratorCapabilities: + $ref: '#/components/schemas/AcceleratorCapabilities' AllowedInstanceTypes: type: array items: @@ -741,6 +811,7 @@ components: type: string enum: - LINUX + - WINDOWS VCpuCountRange: type: object properties: @@ -796,9 +867,18 @@ components: Arn: type: string pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]+:farm/farm-[0-9a-z]{32}/fleet/fleet-[0-9a-z]{32} + Tags: + type: array + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true required: - Configuration - DisplayName + - FarmId - MaxWorkerCount - RoleArn x-stackql-resource-name: fleet @@ -817,13 +897,19 @@ components: x-required-properties: - Configuration - DisplayName + - FarmId - MaxWorkerCount - RoleArn x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false - cloudFormationSystemTags: false + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - deadline:TagResource + - deadline:UntagResource + - deadline:ListTagsForResource x-required-permissions: create: - deadline:CreateFleet @@ -831,14 +917,20 @@ components: - iam:PassRole - identitystore:ListGroupMembershipsForMember - logs:CreateLogGroup + - deadline:TagResource + - deadline:ListTagsForResource read: - deadline:GetFleet - identitystore:ListGroupMembershipsForMember + - deadline:ListTagsForResource update: - deadline:UpdateFleet - deadline:GetFleet - iam:PassRole - identitystore:ListGroupMembershipsForMember + - deadline:TagResource + - deadline:UntagResource + - deadline:ListTagsForResource delete: - deadline:DeleteFleet - deadline:GetFleet @@ -890,6 +982,14 @@ components: Arn: type: string pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]{12}:license-endpoint/le-[0-9a-z]{32} + Tags: + type: array + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true required: - SecurityGroupIds - SubnetIds @@ -914,10 +1014,15 @@ components: - SubnetIds - VpcId x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false - cloudFormationSystemTags: false + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - deadline:TagResource + - deadline:UntagResource + - deadline:ListTagsForResource x-required-permissions: create: - deadline:CreateLicenseEndpoint @@ -925,8 +1030,16 @@ components: - ec2:CreateTags - ec2:CreateVpcEndpoint - ec2:DescribeVpcEndpoints + - deadline:TagResource + - deadline:ListTagsForResource read: - deadline:GetLicenseEndpoint + - deadline:ListTagsForResource + update: + - deadline:TagResource + - deadline:UntagResource + - deadline:ListTagsForResource + - deadline:GetLicenseEndpoint delete: - deadline:GetLicenseEndpoint - deadline:DeleteLicenseEndpoint @@ -968,6 +1081,9 @@ components: - ProductId x-read-only-properties: - Arn + - Port + - Family + - Vendor x-tagging: taggable: false tagOnCreate: false @@ -985,6 +1101,85 @@ components: - deadline:ListMeteredProducts list: - deadline:ListMeteredProducts + Monitor: + type: object + properties: + DisplayName: + type: string + maxLength: 100 + minLength: 1 + IdentityCenterApplicationArn: + type: string + IdentityCenterInstanceArn: + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}$ + MonitorId: + type: string + pattern: ^monitor-[0-9a-f]{32}$ + RoleArn: + type: string + pattern: ^arn:(aws[a-zA-Z-]*):iam::\d{12}:role(/[!-.0-~]+)*/[\w+=,.@-]+$ + Subdomain: + type: string + pattern: ^[a-z0-9-]{1,100}$ + Url: + type: string + Arn: + type: string + pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]+:monitor/monitor-[0-9a-z]{32}$ + required: + - DisplayName + - IdentityCenterInstanceArn + - RoleArn + - Subdomain + x-stackql-resource-name: monitor + description: Definition of AWS::Deadline::Monitor Resource Type + x-type-name: AWS::Deadline::Monitor + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - IdentityCenterInstanceArn + x-read-only-properties: + - IdentityCenterApplicationArn + - MonitorId + - Url + - Arn + x-required-properties: + - DisplayName + - IdentityCenterInstanceArn + - RoleArn + - Subdomain + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - deadline:CreateMonitor + - deadline:GetMonitor + - iam:PassRole + - kms:CreateGrant + - sso:CreateApplication + - sso:DeleteApplication + - sso:PutApplicationAssignmentConfiguration + - sso:PutApplicationAuthenticationMethod + - sso:PutApplicationGrant + read: + - deadline:GetMonitor + update: + - deadline:GetMonitor + - deadline:UpdateMonitor + - iam:PassRole + - kms:CreateGrant + - sso:PutApplicationGrant + - sso:UpdateApplication + delete: + - deadline:DeleteMonitor + - deadline:GetMonitor + - sso:DeleteApplication + list: + - deadline:ListMonitors DefaultQueueBudgetAction: type: string default: NONE @@ -1107,8 +1302,17 @@ components: Arn: type: string pattern: ^arn:* + Tags: + type: array + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true required: - DisplayName + - FarmId x-stackql-resource-name: queue description: Definition of AWS::Deadline::Queue Resource Type x-type-name: AWS::Deadline::Queue @@ -1121,11 +1325,17 @@ components: - Arn x-required-properties: - DisplayName + - FarmId x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false - cloudFormationSystemTags: false + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - deadline:TagResource + - deadline:UntagResource + - deadline:ListTagsForResource x-required-permissions: create: - deadline:CreateQueue @@ -1134,9 +1344,12 @@ components: - identitystore:ListGroupMembershipsForMember - logs:CreateLogGroup - s3:ListBucket + - deadline:TagResource + - deadline:ListTagsForResource read: - deadline:GetQueue - identitystore:ListGroupMembershipsForMember + - deadline:ListTagsForResource update: - deadline:UpdateQueue - deadline:GetQueue @@ -1144,6 +1357,9 @@ components: - identitystore:ListGroupMembershipsForMember - logs:CreateLogGroup - s3:ListBucket + - deadline:TagResource + - deadline:UntagResource + - deadline:ListTagsForResource delete: - deadline:DeleteQueue - deadline:GetQueue @@ -1334,6 +1550,7 @@ components: pattern: ^sp-[0-9a-f]{32}$ required: - DisplayName + - FarmId - OsFamily x-stackql-resource-name: storage_profile description: Definition of AWS::Deadline::StorageProfile Resource Type @@ -1347,6 +1564,7 @@ components: - StorageProfileId x-required-properties: - DisplayName + - FarmId - OsFamily x-tagging: taggable: false @@ -1402,7 +1620,15 @@ components: pattern: ^arn:aws[-a-z]*:kms:.*:key/.* Arn: type: string - pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]+:farm/.+? + pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]+:farm/farm-[0-9a-z]{32}$ + Tags: + type: array + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true x-stackQL-stringOnly: true x-title: CreateFarmRequest type: object @@ -1458,6 +1684,14 @@ components: Arn: type: string pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]+:farm/farm-[0-9a-z]{32}/fleet/fleet-[0-9a-z]{32} + Tags: + type: array + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true x-stackQL-stringOnly: true x-title: CreateFleetRequest type: object @@ -1507,6 +1741,14 @@ components: Arn: type: string pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]{12}:license-endpoint/le-[0-9a-z]{32} + Tags: + type: array + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true x-stackQL-stringOnly: true x-title: CreateLicenseEndpointRequest type: object @@ -1549,6 +1791,46 @@ components: x-title: CreateMeteredProductRequest type: object required: [] + CreateMonitorRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DisplayName: + type: string + maxLength: 100 + minLength: 1 + IdentityCenterApplicationArn: + type: string + IdentityCenterInstanceArn: + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}$ + MonitorId: + type: string + pattern: ^monitor-[0-9a-f]{32}$ + RoleArn: + type: string + pattern: ^arn:(aws[a-zA-Z-]*):iam::\d{12}:role(/[!-.0-~]+)*/[\w+=,.@-]+$ + Subdomain: + type: string + pattern: ^[a-z0-9-]{1,100}$ + Url: + type: string + Arn: + type: string + pattern: ^arn:(aws[a-zA-Z-]*):deadline:[a-z0-9-]+:[0-9]+:monitor/monitor-[0-9a-z]{32}$ + x-stackQL-stringOnly: true + x-title: CreateMonitorRequest + type: object + required: [] CreateQueueRequest: properties: ClientToken: @@ -1607,6 +1889,14 @@ components: Arn: type: string pattern: ^arn:* + Tags: + type: array + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true x-stackQL-stringOnly: true x-title: CreateQueueRequest type: object @@ -1785,7 +2075,8 @@ components: JSON_EXTRACT(Properties, '$.DisplayName') as display_name, JSON_EXTRACT(Properties, '$.FarmId') as farm_id, JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, - JSON_EXTRACT(Properties, '$.Arn') as arn + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Farm' AND data__Identifier = '' AND region = 'us-east-1' @@ -1798,7 +2089,8 @@ components: JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, JSON_EXTRACT(detail.Properties, '$.FarmId') as farm_id, JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1816,7 +2108,8 @@ components: json_extract_path_text(Properties, 'DisplayName') as display_name, json_extract_path_text(Properties, 'FarmId') as farm_id, json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, - json_extract_path_text(Properties, 'Arn') as arn + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Farm' AND data__Identifier = '' AND region = 'us-east-1' @@ -1829,7 +2122,8 @@ components: json_extract_path_text(detail.Properties, 'DisplayName') as display_name, json_extract_path_text(detail.Properties, 'FarmId') as farm_id, json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, - json_extract_path_text(detail.Properties, 'Arn') as arn + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1868,6 +2162,59 @@ components: json_extract_path_text(Properties, 'Arn') as arn FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::Farm' AND region = 'us-east-1' + farm_tags: + name: farm_tags + id: aws.deadline.farm_tags + x-cfn-schema-name: Farm + x-cfn-type-name: AWS::Deadline::Farm + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(detail.Properties, '$.FarmId') as farm_id, + JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Deadline::Farm' + AND detail.data__TypeName = 'AWS::Deadline::Farm' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, + json_extract_path_text(detail.Properties, 'FarmId') as farm_id, + json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(detail.Properties, 'Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Deadline::Farm' + AND detail.data__TypeName = 'AWS::Deadline::Farm' + AND listing.region = 'us-east-1' fleets: name: fleets id: aws.deadline.fleets @@ -1942,7 +2289,8 @@ components: JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(Properties, '$.Status') as status, JSON_EXTRACT(Properties, '$.WorkerCount') as worker_count, - JSON_EXTRACT(Properties, '$.Arn') as arn + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Fleet' AND data__Identifier = '' AND region = 'us-east-1' @@ -1962,7 +2310,8 @@ components: JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(detail.Properties, '$.Status') as status, JSON_EXTRACT(detail.Properties, '$.WorkerCount') as worker_count, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1987,7 +2336,8 @@ components: json_extract_path_text(Properties, 'RoleArn') as role_arn, json_extract_path_text(Properties, 'Status') as status, json_extract_path_text(Properties, 'WorkerCount') as worker_count, - json_extract_path_text(Properties, 'Arn') as arn + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Fleet' AND data__Identifier = '' AND region = 'us-east-1' @@ -2007,7 +2357,8 @@ components: json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, json_extract_path_text(detail.Properties, 'Status') as status, json_extract_path_text(detail.Properties, 'WorkerCount') as worker_count, - json_extract_path_text(detail.Properties, 'Arn') as arn + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2046,6 +2397,73 @@ components: json_extract_path_text(Properties, 'Arn') as arn FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::Fleet' AND region = 'us-east-1' + fleet_tags: + name: fleet_tags + id: aws.deadline.fleet_tags + x-cfn-schema-name: Fleet + x-cfn-type-name: AWS::Deadline::Fleet + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Capabilities') as capabilities, + JSON_EXTRACT(detail.Properties, '$.Configuration') as configuration, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(detail.Properties, '$.FarmId') as farm_id, + JSON_EXTRACT(detail.Properties, '$.FleetId') as fleet_id, + JSON_EXTRACT(detail.Properties, '$.MaxWorkerCount') as max_worker_count, + JSON_EXTRACT(detail.Properties, '$.MinWorkerCount') as min_worker_count, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.WorkerCount') as worker_count, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Deadline::Fleet' + AND detail.data__TypeName = 'AWS::Deadline::Fleet' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Capabilities') as capabilities, + json_extract_path_text(detail.Properties, 'Configuration') as configuration, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, + json_extract_path_text(detail.Properties, 'FarmId') as farm_id, + json_extract_path_text(detail.Properties, 'FleetId') as fleet_id, + json_extract_path_text(detail.Properties, 'MaxWorkerCount') as max_worker_count, + json_extract_path_text(detail.Properties, 'MinWorkerCount') as min_worker_count, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'WorkerCount') as worker_count, + json_extract_path_text(detail.Properties, 'Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Deadline::Fleet' + AND detail.data__TypeName = 'AWS::Deadline::Fleet' + AND listing.region = 'us-east-1' license_endpoints: name: license_endpoints id: aws.deadline.license_endpoints @@ -2070,6 +2488,18 @@ components: response: mediaType: application/json openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Deadline::LicenseEndpoint" + } + response: + mediaType: application/json + openAPIDocKey: '200' delete_resource: operation: $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' @@ -2087,7 +2517,8 @@ components: - $ref: '#/components/x-stackQL-resources/license_endpoints/methods/create_resource' delete: - $ref: '#/components/x-stackQL-resources/license_endpoints/methods/delete_resource' - update: [] + update: + - $ref: '#/components/x-stackQL-resources/license_endpoints/methods/update_resource' config: views: select: @@ -2103,7 +2534,8 @@ components: JSON_EXTRACT(Properties, '$.StatusMessage') as status_message, JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, - JSON_EXTRACT(Properties, '$.Arn') as arn + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::LicenseEndpoint' AND data__Identifier = '' AND region = 'us-east-1' @@ -2119,7 +2551,8 @@ components: JSON_EXTRACT(detail.Properties, '$.StatusMessage') as status_message, JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2140,7 +2573,8 @@ components: json_extract_path_text(Properties, 'StatusMessage') as status_message, json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, json_extract_path_text(Properties, 'VpcId') as vpc_id, - json_extract_path_text(Properties, 'Arn') as arn + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::LicenseEndpoint' AND data__Identifier = '' AND region = 'us-east-1' @@ -2156,7 +2590,8 @@ components: json_extract_path_text(detail.Properties, 'StatusMessage') as status_message, json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, - json_extract_path_text(detail.Properties, 'Arn') as arn + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2195,6 +2630,65 @@ components: json_extract_path_text(Properties, 'Arn') as arn FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::LicenseEndpoint' AND region = 'us-east-1' + license_endpoint_tags: + name: license_endpoint_tags + id: aws.deadline.license_endpoint_tags + x-cfn-schema-name: LicenseEndpoint + x-cfn-type-name: AWS::Deadline::LicenseEndpoint + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.DnsName') as dns_name, + JSON_EXTRACT(detail.Properties, '$.LicenseEndpointId') as license_endpoint_id, + JSON_EXTRACT(detail.Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.StatusMessage') as status_message, + JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Deadline::LicenseEndpoint' + AND detail.data__TypeName = 'AWS::Deadline::LicenseEndpoint' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'DnsName') as dns_name, + json_extract_path_text(detail.Properties, 'LicenseEndpointId') as license_endpoint_id, + json_extract_path_text(detail.Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'StatusMessage') as status_message, + json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, + json_extract_path_text(detail.Properties, 'Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Deadline::LicenseEndpoint' + AND detail.data__TypeName = 'AWS::Deadline::LicenseEndpoint' + AND listing.region = 'us-east-1' metered_products: name: metered_products id: aws.deadline.metered_products @@ -2336,6 +2830,168 @@ components: json_extract_path_text(Properties, 'Arn') as arn FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::MeteredProduct' AND region = 'us-east-1' + monitors: + name: monitors + id: aws.deadline.monitors + x-cfn-schema-name: Monitor + x-cfn-type-name: AWS::Deadline::Monitor + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Monitor&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Deadline::Monitor" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Deadline::Monitor" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Deadline::Monitor" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/monitors/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/monitors/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/monitors/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.IdentityCenterApplicationArn') as identity_center_application_arn, + JSON_EXTRACT(Properties, '$.IdentityCenterInstanceArn') as identity_center_instance_arn, + JSON_EXTRACT(Properties, '$.MonitorId') as monitor_id, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Subdomain') as subdomain, + JSON_EXTRACT(Properties, '$.Url') as url, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Monitor' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(detail.Properties, '$.IdentityCenterApplicationArn') as identity_center_application_arn, + JSON_EXTRACT(detail.Properties, '$.IdentityCenterInstanceArn') as identity_center_instance_arn, + JSON_EXTRACT(detail.Properties, '$.MonitorId') as monitor_id, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Subdomain') as subdomain, + JSON_EXTRACT(detail.Properties, '$.Url') as url, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Deadline::Monitor' + AND detail.data__TypeName = 'AWS::Deadline::Monitor' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'IdentityCenterApplicationArn') as identity_center_application_arn, + json_extract_path_text(Properties, 'IdentityCenterInstanceArn') as identity_center_instance_arn, + json_extract_path_text(Properties, 'MonitorId') as monitor_id, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Subdomain') as subdomain, + json_extract_path_text(Properties, 'Url') as url, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Monitor' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, + json_extract_path_text(detail.Properties, 'IdentityCenterApplicationArn') as identity_center_application_arn, + json_extract_path_text(detail.Properties, 'IdentityCenterInstanceArn') as identity_center_instance_arn, + json_extract_path_text(detail.Properties, 'MonitorId') as monitor_id, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Subdomain') as subdomain, + json_extract_path_text(detail.Properties, 'Url') as url, + json_extract_path_text(detail.Properties, 'Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Deadline::Monitor' + AND detail.data__TypeName = 'AWS::Deadline::Monitor' + AND listing.region = 'us-east-1' + monitors_list_only: + name: monitors_list_only + id: aws.deadline.monitors_list_only + x-cfn-schema-name: Monitor + x-cfn-type-name: AWS::Deadline::Monitor + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::Monitor' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::Monitor' + AND region = 'us-east-1' queues: name: queues id: aws.deadline.queues @@ -2409,7 +3065,8 @@ components: JSON_EXTRACT(Properties, '$.QueueId') as queue_id, JSON_EXTRACT(Properties, '$.RequiredFileSystemLocationNames') as required_file_system_location_names, JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(Properties, '$.Arn') as arn + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Queue' AND data__Identifier = '' AND region = 'us-east-1' @@ -2428,7 +3085,8 @@ components: JSON_EXTRACT(detail.Properties, '$.QueueId') as queue_id, JSON_EXTRACT(detail.Properties, '$.RequiredFileSystemLocationNames') as required_file_system_location_names, JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2452,7 +3110,8 @@ components: json_extract_path_text(Properties, 'QueueId') as queue_id, json_extract_path_text(Properties, 'RequiredFileSystemLocationNames') as required_file_system_location_names, json_extract_path_text(Properties, 'RoleArn') as role_arn, - json_extract_path_text(Properties, 'Arn') as arn + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Deadline::Queue' AND data__Identifier = '' AND region = 'us-east-1' @@ -2471,7 +3130,8 @@ components: json_extract_path_text(detail.Properties, 'QueueId') as queue_id, json_extract_path_text(detail.Properties, 'RequiredFileSystemLocationNames') as required_file_system_location_names, json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, - json_extract_path_text(detail.Properties, 'Arn') as arn + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2510,6 +3170,71 @@ components: json_extract_path_text(Properties, 'Arn') as arn FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Deadline::Queue' AND region = 'us-east-1' + queue_tags: + name: queue_tags + id: aws.deadline.queue_tags + x-cfn-schema-name: Queue + x-cfn-type-name: AWS::Deadline::Queue + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AllowedStorageProfileIds') as allowed_storage_profile_ids, + JSON_EXTRACT(detail.Properties, '$.DefaultBudgetAction') as default_budget_action, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(detail.Properties, '$.FarmId') as farm_id, + JSON_EXTRACT(detail.Properties, '$.JobAttachmentSettings') as job_attachment_settings, + JSON_EXTRACT(detail.Properties, '$.JobRunAsUser') as job_run_as_user, + JSON_EXTRACT(detail.Properties, '$.QueueId') as queue_id, + JSON_EXTRACT(detail.Properties, '$.RequiredFileSystemLocationNames') as required_file_system_location_names, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Deadline::Queue' + AND detail.data__TypeName = 'AWS::Deadline::Queue' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AllowedStorageProfileIds') as allowed_storage_profile_ids, + json_extract_path_text(detail.Properties, 'DefaultBudgetAction') as default_budget_action, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, + json_extract_path_text(detail.Properties, 'FarmId') as farm_id, + json_extract_path_text(detail.Properties, 'JobAttachmentSettings') as job_attachment_settings, + json_extract_path_text(detail.Properties, 'JobRunAsUser') as job_run_as_user, + json_extract_path_text(detail.Properties, 'QueueId') as queue_id, + json_extract_path_text(detail.Properties, 'RequiredFileSystemLocationNames') as required_file_system_location_names, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Deadline::Queue' + AND detail.data__TypeName = 'AWS::Deadline::Queue' + AND listing.region = 'us-east-1' queue_environments: name: queue_environments id: aws.deadline.queue_environments @@ -3278,6 +4003,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Monitor&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateMonitor + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateMonitorRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Queue&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/devopsguru.yaml b/providers/src/aws/v00.00.00000/services/devopsguru.yaml index fe6a3339..d9ea2423 100644 --- a/providers/src/aws/v00.00.00000/services/devopsguru.yaml +++ b/providers/src/aws/v00.00.00000/services/devopsguru.yaml @@ -506,6 +506,8 @@ components: - Id x-required-properties: - Config + x-tagging: + taggable: false x-required-permissions: create: - devops-guru:AddNotificationChannel diff --git a/providers/src/aws/v00.00.00000/services/dms.yaml b/providers/src/aws/v00.00.00000/services/dms.yaml index dff1c0d7..770d37c8 100644 --- a/providers/src/aws/v00.00.00000/services/dms.yaml +++ b/providers/src/aws/v00.00.00000/services/dms.yaml @@ -405,6 +405,150 @@ components: - Key - Value additionalProperties: false + DataMigrationSettings: + type: object + properties: + CloudwatchLogsEnabled: + type: boolean + description: The property specifies whether to enable the Cloudwatch log. + NumberOfJobs: + type: integer + description: The number of parallel jobs that trigger parallel threads to unload the tables from the source, and then load them to the target. + minimum: 1 + maximum: 50 + SelectionRules: + type: string + description: The property specifies the rules of selecting objects for data migration. + additionalProperties: false + SourceDataSettings: + type: object + properties: + CDCStartPosition: + type: string + description: The property is a point in the database engine's log that defines a time where you can begin CDC. + maxLength: 40 + CDCStartTime: + type: string + description: The property indicates the start time for a change data capture (CDC) operation. The value is server time in UTC format. + maxLength: 40 + CDCStopTime: + type: string + description: The property indicates the stop time for a change data capture (CDC) operation. The value is server time in UTC format. + maxLength: 40 + SlotName: + type: string + description: The property sets the name of a previously created logical replication slot for a change data capture (CDC) load of the source instance. + maxLength: 255 + additionalProperties: false + DataMigration: + type: object + properties: + DataMigrationName: + description: The property describes a name to identify the data migration. + type: string + minLength: 1 + maxLength: 300 + DataMigrationArn: + description: The property describes an ARN of the data migration. + type: string + minLength: 1 + maxLength: 300 + DataMigrationIdentifier: + description: The property describes an ARN of the data migration. + type: string + minLength: 1 + maxLength: 300 + DataMigrationCreateTime: + description: The property describes the create time of the data migration. + type: string + minLength: 1 + maxLength: 40 + ServiceAccessRoleArn: + description: The property describes Amazon Resource Name (ARN) of the service access role. + type: string + minLength: 1 + maxLength: 300 + MigrationProjectIdentifier: + description: The property describes an identifier for the migration project. It is used for describing/deleting/modifying can be name/arn + type: string + minLength: 1 + maxLength: 255 + DataMigrationType: + description: The property describes the type of migration. + type: string + enum: + - full-load + - cdc + - full-load-and-cdc + DataMigrationSettings: + description: The property describes the settings for the data migration. + $ref: '#/components/schemas/DataMigrationSettings' + SourceDataSettings: + description: The property describes the settings for the data migration. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/SourceDataSettings' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - DataMigrationType + - MigrationProjectIdentifier + - ServiceAccessRoleArn + x-stackql-resource-name: data_migration + description: Resource schema for AWS::DMS::DataMigration. + x-type-name: AWS::DMS::DataMigration + x-stackql-primary-identifier: + - DataMigrationArn + x-stackql-additional-identifiers: + - - DataMigrationName + x-write-only-properties: + - DataMigrationIdentifier + x-read-only-properties: + - DataMigrationArn + - DataMigrationCreateTime + x-required-properties: + - DataMigrationType + - MigrationProjectIdentifier + - ServiceAccessRoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - dms:AddTagsToResource + - dms:RemoveTagsFromResource + - dms:ListTagsForResource + x-required-permissions: + create: + - dms:CreateDataMigration + - dms:DescribeDataMigrations + - dms:AddTagsToResource + - dms:ListTagsForResource + - iam:PassRole + read: + - dms:DescribeDataMigrations + - dms:ListTagsForResource + update: + - dms:ModifyDataMigration + - dms:AddTagsToResource + - dms:RemoveTagsFromResource + - dms:ListTagsForResource + - iam:PassRole + delete: + - dms:DeleteDataMigration + - dms:RemoveTagsFromResource + list: + - dms:DescribeDataMigrations + - dms:ListTagsForResource DmsSslModeValue: type: string enum: @@ -412,6 +556,23 @@ components: - require - verify-ca - verify-full + MongoDbSslModeValue: + type: string + enum: + - none + - require + - verify-full + MongoDbAuthType: + type: string + enum: + - 'no' + - password + MongoDbAuthMechanism: + type: string + enum: + - default + - mongodb_cr + - scram_sha_1 DataProvider: type: object properties: @@ -444,12 +605,16 @@ components: description: The property describes a data engine for the data provider. type: string enum: - - postgres + - aurora + - aurora_postgresql - mysql - oracle + - postgres - sqlserver - - aurora - - aurora_postgresql + - redshift + - mariadb + - mongodb + - docdb ExactSettings: description: The property describes the exact settings which can be modified type: boolean @@ -549,6 +714,86 @@ components: - SslMode - DatabaseName additionalProperties: false + RedshiftSettings: + description: RedshiftSettings property identifier. + type: object + properties: + ServerName: + type: string + Port: + type: integer + DatabaseName: + type: string + required: + - ServerName + - Port + - DatabaseName + additionalProperties: false + MariaDbSettings: + description: MariaDbSettings property identifier. + type: object + properties: + ServerName: + type: string + Port: + type: integer + SslMode: + type: object + $ref: '#/components/schemas/DmsSslModeValue' + CertificateArn: + type: string + required: + - ServerName + - Port + - SslMode + additionalProperties: false + DocDbSettings: + description: DocDbSettings property identifier. + type: object + properties: + ServerName: + type: string + Port: + type: integer + DatabaseName: + type: string + SslMode: + type: object + $ref: '#/components/schemas/MongoDbSslModeValue' + CertificateArn: + type: string + required: + - ServerName + - Port + - DatabaseName + additionalProperties: false + MongoDbSettings: + description: MongoDbSettings property identifier. + type: object + properties: + ServerName: + type: string + Port: + type: integer + DatabaseName: + type: string + SslMode: + type: object + $ref: '#/components/schemas/MongoDbSslModeValue' + CertificateArn: + type: string + AuthType: + type: object + $ref: '#/components/schemas/MongoDbAuthType' + AuthSource: + type: string + AuthMechanism: + type: object + $ref: '#/components/schemas/MongoDbAuthMechanism' + required: + - ServerName + - Port + additionalProperties: false anyOf: - required: - PostgreSqlSettings @@ -558,6 +803,14 @@ components: - OracleSettings - required: - MicrosoftSqlServerSettings + - required: + - RedshiftSettings + - required: + - DocDbSettings + - required: + - MariaDbSettings + - required: + - MongoDbSettings additionalProperties: false Tags: description: An array of key-value pairs to apply to this resource. @@ -585,6 +838,14 @@ components: - Engine x-tagging: taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - dms:AddTagsToResource + - dms:RemoveTagsFromResource + - dms:ListTagsForResource x-required-permissions: create: - dms:CreateDataProvider @@ -592,6 +853,8 @@ components: - dms:DescribeDataProviders - dms:AddTagsToResource - dms:ListTagsForResource + - iam:GetRole + - iam:PassRole read: - dms:ListDataProviders - dms:DescribeDataProviders @@ -600,7 +863,7 @@ components: - dms:UpdateDataProvider - dms:ModifyDataProvider - dms:AddTagsToResource - - dms:RemoveTagsToResource + - dms:RemoveTagsFromResource - dms:ListTagsForResource delete: - dms:DeleteDataProvider @@ -645,7 +908,6 @@ components: type: string enum: - IPV4 - - IPV6 - DUAL InstanceProfileName: description: The property describes a name for the instance profile. @@ -690,6 +952,14 @@ components: - InstanceProfileCreationTime x-tagging: taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - dms:AddTagsToResource + - dms:RemoveTagsFromResource + - dms:ListTagsForResource x-required-permissions: create: - dms:CreateInstanceProfile @@ -705,7 +975,7 @@ components: - dms:UpdateInstanceProfile - dms:ModifyInstanceProfile - dms:AddTagsToResource - - dms:RemoveTagsToResource + - dms:RemoveTagsFromResource - dms:ListTagsForResource delete: - dms:DeleteInstanceProfile @@ -820,6 +1090,14 @@ components: - MigrationProjectArn x-tagging: taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - dms:AddTagsToResource + - dms:RemoveTagsFromResource + - dms:ListTagsForResource x-required-permissions: create: - dms:CreateMigrationProject @@ -836,7 +1114,7 @@ components: - dms:UpdateMigrationProject - dms:ModifyMigrationProject - dms:AddTagsToResource - - dms:RemoveTagsToResource + - dms:RemoveTagsFromResource - dms:ListTagsForResource - iam:PassRole delete: @@ -916,6 +1194,13 @@ components: maxItems: 200 minItems: 1 description:

Contains a map of the key-value pairs for the resource tag or tags assigned to the dataset.

+ required: + - ReplicationConfigIdentifier + - SourceEndpointArn + - TargetEndpointArn + - ReplicationType + - ComputeConfig + - TableMappings x-stackql-resource-name: replication_config description: A replication configuration that you later provide to configure and start a AWS DMS Serverless replication x-type-name: AWS::DMS::ReplicationConfig @@ -926,13 +1211,24 @@ components: x-create-only-properties: - ResourceIdentifier x-read-only-properties: - - /Properties/ReplicationConfigArn + - ReplicationConfigArn + x-required-properties: + - ReplicationConfigIdentifier + - SourceEndpointArn + - TargetEndpointArn + - ReplicationType + - ComputeConfig + - TableMappings x-tagging: taggable: true tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - dms:AddTagsToResource + - dms:ListTagsForResource + - dms:RemoveTagsFromResource x-required-permissions: create: - dms:CreateReplicationConfig @@ -948,7 +1244,7 @@ components: update: - dms:ModifyReplicationConfig - dms:AddTagsToResource - - dms:RemoveTagsToResource + - dms:RemoveTagsFromResource - dms:ListTagsForResource - iam:CreateServiceLinkedRole - iam:AttachRolePolicy @@ -963,6 +1259,77 @@ components: - dms:ListTagsForResource - iam:DeleteServiceLinkedRole - iam:GetServiceLinkedRoleDeletionStatus + CreateDataMigrationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DataMigrationName: + description: The property describes a name to identify the data migration. + type: string + minLength: 1 + maxLength: 300 + DataMigrationArn: + description: The property describes an ARN of the data migration. + type: string + minLength: 1 + maxLength: 300 + DataMigrationIdentifier: + description: The property describes an ARN of the data migration. + type: string + minLength: 1 + maxLength: 300 + DataMigrationCreateTime: + description: The property describes the create time of the data migration. + type: string + minLength: 1 + maxLength: 40 + ServiceAccessRoleArn: + description: The property describes Amazon Resource Name (ARN) of the service access role. + type: string + minLength: 1 + maxLength: 300 + MigrationProjectIdentifier: + description: The property describes an identifier for the migration project. It is used for describing/deleting/modifying can be name/arn + type: string + minLength: 1 + maxLength: 255 + DataMigrationType: + description: The property describes the type of migration. + type: string + enum: + - full-load + - cdc + - full-load-and-cdc + DataMigrationSettings: + description: The property describes the settings for the data migration. + $ref: '#/components/schemas/DataMigrationSettings' + SourceDataSettings: + description: The property describes the settings for the data migration. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/SourceDataSettings' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateDataMigrationRequest + type: object + required: [] CreateDataProviderRequest: properties: ClientToken: @@ -1005,12 +1372,16 @@ components: description: The property describes a data engine for the data provider. type: string enum: - - postgres + - aurora + - aurora_postgresql - mysql - oracle + - postgres - sqlserver - - aurora - - aurora_postgresql + - redshift + - mariadb + - mongodb + - docdb ExactSettings: description: The property describes the exact settings which can be modified type: boolean @@ -1110,6 +1481,86 @@ components: - SslMode - DatabaseName additionalProperties: false + RedshiftSettings: + description: RedshiftSettings property identifier. + type: object + properties: + ServerName: + type: string + Port: + type: integer + DatabaseName: + type: string + required: + - ServerName + - Port + - DatabaseName + additionalProperties: false + MariaDbSettings: + description: MariaDbSettings property identifier. + type: object + properties: + ServerName: + type: string + Port: + type: integer + SslMode: + type: object + $ref: '#/components/schemas/DmsSslModeValue' + CertificateArn: + type: string + required: + - ServerName + - Port + - SslMode + additionalProperties: false + DocDbSettings: + description: DocDbSettings property identifier. + type: object + properties: + ServerName: + type: string + Port: + type: integer + DatabaseName: + type: string + SslMode: + type: object + $ref: '#/components/schemas/MongoDbSslModeValue' + CertificateArn: + type: string + required: + - ServerName + - Port + - DatabaseName + additionalProperties: false + MongoDbSettings: + description: MongoDbSettings property identifier. + type: object + properties: + ServerName: + type: string + Port: + type: integer + DatabaseName: + type: string + SslMode: + type: object + $ref: '#/components/schemas/MongoDbSslModeValue' + CertificateArn: + type: string + AuthType: + type: object + $ref: '#/components/schemas/MongoDbAuthType' + AuthSource: + type: string + AuthMechanism: + type: object + $ref: '#/components/schemas/MongoDbAuthMechanism' + required: + - ServerName + - Port + additionalProperties: false anyOf: - required: - PostgreSqlSettings @@ -1119,6 +1570,14 @@ components: - OracleSettings - required: - MicrosoftSqlServerSettings + - required: + - RedshiftSettings + - required: + - DocDbSettings + - required: + - MariaDbSettings + - required: + - MongoDbSettings additionalProperties: false Tags: description: An array of key-value pairs to apply to this resource. @@ -1178,7 +1637,6 @@ components: type: string enum: - IPV4 - - IPV6 - DUAL InstanceProfileName: description: The property describes a name for the instance profile. @@ -1369,6 +1827,237 @@ components: description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: + data_migrations: + name: data_migrations + id: aws.dms.data_migrations + x-cfn-schema-name: DataMigration + x-cfn-type-name: AWS::DMS::DataMigration + x-identifiers: + - DataMigrationArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DataMigration&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::DMS::DataMigration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::DMS::DataMigration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::DMS::DataMigration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/data_migrations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/data_migrations/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/data_migrations/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DataMigrationName') as data_migration_name, + JSON_EXTRACT(Properties, '$.DataMigrationArn') as data_migration_arn, + JSON_EXTRACT(Properties, '$.DataMigrationIdentifier') as data_migration_identifier, + JSON_EXTRACT(Properties, '$.DataMigrationCreateTime') as data_migration_create_time, + JSON_EXTRACT(Properties, '$.ServiceAccessRoleArn') as service_access_role_arn, + JSON_EXTRACT(Properties, '$.MigrationProjectIdentifier') as migration_project_identifier, + JSON_EXTRACT(Properties, '$.DataMigrationType') as data_migration_type, + JSON_EXTRACT(Properties, '$.DataMigrationSettings') as data_migration_settings, + JSON_EXTRACT(Properties, '$.SourceDataSettings') as source_data_settings, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DMS::DataMigration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.DataMigrationName') as data_migration_name, + JSON_EXTRACT(detail.Properties, '$.DataMigrationArn') as data_migration_arn, + JSON_EXTRACT(detail.Properties, '$.DataMigrationIdentifier') as data_migration_identifier, + JSON_EXTRACT(detail.Properties, '$.DataMigrationCreateTime') as data_migration_create_time, + JSON_EXTRACT(detail.Properties, '$.ServiceAccessRoleArn') as service_access_role_arn, + JSON_EXTRACT(detail.Properties, '$.MigrationProjectIdentifier') as migration_project_identifier, + JSON_EXTRACT(detail.Properties, '$.DataMigrationType') as data_migration_type, + JSON_EXTRACT(detail.Properties, '$.DataMigrationSettings') as data_migration_settings, + JSON_EXTRACT(detail.Properties, '$.SourceDataSettings') as source_data_settings, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::DMS::DataMigration' + AND detail.data__TypeName = 'AWS::DMS::DataMigration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DataMigrationName') as data_migration_name, + json_extract_path_text(Properties, 'DataMigrationArn') as data_migration_arn, + json_extract_path_text(Properties, 'DataMigrationIdentifier') as data_migration_identifier, + json_extract_path_text(Properties, 'DataMigrationCreateTime') as data_migration_create_time, + json_extract_path_text(Properties, 'ServiceAccessRoleArn') as service_access_role_arn, + json_extract_path_text(Properties, 'MigrationProjectIdentifier') as migration_project_identifier, + json_extract_path_text(Properties, 'DataMigrationType') as data_migration_type, + json_extract_path_text(Properties, 'DataMigrationSettings') as data_migration_settings, + json_extract_path_text(Properties, 'SourceDataSettings') as source_data_settings, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::DMS::DataMigration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'DataMigrationName') as data_migration_name, + json_extract_path_text(detail.Properties, 'DataMigrationArn') as data_migration_arn, + json_extract_path_text(detail.Properties, 'DataMigrationIdentifier') as data_migration_identifier, + json_extract_path_text(detail.Properties, 'DataMigrationCreateTime') as data_migration_create_time, + json_extract_path_text(detail.Properties, 'ServiceAccessRoleArn') as service_access_role_arn, + json_extract_path_text(detail.Properties, 'MigrationProjectIdentifier') as migration_project_identifier, + json_extract_path_text(detail.Properties, 'DataMigrationType') as data_migration_type, + json_extract_path_text(detail.Properties, 'DataMigrationSettings') as data_migration_settings, + json_extract_path_text(detail.Properties, 'SourceDataSettings') as source_data_settings, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::DMS::DataMigration' + AND detail.data__TypeName = 'AWS::DMS::DataMigration' + AND listing.region = 'us-east-1' + data_migrations_list_only: + name: data_migrations_list_only + id: aws.dms.data_migrations_list_only + x-cfn-schema-name: DataMigration + x-cfn-type-name: AWS::DMS::DataMigration + x-identifiers: + - DataMigrationArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DataMigrationArn') as data_migration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DMS::DataMigration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DataMigrationArn') as data_migration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::DMS::DataMigration' + AND region = 'us-east-1' + data_migration_tags: + name: data_migration_tags + id: aws.dms.data_migration_tags + x-cfn-schema-name: DataMigration + x-cfn-type-name: AWS::DMS::DataMigration + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.DataMigrationName') as data_migration_name, + JSON_EXTRACT(detail.Properties, '$.DataMigrationArn') as data_migration_arn, + JSON_EXTRACT(detail.Properties, '$.DataMigrationIdentifier') as data_migration_identifier, + JSON_EXTRACT(detail.Properties, '$.DataMigrationCreateTime') as data_migration_create_time, + JSON_EXTRACT(detail.Properties, '$.ServiceAccessRoleArn') as service_access_role_arn, + JSON_EXTRACT(detail.Properties, '$.MigrationProjectIdentifier') as migration_project_identifier, + JSON_EXTRACT(detail.Properties, '$.DataMigrationType') as data_migration_type, + JSON_EXTRACT(detail.Properties, '$.DataMigrationSettings') as data_migration_settings, + JSON_EXTRACT(detail.Properties, '$.SourceDataSettings') as source_data_settings + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::DMS::DataMigration' + AND detail.data__TypeName = 'AWS::DMS::DataMigration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'DataMigrationName') as data_migration_name, + json_extract_path_text(detail.Properties, 'DataMigrationArn') as data_migration_arn, + json_extract_path_text(detail.Properties, 'DataMigrationIdentifier') as data_migration_identifier, + json_extract_path_text(detail.Properties, 'DataMigrationCreateTime') as data_migration_create_time, + json_extract_path_text(detail.Properties, 'ServiceAccessRoleArn') as service_access_role_arn, + json_extract_path_text(detail.Properties, 'MigrationProjectIdentifier') as migration_project_identifier, + json_extract_path_text(detail.Properties, 'DataMigrationType') as data_migration_type, + json_extract_path_text(detail.Properties, 'DataMigrationSettings') as data_migration_settings, + json_extract_path_text(detail.Properties, 'SourceDataSettings') as source_data_settings + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::DMS::DataMigration' + AND detail.data__TypeName = 'AWS::DMS::DataMigration' + AND listing.region = 'us-east-1' data_providers: name: data_providers id: aws.dms.data_providers @@ -2466,6 +3155,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' description: Success + /?Action=CreateResource&Version=2021-09-30&__DataMigration&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDataMigration + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDataMigrationRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__DataProvider&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/dynamodb.yaml b/providers/src/aws/v00.00.00000/services/dynamodb.yaml index 53092aa6..446edf9e 100644 --- a/providers/src/aws/v00.00.00000/services/dynamodb.yaml +++ b/providers/src/aws/v00.00.00000/services/dynamodb.yaml @@ -487,6 +487,14 @@ components: PointInTimeRecoveryEnabled: description: Indicates whether point in time recovery is enabled (true) or disabled (false) on the table. type: boolean + RecoveryPeriodInDays: + maximum: 35 + description: '' + type: integer + minimum: 1 + x-dependencies: + RecoveryPeriodInDays: + - PointInTimeRecoveryEnabled ReplicaSpecification: type: object additionalProperties: false @@ -604,6 +612,9 @@ components: type: array items: $ref: '#/components/schemas/KeySchema' + WarmThroughput: + description: Represents the warm throughput value (in read units per second and write units per second) for the specified secondary index. If you use this parameter, you must specify ``ReadUnitsPerSecond``, ``WriteUnitsPerSecond``, or both. + $ref: '#/components/schemas/WarmThroughput' required: - IndexName - Projection @@ -802,6 +813,24 @@ components: format: double required: - TargetValue + WarmThroughput: + anyOf: + - required: + - ReadUnitsPerSecond + - required: + - WriteUnitsPerSecond + description: Provides visibility into the number of read and write operations your table or secondary index can instantaneously support. The settings can be modified using the ``UpdateTable`` operation to meet the throughput requirements of an upcoming peak event. + additionalProperties: false + type: object + properties: + ReadUnitsPerSecond: + description: Represents the number of read operations your base table can instantaneously support. + type: integer + minimum: 1 + WriteUnitsPerSecond: + description: Represents the number of write operations your base table can instantaneously support. + type: integer + minimum: 1 GlobalTable: type: object properties: @@ -837,10 +866,14 @@ components: x-insertionOrder: false items: $ref: '#/components/schemas/LocalSecondaryIndex' + PointInTimeRecoverySpecification: + $ref: '#/components/schemas/PointInTimeRecoverySpecification' WriteProvisionedThroughputSettings: $ref: '#/components/schemas/WriteProvisionedThroughputSettings' WriteOnDemandThroughputSettings: $ref: '#/components/schemas/WriteOnDemandThroughputSettings' + WarmThroughput: + $ref: '#/components/schemas/WarmThroughput' Replicas: type: array uniqueItems: true @@ -1126,8 +1159,8 @@ components: $ref: '#/components/schemas/ContributorInsightsSpecification' ImportSourceSpecification: description: |- - Specifies the properties of data being imported from the S3 bucket source to the table. - If you specify the ``ImportSourceSpecification`` property, and also specify either the ``StreamSpecification``, the ``TableClass`` property, or the ``DeletionProtectionEnabled`` property, the IAM entity creating/updating stack must have ``UpdateTable`` permission. + Specifies the properties of data being imported from the S3 bucket source to the" table. + If you specify the ``ImportSourceSpecification`` property, and also specify either the ``StreamSpecification``, the ``TableClass`` property, the ``DeletionProtectionEnabled`` property, or the ``WarmThroughput`` property, the IAM entity creating/updating stack must have ``UpdateTable`` permission. $ref: '#/components/schemas/ImportSourceSpecification' PointInTimeRecoverySpecification: description: The settings used to enable point in time recovery. @@ -1137,6 +1170,9 @@ components: Throughput for the specified table, which consists of values for ``ReadCapacityUnits`` and ``WriteCapacityUnits``. For more information about the contents of a provisioned throughput structure, see [Amazon DynamoDB Table ProvisionedThroughput](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ProvisionedThroughput.html). If you set ``BillingMode`` as ``PROVISIONED``, you must specify this property. If you set ``BillingMode`` as ``PAY_PER_REQUEST``, you cannot specify this property. $ref: '#/components/schemas/ProvisionedThroughput' + WarmThroughput: + description: Represents the warm throughput (in read units per second and write units per second) for creating a table. + $ref: '#/components/schemas/WarmThroughput' TableName: description: |- A name for the table. If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the table name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). @@ -1225,13 +1261,15 @@ components: You should be aware of the following behaviors when working with DDB tables: + CFNlong typically creates DDB tables in parallel. However, if your template includes multiple DDB tables with indexes, you must declare dependencies so that the tables are created sequentially. DDBlong limits the number of tables with secondary indexes that are in the creating state. If you create multiple tables with indexes at the same time, DDB returns an error and the stack operation fails. For an example, see [DynamoDB Table with a DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#aws-resource-dynamodb-table--examples--DynamoDB_Table_with_a_DependsOn_Attribute). - Our guidance is to use the latest schema documented here for your CFNlong templates. This schema supports the provisioning of all table settings below. When using this schema in your CFNlong templates, please ensure that your Identity and Access Management (IAM) policies are updated with appropriate permissions to allow for the authorization of these setting changes. + Our guidance is to use the latest schema documented for your CFNlong templates. This schema supports the provisioning of all table settings below. When using this schema in your CFNlong templates, please ensure that your Identity and Access Management (IAM) policies are updated with appropriate permissions to allow for the authorization of these setting changes. x-type-name: AWS::DynamoDB::Table x-stackql-primary-identifier: - TableName x-create-only-properties: - TableName - ImportSourceSpecification + x-conditional-create-only-properties: + - KeySchema x-write-only-properties: - ImportSourceSpecification x-read-only-properties: @@ -1240,6 +1278,10 @@ components: x-required-properties: - KeySchema x-tagging: + permissions: + - dynamodb:TagResource + - dynamodb:UntagResource + - dynamodb:ListTagsOfResource taggable: true tagOnCreate: true tagUpdatable: true @@ -1366,10 +1408,14 @@ components: x-insertionOrder: false items: $ref: '#/components/schemas/LocalSecondaryIndex' + PointInTimeRecoverySpecification: + $ref: '#/components/schemas/PointInTimeRecoverySpecification' WriteProvisionedThroughputSettings: $ref: '#/components/schemas/WriteProvisionedThroughputSettings' WriteOnDemandThroughputSettings: $ref: '#/components/schemas/WriteOnDemandThroughputSettings' + WarmThroughput: + $ref: '#/components/schemas/WarmThroughput' Replicas: type: array uniqueItems: true @@ -1421,8 +1467,8 @@ components: $ref: '#/components/schemas/ContributorInsightsSpecification' ImportSourceSpecification: description: |- - Specifies the properties of data being imported from the S3 bucket source to the table. - If you specify the ``ImportSourceSpecification`` property, and also specify either the ``StreamSpecification``, the ``TableClass`` property, or the ``DeletionProtectionEnabled`` property, the IAM entity creating/updating stack must have ``UpdateTable`` permission. + Specifies the properties of data being imported from the S3 bucket source to the" table. + If you specify the ``ImportSourceSpecification`` property, and also specify either the ``StreamSpecification``, the ``TableClass`` property, the ``DeletionProtectionEnabled`` property, or the ``WarmThroughput`` property, the IAM entity creating/updating stack must have ``UpdateTable`` permission. $ref: '#/components/schemas/ImportSourceSpecification' PointInTimeRecoverySpecification: description: The settings used to enable point in time recovery. @@ -1432,6 +1478,9 @@ components: Throughput for the specified table, which consists of values for ``ReadCapacityUnits`` and ``WriteCapacityUnits``. For more information about the contents of a provisioned throughput structure, see [Amazon DynamoDB Table ProvisionedThroughput](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ProvisionedThroughput.html). If you set ``BillingMode`` as ``PROVISIONED``, you must specify this property. If you set ``BillingMode`` as ``PAY_PER_REQUEST``, you cannot specify this property. $ref: '#/components/schemas/ProvisionedThroughput' + WarmThroughput: + description: Represents the warm throughput (in read units per second and write units per second) for creating a table. + $ref: '#/components/schemas/WarmThroughput' TableName: description: |- A name for the table. If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the table name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). @@ -1594,8 +1643,10 @@ components: JSON_EXTRACT(Properties, '$.GlobalSecondaryIndexes') as global_secondary_indexes, JSON_EXTRACT(Properties, '$.KeySchema') as key_schema, JSON_EXTRACT(Properties, '$.LocalSecondaryIndexes') as local_secondary_indexes, + JSON_EXTRACT(Properties, '$.PointInTimeRecoverySpecification') as point_in_time_recovery_specification, JSON_EXTRACT(Properties, '$.WriteProvisionedThroughputSettings') as write_provisioned_throughput_settings, JSON_EXTRACT(Properties, '$.WriteOnDemandThroughputSettings') as write_on_demand_throughput_settings, + JSON_EXTRACT(Properties, '$.WarmThroughput') as warm_throughput, JSON_EXTRACT(Properties, '$.Replicas') as replicas, JSON_EXTRACT(Properties, '$.SSESpecification') as sse_specification, JSON_EXTRACT(Properties, '$.StreamSpecification') as stream_specification, @@ -1617,8 +1668,10 @@ components: JSON_EXTRACT(detail.Properties, '$.GlobalSecondaryIndexes') as global_secondary_indexes, JSON_EXTRACT(detail.Properties, '$.KeySchema') as key_schema, JSON_EXTRACT(detail.Properties, '$.LocalSecondaryIndexes') as local_secondary_indexes, + JSON_EXTRACT(detail.Properties, '$.PointInTimeRecoverySpecification') as point_in_time_recovery_specification, JSON_EXTRACT(detail.Properties, '$.WriteProvisionedThroughputSettings') as write_provisioned_throughput_settings, JSON_EXTRACT(detail.Properties, '$.WriteOnDemandThroughputSettings') as write_on_demand_throughput_settings, + JSON_EXTRACT(detail.Properties, '$.WarmThroughput') as warm_throughput, JSON_EXTRACT(detail.Properties, '$.Replicas') as replicas, JSON_EXTRACT(detail.Properties, '$.SSESpecification') as sse_specification, JSON_EXTRACT(detail.Properties, '$.StreamSpecification') as stream_specification, @@ -1645,8 +1698,10 @@ components: json_extract_path_text(Properties, 'GlobalSecondaryIndexes') as global_secondary_indexes, json_extract_path_text(Properties, 'KeySchema') as key_schema, json_extract_path_text(Properties, 'LocalSecondaryIndexes') as local_secondary_indexes, + json_extract_path_text(Properties, 'PointInTimeRecoverySpecification') as point_in_time_recovery_specification, json_extract_path_text(Properties, 'WriteProvisionedThroughputSettings') as write_provisioned_throughput_settings, json_extract_path_text(Properties, 'WriteOnDemandThroughputSettings') as write_on_demand_throughput_settings, + json_extract_path_text(Properties, 'WarmThroughput') as warm_throughput, json_extract_path_text(Properties, 'Replicas') as replicas, json_extract_path_text(Properties, 'SSESpecification') as sse_specification, json_extract_path_text(Properties, 'StreamSpecification') as stream_specification, @@ -1668,8 +1723,10 @@ components: json_extract_path_text(detail.Properties, 'GlobalSecondaryIndexes') as global_secondary_indexes, json_extract_path_text(detail.Properties, 'KeySchema') as key_schema, json_extract_path_text(detail.Properties, 'LocalSecondaryIndexes') as local_secondary_indexes, + json_extract_path_text(detail.Properties, 'PointInTimeRecoverySpecification') as point_in_time_recovery_specification, json_extract_path_text(detail.Properties, 'WriteProvisionedThroughputSettings') as write_provisioned_throughput_settings, json_extract_path_text(detail.Properties, 'WriteOnDemandThroughputSettings') as write_on_demand_throughput_settings, + json_extract_path_text(detail.Properties, 'WarmThroughput') as warm_throughput, json_extract_path_text(detail.Properties, 'Replicas') as replicas, json_extract_path_text(detail.Properties, 'SSESpecification') as sse_specification, json_extract_path_text(detail.Properties, 'StreamSpecification') as stream_specification, @@ -1785,6 +1842,7 @@ components: JSON_EXTRACT(Properties, '$.ImportSourceSpecification') as import_source_specification, JSON_EXTRACT(Properties, '$.PointInTimeRecoverySpecification') as point_in_time_recovery_specification, JSON_EXTRACT(Properties, '$.ProvisionedThroughput') as provisioned_throughput, + JSON_EXTRACT(Properties, '$.WarmThroughput') as warm_throughput, JSON_EXTRACT(Properties, '$.TableName') as table_name, JSON_EXTRACT(Properties, '$.AttributeDefinitions') as attribute_definitions, JSON_EXTRACT(Properties, '$.BillingMode') as billing_mode, @@ -1814,6 +1872,7 @@ components: JSON_EXTRACT(detail.Properties, '$.ImportSourceSpecification') as import_source_specification, JSON_EXTRACT(detail.Properties, '$.PointInTimeRecoverySpecification') as point_in_time_recovery_specification, JSON_EXTRACT(detail.Properties, '$.ProvisionedThroughput') as provisioned_throughput, + JSON_EXTRACT(detail.Properties, '$.WarmThroughput') as warm_throughput, JSON_EXTRACT(detail.Properties, '$.TableName') as table_name, JSON_EXTRACT(detail.Properties, '$.AttributeDefinitions') as attribute_definitions, JSON_EXTRACT(detail.Properties, '$.BillingMode') as billing_mode, @@ -1848,6 +1907,7 @@ components: json_extract_path_text(Properties, 'ImportSourceSpecification') as import_source_specification, json_extract_path_text(Properties, 'PointInTimeRecoverySpecification') as point_in_time_recovery_specification, json_extract_path_text(Properties, 'ProvisionedThroughput') as provisioned_throughput, + json_extract_path_text(Properties, 'WarmThroughput') as warm_throughput, json_extract_path_text(Properties, 'TableName') as table_name, json_extract_path_text(Properties, 'AttributeDefinitions') as attribute_definitions, json_extract_path_text(Properties, 'BillingMode') as billing_mode, @@ -1877,6 +1937,7 @@ components: json_extract_path_text(detail.Properties, 'ImportSourceSpecification') as import_source_specification, json_extract_path_text(detail.Properties, 'PointInTimeRecoverySpecification') as point_in_time_recovery_specification, json_extract_path_text(detail.Properties, 'ProvisionedThroughput') as provisioned_throughput, + json_extract_path_text(detail.Properties, 'WarmThroughput') as warm_throughput, json_extract_path_text(detail.Properties, 'TableName') as table_name, json_extract_path_text(detail.Properties, 'AttributeDefinitions') as attribute_definitions, json_extract_path_text(detail.Properties, 'BillingMode') as billing_mode, @@ -1956,6 +2017,7 @@ components: JSON_EXTRACT(detail.Properties, '$.ImportSourceSpecification') as import_source_specification, JSON_EXTRACT(detail.Properties, '$.PointInTimeRecoverySpecification') as point_in_time_recovery_specification, JSON_EXTRACT(detail.Properties, '$.ProvisionedThroughput') as provisioned_throughput, + JSON_EXTRACT(detail.Properties, '$.WarmThroughput') as warm_throughput, JSON_EXTRACT(detail.Properties, '$.TableName') as table_name, JSON_EXTRACT(detail.Properties, '$.AttributeDefinitions') as attribute_definitions, JSON_EXTRACT(detail.Properties, '$.BillingMode') as billing_mode, @@ -1991,6 +2053,7 @@ components: json_extract_path_text(detail.Properties, 'ImportSourceSpecification') as import_source_specification, json_extract_path_text(detail.Properties, 'PointInTimeRecoverySpecification') as point_in_time_recovery_specification, json_extract_path_text(detail.Properties, 'ProvisionedThroughput') as provisioned_throughput, + json_extract_path_text(detail.Properties, 'WarmThroughput') as warm_throughput, json_extract_path_text(detail.Properties, 'TableName') as table_name, json_extract_path_text(detail.Properties, 'AttributeDefinitions') as attribute_definitions, json_extract_path_text(detail.Properties, 'BillingMode') as billing_mode, diff --git a/providers/src/aws/v00.00.00000/services/ec2.yaml b/providers/src/aws/v00.00.00000/services/ec2.yaml index c6c65c6b..30dba5d5 100644 --- a/providers/src/aws/v00.00.00000/services/ec2.yaml +++ b/providers/src/aws/v00.00.00000/services/ec2.yaml @@ -385,28 +385,1569 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + ArchitectureValues: + type: string + enum: + - i386 + - x86_64 + - arm64 + - x86_64_mac + Blob: + type: string + Boolean: + type: boolean + BundleInstanceRequest: + type: object + required: + - InstanceId + - Storage + title: BundleInstanceRequest + properties: + undefined: + allOf: + - $ref: '#/components/schemas/Storage' + - description: The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + description: Contains the parameters for BundleInstance. + BundleInstanceResult: + type: object + properties: + bundleInstanceTask: + allOf: + - $ref: '#/components/schemas/BundleTask' + - description: Information about the bundle task. + description: Contains the output of BundleInstance. + BundleTask: + type: object + properties: + bundleId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the bundle task. + error: + allOf: + - $ref: '#/components/schemas/BundleTaskError' + - description: If the task fails, a description of the error. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance associated with this bundle task. + progress: + allOf: + - $ref: '#/components/schemas/String' + - description: The level of task completion, as a percent (for example, 20%). + startTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time this task started. + state: + allOf: + - $ref: '#/components/schemas/BundleTaskState' + - description: The state of the task. + storage: + allOf: + - $ref: '#/components/schemas/Storage' + - description: The Amazon S3 storage locations. + updateTime: + allOf: + - $ref: '#/components/schemas/DateTime' + - description: The time of the most recent update for the task. + description: Describes a bundle task. + BundleTaskError: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/String' + - description: The error code. + message: + allOf: + - $ref: '#/components/schemas/String' + - description: The error message. + description: Describes an error for BundleInstance. + BundleTaskState: + type: string + enum: + - pending + - waiting-for-shutdown + - bundling + - storing + - cancelling + - complete + - failed + CarrierGatewayId: + type: string + ConversionTask: + type: object + properties: + conversionTaskId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the conversion task. + expirationTime: + allOf: + - $ref: '#/components/schemas/String' + - description: The time when the task expires. If the upload isn't complete before the expiration time, we automatically cancel the task. + importInstance: + allOf: + - $ref: '#/components/schemas/ImportInstanceTaskDetails' + - description: If the task is for importing an instance, this contains information about the import instance task. + importVolume: + allOf: + - $ref: '#/components/schemas/ImportVolumeTaskDetails' + - description: If the task is for importing a volume, this contains information about the import volume task. + state: + allOf: + - $ref: '#/components/schemas/ConversionTaskState' + - description: The state of the conversion task. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The status message related to the conversion task. + tagSet: + allOf: + - $ref: '#/components/schemas/TagList' + - description: Any tags assigned to the task. + description: Describes a conversion task. + ConversionTaskState: + type: string + enum: + - active + - cancelling + - cancelled + - completed + CoreNetworkArn: + type: string + DateTime: + type: string + format: date-time + DescribeRouteTablesMaxResults: + type: integer + minimum: 5 + maximum: 100 + DescribeRouteTablesRequest: + type: object + title: DescribeRouteTablesRequest + properties: + Filter: + allOf: + - $ref: '#/components/schemas/FilterList' + - description: >- +

One or more filters.

  • association.route-table-association-id - The ID of an association ID for the route table.

  • association.route-table-id - The ID of the route table involved in the association.

  • association.subnet-id - The ID of the subnet involved in the association.

  • association.main - Indicates whether the route table is the main route table for the + VPC (true | false). Route tables that do not have an association ID are not returned in the response.

  • owner-id - The ID of the Amazon Web Services account that owns the route table.

  • route-table-id - The ID of the route table.

  • route.destination-cidr-block - The IPv4 CIDR range specified in a route in the table.

  • + route.destination-ipv6-cidr-block - The IPv6 CIDR range specified in a route in the route table.

  • route.destination-prefix-list-id - The ID (prefix) of the Amazon Web Service specified in a route in the table.

  • route.egress-only-internet-gateway-id - The ID of an egress-only Internet gateway specified in a route in the route table.

  • route.gateway-id - The ID of a gateway + specified in a route in the table.

  • route.instance-id - The ID of an instance specified in a route in the table.

  • route.nat-gateway-id - The ID of a NAT gateway.

  • route.transit-gateway-id - The ID of a transit gateway.

  • route.origin - Describes how the route was created. CreateRouteTable indicates that the route was automatically created when + the route table was created; CreateRoute indicates that the route was manually added to the route table; EnableVgwRoutePropagation indicates that the route was propagated by route propagation.

  • route.state - The state of a route in the route table (active | blackhole). The blackhole state indicates that the route's target isn't available (for example, the specified gateway isn't attached to the + VPC, the specified NAT instance has been terminated, and so on).

  • route.vpc-peering-connection-id - The ID of a VPC peering connection specified in a route in the table.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value + TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the route table.

+ dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + RouteTableId: + allOf: + - $ref: '#/components/schemas/DescribeRouteTablesMaxResults' + - description: The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value. + DescribeRouteTablesResult: + type: object + example: + RouteTables: + - Associations: + - Main: true + RouteTableAssociationId: rtbassoc-d8ccddba + RouteTableId: rtb-1f382e7d + PropagatingVgws: [] + RouteTableId: rtb-1f382e7d + Routes: + - DestinationCidrBlock: 10.0.0.0/16 + GatewayId: local + State: active + Tags: [] + VpcId: vpc-a01106c2 + properties: + routeTableSet: + allOf: + - $ref: '#/components/schemas/RouteTableList' + - description: Information about one or more route tables. + nextToken: + allOf: + - $ref: '#/components/schemas/String' + - description: The token to use to retrieve the next page of results. This value is null when there are no more results to return. + description: Contains the output of DescribeRouteTables. + DiskImage: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/VolumeDetail' + - description: Information about the volume. + description: Describes a disk image. + DiskImageDescription: + type: object + properties: + checksum: + allOf: + - $ref: '#/components/schemas/String' + - description: The checksum computed for the disk image. + format: + allOf: + - $ref: '#/components/schemas/DiskImageFormat' + - description: The disk image format. + importManifestUrl: + allOf: + - $ref: '#/components/schemas/String' + - description: >- +

A presigned URL for the import manifest stored in Amazon S3. For information about creating a presigned URL for an Amazon S3 object, read the "Query String Request Authentication Alternative" section of the Authenticating REST Requests topic in the Amazon Simple Storage Service Developer Guide.

For information about the import manifest referenced by this API action, see VM Import Manifest.

+ size: + allOf: + - $ref: '#/components/schemas/Long' + - description: The size of the disk image, in GiB. + description: Describes a disk image. + DiskImageFormat: + type: string + enum: + - VMDK + - RAW + - VHD + DiskImageList: + type: array + items: + $ref: '#/components/schemas/DiskImage' + DiskImageVolumeDescription: + type: object + properties: + id: + allOf: + - $ref: '#/components/schemas/String' + - description: The volume identifier. + size: + allOf: + - $ref: '#/components/schemas/Long' + - description: The size of the volume, in GiB. + description: Describes a disk image volume. + Filter: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The name of the filter. Filter names are case-sensitive. + Value: + allOf: + - $ref: '#/components/schemas/ValueStringList' + - description: The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values. + description:

A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.

+ FilterList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + ImportInstanceLaunchSpecification: + type: object + properties: + additionalInfo: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved. + architecture: + allOf: + - $ref: '#/components/schemas/ArchitectureValues' + - description: The architecture of the instance. + GroupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupIdStringList' + - description: The security group IDs. + GroupName: + allOf: + - $ref: '#/components/schemas/SecurityGroupStringList' + - description: The security group names. + instanceInitiatedShutdownBehavior: + allOf: + - $ref: '#/components/schemas/ShutdownBehavior' + - description: Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type. For more information about the instance types that you can import, see Instance Types in the VM Import/Export User Guide. + monitoring: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether monitoring is enabled. + placement: + allOf: + - $ref: '#/components/schemas/Placement' + - description: The placement information for the instance. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: '[EC2-VPC] An available IP address from the IP address range of the subnet.' + subnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: '[EC2-VPC] The ID of the subnet in which to launch the instance.' + userData: + allOf: + - $ref: '#/components/schemas/UserData' + - description: The Base64-encoded user data to make available to the instance. + description: Describes the launch specification for VM import. + ImportInstanceRequest: + type: object + required: + - Platform + title: ImportInstanceRequest + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description for the instance being imported. + diskImage: + allOf: + - $ref: '#/components/schemas/DiskImageList' + - description: The disk image. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + launchSpecification: + allOf: + - $ref: '#/components/schemas/ImportInstanceLaunchSpecification' + - description: The launch specification. + platform: + allOf: + - $ref: '#/components/schemas/PlatformValues' + - description: The instance operating system. + ImportInstanceResult: + type: object + properties: + conversionTask: + allOf: + - $ref: '#/components/schemas/ConversionTask' + - description: Information about the conversion task. + ImportInstanceTaskDetails: + type: object + properties: + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the task. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + platform: + allOf: + - $ref: '#/components/schemas/PlatformValues' + - description: The instance operating system. + volumes: + allOf: + - $ref: '#/components/schemas/ImportInstanceVolumeDetailSet' + - description: The volumes. + description: Describes an import instance task. + ImportInstanceVolumeDetailItem: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone where the resulting instance will reside. + bytesConverted: + allOf: + - $ref: '#/components/schemas/Long' + - description: The number of bytes converted so far. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: A description of the task. + image: + allOf: + - $ref: '#/components/schemas/DiskImageDescription' + - description: The image. + status: + allOf: + - $ref: '#/components/schemas/String' + - description: The status of the import of this particular disk image. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The status information or errors related to the disk image. + volume: + allOf: + - $ref: '#/components/schemas/DiskImageVolumeDescription' + - description: The volume. + description: Describes an import volume task. + ImportInstanceVolumeDetailSet: + type: array + items: + allOf: + - $ref: '#/components/schemas/ImportInstanceVolumeDetailItem' + - xml: + name: item + ImportVolumeTaskDetails: + type: object + properties: + availabilityZone: + allOf: + - $ref: '#/components/schemas/String' + - description: The Availability Zone where the resulting volume will reside. + bytesConverted: + allOf: + - $ref: '#/components/schemas/Long' + - description: The number of bytes converted so far. + description: + allOf: + - $ref: '#/components/schemas/String' + - description: The description you provided when starting the import volume task. + image: + allOf: + - $ref: '#/components/schemas/DiskImageDescription' + - description: The image. + volume: + allOf: + - $ref: '#/components/schemas/DiskImageVolumeDescription' + - description: The volume. + description: Describes an import volume task. + InstanceId: + description: The ID of the instance to which the volume attaches + type: string + InstanceIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + InstanceMonitoring: + type: object + properties: + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + monitoring: + allOf: + - $ref: '#/components/schemas/Monitoring' + - description: The monitoring for the instance. + description: Describes the monitoring of an instance. + InstanceMonitoringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceMonitoring' + - xml: + name: item + InstanceState: + type: object + properties: + code: + allOf: + - $ref: '#/components/schemas/Integer' + - description: >- +

The state of the instance as a 16-bit unsigned integer.

The high byte is all of the bits between 2^8 and (2^16)-1, which equals decimal values between 256 and 65,535. These numerical values are used for internal purposes and should be ignored.

The low byte is all of the bits between 2^0 and (2^8)-1, which equals decimal values between 0 and 255.

The valid values for instance-state-code will all be in the range of the low byte and they are:

  • +

    0 : pending

  • 16 : running

  • 32 : shutting-down

  • 48 : terminated

  • 64 : stopping

  • 80 : stopped

You can ignore the high byte value by zeroing out all of the bits above 2^8 or 256 in decimal.

+ name: + allOf: + - $ref: '#/components/schemas/InstanceStateName' + - description: The current state of the instance. + description: Describes the current state of an instance. + InstanceStateChange: + type: object + properties: + currentState: + allOf: + - $ref: '#/components/schemas/InstanceState' + - description: The current state of the instance. + instanceId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the instance. + previousState: + allOf: + - $ref: '#/components/schemas/InstanceState' + - description: The previous state of the instance. + description: Describes an instance state change. + InstanceStateChangeList: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceStateChange' + - xml: + name: item + InstanceStateName: + type: string + enum: + - pending + - running + - shutting-down + - terminated + - stopping + - stopped + InstanceType: + type: string + enum: + - a1.medium + - a1.large + - a1.xlarge + - a1.2xlarge + - a1.4xlarge + - a1.metal + - c1.medium + - c1.xlarge + - c3.large + - c3.xlarge + - c3.2xlarge + - c3.4xlarge + - c3.8xlarge + - c4.large + - c4.xlarge + - c4.2xlarge + - c4.4xlarge + - c4.8xlarge + - c5.large + - c5.xlarge + - c5.2xlarge + - c5.4xlarge + - c5.9xlarge + - c5.12xlarge + - c5.18xlarge + - c5.24xlarge + - c5.metal + - c5a.large + - c5a.xlarge + - c5a.2xlarge + - c5a.4xlarge + - c5a.8xlarge + - c5a.12xlarge + - c5a.16xlarge + - c5a.24xlarge + - c5ad.large + - c5ad.xlarge + - c5ad.2xlarge + - c5ad.4xlarge + - c5ad.8xlarge + - c5ad.12xlarge + - c5ad.16xlarge + - c5ad.24xlarge + - c5d.large + - c5d.xlarge + - c5d.2xlarge + - c5d.4xlarge + - c5d.9xlarge + - c5d.12xlarge + - c5d.18xlarge + - c5d.24xlarge + - c5d.metal + - c5n.large + - c5n.xlarge + - c5n.2xlarge + - c5n.4xlarge + - c5n.9xlarge + - c5n.18xlarge + - c5n.metal + - c6g.medium + - c6g.large + - c6g.xlarge + - c6g.2xlarge + - c6g.4xlarge + - c6g.8xlarge + - c6g.12xlarge + - c6g.16xlarge + - c6g.metal + - c6gd.medium + - c6gd.large + - c6gd.xlarge + - c6gd.2xlarge + - c6gd.4xlarge + - c6gd.8xlarge + - c6gd.12xlarge + - c6gd.16xlarge + - c6gd.metal + - c6gn.medium + - c6gn.large + - c6gn.xlarge + - c6gn.2xlarge + - c6gn.4xlarge + - c6gn.8xlarge + - c6gn.12xlarge + - c6gn.16xlarge + - c6i.large + - c6i.xlarge + - c6i.2xlarge + - c6i.4xlarge + - c6i.8xlarge + - c6i.12xlarge + - c6i.16xlarge + - c6i.24xlarge + - c6i.32xlarge + - c6i.metal + - cc1.4xlarge + - cc2.8xlarge + - cg1.4xlarge + - cr1.8xlarge + - d2.xlarge + - d2.2xlarge + - d2.4xlarge + - d2.8xlarge + - d3.xlarge + - d3.2xlarge + - d3.4xlarge + - d3.8xlarge + - d3en.xlarge + - d3en.2xlarge + - d3en.4xlarge + - d3en.6xlarge + - d3en.8xlarge + - d3en.12xlarge + - dl1.24xlarge + - f1.2xlarge + - f1.4xlarge + - f1.16xlarge + - g2.2xlarge + - g2.8xlarge + - g3.4xlarge + - g3.8xlarge + - g3.16xlarge + - g3s.xlarge + - g4ad.xlarge + - g4ad.2xlarge + - g4ad.4xlarge + - g4ad.8xlarge + - g4ad.16xlarge + - g4dn.xlarge + - g4dn.2xlarge + - g4dn.4xlarge + - g4dn.8xlarge + - g4dn.12xlarge + - g4dn.16xlarge + - g4dn.metal + - g5.xlarge + - g5.2xlarge + - g5.4xlarge + - g5.8xlarge + - g5.12xlarge + - g5.16xlarge + - g5.24xlarge + - g5.48xlarge + - g5g.xlarge + - g5g.2xlarge + - g5g.4xlarge + - g5g.8xlarge + - g5g.16xlarge + - g5g.metal + - hi1.4xlarge + - hpc6a.48xlarge + - hs1.8xlarge + - h1.2xlarge + - h1.4xlarge + - h1.8xlarge + - h1.16xlarge + - i2.xlarge + - i2.2xlarge + - i2.4xlarge + - i2.8xlarge + - i3.large + - i3.xlarge + - i3.2xlarge + - i3.4xlarge + - i3.8xlarge + - i3.16xlarge + - i3.metal + - i3en.large + - i3en.xlarge + - i3en.2xlarge + - i3en.3xlarge + - i3en.6xlarge + - i3en.12xlarge + - i3en.24xlarge + - i3en.metal + - im4gn.large + - im4gn.xlarge + - im4gn.2xlarge + - im4gn.4xlarge + - im4gn.8xlarge + - im4gn.16xlarge + - inf1.xlarge + - inf1.2xlarge + - inf1.6xlarge + - inf1.24xlarge + - is4gen.medium + - is4gen.large + - is4gen.xlarge + - is4gen.2xlarge + - is4gen.4xlarge + - is4gen.8xlarge + - m1.small + - m1.medium + - m1.large + - m1.xlarge + - m2.xlarge + - m2.2xlarge + - m2.4xlarge + - m3.medium + - m3.large + - m3.xlarge + - m3.2xlarge + - m4.large + - m4.xlarge + - m4.2xlarge + - m4.4xlarge + - m4.10xlarge + - m4.16xlarge + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + - m5ad.large + - m5ad.xlarge + - m5ad.2xlarge + - m5ad.4xlarge + - m5ad.8xlarge + - m5ad.12xlarge + - m5ad.16xlarge + - m5ad.24xlarge + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5dn.large + - m5dn.xlarge + - m5dn.2xlarge + - m5dn.4xlarge + - m5dn.8xlarge + - m5dn.12xlarge + - m5dn.16xlarge + - m5dn.24xlarge + - m5dn.metal + - m5n.large + - m5n.xlarge + - m5n.2xlarge + - m5n.4xlarge + - m5n.8xlarge + - m5n.12xlarge + - m5n.16xlarge + - m5n.24xlarge + - m5n.metal + - m5zn.large + - m5zn.xlarge + - m5zn.2xlarge + - m5zn.3xlarge + - m5zn.6xlarge + - m5zn.12xlarge + - m5zn.metal + - m6a.large + - m6a.xlarge + - m6a.2xlarge + - m6a.4xlarge + - m6a.8xlarge + - m6a.12xlarge + - m6a.16xlarge + - m6a.24xlarge + - m6a.32xlarge + - m6a.48xlarge + - m6g.metal + - m6g.medium + - m6g.large + - m6g.xlarge + - m6g.2xlarge + - m6g.4xlarge + - m6g.8xlarge + - m6g.12xlarge + - m6g.16xlarge + - m6gd.metal + - m6gd.medium + - m6gd.large + - m6gd.xlarge + - m6gd.2xlarge + - m6gd.4xlarge + - m6gd.8xlarge + - m6gd.12xlarge + - m6gd.16xlarge + - m6i.large + - m6i.xlarge + - m6i.2xlarge + - m6i.4xlarge + - m6i.8xlarge + - m6i.12xlarge + - m6i.16xlarge + - m6i.24xlarge + - m6i.32xlarge + - m6i.metal + - mac1.metal + - p2.xlarge + - p2.8xlarge + - p2.16xlarge + - p3.2xlarge + - p3.8xlarge + - p3.16xlarge + - p3dn.24xlarge + - p4d.24xlarge + - r3.large + - r3.xlarge + - r3.2xlarge + - r3.4xlarge + - r3.8xlarge + - r4.large + - r4.xlarge + - r4.2xlarge + - r4.4xlarge + - r4.8xlarge + - r4.16xlarge + - r5.large + - r5.xlarge + - r5.2xlarge + - r5.4xlarge + - r5.8xlarge + - r5.12xlarge + - r5.16xlarge + - r5.24xlarge + - r5.metal + - r5a.large + - r5a.xlarge + - r5a.2xlarge + - r5a.4xlarge + - r5a.8xlarge + - r5a.12xlarge + - r5a.16xlarge + - r5a.24xlarge + - r5ad.large + - r5ad.xlarge + - r5ad.2xlarge + - r5ad.4xlarge + - r5ad.8xlarge + - r5ad.12xlarge + - r5ad.16xlarge + - r5ad.24xlarge + - r5b.large + - r5b.xlarge + - r5b.2xlarge + - r5b.4xlarge + - r5b.8xlarge + - r5b.12xlarge + - r5b.16xlarge + - r5b.24xlarge + - r5b.metal + - r5d.large + - r5d.xlarge + - r5d.2xlarge + - r5d.4xlarge + - r5d.8xlarge + - r5d.12xlarge + - r5d.16xlarge + - r5d.24xlarge + - r5d.metal + - r5dn.large + - r5dn.xlarge + - r5dn.2xlarge + - r5dn.4xlarge + - r5dn.8xlarge + - r5dn.12xlarge + - r5dn.16xlarge + - r5dn.24xlarge + - r5dn.metal + - r5n.large + - r5n.xlarge + - r5n.2xlarge + - r5n.4xlarge + - r5n.8xlarge + - r5n.12xlarge + - r5n.16xlarge + - r5n.24xlarge + - r5n.metal + - r6g.medium + - r6g.large + - r6g.xlarge + - r6g.2xlarge + - r6g.4xlarge + - r6g.8xlarge + - r6g.12xlarge + - r6g.16xlarge + - r6g.metal + - r6gd.medium + - r6gd.large + - r6gd.xlarge + - r6gd.2xlarge + - r6gd.4xlarge + - r6gd.8xlarge + - r6gd.12xlarge + - r6gd.16xlarge + - r6gd.metal + - r6i.large + - r6i.xlarge + - r6i.2xlarge + - r6i.4xlarge + - r6i.8xlarge + - r6i.12xlarge + - r6i.16xlarge + - r6i.24xlarge + - r6i.32xlarge + - r6i.metal + - t1.micro + - t2.nano + - t2.micro + - t2.small + - t2.medium + - t2.large + - t2.xlarge + - t2.2xlarge + - t3.nano + - t3.micro + - t3.small + - t3.medium + - t3.large + - t3.xlarge + - t3.2xlarge + - t3a.nano + - t3a.micro + - t3a.small + - t3a.medium + - t3a.large + - t3a.xlarge + - t3a.2xlarge + - t4g.nano + - t4g.micro + - t4g.small + - t4g.medium + - t4g.large + - t4g.xlarge + - t4g.2xlarge + - u-6tb1.56xlarge + - u-6tb1.112xlarge + - u-9tb1.112xlarge + - u-12tb1.112xlarge + - u-6tb1.metal + - u-9tb1.metal + - u-12tb1.metal + - u-18tb1.metal + - u-24tb1.metal + - vt1.3xlarge + - vt1.6xlarge + - vt1.24xlarge + - x1.16xlarge + - x1.32xlarge + - x1e.xlarge + - x1e.2xlarge + - x1e.4xlarge + - x1e.8xlarge + - x1e.16xlarge + - x1e.32xlarge + - x2iezn.2xlarge + - x2iezn.4xlarge + - x2iezn.6xlarge + - x2iezn.8xlarge + - x2iezn.12xlarge + - x2iezn.metal + - x2gd.medium + - x2gd.large + - x2gd.xlarge + - x2gd.2xlarge + - x2gd.4xlarge + - x2gd.8xlarge + - x2gd.12xlarge + - x2gd.16xlarge + - x2gd.metal + - z1d.large + - z1d.xlarge + - z1d.2xlarge + - z1d.3xlarge + - z1d.6xlarge + - z1d.12xlarge + - z1d.metal + - x2idn.16xlarge + - x2idn.24xlarge + - x2idn.32xlarge + - x2iedn.xlarge + - x2iedn.2xlarge + - x2iedn.4xlarge + - x2iedn.8xlarge + - x2iedn.16xlarge + - x2iedn.24xlarge + - x2iedn.32xlarge + - c6a.large + - c6a.xlarge + - c6a.2xlarge + - c6a.4xlarge + - c6a.8xlarge + - c6a.12xlarge + - c6a.16xlarge + - c6a.24xlarge + - c6a.32xlarge + - c6a.48xlarge + - c6a.metal + - m6a.metal + - i4i.large + - i4i.xlarge + - i4i.2xlarge + - i4i.4xlarge + - i4i.8xlarge + - i4i.16xlarge + - i4i.32xlarge + Integer: + type: integer + Long: + type: integer + MonitorInstancesRequest: + type: object + required: + - InstanceIds + title: MonitorInstancesRequest + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdStringList' + - description: The IDs of the instances. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + MonitorInstancesResult: + type: object + properties: + instancesSet: + allOf: + - $ref: '#/components/schemas/InstanceMonitoringList' + - description: The monitoring information. + Monitoring: + description: |- + Specifies whether detailed monitoring is enabled for an instance. For more information about detailed monitoring, see [Enable or turn off detailed monitoring for your instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html) in the *User Guide*. + ``Monitoring`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false + type: object + properties: + Enabled: + description: Specify ``true`` to enable detailed monitoring. Otherwise, basic monitoring is enabled. + type: boolean + MonitoringState: + type: string + enum: + - disabled + - disabling + - enabled + - pending + Placement: + description: |- + Specifies the placement of an instance. + ``Placement`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + additionalProperties: false + type: object + properties: + GroupName: + description: The name of the placement group for the instance. + type: string + Tenancy: + description: The tenancy of the instance. An instance with a tenancy of dedicated runs on single-tenant hardware. + type: string + SpreadDomain: + description: Reserved for future use. + type: string + PartitionNumber: + description: The number of the partition the instance should launch in. Valid only if the placement group strategy is set to ``partition``. + type: integer + AvailabilityZone: + description: The Availability Zone for the instance. + type: string + Affinity: + description: The affinity setting for an instance on a Dedicated Host. + type: string + HostId: + description: The ID of the Dedicated Host for the instance. + type: string + HostResourceGroupArn: + description: The ARN of the host resource group in which to launch the instances. If you specify a host resource group ARN, omit the *Tenancy* parameter or set it to ``host``. + type: string + GroupId: + description: The Group Id of a placement group. You must specify the Placement Group *Group Id* to launch an instance in a shared placement group. + type: string + PlacementGroupName: + type: string + PlatformValues: + type: string + enum: + - Windows + PropagatingVgw: + type: object + properties: + gatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the virtual private gateway. + description: Describes a virtual private gateway propagating route. + PropagatingVgwList: + type: array + items: + allOf: + - $ref: '#/components/schemas/PropagatingVgw' + - xml: + name: item + RebootInstancesRequest: + type: object + required: + - InstanceIds + title: RebootInstancesRequest + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdStringList' + - description: The instance IDs. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + Route: + type: object + properties: + CarrierGatewayId: + type: string + description: |- + The ID of the carrier gateway. + You can only use this option when the VPC contains a subnet which is associated with a Wavelength Zone. + CidrBlock: + type: string + description: '' + CoreNetworkArn: + type: string + description: The Amazon Resource Name (ARN) of the core network. + DestinationCidrBlock: + type: string + description: The IPv4 CIDR address block used for the destination match. Routing decisions are based on the most specific match. We modify the specified CIDR block to its canonical form; for example, if you specify ``100.68.0.18/18``, we modify it to ``100.68.0.0/18``. + DestinationIpv6CidrBlock: + type: string + description: The IPv6 CIDR block used for the destination match. Routing decisions are based on the most specific match. + DestinationPrefixListId: + type: string + description: The ID of a prefix list used for the destination match. + EgressOnlyInternetGatewayId: + type: string + description: '[IPv6 traffic only] The ID of an egress-only internet gateway.' + GatewayId: + type: string + description: The ID of an internet gateway or virtual private gateway attached to your VPC. + InstanceId: + type: string + description: The ID of a NAT instance in your VPC. The operation fails if you specify an instance ID unless exactly one network interface is attached. + LocalGatewayId: + type: string + description: The ID of the local gateway. + NatGatewayId: + type: string + description: '[IPv4 traffic only] The ID of a NAT gateway.' + NetworkInterfaceId: + type: string + description: The ID of a network interface. + RouteTableId: + type: string + description: The ID of the route table for the route. + TransitGatewayId: + type: string + description: The ID of a transit gateway. + VpcEndpointId: + type: string + description: The ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only. + VpcPeeringConnectionId: + type: string + description: The ID of a VPC peering connection. + required: + - RouteTableId + x-stackql-resource-name: route + description: |- + Specifies a route in a route table. For more information, see [Routes](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#route-table-routes) in the *Amazon VPC User Guide*. + You must specify either a destination CIDR block or prefix list ID. You must also specify exactly one of the resources as the target. + If you create a route that references a transit gateway in the same template where you create the transit gateway, you must declare a dependency on the transit gateway attachment. The route table cannot use the transit gateway until it has successfully attached to the VPC. Add a [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) in the ``AWS::EC2::Route`` resource to explicitly declare a dependency on the ``AWS::EC2::TransitGatewayAttachment`` resource. + x-type-name: AWS::EC2::Route + x-stackql-primary-identifier: + - RouteTableId + - CidrBlock + x-create-only-properties: + - RouteTableId + - DestinationCidrBlock + - DestinationIpv6CidrBlock + - DestinationPrefixListId + x-read-only-properties: + - CidrBlock + x-required-properties: + - RouteTableId + x-tagging: + taggable: false + x-required-permissions: + create: + - ec2:CreateRoute + - ec2:DescribeRouteTables + - ec2:DescribeNetworkInterfaces + read: + - ec2:DescribeRouteTables + update: + - ec2:ReplaceRoute + - ec2:DescribeRouteTables + - ec2:DescribeNetworkInterfaces + delete: + - ec2:DeleteRoute + - ec2:DescribeRouteTables + list: + - ec2:DescribeRouteTables + RouteList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Route' + - xml: + name: item + RouteOrigin: + type: string + enum: + - CreateRouteTable + - CreateRoute + - EnableVgwRoutePropagation + RouteState: + type: string + enum: + - active + - blackhole + RouteTable: + type: object + properties: + RouteTableId: + description: '' + type: string + VpcId: + description: The ID of the VPC. + type: string + Tags: + uniqueItems: false + description: Any tags assigned to the route table. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - VpcId + x-stackql-resource-name: route_table + description: |- + Specifies a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet. + For more information, see [Route tables](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the *Amazon VPC User Guide*. + x-type-name: AWS::EC2::RouteTable + x-stackql-primary-identifier: + - RouteTableId + x-create-only-properties: + - VpcId + x-read-only-properties: + - RouteTableId + x-required-properties: + - VpcId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true + x-required-permissions: + read: + - ec2:DescribeRouteTables + create: + - ec2:CreateRouteTable + - ec2:CreateTags + - ec2:DescribeRouteTables + update: + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeRouteTables + list: + - ec2:DescribeRouteTables + delete: + - ec2:DescribeRouteTables + - ec2:DeleteRouteTable + RouteTableAssociation: + type: object + properties: + main: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether this is the main route table. + routeTableAssociationId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the association. + routeTableId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the route table. + subnetId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the subnet. A subnet ID is not returned for an implicit association. + gatewayId: + allOf: + - $ref: '#/components/schemas/String' + - description: The ID of the internet gateway or virtual private gateway. + associationState: + allOf: + - $ref: '#/components/schemas/RouteTableAssociationState' + - description: The state of the association. + description: Describes an association between a route table and a subnet or gateway. + RouteTableAssociationList: + type: array + items: + allOf: + - $ref: '#/components/schemas/RouteTableAssociation' + - xml: + name: item + RouteTableAssociationState: + type: object + properties: + state: + allOf: + - $ref: '#/components/schemas/RouteTableAssociationStateCode' + - description: The state of the association. + statusMessage: + allOf: + - $ref: '#/components/schemas/String' + - description: The status message, if applicable. + description: Describes the state of an association between a route table and a subnet or gateway. + RouteTableAssociationStateCode: + type: string + enum: + - associating + - associated + - disassociating + - disassociated + - failed + RouteTableId: + type: string + RouteTableList: + type: array + items: + allOf: + - $ref: '#/components/schemas/RouteTable' + - xml: + name: item + S3Storage: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/String' + - description: The access key ID of the owner of the bucket. Before you specify a value for your access key ID, review and follow the guidance in Best Practices for Managing Amazon Web Services Access Keys. + bucket: + allOf: + - $ref: '#/components/schemas/String' + - description: The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error. + prefix: + allOf: + - $ref: '#/components/schemas/String' + - description: The beginning of the file name of the AMI. + uploadPolicy: + allOf: + - $ref: '#/components/schemas/Blob' + - description: An Amazon S3 upload policy that gives Amazon EC2 permission to upload items into Amazon S3 on your behalf. + uploadPolicySignature: + allOf: + - $ref: '#/components/schemas/String' + - description: The signature of the JSON document. + description: Describes the storage parameters for Amazon S3 and Amazon S3 buckets for an instance store-backed AMI. + SecurityGroupId: + description: The ID of a security group for the endpoint. + type: string + SecurityGroupIdStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupId' + - xml: + name: SecurityGroupId + SecurityGroupName: + type: string + SecurityGroupStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/SecurityGroupName' + - xml: + name: SecurityGroup + ShutdownBehavior: + type: string + enum: + - stop + - terminate + StartInstancesRequest: + type: object + required: + - InstanceIds + title: StartInstancesRequest + properties: + InstanceId: + $ref: '#/components/schemas/InstanceIdStringList' + additionalInfo: + $ref: '#/components/schemas/String' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + StartInstancesResult: + type: object + example: + StartingInstances: + - CurrentState: + Code: 0 + Name: pending + InstanceId: i-1234567890abcdef0 + PreviousState: + Code: 80 + Name: stopped + properties: + instancesSet: + allOf: + - $ref: '#/components/schemas/InstanceStateChangeList' + - description: Information about the started instances. + StopInstancesRequest: + type: object + required: + - InstanceIds + title: StopInstancesRequest + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

Default: false

' + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + force: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: '

Forces the instances to stop. The instances do not have an opportunity to flush file system caches or file system metadata. If you use this option, you must perform file system check and repair procedures. This option is not recommended for Windows instances.

Default: false

' + StopInstancesResult: + type: object + example: + StoppingInstances: + - CurrentState: + Code: 64 + Name: stopping + InstanceId: i-1234567890abcdef0 + PreviousState: + Code: 16 + Name: running + properties: + instancesSet: + allOf: + - $ref: '#/components/schemas/InstanceStateChangeList' + - description: Information about the stopped instances. + Storage: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/S3Storage' + - description: An Amazon S3 storage location. + description: Describes the storage location for an instance store-backed AMI. + String: + type: string + SubnetId: + description: The IDs of the subnet. + type: string Tag: type: object additionalProperties: false properties: Key: type: string + description: The tag key. Value: type: string + description: The tag value. required: - Value - Key + description: Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + TagList: + type: array + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: item + Tenancy: + type: string + enum: + - default + - dedicated + - host + UnmonitorInstancesRequest: + type: object + required: + - InstanceIds + title: UnmonitorInstancesRequest + properties: + InstanceId: + allOf: + - $ref: '#/components/schemas/InstanceIdStringList' + - description: The IDs of the instances. + dryRun: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + UnmonitorInstancesResult: + type: object + properties: + instancesSet: + allOf: + - $ref: '#/components/schemas/InstanceMonitoringList' + - description: The monitoring information. + UserData: + type: object + properties: + data: + allOf: + - $ref: '#/components/schemas/String' + - description: The user data. If you are using an Amazon Web Services SDK or command line tool, Base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide Base64-encoded text. + description: Describes the user data for an instance. + ValueStringList: + type: array + items: + allOf: + - $ref: '#/components/schemas/String' + - xml: + name: item + VolumeDetail: + type: object + required: + - Size + properties: + size: + type: integer + description: The size of the volume, in GiB. + description: Describes an EBS volume. TagSpecification: description: |- - Specifies the tags to apply to a resource when the resource is created for the launch template. + Specifies the tags to apply to resources that are created during instance launch. ``TagSpecification`` is a property type of [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications). [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications) is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). additionalProperties: false type: object properties: ResourceType: description: |- - The type of resource to tag. - Valid Values lists all resource types for Amazon EC2 that can be tagged. When you create a launch template, you can specify tags for the following resource types only: ``instance`` | ``volume`` | ``network-interface`` | ``spot-instances-request``. If the instance does not include the resource type that you specify, the instance launch fails. For example, not all instance types include a volume. + The type of resource to tag. You can specify tags for the following resource types only: ``instance`` | ``volume`` | ``network-interface`` | ``spot-instances-request``. If the instance does not include the resource type that you specify, the instance launch fails. For example, not all instance types include a volume. To tag a resource after it has been created, see [CreateTags](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). type: string Tags: @@ -454,6 +1995,8 @@ components: type: boolean InstanceMatchCriteria: type: string + UnusedReservationBillingOwnerId: + type: string required: - InstanceCount - AvailabilityZone @@ -466,7 +2009,6 @@ components: - Id x-create-only-properties: - Tenancy - - InstanceMatchCriteria - InstancePlatform - InstanceType - AvailabilityZone @@ -475,6 +2017,8 @@ components: - EphemeralStorage - EbsOptimized - PlacementGroupArn + x-write-only-properties: + - UnusedReservationBillingOwnerId x-read-only-properties: - Id - AvailableInstanceCount @@ -504,6 +2048,7 @@ components: - ec2:CreateCapacityReservation - ec2:DescribeCapacityReservations - ec2:CancelCapacityReservation + - ec2:AssociateCapacityReservationBillingOwner - ec2:CreateTags - ec2:DeleteTags InstanceTypeSpecification: @@ -657,6 +2202,16 @@ components: - State x-required-properties: - VpcId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeTags x-required-permissions: create: - ec2:CreateCarrierGateway @@ -664,10 +2219,12 @@ components: - ec2:CreateTags read: - ec2:DescribeCarrierGateways + - ec2:DescribeTags update: - ec2:DescribeCarrierGateways - ec2:CreateTags - ec2:DeleteTags + - ec2:DescribeTags delete: - ec2:DeleteCarrierGateway - ec2:DescribeCarrierGateways @@ -683,19 +2240,22 @@ components: description: '' type: string IpAddress: - description: IPv4 address for the customer gateway device's outside interface. The address must be static. + description: IPv4 address for the customer gateway device's outside interface. The address must be static. If ``OutsideIpAddressType`` in your VPN connection options is set to ``PrivateIpv4``, you can use an RFC6598 or RFC1918 private IPv4 address. If ``OutsideIpAddressType`` is set to ``PublicIpv4``, you can use a public IPv4 address. type: string BgpAsnExtended: multipleOf: 1 maximum: 4294967294 - description: '' + description: |- + For customer gateway devices that support BGP, specify the device's ASN. You must specify either ``BgpAsn`` or ``BgpAsnExtended`` when creating the customer gateway. If the ASN is larger than ``2,147,483,647``, you must use ``BgpAsnExtended``. + Valid values: ``2,147,483,648`` to ``4,294,967,295`` type: number minimum: 2147483648 BgpAsn: default: 65000 description: |- - For devices that support BGP, the customer gateway's BGP ASN. + For customer gateway devices that support BGP, specify the device's ASN. You must specify either ``BgpAsn`` or ``BgpAsnExtended`` when creating the customer gateway. If the ASN is larger than ``2,147,483,647``, you must use ``BgpAsnExtended``. Default: 65000 + Valid values: ``1`` to ``2,147,483,647`` type: integer Tags: uniqueItems: false @@ -705,8 +2265,8 @@ components: items: $ref: '#/components/schemas/Tag' CertificateArn: - pattern: ^arn:(aws[a-zA-Z-]*)?:acm:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:certificate\/[a-zA-Z0-9-_]+$ - description: '' + pattern: ^arn:(aws[a-zA-Z-]*)?:acm:[a-z]{2}((-gov)|(-iso([a-z]{1})?))?-[a-z]+-\d{1}:\d{12}:certificate\/[a-zA-Z0-9-_]+$ + description: The Amazon Resource Name (ARN) for the customer gateway certificate. type: string DeviceName: description: The name of customer gateway device. @@ -732,6 +2292,9 @@ components: - IpAddress - Type x-tagging: + permissions: + - ec2:CreateTags + - ec2:DeleteTags taggable: true tagOnCreate: true tagUpdatable: true @@ -753,7 +2316,6 @@ components: delete: - ec2:DeleteCustomerGateway - ec2:DescribeCustomerGateways - - ec2:DeleteTags DHCPOptions: type: object properties: @@ -813,6 +2375,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DeleteTags x-required-permissions: create: - ec2:CreateDhcpOptions @@ -831,9 +2396,103 @@ components: - ec2:DescribeDhcpOptions list: - ec2:DescribeDhcpOptions - OnDemandOptionsRequest: + TargetCapacitySpecificationRequest: + additionalProperties: false + type: object + properties: + DefaultTargetCapacityType: + type: string + enum: + - on-demand + - spot + TotalTargetCapacity: + type: integer + OnDemandTargetCapacity: + type: integer + SpotTargetCapacity: + type: integer + TargetCapacityUnitType: + type: string + enum: + - vcpu + - memory-mib + - units + required: + - TotalTargetCapacity + FleetLaunchTemplateSpecificationRequest: + additionalProperties: false + type: object + properties: + LaunchTemplateName: + minLength: 3 + pattern: '[a-zA-Z0-9\(\)\.\-/_]+' + type: string + maxLength: 128 + Version: + type: string + LaunchTemplateId: + type: string + required: + - Version + MemoryGiBPerVCpuRequest: + type: object + additionalProperties: false + properties: + Min: + type: number + Max: + type: number + CapacityReservationOptionsRequest: + additionalProperties: false + type: object + properties: + UsageStrategy: + type: string + enum: + - use-capacity-reservations-first + TotalLocalStorageGBRequest: + type: object + additionalProperties: false + properties: + Min: + type: number + Max: + type: number + NetworkBandwidthGbpsRequest: + type: object + additionalProperties: false + properties: + Min: + type: number + Max: + type: number + VCpuCountRangeRequest: + type: object + additionalProperties: false + properties: + Min: + type: integer + Max: + type: integer + BaselineEbsBandwidthMbpsRequest: type: object additionalProperties: false + properties: + Min: + type: integer + Max: + type: integer + NetworkInterfaceCountRequest: + type: object + additionalProperties: false + properties: + Min: + type: integer + Max: + type: integer + OnDemandOptionsRequest: + additionalProperties: false + type: object properties: SingleAvailabilityZone: type: boolean @@ -848,11 +2507,9 @@ components: CapacityReservationOptions: $ref: '#/components/schemas/CapacityReservationOptionsRequest' SpotOptionsRequest: - type: object additionalProperties: false + type: object properties: - MaintenanceStrategies: - $ref: '#/components/schemas/MaintenanceStrategies' SingleAvailabilityZone: type: boolean AllocationStrategy: @@ -873,6 +2530,8 @@ components: type: integer MaxTotalPrice: type: string + MaintenanceStrategies: + $ref: '#/components/schemas/MaintenanceStrategies' InstanceInterruptionBehavior: type: string enum: @@ -881,100 +2540,74 @@ components: - terminate InstancePoolsToUseCount: type: integer - TargetCapacitySpecificationRequest: + PerformanceFactorReferenceRequest: type: object additionalProperties: false properties: - DefaultTargetCapacityType: - type: string - enum: - - on-demand - - spot - TargetCapacityUnitType: + InstanceFamily: type: string - enum: - - vcpu - - memory-mib - - units - TotalTargetCapacity: - type: integer - OnDemandTargetCapacity: - type: integer - SpotTargetCapacity: - type: integer - required: - - TotalTargetCapacity - FleetLaunchTemplateSpecificationRequest: + CpuPerformanceFactorRequest: type: object additionalProperties: false properties: - LaunchTemplateName: + References: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/PerformanceFactorReferenceRequest' + MaintenanceStrategies: + additionalProperties: false + type: object + properties: + CapacityRebalance: + $ref: '#/components/schemas/CapacityRebalance' + BlockDeviceMapping: + type: object + additionalProperties: false + properties: + DeviceName: type: string - minLength: 3 - maxLength: 128 - pattern: '[a-zA-Z0-9\(\)\.\-/_]+' - LaunchTemplateId: + Ebs: + $ref: '#/components/schemas/EbsBlockDevice' + NoDevice: type: string - Version: + VirtualName: type: string required: - - Version - Placement: - description: |- - Specifies the placement of an instance. - ``Placement`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). + - DeviceName + AcceleratorCountRequest: + type: object + additionalProperties: false + properties: + Min: + type: integer + Max: + type: integer + CapacityRebalance: additionalProperties: false type: object properties: - GroupName: - description: The name of the placement group for the instance. - type: string - Tenancy: - description: The tenancy of the instance. An instance with a tenancy of dedicated runs on single-tenant hardware. - type: string - SpreadDomain: - description: Reserved for future use. - type: string - PartitionNumber: - description: The number of the partition the instance should launch in. Valid only if the placement group strategy is set to ``partition``. + TerminationDelay: type: integer - AvailabilityZone: - description: The Availability Zone for the instance. - type: string - Affinity: - description: The affinity setting for an instance on a Dedicated Host. - type: string - HostId: - description: The ID of the Dedicated Host for the instance. - type: string - HostResourceGroupArn: - description: The ARN of the host resource group in which to launch the instances. If you specify a host resource group ARN, omit the *Tenancy* parameter or set it to ``host``. - type: string - GroupId: - description: The Group Id of a placement group. You must specify the Placement Group *Group Id* to launch an instance in a shared placement group. + ReplacementStrategy: type: string + enum: + - launch + - launch-before-terminate FleetLaunchTemplateConfigRequest: - type: object additionalProperties: false + type: object properties: LaunchTemplateSpecification: $ref: '#/components/schemas/FleetLaunchTemplateSpecificationRequest' Overrides: - type: array uniqueItems: false + type: array items: $ref: '#/components/schemas/FleetLaunchTemplateOverridesRequest' - CapacityReservationOptionsRequest: - type: object - additionalProperties: false - properties: - UsageStrategy: - type: string - enum: - - use-capacity-reservations-first FleetLaunchTemplateOverridesRequest: - type: object additionalProperties: false + type: object properties: WeightedCapacity: type: number @@ -986,10 +2619,10 @@ components: type: string SubnetId: type: string - InstanceType: - type: string InstanceRequirements: $ref: '#/components/schemas/InstanceRequirementsRequest' + InstanceType: + type: string MaxPrice: type: string InstanceRequirementsRequest: @@ -1009,6 +2642,7 @@ components: - intel - amd - amazon-web-services + - apple MemoryGiBPerVCpu: $ref: '#/components/schemas/MemoryGiBPerVCpuRequest' AllowedInstanceTypes: @@ -1119,14 +2753,8 @@ components: - v100 AcceleratorTotalMemoryMiB: $ref: '#/components/schemas/AcceleratorTotalMemoryMiBRequest' - VCpuCountRangeRequest: - type: object - additionalProperties: false - properties: - Min: - type: integer - Max: - type: integer + BaselinePerformanceFactors: + $ref: '#/components/schemas/BaselinePerformanceFactorsRequest' MemoryMiBRequest: type: object additionalProperties: false @@ -1135,47 +2763,13 @@ components: type: integer Max: type: integer - MemoryGiBPerVCpuRequest: - type: object - additionalProperties: false - properties: - Min: - type: number - Max: - type: number - NetworkBandwidthGbpsRequest: - type: object - additionalProperties: false - properties: - Min: - type: number - Max: - type: number - NetworkInterfaceCountRequest: - type: object - additionalProperties: false - properties: - Min: - type: integer - Max: - type: integer - TotalLocalStorageGBRequest: + BaselinePerformanceFactorsRequest: type: object additionalProperties: false properties: - Min: - type: number - Max: - type: number - BaselineEbsBandwidthMbpsRequest: - type: object - additionalProperties: false - properties: - Min: - type: integer - Max: - type: integer - AcceleratorCountRequest: + Cpu: + $ref: '#/components/schemas/CpuPerformanceFactorRequest' + AcceleratorTotalMemoryMiBRequest: type: object additionalProperties: false properties: @@ -1183,74 +2777,73 @@ components: type: integer Max: type: integer - AcceleratorTotalMemoryMiBRequest: + EbsBlockDevice: type: object additionalProperties: false properties: - Min: + DeleteOnTermination: + type: boolean + Encrypted: + type: boolean + Iops: type: integer - Max: + SnapshotId: + type: string + VolumeSize: type: integer - MaintenanceStrategies: - type: object - additionalProperties: false - properties: - CapacityRebalance: - $ref: '#/components/schemas/CapacityRebalance' - CapacityRebalance: - type: object - additionalProperties: false - properties: - ReplacementStrategy: + VolumeType: type: string enum: - - launch - - launch-before-terminate - TerminationDelay: - type: integer + - gp2 + - gp3 + - io1 + - io2 + - sc1 + - st1 + - standard EC2Fleet: type: object properties: + Context: + type: string TargetCapacitySpecification: $ref: '#/components/schemas/TargetCapacitySpecificationRequest' OnDemandOptions: $ref: '#/components/schemas/OnDemandOptionsRequest' - Type: - type: string - enum: - - maintain - - request - - instant ExcessCapacityTerminationPolicy: type: string enum: - termination - no-termination TagSpecifications: - type: array uniqueItems: false + type: array items: $ref: '#/components/schemas/TagSpecification' SpotOptions: $ref: '#/components/schemas/SpotOptionsRequest' - ValidFrom: - type: string - ReplaceUnhealthyInstances: - type: boolean LaunchTemplateConfigs: - type: array - uniqueItems: false maxItems: 50 + uniqueItems: false + type: array items: $ref: '#/components/schemas/FleetLaunchTemplateConfigRequest' - FleetId: - type: string TerminateInstancesWithExpiration: type: boolean ValidUntil: type: string - Context: + Type: type: string + enum: + - maintain + - request + - instant + FleetId: + type: string + ValidFrom: + type: string + ReplaceUnhealthyInstances: + type: boolean required: - TargetCapacitySpecification - LaunchTemplateConfigs @@ -1275,19 +2868,19 @@ components: - TargetCapacitySpecification - LaunchTemplateConfigs x-required-permissions: + read: + - ec2:DescribeFleets create: - ec2:CreateFleet - ec2:DescribeFleets - delete: + update: + - ec2:ModifyFleet - ec2:DescribeFleets - - ec2:DeleteFleets list: - ec2:DescribeFleets - read: - - ec2:DescribeFleets - update: - - ec2:ModifyFleet + delete: - ec2:DescribeFleets + - ec2:DeleteFleets EgressOnlyInternetGateway: type: object properties: @@ -1359,6 +2952,12 @@ components: The ID of an address pool that you own. Use this parameter to let Amazon EC2 select an address from the address pool. Updates to the ``PublicIpv4Pool`` property may require *some interruptions*. Updates on an EIP reassociates the address on its associated resource. type: string + IpamPoolId: + description: '' + type: string + Address: + description: '' + type: string Tags: description: |- Any tags assigned to the Elastic IP address. @@ -1381,8 +2980,12 @@ components: - Domain - NetworkBorderGroup - TransferAddress + - IpamPoolId + - Address x-write-only-properties: - TransferAddress + - IpamPoolId + - Address x-read-only-properties: - PublicIp - AllocationId @@ -1417,25 +3020,29 @@ components: type: object properties: Id: - description: Composite ID of non-empty properties, to determine the identification. + description: '' type: string AllocationId: - description: The allocation ID. This is required for EC2-VPC. + description: The allocation ID. This is required. type: string NetworkInterfaceId: - description: The ID of the network interface. + description: |- + The ID of the network interface. If the instance has more than one network interface, you must specify a network interface ID. + You can specify either the instance ID or the network interface ID, but not both. type: string InstanceId: - description: The ID of the instance. + description: The ID of the instance. The instance must have exactly one attached network interface. You can specify either the instance ID or the network interface ID, but not both. type: string PrivateIpAddress: - description: The primary or secondary private IP address to associate with the Elastic IP address. + description: The primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address. type: string EIP: - description: The Elastic IP address to associate with the instance. + description: '' type: string x-stackql-resource-name: eip_association - description: Resource schema for EC2 EIP association. + description: |- + Associates an Elastic IP address with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account. For more information about working with Elastic IP addresses, see [Elastic IP address concepts and rules](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#vpc-eip-overview). + You must specify ``AllocationId`` and either ``InstanceId``, ``NetworkInterfaceId``, or ``PrivateIpAddress``. x-type-name: AWS::EC2::EIPAssociation x-stackql-primary-identifier: - Id @@ -1507,10 +3114,12 @@ components: x-required-permissions: create: - ec2:AssociateEnclaveCertificateIamRole + - ec2:GetAssociatedEnclaveCertificateIamRoles read: - ec2:GetAssociatedEnclaveCertificateIamRoles delete: - ec2:DisassociateEnclaveCertificateIamRole + - ec2:GetAssociatedEnclaveCertificateIamRoles list: - ec2:GetAssociatedEnclaveCertificateIamRoles FlowLog: @@ -1617,6 +3226,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DeleteTags x-required-permissions: create: - ec2:CreateFlowLogs @@ -1782,7 +3394,7 @@ components: type: object properties: Type: - description: The type of Elastic Graphics accelerator. For more information about the values to specify for ``Type``, see [Elastic Graphics Basics](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html#elastic-graphics-basics), specifically the Elastic Graphics accelerator column, in the *Amazon Elastic Compute Cloud User Guide for Windows Instances*. + description: The type of Elastic Graphics accelerator. type: string InstanceIpv6Address: type: object @@ -1801,53 +3413,61 @@ components: PrivateIpAddress: description: 'Assigns a single private IP address to the network interface, which is used as the primary private IP address. If you want to specify multiple private IP address, use the PrivateIpAddresses property. ' type: string + PrimaryIpv6Address: + description: The primary IPv6 address + type: string PrivateIpAddresses: - description: Assigns a list of private IP addresses to the network interface. You can specify a primary private IP address by setting the value of the Primary property to true in the PrivateIpAddressSpecification property. If you want EC2 to automatically assign private IP addresses, use the SecondaryPrivateIpAddressCount property and do not specify this property. - type: array uniqueItems: false + description: Assigns a list of private IP addresses to the network interface. You can specify a primary private IP address by setting the value of the Primary property to true in the PrivateIpAddressSpecification property. If you want EC2 to automatically assign private IP addresses, use the SecondaryPrivateIpAddressCount property and do not specify this property. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/PrivateIpAddressSpecification' SecondaryPrivateIpAddressCount: description: The number of secondary private IPv4 addresses to assign to a network interface. When you specify a number of secondary IPv4 addresses, Amazon EC2 selects these IP addresses within the subnet's IPv4 CIDR range. You can't specify this option and specify more than one private IP address using privateIpAddresses type: integer + Ipv6PrefixCount: + description: 'The number of IPv6 prefixes to assign to a network interface. When you specify a number of IPv6 prefixes, Amazon EC2 selects these prefixes from your existing subnet CIDR reservations, if available, or from free spaces in the subnet. By default, these will be /80 prefixes. You can''t specify a count of IPv6 prefixes if you''ve specified one of the following: specific IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.' + type: integer PrimaryPrivateIpAddress: description: Returns the primary private IP address of the network interface. type: string Ipv4Prefixes: - description: 'Assigns a list of IPv4 prefixes to the network interface. If you want EC2 to automatically assign IPv4 prefixes, use the Ipv4PrefixCount property and do not specify this property. Presently, only /28 prefixes are supported. You can''t specify IPv4 prefixes if you''ve specified one of the following: a count of IPv4 prefixes, specific private IPv4 addresses, or a count of private IPv4 addresses.' - type: array uniqueItems: false + description: 'Assigns a list of IPv4 prefixes to the network interface. If you want EC2 to automatically assign IPv4 prefixes, use the Ipv4PrefixCount property and do not specify this property. Presently, only /28 prefixes are supported. You can''t specify IPv4 prefixes if you''ve specified one of the following: a count of IPv4 prefixes, specific private IPv4 addresses, or a count of private IPv4 addresses.' x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Ipv4PrefixSpecification' Ipv4PrefixCount: description: 'The number of IPv4 prefixes to assign to a network interface. When you specify a number of IPv4 prefixes, Amazon EC2 selects these prefixes from your existing subnet CIDR reservations, if available, or from free spaces in the subnet. By default, these will be /28 prefixes. You can''t specify a count of IPv4 prefixes if you''ve specified one of the following: specific IPv4 prefixes, specific private IPv4 addresses, or a count of private IPv4 addresses.' type: integer + EnablePrimaryIpv6: + description: >- + If you have instances or ENIs that rely on the IPv6 address not changing, to avoid disrupting traffic to instances or ENIs, you can enable a primary IPv6 address. Enable this option to automatically assign an IPv6 associated with the ENI attached to your instance to be the primary IPv6 address. When you enable an IPv6 address to be a primary IPv6, you cannot disable it. Traffic will be routed to the primary IPv6 address until the instance is terminated or the ENI is detached. If you + have multiple IPv6 addresses associated with an ENI and you enable a primary IPv6 address, the first IPv6 address associated with the ENI becomes the primary IPv6 address. + type: boolean GroupSet: - description: A list of security group IDs associated with this network interface. - type: array uniqueItems: false + description: A list of security group IDs associated with this network interface. x-insertionOrder: false + type: array items: type: string Ipv6Addresses: - description: One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet to associate with the network interface. If you're specifying a number of IPv6 addresses, use the Ipv6AddressCount property and don't specify this property. - type: array uniqueItems: true + description: One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet to associate with the network interface. If you're specifying a number of IPv6 addresses, use the Ipv6AddressCount property and don't specify this property. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/InstanceIpv6Address' Ipv6Prefixes: - description: 'Assigns a list of IPv6 prefixes to the network interface. If you want EC2 to automatically assign IPv6 prefixes, use the Ipv6PrefixCount property and do not specify this property. Presently, only /80 prefixes are supported. You can''t specify IPv6 prefixes if you''ve specified one of the following: a count of IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.' - type: array uniqueItems: false + description: 'Assigns a list of IPv6 prefixes to the network interface. If you want EC2 to automatically assign IPv6 prefixes, use the Ipv6PrefixCount property and do not specify this property. Presently, only /80 prefixes are supported. You can''t specify IPv6 prefixes if you''ve specified one of the following: a count of IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.' x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Ipv6PrefixSpecification' - Ipv6PrefixCount: - description: 'The number of IPv6 prefixes to assign to a network interface. When you specify a number of IPv6 prefixes, Amazon EC2 selects these prefixes from your existing subnet CIDR reservations, if available, or from free spaces in the subnet. By default, these will be /80 prefixes. You can''t specify a count of IPv6 prefixes if you''ve specified one of the following: specific IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.' - type: integer SubnetId: description: The ID of the subnet to associate with the network interface. type: string @@ -1858,38 +3478,30 @@ components: description: Indicates the type of network interface. type: string SecondaryPrivateIpAddresses: - description: Returns the secondary private IP addresses of the network interface. - type: array uniqueItems: false + description: Returns the secondary private IP addresses of the network interface. x-insertionOrder: false + type: array items: type: string + VpcId: + description: The ID of the VPC + type: string Ipv6AddressCount: description: The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. To specify specific IPv6 addresses, use the Ipv6Addresses property and don't specify this property. type: integer - EnablePrimaryIpv6: - description: >- - If you have instances or ENIs that rely on the IPv6 address not changing, to avoid disrupting traffic to instances or ENIs, you can enable a primary IPv6 address. Enable this option to automatically assign an IPv6 associated with the ENI attached to your instance to be the primary IPv6 address. When you enable an IPv6 address to be a primary IPv6, you cannot disable it. Traffic will be routed to the primary IPv6 address until the instance is terminated or the ENI is detached. If you - have multiple IPv6 addresses associated with an ENI and you enable a primary IPv6 address, the first IPv6 address associated with the ENI becomes the primary IPv6 address. - type: boolean - PrimaryIpv6Address: - description: The primary IPv6 address - type: string - ConnectionTrackingSpecification: - $ref: '#/components/schemas/ConnectionTrackingSpecification' Id: description: Network interface id. type: string Tags: - description: An arbitrary set of tags (key-value pairs) for this network interface. - type: array uniqueItems: false + description: An arbitrary set of tags (key-value pairs) for this network interface. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' - VpcId: - description: The ID of the VPC - type: string + ConnectionTrackingSpecification: + $ref: '#/components/schemas/ConnectionTrackingSpecification' required: - SubnetId x-stackql-resource-name: network_interface @@ -1913,20 +3525,24 @@ components: - VpcId x-required-properties: - SubnetId - x-taggable: true + x-tagging: + permissions: + - ec2:CreateTags + - ec2:DeleteTags + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true x-required-permissions: + read: + - ec2:DescribeNetworkInterfaces create: - ec2:CreateNetworkInterface - ec2:DescribeNetworkInterfaces - ec2:CreateTags - ec2:ModifyNetworkInterfaceAttribute - delete: - - ec2:DescribeNetworkInterfaces - - ec2:DeleteNetworkInterface - list: - - ec2:DescribeNetworkInterfaces - read: - - ec2:DescribeNetworkInterfaces + - ec2:ModifyPublicIpDnsNameOptions update: - ec2:DescribeNetworkInterfaces - ec2:ModifyNetworkInterfaceAttribute @@ -1936,6 +3552,12 @@ components: - ec2:CreateTags - ec2:UnassignPrivateIpAddresses - ec2:AssignPrivateIpAddresses + - ec2:ModifyPublicIpDnsNameOptions + list: + - ec2:DescribeNetworkInterfaces + delete: + - ec2:DescribeNetworkInterfaces + - ec2:DeleteNetworkInterface PrivateDnsNameOptions: description: The hostname type for EC2 instances launched into this subnet and how DNS A and AAAA record queries should be handled. For more information, see [Amazon EC2 instance hostname types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-naming.html) in the *User Guide*. additionalProperties: false @@ -2010,12 +3632,11 @@ components: type: object properties: MultiAttachEnabled: - type: boolean description: |- Indicates whether Amazon EBS Multi-Attach is enabled. - CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume. + CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume. + type: boolean KmsKeyId: - type: string description: |- The identifier of the kms-key-long to use for Amazon EBS encryption. If ``KmsKeyId`` is specified, the encrypted state must be ``true``. If you omit this property and your account is enabled for encryption by default, or *Encrypted* is set to ``true``, then the volume is encrypted using the default key specified for your account. If your account does not have a default key, then the volume is encrypted using the aws-managed-key. @@ -2024,13 +3645,13 @@ components: + Key alias. Specify the alias for the key, prefixed with ``alias/``. For example, for a key with the alias ``my_cmk``, use ``alias/my_cmk``. Or to specify the aws-managed-key, use ``alias/aws/ebs``. + Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab. + Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + type: string Encrypted: - type: boolean description: |- - Indicates whether the volume should be encrypted. The effect of setting the encryption state to ``true`` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default) in the *Amazon Elastic Compute Cloud User Guide*. - Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances). + Indicates whether the volume should be encrypted. The effect of setting the encryption state to ``true`` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#encryption-by-default) in the *Amazon EBS User Guide*. + Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption-requirements.html#ebs-encryption_supported_instances). + type: boolean Size: - type: integer description: |- The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size. The following are the supported volumes sizes for each volume type: @@ -2039,23 +3660,23 @@ components: + ``io2``: 4 - 65,536 GiB + ``st1`` and ``sc1``: 125 - 16,384 GiB + ``standard``: 1 - 1024 GiB + type: integer AutoEnableIO: - type: boolean description: Indicates whether the volume is auto-enabled for I/O operations. By default, Amazon EBS disables I/O to the volume from attached EC2 instances when it determines that a volume's data is potentially inconsistent. If the consistency of the volume is not a concern, and you prefer that the volume be made available immediately if it's impaired, you can configure the volume to automatically enable I/O. + type: boolean OutpostArn: - type: string description: The Amazon Resource Name (ARN) of the Outpost. - AvailabilityZone: type: string + AvailabilityZone: description: The ID of the Availability Zone in which to create the volume. For example, ``us-east-1a``. + type: string Throughput: - type: integer description: |- The throughput to provision for a volume, with a maximum of 1,000 MiB/s. This parameter is valid only for ``gp3`` volumes. The default value is 125. Valid Range: Minimum value of 125. Maximum value of 1000. - Iops: type: integer + Iops: description: |- The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. The following are the supported values for each volume type: @@ -2063,13 +3684,16 @@ components: + ``io1``: 100 - 64,000 IOPS + ``io2``: 100 - 256,000 IOPS - For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). On other instances, you can achieve performance up to 32,000 IOPS. + For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html). On other instances, you can achieve performance up to 32,000 IOPS. This parameter is required for ``io1`` and ``io2`` volumes. The default for ``gp3`` volumes is 3,000 IOPS. This parameter is not supported for ``gp2``, ``st1``, ``sc1``, or ``standard`` volumes. + type: integer SnapshotId: - type: string description: The snapshot from which to create the volume. You must specify either a snapshot ID or a volume size. - VolumeType: type: string + VolumeId: + description: '' + type: string + VolumeType: description: |- The volume type. This parameter can be one of the following values: + General Purpose SSD: ``gp2`` | ``gp3`` @@ -2078,16 +3702,14 @@ components: + Cold HDD: ``sc1`` + Magnetic: ``standard`` - For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon Elastic Compute Cloud User Guide*. + For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html). Default: ``gp2`` - VolumeId: type: string - description: '' Tags: - type: array uniqueItems: false description: The tags to apply to the volume during creation. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' required: @@ -2101,7 +3723,10 @@ components: + You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period. + You successfully update an Amazon EBS volume and the update succeeds but another change in your ``update-stack`` call fails. The rollback will be subject to a cooldown period. - For more information on the coo + For more information, see [Requirements for EBS volume modifications](https://docs.aws.amazon.com/ebs/latest/userguide/modify-volume-requirements.html). + *DeletionPolicy attribute* + To control how CFNlong handles the volume when the stack is deleted, set a deletion policy for your volume. You can choose to retain the volume, to delete the volume, or to create a snapshot of the volume. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html). + If you set a deletion policy that creates a snapshot, all tags on the volume are included in the snapshot. x-type-name: AWS::EC2::Volume x-stackql-primary-identifier: - VolumeId @@ -2110,12 +3735,20 @@ components: x-required-properties: - AvailabilityZone x-tagging: + permissions: + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeTags taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: false tagProperty: /properties/Tags + cloudFormationSystemTags: false x-required-permissions: + read: + - ec2:DescribeVolumes + - ec2:DescribeVolumeAttribute + - ec2:DescribeTags create: - ec2:CreateVolume - ec2:DescribeVolumes @@ -2124,10 +3757,6 @@ components: - ec2:CreateTags - kms:GenerateDataKeyWithoutPlaintext - kms:CreateGrant - read: - - ec2:DescribeVolumes - - ec2:DescribeVolumeAttribute - - ec2:DescribeTags update: - ec2:ModifyVolume - ec2:ModifyVolumeAttribute @@ -2136,16 +3765,16 @@ components: - ec2:DescribeVolumes - ec2:CreateTags - ec2:DeleteTags + list: + - ec2:DescribeVolumes + - ec2:DescribeTags + - ec2:DescribeVolumeAttribute delete: - ec2:DeleteVolume - ec2:CreateSnapshot - ec2:DescribeSnapshots - ec2:DeleteTags - ec2:DescribeVolumes - list: - - ec2:DescribeVolumes - - ec2:DescribeTags - - ec2:DescribeVolumeAttribute State: description: The current state of the instance additionalProperties: false @@ -2171,7 +3800,7 @@ components: description: The volume type. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html) in the *Amazon EBS User Guide*. type: string KmsKeyId: - description: The ARN of the symmetric KMSlong (KMS) CMK used for encryption. + description: Identifier (key ID, key alias, key ARN, or alias ARN) of the customer managed KMS key to use for EBS encryption. type: string Encrypted: description: Indicates whether the EBS volume is encrypted. Encrypted volumes can only be attached to instances that support Amazon EBS encryption. If you are creating a volume from a snapshot, you can't specify an encryption value. @@ -2204,20 +3833,6 @@ components: DeleteOnTermination: description: Indicates whether the EBS volume is deleted on instance termination. type: boolean - BlockDeviceMapping: - type: object - additionalProperties: false - properties: - DeviceName: - type: string - Ebs: - $ref: '#/components/schemas/EbsBlockDevice' - NoDevice: - type: string - VirtualName: - type: string - required: - - DeviceName Instance: type: object properties: @@ -2473,13 +4088,14 @@ components: - UserData - BlockDeviceMappings x-write-only-properties: - - BlockDeviceMappings/*/BlockDeviceMapping/NoDevice - - BlockDeviceMappings/*/BlockDeviceMapping/VirtualName + - BlockDeviceMappings/*/NoDevice + - BlockDeviceMappings/*/VirtualName - LicenseSpecification - AdditionalInfo - Ipv6AddressCount - Ipv6Addresses - PropagateTagsToVolumeOnCreation + - LaunchTemplate x-read-only-properties: - InstanceId - PrivateIp @@ -2489,6 +4105,9 @@ components: - VpcId - State x-tagging: + permissions: + - ec2:CreateTags + - ec2:DeleteTags taggable: true tagOnCreate: true tagUpdatable: true @@ -2586,9 +4205,6 @@ components: - elastic-inference:DescribeAccelerators - ssm:DescribeAssociation - ssm:ListAssociations - SecurityGroupId: - description: The ID of a security group for the endpoint. - type: string InstanceConnectEndpoint: type: object properties: @@ -2686,6 +4302,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DeleteTags x-required-permissions: create: - ec2:CreateInternetGateway @@ -2755,6 +4374,9 @@ components: enum: - free - advanced + EnablePrivateGua: + description: Enable provisioning of GUA space in private pools. + type: boolean Tags: description: An array of key-value pairs to apply to this resource. type: array @@ -2784,6 +4406,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ec2:DeleteTags + - ec2:CreateTags x-required-permissions: create: - ec2:CreateIpam @@ -3019,6 +4644,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ec2:DeleteTags + - ec2:CreateTags x-required-permissions: create: - ec2:CreateIpamPool @@ -3153,6 +4781,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ec2:DeleteTags + - ec2:CreateTags x-required-permissions: create: - ec2:CreateIpamResourceDiscovery @@ -3240,6 +4871,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ec2:DeleteTags + - ec2:CreateTags x-required-permissions: create: - ec2:AssociateIpamResourceDiscovery @@ -3317,6 +4951,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ec2:DeleteTags + - ec2:CreateTags x-required-permissions: create: - ec2:CreateIpamScope @@ -3411,6 +5048,9 @@ components: taggable: true tagUpdatable: false cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - ec2:CreateTags x-required-permissions: create: - ec2:CreateKeyPair @@ -3443,15 +5083,16 @@ components: TagSpecifications: uniqueItems: false description: |- - The tags to apply to the resources that are created during instance launch. - To tag a resource after it has been created, see [CreateTags](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). + The tags to apply to resources that are created during instance launch. To tag the launch template itself, use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications). type: array items: $ref: '#/components/schemas/TagSpecification' + NetworkPerformanceOptions: + description: '' UserData: description: |- - The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see [Run commands on your Linux instance at launch](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) (Linux) or [Work with instance user data](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/instancedata-add-user-data.html) (Windows) in the *Amazon Elastic Compute Cloud User Guide*. + The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see [Run commands on your Amazon EC2 instance at launch](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) in the *Amazon EC2 User Guide*. If you are creating the launch template for use with BATCH, the user data must be provided in the [MIME multi-part archive format](https://docs.aws.amazon.com/https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive). For more information, see [Amazon EC2 user data in launch templates](https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html) in the *User Guide*. type: string BlockDeviceMappings: @@ -3485,7 +5126,8 @@ components: ElasticInferenceAccelerators: uniqueItems: false description: |- - An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads. + Amazon Elastic Inference is no longer available. + An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads. You cannot specify accelerators from different generations in the same request. Starting April 15, 2023, AWS will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service. type: array @@ -3509,7 +5151,7 @@ components: description: |- The ID of the AMI. Alternatively, you can specify a Systems Manager parameter, which will resolve to an AMI ID on launch. Valid formats: - + ``ami-17characters00000`` + + ``ami-0ac394d6a3example`` + ``resolve:ssm:parameter-name`` + ``resolve:ssm:parameter-name:version-number`` + ``resolve:ssm:parameter-name:label`` @@ -3518,17 +5160,17 @@ components: type: string InstanceType: description: |- - The instance type. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon Elastic Compute Cloud User Guide*. + The instance type. For more information, see [Amazon EC2 instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide*. If you specify ``InstanceType``, you can't specify ``InstanceRequirements``. type: string Monitoring: description: The monitoring for the instance. $ref: '#/components/schemas/Monitoring' HibernationOptions: - description: Indicates whether an instance is enabled for hibernation. This parameter is valid only if the instance meets the [hibernation prerequisites](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hibernating-prerequisites.html). For more information, see [Hibernate your instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) in the *Amazon Elastic Compute Cloud User Guide*. + description: Indicates whether an instance is enabled for hibernation. This parameter is valid only if the instance meets the [hibernation prerequisites](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hibernating-prerequisites.html). For more information, see [Hibernate your Amazon EC2 instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) in the *Amazon EC2 User Guide*. $ref: '#/components/schemas/HibernationOptions' MetadataOptions: - description: The metadata options for the instance. For more information, see [Instance metadata and user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) in the *Amazon Elastic Compute Cloud User Guide*. + description: The metadata options for the instance. For more information, see [Instance metadata and user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) in the *Amazon EC2 User Guide*. $ref: '#/components/schemas/MetadataOptions' LicenseSpecifications: uniqueItems: false @@ -3542,10 +5184,10 @@ components: Default: ``stop`` type: string DisableApiStop: - description: Indicates whether to enable the instance for stop protection. For more information, see [Stop protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection) in the *Amazon Elastic Compute Cloud User Guide*. + description: Indicates whether to enable the instance for stop protection. For more information, see [Enable stop protection for your instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-stop-protection.html) in the *Amazon EC2 User Guide*. type: boolean CpuOptions: - description: The CPU options for the instance. For more information, see [Optimizing CPU Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) in the *Amazon Elastic Compute Cloud User Guide*. + description: The CPU options for the instance. For more information, see [Optimize CPU options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) in the *Amazon EC2 User Guide*. $ref: '#/components/schemas/CpuOptions' PrivateDnsNameOptions: description: The hostname type for EC2 instances launched into this subnet and how DNS A and AAAA record queries should be handled. For more information, see [Amazon EC2 instance hostname types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-naming.html) in the *User Guide*. @@ -3580,12 +5222,12 @@ components: If you specify ``InstanceRequirements``, you can't specify ``InstanceType``. Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html), or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify ``InstanceRequirements``. - For more information, see [Attribute-based instance type selection for EC2 Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), [Attribute-based instance type selection for Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html), and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide*. + For more information, see [Specify attributes for instance type selection for EC2 Fleet or Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html) and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide*. $ref: '#/components/schemas/InstanceRequirements' RamDiskId: description: |- The ID of the RAM disk. - We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see [User provided kernels](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) in the *Amazon Elastic Compute Cloud User Guide*. + We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see [User provided kernels](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) in the *Amazon EC2 User Guide*. type: string CapacityReservationSpecification: description: The Capacity Reservation targeting option. If you do not specify this parameter, the instance's Capacity Reservation preference defaults to ``open``, which enables it to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). @@ -3611,6 +5253,14 @@ components: AutoRecovery: description: Disables the automatic recovery behavior of your instance or sets it to default. type: string + Cpu: + description: Specifies the CPU performance to consider when using an instance family as the baseline reference. + additionalProperties: false + type: object + properties: + References: + description: The instance family to use as the baseline reference for CPU performance. All instance types that match your specified attributes are compared against the CPU performance of the referenced instance family, regardless of CPU manufacturer or architecture differences. + $ref: '#/components/schemas/References' IamInstanceProfile: description: |- Specifies an IAM instance profile, which is a container for an IAM role for your instance. You can use an IAM role to distribute your AWS credentials to your instances. @@ -3648,8 +5298,8 @@ components: description: The maximum number of vCPUs. To specify no maximum limit, omit this parameter. type: integer Ipv4PrefixSpecification: - type: object additionalProperties: false + type: object properties: Ipv4Prefix: type: string @@ -3661,12 +5311,17 @@ components: properties: EnaSrdEnabled: type: boolean + description: Indicates whether ENA Express is enabled for the network interface. EnaSrdUdpSpecification: type: object additionalProperties: false properties: EnaSrdUdpEnabled: type: boolean + description: Configures ENA Express for UDP network traffic. + description: |- + ENA Express uses AWS Scalable Reliable Datagram (SRD) technology to increase the maximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances. With ENA Express, you can communicate between two EC2 instances in the same subnet within the same account, or in different accounts. Both sending and receiving instances must have ENA Express enabled. + To improve the reliability of network packet delivery, ENA Express reorders network packets on the receiving end by default. However, some UDP-based applications are designed to handle network packets that are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express is enabled, you can specify whether UDP network traffic uses it. EnclaveOptions: description: Indicates whether the instance is enabled for AWS Nitro Enclaves. additionalProperties: false @@ -3675,16 +5330,6 @@ components: Enabled: description: If this parameter is set to ``true``, the instance is enabled for AWS Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves. type: boolean - Monitoring: - description: |- - Specifies whether detailed monitoring is enabled for an instance. For more information about detailed monitoring, see [Enable or turn off detailed monitoring for your instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html) in the *User Guide*. - ``Monitoring`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html). - additionalProperties: false - type: object - properties: - Enabled: - description: Specify ``true`` to enable detailed monitoring. Otherwise, basic monitoring is enabled. - type: boolean MemoryMiB: description: The minimum and maximum amount of memory, in MiB. additionalProperties: false @@ -3755,6 +5400,27 @@ components: Max: description: The maximum number of network interfaces. To specify no maximum limit, omit this parameter. type: integer + Reference: + description: Specifies an instance family to use as the baseline reference for CPU performance. + additionalProperties: false + type: object + properties: + InstanceFamily: + description: |- + The instance family to use as a baseline reference. + Ensure that you specify the correct value for the instance family. The instance family is everything before the period (``.``) in the instance type name. For example, in the instance type ``c6i.large``, the instance family is ``c6i``, not ``c6``. For more information, see [Amazon EC2 instance type naming conventions](https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-type-names.html) in *Amazon EC2 Instance Types*. + The following instance families are *not supported* for performance protection: + + ``c1`` + + ``g3`` | ``g3s`` + + ``hpc7g`` + + ``m1`` | ``m2`` + + ``mac1`` | ``mac2`` | ``mac2-m1ultra`` | ``mac2-m2`` | ``mac2-m2pro`` + + ``p3dn`` | ``p4d`` | ``p5`` + + ``t1`` + + ``u-12tb1`` | ``u-18tb1`` | ``u-24tb1`` | ``u-3tb1`` | ``u-6tb1`` | ``u-9tb1`` | ``u7i-12tb`` | ``u7in-16tb`` | ``u7in-24tb`` | ``u7in-32tb`` + + If you enable performance protection by specifying a supported instance family, the returned instance types will exclude the above unsupported instance families. + type: string CpuOptions: description: |- Specifies the CPU options for an instance. For more information, see [Optimize CPU options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) in the *User Guide*. @@ -3819,8 +5485,8 @@ components: description: Indicates whether the private IPv4 address is the primary private IPv4 address. Only one IPv4 address can be designated as primary. type: boolean Ipv6PrefixSpecification: - type: object additionalProperties: false + type: object properties: Ipv6Prefix: type: string @@ -3829,12 +5495,13 @@ components: LaunchTemplateTagSpecification: description: |- Specifies the tags to apply to the launch template during creation. + To specify the tags for the resources that are created during instance launch, use [AWS::EC2::LaunchTemplate TagSpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-tagspecification.html). ``LaunchTemplateTagSpecification`` is a property of [AWS::EC2::LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html). additionalProperties: false type: object properties: ResourceType: - description: The type of resource. To tag the launch template, ``ResourceType`` must be ``launch-template``. + description: The type of resource. To tag a launch template, ``ResourceType`` must be ``launch-template``. type: string Tags: uniqueItems: false @@ -3887,6 +5554,23 @@ components: MarketType: description: The market type. type: string + References: + uniqueItems: true + description: A list of references to be used as baseline for the CPU performance. Currently, you can only specify a single reference across different instance type variations such as CPU manufacturers, architectures etc. + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/Reference' + BaselinePerformanceFactors: + description: |- + The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Amazon EC2 uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application. + Currently, this parameter only supports CPU performance as a baseline performance factor. For example, specifying ``c6i`` would use the CPU performance of the ``c6i`` family as the baseline reference. + additionalProperties: false + type: object + properties: + Cpu: + description: The CPU performance to consider, using an instance family as the baseline reference. + $ref: '#/components/schemas/Cpu' LaunchTemplateElasticInferenceAccelerator: description: |- Specifies an elastic inference accelerator. @@ -3924,21 +5608,10 @@ components: If you specify ``InstanceRequirements``, you can't specify ``InstanceType``. Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html), or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify ``InstanceRequirements``. - For more information, see [Attribute-based instance type selection for EC2 Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), [Attribute-based instance type selection for Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html), and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide*. + For more information, see [Specify attributes for instance type selection for EC2 Fleet or Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html) and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide*. additionalProperties: false type: object properties: - LocalStorageTypes: - uniqueItems: false - description: |- - The type of local storage that is required. - + For instance types with hard disk drive (HDD) storage, specify ``hdd``. - + For instance types with solid state drive (SSD) storage, specify ``ssd``. - - Default: ``hdd`` and ``ssd`` - type: array - items: - type: string InstanceGenerations: uniqueItems: false description: |- @@ -3949,11 +5622,6 @@ components: type: array items: type: string - NetworkInterfaceCount: - description: |- - The minimum and maximum number of network interfaces. - Default: No minimum or maximum limits - $ref: '#/components/schemas/NetworkInterfaceCount' MemoryGiBPerVCpu: description: |- The minimum and maximum amount of memory per vCPU, in GiB. @@ -3965,7 +5633,6 @@ components: The accelerator types that must be on the instance type. + For instance types with GPU accelerators, specify ``gpu``. + For instance types with FPGA accelerators, specify ``fpga``. - + For instance types with inference accelerators, specify ``inference``. Default: Any accelerator type type: array @@ -3974,18 +5641,6 @@ components: VCpuCount: description: The minimum and maximum number of vCPUs. $ref: '#/components/schemas/VCpuCount' - ExcludedInstanceTypes: - uniqueItems: false - description: |- - The instance types to exclude. - You can use strings with one or more wild cards, represented by an asterisk (``*``), to exclude an instance type, size, or generation. The following are examples: ``m5.8xlarge``, ``c5*.*``, ``m5a.*``, ``r*``, ``*3*``. - For example, if you specify ``c5*``,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify ``m5a.*``, Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types. - If you specify ``ExcludedInstanceTypes``, you can't specify ``AllowedInstanceTypes``. - Default: No excluded instance types - type: array - items: - description: The user data to make available to the instance. - type: string AcceleratorManufacturers: uniqueItems: false description: |- @@ -4000,17 +5655,6 @@ components: type: array items: type: string - AllowedInstanceTypes: - uniqueItems: false - description: |- - The instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. - You can use strings with one or more wild cards, represented by an asterisk (``*``), to allow an instance type, size, or generation. The following are examples: ``m5.8xlarge``, ``c5*.*``, ``m5a.*``, ``r*``, ``*3*``. - For example, if you specify ``c5*``,Amazon EC2 will allow the entire C5 instance family, which includes all C5a and C5n instance types. If you specify ``m5a.*``, Amazon EC2 will allow all the M5a instance types, but not the M5n instance types. - If you specify ``AllowedInstanceTypes``, you can't specify ``ExcludedInstanceTypes``. - Default: All instance types - type: array - items: - type: string LocalStorage: description: |- Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, [Amazon EC2 instance store](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html) in the *Amazon EC2 User Guide*. @@ -4027,23 +5671,13 @@ components: + For instance types with Intel CPUs, specify ``intel``. + For instance types with AMD CPUs, specify ``amd``. + For instance types with AWS CPUs, specify ``amazon-web-services``. + + For instance types with Apple CPUs, specify ``apple``. Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. Default: Any manufacturer type: array items: type: string - AcceleratorCount: - description: |- - The minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips) on an instance. - To exclude accelerator-enabled instance types, set ``Max`` to ``0``. - Default: No minimum or maximum limits - $ref: '#/components/schemas/AcceleratorCount' - NetworkBandwidthGbps: - description: |- - The minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). - Default: No minimum or maximum limits - $ref: '#/components/schemas/NetworkBandwidthGbps' BareMetal: description: |- Indicates whether bare metal instance types must be included, excluded, or required. @@ -4064,9 +5698,76 @@ components: [Price protection] The price protection threshold for Spot Instances, as a percentage of an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from the lowest priced current generation instance types, and failing that, from the lowest priced previous generation instance types that match your attributes. When Amazon EC2 selects instance types with your attributes, it will exclude instance types whose price exceeds your specified threshold. The parameter accepts an integer, which Amazon EC2 interprets as a percentage. - If you set ``DesiredCapacityType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is based on the per vCPU or per memory price instead of the per instance price. + If you set ``TargetCapacityUnitType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is based on the per vCPU or per memory price instead of the per instance price. Only one of ``SpotMaxPricePercentageOverLowestPrice`` or ``MaxSpotPriceAsPercentageOfOptimalOnDemandPrice`` can be specified. If you don't specify either, Amazon EC2 will automatically apply optimal price protection to consistently select from a wide range of instance types. To indicate no price protection threshold for Spot Instances, meaning you want to consider all instance types that match your attributes, include one of these parameters and specify a high value, such as ``999999``. type: integer + OnDemandMaxPricePercentageOverLowestPrice: + description: |- + [Price protection] The price protection threshold for On-Demand Instances, as a percentage higher than an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it will exclude instance types whose price exceeds your specified threshold. + The parameter accepts an integer, which Amazon EC2 interprets as a percentage. + To turn off price protection, specify a high value, such as ``999999``. + This parameter is not supported for [GetSpotPlacementScores](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetSpotPlacementScores.html) and [GetInstanceTypesFromInstanceRequirements](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetInstanceTypesFromInstanceRequirements.html). + If you set ``TargetCapacityUnitType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per-instance price. + Default: ``20`` + type: integer + MemoryMiB: + description: The minimum and maximum amount of memory, in MiB. + $ref: '#/components/schemas/MemoryMiB' + LocalStorageTypes: + uniqueItems: false + description: |- + The type of local storage that is required. + + For instance types with hard disk drive (HDD) storage, specify ``hdd``. + + For instance types with solid state drive (SSD) storage, specify ``ssd``. + + Default: ``hdd`` and ``ssd`` + type: array + items: + type: string + NetworkInterfaceCount: + description: |- + The minimum and maximum number of network interfaces. + Default: No minimum or maximum limits + $ref: '#/components/schemas/NetworkInterfaceCount' + ExcludedInstanceTypes: + uniqueItems: false + description: |- + The instance types to exclude. + You can use strings with one or more wild cards, represented by an asterisk (``*``), to exclude an instance type, size, or generation. The following are examples: ``m5.8xlarge``, ``c5*.*``, ``m5a.*``, ``r*``, ``*3*``. + For example, if you specify ``c5*``,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify ``m5a.*``, Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types. + If you specify ``ExcludedInstanceTypes``, you can't specify ``AllowedInstanceTypes``. + Default: No excluded instance types + type: array + items: + description: The user data to make available to the instance. + type: string + AllowedInstanceTypes: + uniqueItems: false + description: |- + The instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. + You can use strings with one or more wild cards, represented by an asterisk (``*``), to allow an instance type, size, or generation. The following are examples: ``m5.8xlarge``, ``c5*.*``, ``m5a.*``, ``r*``, ``*3*``. + For example, if you specify ``c5*``,Amazon EC2 will allow the entire C5 instance family, which includes all C5a and C5n instance types. If you specify ``m5a.*``, Amazon EC2 will allow all the M5a instance types, but not the M5n instance types. + If you specify ``AllowedInstanceTypes``, you can't specify ``ExcludedInstanceTypes``. + Default: All instance types + type: array + items: + type: string + AcceleratorCount: + description: |- + The minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips) on an instance. + To exclude accelerator-enabled instance types, set ``Max`` to ``0``. + Default: No minimum or maximum limits + $ref: '#/components/schemas/AcceleratorCount' + NetworkBandwidthGbps: + description: |- + The minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). + Default: No minimum or maximum limits + $ref: '#/components/schemas/NetworkBandwidthGbps' + BaselinePerformanceFactors: + description: >- + The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Amazon EC2 uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application. Currently, this parameter only supports CPU performance as a baseline performance factor. For more information, see [Performance + protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html#ec2fleet-abis-performance-protection) in the *Amazon EC2 User Guide*. + $ref: '#/components/schemas/BaselinePerformanceFactors' SpotMaxPricePercentageOverLowestPrice: description: >- [Price protection] The price protection threshold for Spot Instances, as a percentage higher than an identified Spot price. The identified Spot price is the Spot price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified Spot price is from the lowest priced current generation instance types, and failing that, from the lowest priced previous @@ -4082,15 +5783,6 @@ components: The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS–optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide*. Default: No minimum or maximum limits $ref: '#/components/schemas/BaselineEbsBandwidthMbps' - OnDemandMaxPricePercentageOverLowestPrice: - description: |- - [Price protection] The price protection threshold for On-Demand Instances, as a percentage higher than an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it will exclude instance types whose price exceeds your specified threshold. - The parameter accepts an integer, which Amazon EC2 interprets as a percentage. - To turn off price protection, specify a high value, such as ``999999``. - This parameter is not supported for [GetSpotPlacementScores](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetSpotPlacementScores.html) and [GetInstanceTypesFromInstanceRequirements](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetInstanceTypesFromInstanceRequirements.html). - If you set ``TargetCapacityUnitType`` to ``vcpu`` or ``memory-mib``, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per-instance price. - Default: ``20`` - type: integer AcceleratorNames: uniqueItems: false description: |- @@ -4126,9 +5818,6 @@ components: Default: ``excluded`` type: string - MemoryMiB: - description: The minimum and maximum amount of memory, in MiB. - $ref: '#/components/schemas/MemoryMiB' TotalLocalStorageGB: description: |- The minimum and maximum amount of total local storage, in GB. @@ -4168,7 +5857,8 @@ components: CapacityReservationPreference: description: |- Indicates the instance's Capacity Reservation preferences. Possible preferences include: - + ``open`` - The instance can run in any ``open`` Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). + + ``capacity-reservations-only`` - The instance will only run in a Capacity Reservation or Capacity Reservation group. If capacity isn't available, the instance will fail to launch. + + ``open`` - The instance can run in any ``open`` Capacity Reservation that has matching attributes (instance type, platform, Availability Zone, tenancy). + ``none`` - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity. type: string CapacityReservationTarget: @@ -4198,15 +5888,15 @@ components: description: The maximum amount of total local storage, in GB. To specify no maximum limit, omit this parameter. type: number ConnectionTrackingSpecification: - type: object additionalProperties: false + type: object properties: + UdpTimeout: + type: integer TcpEstablishedTimeout: type: integer UdpStreamTimeout: type: integer - UdpTimeout: - type: integer LaunchTemplate: type: object properties: @@ -4223,7 +5913,7 @@ components: uniqueItems: false description: |- The tags to apply to the launch template on creation. To tag the launch template, the resource type must be ``launch-template``. - To specify the tags for the resources that are created when an instance is launched, you must use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications). + To specify the tags for resources that are created during instance launch, use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications). type: array items: $ref: '#/components/schemas/LaunchTemplateTagSpecification' @@ -4385,6 +6075,10 @@ components: tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - ec2:DeleteTags + - ec2:CreateTags x-required-permissions: create: - ec2:CreateLocalGatewayRouteTable @@ -4516,6 +6210,10 @@ components: tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - ec2:DeleteTags + - ec2:CreateTags x-required-permissions: create: - ec2:CreateLocalGatewayRouteTableVpcAssociation @@ -4538,7 +6236,7 @@ components: properties: SecondaryAllocationIds: uniqueItems: true - description: Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon VPC User Guide*. + description: Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html) in the *Amazon VPC User Guide*. x-insertionOrder: true type: array items: @@ -4606,9 +6304,13 @@ components: x-required-properties: - SubnetId x-tagging: + permissions: + - ec2:DeleteTags + - ec2:CreateTags taggable: true tagOnCreate: true tagUpdatable: true + tagProperty: /properties/Tags cloudFormationSystemTags: true x-required-permissions: read: @@ -4633,23 +6335,25 @@ components: NetworkAcl: type: object properties: - Id: + VpcId: + description: The ID of the VPC for the network ACL. type: string + Id: description: '' + type: string Tags: - description: The tags for the network ACL. - type: array uniqueItems: false + description: The tags for the network ACL. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' - VpcId: - description: The ID of the VPC for the network ACL. - type: string required: - VpcId x-stackql-resource-name: network_acl - description: Specifies a network ACL for your VPC. + description: |- + Specifies a network ACL for your VPC. + To add a network ACL entry, see [AWS::EC2::NetworkAclEntry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html). x-type-name: AWS::EC2::NetworkAcl x-stackql-primary-identifier: - Id @@ -4663,26 +6367,26 @@ components: taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: true tagProperty: /properties/Tags + cloudFormationSystemTags: true x-required-permissions: + read: + - ec2:DescribeNetworkAcls + - ec2:DescribeTags create: - ec2:CreateNetworkAcl - ec2:DescribeNetworkAcls - ec2:CreateTags - read: - - ec2:DescribeNetworkAcls - - ec2:DescribeTags update: - ec2:DescribeNetworkAcls - ec2:DeleteTags - ec2:CreateTags + list: + - ec2:DescribeNetworkAcls delete: - ec2:DeleteTags - ec2:DeleteNetworkAcl - ec2:DescribeNetworkAcls - list: - - ec2:DescribeNetworkAcls AccessScopePathRequest: type: object additionalProperties: false @@ -4812,6 +6516,15 @@ components: - NetworkInsightsAccessScopeArn - CreatedDate - UpdatedDate + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DeleteTags x-required-permissions: create: - ec2:CreateNetworkInsightsAccessScope @@ -5460,6 +7173,15 @@ components: x-required-properties: - Protocol - Source + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DeleteTags x-required-permissions: create: - ec2:CreateNetworkInsightsPath @@ -5479,14 +7201,14 @@ components: type: object properties: AttachmentId: - description: The ID of the network interface attachment. + description: '' type: string DeleteOnTermination: - description: Whether to delete the network interface when the instance terminates. By default, this value is set to true. + description: Whether to delete the network interface when the instance terminates. By default, this value is set to ``true``. type: boolean default: true DeviceIndex: - description: The network interface's position in the attachment order. For example, the first attached network interface has a DeviceIndex of 0. + description: The network interface's position in the attachment order. For example, the first attached network interface has a ``DeviceIndex`` of 0. type: string InstanceId: description: The ID of the instance to which you will attach the ENI. @@ -5496,12 +7218,13 @@ components: type: string EnaSrdSpecification: $ref: '#/components/schemas/EnaSrdSpecification' + description: Configures ENA Express for the network interface that this action attaches to the instance. required: - DeviceIndex - InstanceId - NetworkInterfaceId x-stackql-resource-name: network_interface_attachment - description: Resource Type definition for AWS::EC2::NetworkInterfaceAttachment + description: Attaches an elastic network interface (ENI) to an Amazon EC2 instance. You can use this resource type to attach additional network interfaces to an instance without interruption. x-type-name: AWS::EC2::NetworkInterfaceAttachment x-stackql-primary-identifier: - AttachmentId @@ -5629,6 +7352,9 @@ components: taggable: true tagUpdatable: false cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - ec2:CreateTags x-required-permissions: create: - ec2:CreatePlacementGroup @@ -5716,6 +7442,10 @@ components: tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - EC2:DeleteTags + - EC2:CreateTags x-required-permissions: create: - EC2:CreateManagedPrefixList @@ -5736,150 +7466,6 @@ components: list: - EC2:DescribeManagedPrefixLists - EC2:GetManagedPrefixListEntries - Route: - type: object - properties: - CarrierGatewayId: - type: string - description: |- - The ID of the carrier gateway. - You can only use this option when the VPC contains a subnet which is associated with a Wavelength Zone. - CidrBlock: - type: string - description: '' - CoreNetworkArn: - type: string - description: The Amazon Resource Name (ARN) of the core network. - DestinationCidrBlock: - type: string - description: The IPv4 CIDR address block used for the destination match. Routing decisions are based on the most specific match. We modify the specified CIDR block to its canonical form; for example, if you specify ``100.68.0.18/18``, we modify it to ``100.68.0.0/18``. - DestinationIpv6CidrBlock: - type: string - description: The IPv6 CIDR block used for the destination match. Routing decisions are based on the most specific match. - DestinationPrefixListId: - type: string - description: The ID of a prefix list used for the destination match. - EgressOnlyInternetGatewayId: - type: string - description: '[IPv6 traffic only] The ID of an egress-only internet gateway.' - GatewayId: - type: string - description: The ID of an internet gateway or virtual private gateway attached to your VPC. - InstanceId: - type: string - description: The ID of a NAT instance in your VPC. The operation fails if you specify an instance ID unless exactly one network interface is attached. - LocalGatewayId: - type: string - description: The ID of the local gateway. - NatGatewayId: - type: string - description: '[IPv4 traffic only] The ID of a NAT gateway.' - NetworkInterfaceId: - type: string - description: The ID of a network interface. - RouteTableId: - type: string - description: The ID of the route table for the route. - TransitGatewayId: - type: string - description: The ID of a transit gateway. - VpcEndpointId: - type: string - description: The ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only. - VpcPeeringConnectionId: - type: string - description: The ID of a VPC peering connection. - required: - - RouteTableId - x-stackql-resource-name: route - description: |- - Specifies a route in a route table. For more information, see [Routes](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#route-table-routes) in the *Amazon VPC User Guide*. - You must specify either a destination CIDR block or prefix list ID. You must also specify exactly one of the resources as the target. - If you create a route that references a transit gateway in the same template where you create the transit gateway, you must declare a dependency on the transit gateway attachment. The route table cannot use the transit gateway until it has successfully attached to the VPC. Add a [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) in the ``AWS::EC2::Route`` resource to explicitly declare a dependency on the ``AWS::EC2::TransitGatewayAttachment`` resource. - x-type-name: AWS::EC2::Route - x-stackql-primary-identifier: - - RouteTableId - - CidrBlock - x-create-only-properties: - - RouteTableId - - DestinationCidrBlock - - DestinationIpv6CidrBlock - - DestinationPrefixListId - x-read-only-properties: - - CidrBlock - x-required-properties: - - RouteTableId - x-tagging: - taggable: false - x-required-permissions: - create: - - ec2:CreateRoute - - ec2:DescribeRouteTables - - ec2:DescribeNetworkInterfaces - read: - - ec2:DescribeRouteTables - update: - - ec2:ReplaceRoute - - ec2:DescribeRouteTables - - ec2:DescribeNetworkInterfaces - delete: - - ec2:DeleteRoute - - ec2:DescribeRouteTables - list: - - ec2:DescribeRouteTables - RouteTable: - type: object - properties: - RouteTableId: - description: '' - type: string - Tags: - description: Any tags assigned to the route table. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - VpcId: - description: The ID of the VPC. - type: string - required: - - VpcId - x-stackql-resource-name: route_table - description: |- - Specifies a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet. - For more information, see [Route tables](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the *Amazon VPC User Guide*. - x-type-name: AWS::EC2::RouteTable - x-stackql-primary-identifier: - - RouteTableId - x-create-only-properties: - - VpcId - x-read-only-properties: - - RouteTableId - x-required-properties: - - VpcId - x-tagging: - taggable: true - tagOnCreate: true - tagUpdatable: true - cloudFormationSystemTags: true - tagProperty: /properties/Tags - x-required-permissions: - create: - - ec2:CreateRouteTable - - ec2:CreateTags - - ec2:DescribeRouteTables - read: - - ec2:DescribeRouteTables - update: - - ec2:CreateTags - - ec2:DeleteTags - - ec2:DescribeRouteTables - delete: - - ec2:DescribeRouteTables - - ec2:DeleteRouteTable - list: - - ec2:DescribeRouteTables Ingress: additionalProperties: false type: object @@ -5986,6 +7572,9 @@ components: x-required-properties: - GroupDescription x-tagging: + permissions: + - ec2:CreateTags + - ec2:DeleteTags taggable: true tagOnCreate: true tagUpdatable: true @@ -6012,6 +7601,7 @@ components: list: - ec2:DescribeSecurityGroups delete: + - ec2:DescribeSecurityGroups - ec2:DeleteSecurityGroup - ec2:DescribeInstances SecurityGroupEgress: @@ -6211,6 +7801,66 @@ components: - ec2:DescribeSecurityGroupRules list: - ec2:DescribeSecurityGroupRules + SecurityGroupVpcAssociationState: + type: string + additionalProperties: false + enum: + - associating + - associated + - association-failed + - disassociating + - disassociated + - disassociation-failed + SecurityGroupVpcAssociation: + type: object + properties: + GroupId: + description: The group ID of the specified security group. + type: string + VpcId: + description: The ID of the VPC in the security group vpc association. + type: string + VpcOwnerId: + description: The owner of the VPC in the security group vpc association. + type: string + State: + description: The state of the security group vpc association. + $ref: '#/components/schemas/SecurityGroupVpcAssociationState' + StateReason: + description: The reason for the state of the security group vpc association. + type: string + required: + - GroupId + - VpcId + x-stackql-resource-name: security_group_vpc_association + description: Resource type definition for the AWS::EC2::SecurityGroupVpcAssociation resource + x-type-name: AWS::EC2::SecurityGroupVpcAssociation + x-stackql-primary-identifier: + - GroupId + - VpcId + x-create-only-properties: + - GroupId + - VpcId + x-read-only-properties: + - VpcOwnerId + - State + - StateReason + x-required-properties: + - GroupId + - VpcId + x-tagging: + taggable: false + x-required-permissions: + create: + - ec2:AssociateSecurityGroupVpc + - ec2:DescribeSecurityGroupVpcAssociations + read: + - ec2:DescribeSecurityGroupVpcAssociations + delete: + - ec2:DisassociateSecurityGroupVpc + - ec2:DescribeSecurityGroupVpcAssociations + list: + - ec2:DescribeSecurityGroupVpcAssociations SnapshotBlockPublicAccess: type: object properties: @@ -6609,30 +8259,6 @@ components: $ref: '#/components/schemas/TargetGroup' required: - TargetGroups - EbsBlockDevice: - type: object - additionalProperties: false - properties: - DeleteOnTermination: - type: boolean - Encrypted: - type: boolean - Iops: - type: integer - SnapshotId: - type: string - VolumeSize: - type: integer - VolumeType: - type: string - enum: - - gp2 - - gp3 - - io1 - - io2 - - sc1 - - st1 - - standard TargetGroup: type: object additionalProperties: false @@ -6752,7 +8378,7 @@ components: uniqueItems: false items: type: string - description: The IPv6 network ranges for the subnet, in CIDR notation. + description: '' Ipv6CidrBlock: type: string description: |- @@ -6766,7 +8392,9 @@ components: description: Indicates whether this is an IPv6 only subnet. For more information, see [Subnet basics](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#subnet-basics) in the *User Guide*. EnableDns64: type: boolean - description: Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. For more information, see [DNS64 and NAT64](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-nat64-dns64) in the *User Guide*. + description: |- + Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. + You must first configure a NAT gateway in a public subnet (separate from the subnet containing the IPv6-only workloads). For example, the subnet containing the NAT gateway should have a ``0.0.0.0/0`` route pointing to the internet gateway. For more information, see [Configure DNS64 and NAT64](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-nat64-dns64.html#nat-gateway-nat64-dns64-walkthrough) in the *User Guide*. PrivateDnsNameOptionsOnLaunch: type: object additionalProperties: false @@ -6833,6 +8461,7 @@ components: x-read-only-properties: - NetworkAclAssociationId - SubnetId + - Ipv6CidrBlocks x-required-properties: - VpcId x-tagging: @@ -6841,6 +8470,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DeleteTags x-required-permissions: create: - ec2:DescribeSubnets @@ -6884,6 +8516,12 @@ components: SubnetId: description: The ID of the subnet type: string + Ipv6AddressAttribute: + type: string + description: The value denoting whether an IPv6 Subnet CIDR Block is public or private. + IpSource: + type: string + description: The IP Source of an IPv6 Subnet CIDR Block. required: - SubnetId x-stackql-resource-name: subnet_cidr_block @@ -6901,6 +8539,8 @@ components: - Ipv6NetmaskLength x-read-only-properties: - Id + - Ipv6AddressAttribute + - IpSource x-required-properties: - SubnetId x-tagging: @@ -6966,17 +8606,17 @@ components: SubnetRouteTableAssociation: type: object properties: - Id: - type: string - description: '' RouteTableId: - type: string description: |- The ID of the route table. The physical ID changes when the route table ID is changed. - SubnetId: type: string + Id: + description: '' + type: string + SubnetId: description: The ID of the subnet. + type: string required: - RouteTableId - SubnetId @@ -7000,37 +8640,29 @@ components: tagUpdatable: false cloudFormationSystemTags: false x-required-permissions: + read: + - ec2:DescribeRouteTables create: - ec2:AssociateRouteTable - ec2:ReplaceRouteTableAssociation - ec2:DescribeSubnets - ec2:DescribeRouteTables - read: + list: - ec2:DescribeRouteTables delete: - ec2:DisassociateRouteTable - ec2:DescribeSubnets - ec2:DescribeRouteTables - list: - - ec2:DescribeRouteTables TransitGateway: type: object properties: - Description: - type: string - AssociationDefaultRouteTableId: - type: string - AutoAcceptSharedAttachments: + DefaultRouteTablePropagation: type: string TransitGatewayArn: type: string - DefaultRouteTablePropagation: + Description: type: string - TransitGatewayCidrBlocks: - type: array - items: - type: string - PropagationDefaultRouteTableId: + AutoAcceptSharedAttachments: type: string DefaultRouteTableAssociation: type: string @@ -7040,16 +8672,26 @@ components: type: string DnsSupport: type: string + SecurityGroupReferencingSupport: + type: string MulticastSupport: type: string AmazonSideAsn: - format: int64 type: integer + format: int64 + TransitGatewayCidrBlocks: + type: array + items: + type: string Tags: - uniqueItems: false type: array + uniqueItems: false items: $ref: '#/components/schemas/Tag' + AssociationDefaultRouteTableId: + type: string + PropagationDefaultRouteTableId: + type: string x-stackql-resource-name: transit_gateway description: Resource Type definition for AWS::EC2::TransitGateway x-type-name: AWS::EC2::TransitGateway @@ -7063,8 +8705,12 @@ components: - TransitGatewayArn x-tagging: taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags x-required-permissions: - read: + create: - ec2:CreateTransitGateway - ec2:CreateTags - ec2:DescribeTransitGateways @@ -7073,7 +8719,7 @@ components: - ec2:DeleteTags - ec2:ModifyTransitGateway - ec2:ModifyTransitGatewayOptions - create: + read: - ec2:CreateTransitGateway - ec2:CreateTags - ec2:DescribeTransitGateways @@ -7082,7 +8728,7 @@ components: - ec2:DeleteTags - ec2:ModifyTransitGateway - ec2:ModifyTransitGatewayOptions - update: + delete: - ec2:CreateTransitGateway - ec2:CreateTags - ec2:DescribeTransitGateways @@ -7091,7 +8737,7 @@ components: - ec2:DeleteTags - ec2:ModifyTransitGateway - ec2:ModifyTransitGatewayOptions - list: + update: - ec2:CreateTransitGateway - ec2:CreateTags - ec2:DescribeTransitGateways @@ -7100,7 +8746,7 @@ components: - ec2:DeleteTags - ec2:ModifyTransitGateway - ec2:ModifyTransitGatewayOptions - delete: + list: - ec2:CreateTransitGateway - ec2:CreateTags - ec2:DescribeTransitGateways @@ -7112,31 +8758,11 @@ components: TransitGatewayAttachment: type: object properties: - Id: - type: string - TransitGatewayId: - type: string - VpcId: - type: string - SubnetIds: - type: array - x-insertionOrder: false - uniqueItems: false - items: - type: string - Tags: - type: array - x-insertionOrder: false - uniqueItems: false - items: - $ref: '#/components/schemas/Tag' Options: description: The options for the transit gateway vpc attachment. + additionalProperties: false type: object properties: - DnsSupport: - description: 'Indicates whether to enable DNS Support for Vpc Attachment. Valid Values: enable | disable' - type: string Ipv6Support: description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' type: string @@ -7146,7 +8772,30 @@ components: SecurityGroupReferencingSupport: description: 'Indicates whether to enable Security Group referencing support for Vpc Attachment. Valid Values: enable | disable' type: string - additionalProperties: false + DnsSupport: + description: 'Indicates whether to enable DNS Support for Vpc Attachment. Valid Values: enable | disable' + type: string + TransitGatewayId: + type: string + VpcId: + type: string + Id: + type: string + SubnetIds: + uniqueItems: false + x-insertionOrder: false + type: array + items: + relationshipRef: + typeName: AWS::EC2::Subnet + propertyPath: /properties/SubnetId + type: string + Tags: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' required: - VpcId - SubnetIds @@ -7169,10 +8818,10 @@ components: taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: false tagProperty: /properties/Tags + cloudFormationSystemTags: false x-required-permissions: - create: + read: - ec2:DescribeTransitGatewayAttachments - ec2:DescribeTransitGatewayVpcAttachments - ec2:CreateTransitGatewayVpcAttachment @@ -7182,7 +8831,7 @@ components: - ec2:DescribeTags - ec2:DescribeTransitGatewayAttachments - ec2:ModifyTransitGatewayVpcAttachment - read: + create: - ec2:DescribeTransitGatewayAttachments - ec2:DescribeTransitGatewayVpcAttachments - ec2:CreateTransitGatewayVpcAttachment @@ -7192,15 +8841,14 @@ components: - ec2:DescribeTags - ec2:DescribeTransitGatewayAttachments - ec2:ModifyTransitGatewayVpcAttachment - delete: + update: - ec2:DescribeTransitGatewayAttachments - ec2:DescribeTransitGatewayVpcAttachments + - ec2:DescribeTags - ec2:CreateTransitGatewayVpcAttachment - - ec2:DeleteTransitGatewayVpcAttachment - ec2:CreateTags + - ec2:DeleteTransitGatewayVpcAttachment - ec2:DeleteTags - - ec2:DescribeTags - - ec2:DescribeTransitGatewayAttachments - ec2:ModifyTransitGatewayVpcAttachment list: - ec2:DescribeTransitGatewayAttachments @@ -7211,14 +8859,15 @@ components: - ec2:DeleteTransitGatewayVpcAttachment - ec2:DeleteTags - ec2:ModifyTransitGatewayVpcAttachment - update: + delete: - ec2:DescribeTransitGatewayAttachments - ec2:DescribeTransitGatewayVpcAttachments - - ec2:DescribeTags - ec2:CreateTransitGatewayVpcAttachment - - ec2:CreateTags - ec2:DeleteTransitGatewayVpcAttachment + - ec2:CreateTags - ec2:DeleteTags + - ec2:DescribeTags + - ec2:DescribeTransitGatewayAttachments - ec2:ModifyTransitGatewayVpcAttachment TransitGatewayConnectOptions: type: object @@ -7272,6 +8921,12 @@ components: x-required-properties: - TransportTransitGatewayAttachmentId - Options + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags x-required-permissions: create: - ec2:CreateTransitGatewayConnect @@ -7343,6 +8998,12 @@ components: - TransitGatewayMulticastDomainArn x-required-properties: - TransitGatewayId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags x-required-permissions: create: - ec2:DescribeTransitGatewayMulticastDomains @@ -7404,6 +9065,11 @@ components: - TransitGatewayMulticastDomainId - TransitGatewayAttachmentId - SubnetId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false x-required-permissions: create: - ec2:AssociateTransitGatewayMulticastDomain @@ -7448,9 +9114,6 @@ components: MemberType: description: The member type (for example, static). type: string - SourceType: - description: The source type. - type: string required: - GroupIpAddress - NetworkInterfaceId @@ -7473,12 +9136,16 @@ components: - GroupSource - GroupMember - MemberType - - SourceType - TransitGatewayAttachmentId x-required-properties: - GroupIpAddress - NetworkInterfaceId - TransitGatewayMulticastDomainId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false x-required-permissions: create: - ec2:RegisterTransitGatewayMulticastGroupMembers @@ -7520,9 +9187,6 @@ components: GroupSource: description: Indicates that the resource is a transit gateway multicast group member. type: boolean - MemberType: - description: The member type (for example, static). - type: string SourceType: description: The source type. type: string @@ -7547,13 +9211,17 @@ components: - ResourceType - GroupSource - GroupMember - - MemberType - SourceType - TransitGatewayAttachmentId x-required-properties: - TransitGatewayMulticastDomainId - NetworkInterfaceId - GroupIpAddress + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false x-required-permissions: create: - ec2:RegisterTransitGatewayMulticastGroupSources @@ -7633,19 +9301,29 @@ components: - PeerTransitGatewayId - PeerAccountId - PeerRegion + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true x-required-permissions: read: - ec2:DescribeTransitGatewayPeeringAttachments create: - ec2:CreateTransitGatewayPeeringAttachment - ec2:DescribeTransitGatewayPeeringAttachments + - ec2:CreateTags update: - ec2:DescribeTransitGatewayPeeringAttachments + - ec2:CreateTags + - ec2:DeleteTags list: - ec2:DescribeTransitGatewayPeeringAttachments delete: - ec2:DeleteTransitGatewayPeeringAttachment - ec2:DescribeTransitGatewayPeeringAttachments + - ec2:DeleteTags TransitGatewayRoute: type: object properties: @@ -7705,12 +9383,12 @@ components: description: The ID of the transit gateway. type: string Tags: - type: array + uniqueItems: false description: Tags are composed of a Key/Value pair. You can use tags to categorize and track each parameter group. The tag value null is permitted. + x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' - x-insertionOrder: false - uniqueItems: false required: - TransitGatewayId x-stackql-resource-name: transit_gateway_route_table @@ -7720,30 +9398,37 @@ components: - TransitGatewayRouteTableId x-create-only-properties: - TransitGatewayId - - Tags x-read-only-properties: - TransitGatewayRouteTableId x-required-properties: - TransitGatewayId x-tagging: + permissions: + - ec2:CreateTags + - ec2:DeleteTags taggable: true tagOnCreate: true - tagUpdatable: false + tagUpdatable: true + tagProperty: /properties/Tags cloudFormationSystemTags: false x-required-permissions: + read: + - ec2:DescribeTransitGatewayRouteTables create: - ec2:CreateTransitGatewayRouteTable - ec2:CreateTags - ec2:DescribeTransitGatewayRouteTables - read: + update: + - ec2:DescribeTransitGatewayRouteTables + - ec2:CreateTags + - ec2:DeleteTags + list: - ec2:DescribeTransitGatewayRouteTables delete: - ec2:DeleteTransitGatewayRouteTable - ec2:DescribeTransitGatewayRouteTables - ec2:GetTransitGatewayRouteTableAssociations - ec2:DisassociateTransitGatewayRouteTable - list: - - ec2:DescribeTransitGatewayRouteTables TransitGatewayRouteTableAssociation: type: object properties: @@ -7775,16 +9460,16 @@ components: tagUpdatable: false cloudFormationSystemTags: false x-required-permissions: + read: + - ec2:GetTransitGatewayRouteTableAssociations create: - ec2:AssociateTransitGatewayRouteTable - ec2:GetTransitGatewayRouteTableAssociations - read: + list: - ec2:GetTransitGatewayRouteTableAssociations delete: - ec2:GetTransitGatewayRouteTableAssociations - ec2:DisassociateTransitGatewayRouteTable - list: - - ec2:GetTransitGatewayRouteTableAssociations TransitGatewayRouteTablePropagation: type: object properties: @@ -7815,63 +9500,66 @@ components: tagUpdatable: false cloudFormationSystemTags: false x-required-permissions: + read: + - ec2:GetTransitGatewayRouteTablePropagations create: - ec2:GetTransitGatewayRouteTablePropagations - ec2:EnableTransitGatewayRouteTablePropagation - read: + list: - ec2:GetTransitGatewayRouteTablePropagations delete: - ec2:GetTransitGatewayRouteTablePropagations - ec2:DisableTransitGatewayRouteTablePropagation - list: - - ec2:GetTransitGatewayRouteTablePropagations TransitGatewayVpcAttachment: type: object properties: - Options: - description: The options for the transit gateway vpc attachment. - additionalProperties: false - type: object - properties: - Ipv6Support: - description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' - type: string - ApplianceModeSupport: - description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' - type: string - DnsSupport: - description: 'Indicates whether to enable DNS Support for Vpc Attachment. Valid Values: enable | disable' - type: string + Id: + type: string TransitGatewayId: type: string VpcId: type: string - RemoveSubnetIds: - uniqueItems: false - x-insertionOrder: false + SubnetIds: type: array + x-insertionOrder: false + uniqueItems: false items: type: string - Id: - type: string - SubnetIds: + AddSubnetIds: + type: array uniqueItems: false x-insertionOrder: false - type: array items: type: string - AddSubnetIds: + RemoveSubnetIds: + type: array uniqueItems: false x-insertionOrder: false - type: array items: type: string Tags: + type: array uniqueItems: false x-insertionOrder: false - type: array items: $ref: '#/components/schemas/Tag' + Options: + description: The options for the transit gateway vpc attachment. + type: object + properties: + DnsSupport: + description: 'Indicates whether to enable DNS Support for Vpc Attachment. Valid Values: enable | disable' + type: string + Ipv6Support: + description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' + type: string + ApplianceModeSupport: + description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' + type: string + SecurityGroupReferencingSupport: + description: 'Indicates whether to enable Security Group referencing support for Vpc Attachment. Valid values: enable | disable' + type: string + additionalProperties: false required: - SubnetIds - VpcId @@ -7898,10 +9586,10 @@ components: taggable: true tagOnCreate: true tagUpdatable: true - tagProperty: /properties/Tags cloudFormationSystemTags: false + tagProperty: /properties/Tags x-required-permissions: - read: + create: - ec2:DescribeTransitGatewayAttachments - ec2:DescribeTransitGatewayVpcAttachments - ec2:CreateTransitGatewayVpcAttachment @@ -7911,7 +9599,7 @@ components: - ec2:DescribeTags - ec2:DescribeTransitGatewayAttachments - ec2:ModifyTransitGatewayVpcAttachment - create: + read: - ec2:DescribeTransitGatewayAttachments - ec2:DescribeTransitGatewayVpcAttachments - ec2:CreateTransitGatewayVpcAttachment @@ -7921,14 +9609,15 @@ components: - ec2:DescribeTags - ec2:DescribeTransitGatewayAttachments - ec2:ModifyTransitGatewayVpcAttachment - update: + delete: - ec2:DescribeTransitGatewayAttachments - ec2:DescribeTransitGatewayVpcAttachments - - ec2:DescribeTags - ec2:CreateTransitGatewayVpcAttachment - - ec2:CreateTags - ec2:DeleteTransitGatewayVpcAttachment + - ec2:CreateTags - ec2:DeleteTags + - ec2:DescribeTags + - ec2:DescribeTransitGatewayAttachments - ec2:ModifyTransitGatewayVpcAttachment list: - ec2:DescribeTransitGatewayAttachments @@ -7939,15 +9628,14 @@ components: - ec2:DeleteTransitGatewayVpcAttachment - ec2:DeleteTags - ec2:ModifyTransitGatewayVpcAttachment - delete: + update: - ec2:DescribeTransitGatewayAttachments - ec2:DescribeTransitGatewayVpcAttachments + - ec2:DescribeTags - ec2:CreateTransitGatewayVpcAttachment - - ec2:DeleteTransitGatewayVpcAttachment - ec2:CreateTags + - ec2:DeleteTransitGatewayVpcAttachment - ec2:DeleteTags - - ec2:DescribeTags - - ec2:DescribeTransitGatewayAttachments - ec2:ModifyTransitGatewayVpcAttachment NetworkInterfaceOptions: description: The options for network-interface type endpoint. @@ -7988,9 +9676,6 @@ components: items: $ref: '#/components/schemas/SubnetId' additionalProperties: false - SubnetId: - description: The IDs of the subnet. - type: string SseSpecification: description: The configuration options for customer provided KMS encryption. type: object @@ -8118,12 +9803,14 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DescribeTags + - ec2:DeleteTags x-required-permissions: create: - ec2:CreateVerifiedAccessEndpoint - ec2:DescribeVerifiedAccessEndpoints - - ec2:CreateTags - - ec2:DescribeTags - iam:CreateServiceLinkedRole - iam:ListRoles - acm:GetCertificateWithPK @@ -8140,8 +9827,9 @@ components: - elasticloadbalancing:DescribeLoadBalancers - elasticloadbalancing:DescribeListeners - elasticloadbalancing:DescribeListenerCertificates + - ec2:CreateTags + - ec2:DescribeTags - acm:DeleteCertificateRelation - - ec2:DeleteTags - ec2:DeleteVerifiedAccessEndpoint - ec2:GetVerifiedAccessEndpointPolicy - ec2:ModifyVerifiedAccessEndpoint @@ -8160,9 +9848,7 @@ components: - acm:DeleteCertificateRelation - acm:DescribeCertificate - acm:GetCertificateWithPK - - ec2:CreateTags - ec2:CreateVerifiedAccessEndpoint - - ec2:DeleteTags - ec2:DeleteVerifiedAccessEndpoint - ec2:DescribeAccountAttributes - ec2:DescribeNetworkInterfaces @@ -8190,9 +9876,6 @@ components: - ec2:ModifyVerifiedAccessEndpointPolicy - ec2:DescribeVerifiedAccessEndpoints - ec2:GetVerifiedAccessEndpointPolicy - - ec2:DescribeTags - - ec2:DeleteTags - - ec2:CreateTags - acm:GetCertificateWithPK - acm:DescribeCertificate - acm:CreateCertificateRelation @@ -8209,6 +9892,9 @@ components: - elasticloadbalancing:DescribeLoadBalancers - elasticloadbalancing:DescribeListeners - elasticloadbalancing:DescribeListenerCertificates + - ec2:DescribeTags + - ec2:DeleteTags + - ec2:CreateTags - ec2:CreateVerifiedAccessEndpoint - ec2:DeleteVerifiedAccessEndpoint - iam:CreateServiceLinkedRole @@ -8220,15 +9906,14 @@ components: - kms:Decrypt delete: - ec2:DescribeVerifiedAccessEndpoints - - ec2:DescribeTags - ec2:DeleteVerifiedAccessEndpoint + - ec2:DescribeTags - ec2:DeleteTags - sso:DeleteManagedApplicationInstance - acm:DeleteCertificateRelation - acm:DescribeCertificate - acm:CreateCertificateRelation - acm:GetCertificateWithPK - - ec2:CreateTags - ec2:CreateVerifiedAccessEndpoint - ec2:DescribeAccountAttributes - ec2:DescribeNetworkInterfaces @@ -8258,9 +9943,7 @@ components: - acm:DeleteCertificateRelation - acm:DescribeCertificate - acm:GetCertificateWithPK - - ec2:CreateTags - ec2:CreateVerifiedAccessEndpoint - - ec2:DeleteTags - ec2:DeleteVerifiedAccessEndpoint - ec2:DescribeAccountAttributes - ec2:DescribeNetworkInterfaces @@ -8345,6 +10028,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DescribeTags + - ec2:DeleteTags x-required-permissions: create: - ec2:CreateVerifiedAccessGroup @@ -8473,6 +10160,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DescribeTags + - ec2:DeleteTags x-required-permissions: create: - ec2:CreateVerifiedAccessTrustProvider @@ -8628,6 +10319,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DescribeTags + - ec2:DeleteTags x-required-permissions: create: - ec2:CreateVerifiedAccessInstance @@ -8635,6 +10330,8 @@ components: - ec2:ModifyVerifiedAccessInstanceLoggingConfiguration - ec2:DescribeVerifiedAccessInstances - ec2:DescribeVerifiedAccessInstanceLoggingConfigurations + - ec2:DetachVerifiedAccessTrustProvider + - ec2:DeleteVerifiedAccessInstance - ec2:CreateTags - ec2:DescribeTags - logs:CreateLogDelivery @@ -8748,9 +10445,6 @@ components: Id: description: '' type: string - InstanceId: - description: The ID of the instance to which the volume attaches - type: string Device: description: The device name type: string @@ -8811,8 +10505,8 @@ components: InstanceTenancy: description: |- The allowed tenancy of instances launched into the VPC. - + ``default``: An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch. - + ``dedicated``: An instance launched into the VPC runs on dedicated hardware by default, unless you explicitly specify a tenancy of ``host`` during instance launch. You cannot specify a tenancy of ``default`` during instance launch. + + ``default``: An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch. + + ``dedicated``: An instance launched into the VPC runs on dedicated hardware by default, unless you explicitly specify a tenancy of ``host`` during instance launch. You cannot specify a tenancy of ``default`` during instance launch. Updating ``InstanceTenancy`` requires no replacement only if you are updating its value from ``dedicated`` to ``default``. Updating ``InstanceTenancy`` from ``default`` to ``dedicated`` requires replacement. type: string @@ -8871,7 +10565,7 @@ components: x-stackql-resource-name: vpc description: |- Specifies a virtual private cloud (VPC). - You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). + To add an IPv6 CIDR block to the VPC, see [AWS::EC2::VPCCidrBlock](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpccidrblock.html). For more information, see [Virtual private clouds (VPC)](https://docs.aws.amazon.com/vpc/latest/userguide/configure-your-vpc.html) in the *Amazon VPC User Guide*. x-type-name: AWS::EC2::VPC x-stackql-primary-identifier: @@ -8892,6 +10586,9 @@ components: - Ipv6CidrBlocks - VpcId x-tagging: + permissions: + - ec2:DeleteTags + - ec2:CreateTags taggable: true tagOnCreate: true tagUpdatable: true @@ -8918,6 +10615,111 @@ components: delete: - ec2:DeleteVpc - ec2:DescribeVpcs + VPCBlockPublicAccessExclusion: + type: object + properties: + ExclusionId: + type: string + description: The ID of the exclusion + InternetGatewayExclusionMode: + description: The desired Block Public Access Exclusion Mode for a specific VPC/Subnet. + type: string + enum: + - allow-bidirectional + - allow-egress + VpcId: + type: string + description: The ID of the vpc. Required only if you don't specify SubnetId. + SubnetId: + type: string + description: The ID of the subnet. Required only if you don't specify VpcId + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - InternetGatewayExclusionMode + x-stackql-resource-name: vpc_block_public_access_exclusion + description: Resource Type definition for AWS::EC2::VPCBlockPublicAccessExclusion. + x-type-name: AWS::EC2::VPCBlockPublicAccessExclusion + x-stackql-primary-identifier: + - ExclusionId + x-create-only-properties: + - VpcId + - SubnetId + x-read-only-properties: + - ExclusionId + x-required-properties: + - InternetGatewayExclusionMode + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DeleteTags + x-required-permissions: + create: + - ec2:DescribeVpcBlockPublicAccessExclusions + - ec2:CreateVpcBlockPublicAccessExclusion + - ec2:CreateTags + read: + - ec2:DescribeVpcBlockPublicAccessExclusions + update: + - ec2:DescribeVpcBlockPublicAccessExclusions + - ec2:ModifyVpcBlockPublicAccessExclusion + - ec2:CreateTags + - ec2:DeleteTags + delete: + - ec2:DescribeVpcBlockPublicAccessExclusions + - ec2:DeleteVpcBlockPublicAccessExclusion + list: + - ec2:DescribeVpcBlockPublicAccessExclusions + VPCBlockPublicAccessOptions: + type: object + properties: + InternetGatewayBlockMode: + description: The desired Block Public Access mode for Internet Gateways in your account. We do not allow to create in a off mode as this is the default value + type: string + enum: + - block-bidirectional + - block-ingress + AccountId: + type: string + description: The identifier for the specified AWS account. + required: + - InternetGatewayBlockMode + x-stackql-resource-name: vpc_block_public_access_options + description: Resource Type definition for AWS::EC2::VPCBlockPublicAccessOptions + x-type-name: AWS::EC2::VPCBlockPublicAccessOptions + x-stackql-primary-identifier: + - AccountId + x-read-only-properties: + - AccountId + x-required-properties: + - InternetGatewayBlockMode + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ec2:DescribeVpcBlockPublicAccessOptions + - ec2:ModifyVpcBlockPublicAccessOptions + read: + - ec2:DescribeVpcBlockPublicAccessOptions + update: + - ec2:DescribeVpcBlockPublicAccessOptions + - ec2:ModifyVpcBlockPublicAccessOptions + delete: + - ec2:DescribeVpcBlockPublicAccessOptions + - ec2:ModifyVpcBlockPublicAccessOptions VPCCidrBlock: type: object properties: @@ -8951,6 +10753,15 @@ components: AmazonProvidedIpv6CidrBlock: type: boolean description: Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses, or the size of the CIDR block. + Ipv6AddressAttribute: + type: string + description: The value denoting whether an IPv6 VPC CIDR Block is public or private. + IpSource: + type: string + description: The IP Source of an IPv6 VPC CIDR Block. + Ipv6CidrBlockNetworkBorderGroup: + type: string + description: The name of the location from which we advertise the IPV6 CIDR block. required: - VpcId x-stackql-resource-name: vpc_cidr_block @@ -8969,6 +10780,7 @@ components: - Ipv4NetmaskLength - Ipv6IpamPoolId - Ipv6NetmaskLength + - Ipv6CidrBlockNetworkBorderGroup x-write-only-properties: - Ipv4IpamPoolId - Ipv4NetmaskLength @@ -8976,6 +10788,8 @@ components: - Ipv6NetmaskLength x-read-only-properties: - Id + - Ipv6AddressAttribute + - IpSource x-required-properties: - VpcId x-tagging: @@ -9033,86 +10847,148 @@ components: - ec2:DescribeVpcs list: - ec2:DescribeVpcs - VPCEndpoint: + DnsOptionsSpecification: + description: '' + additionalProperties: false type: object properties: - Id: + PrivateDnsOnlyForInboundResolverEndpoint: type: string + enum: + - OnlyInboundResolver + - AllResolvers + - NotSpecified + DnsRecordIpType: + type: string + enum: + - ipv4 + - ipv6 + - dualstack + - service-defined + - not-specified + VPCEndpoint: + type: object + properties: + PrivateDnsEnabled: + description: >- + Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, ``kinesis.us-east-1.amazonaws.com``), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC + endpoint service. + To use a private hosted zone, you must set the following VPC attributes to ``true``: ``enableDnsHostnames`` and ``enableDnsSupport``. + This property is supported only for interface endpoints. + Default: ``false`` + type: boolean + IpAddressType: description: '' + type: string + enum: + - ipv4 + - ipv6 + - dualstack + - not-specified CreationTimestamp: + description: '' type: string + DnsOptions: description: '' - DnsEntries: - type: array + $ref: '#/components/schemas/DnsOptionsSpecification' + NetworkInterfaceIds: uniqueItems: false + description: '' x-insertionOrder: false + type: array items: type: string - description: '' - NetworkInterfaceIds: - type: array + DnsEntries: uniqueItems: false + description: '' x-insertionOrder: false + type: array items: type: string + ResourceConfigurationArn: description: '' - PolicyDocument: - type: object - description: |- - An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. - PrivateDnsEnabled: - type: boolean - description: >- - Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, ``kinesis.us-east-1.amazonaws.com``), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC - endpoint service. - To use a private hosted zone, you must set the following VPC attributes to ``true``: ``enableDnsHostnames`` and ``enableDnsSupport``. - This property is supported only for interface endpoints. - Default: ``false`` - RouteTableIds: - type: array - description: The IDs of the route tables. Routing is supported only for gateway endpoints. + type: string + SecurityGroupIds: uniqueItems: true + description: The IDs of the security groups to associate with the endpoint network interfaces. If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints. x-insertionOrder: false + type: array items: + anyOf: + - relationshipRef: + typeName: AWS::EC2::SecurityGroup + propertyPath: /properties/GroupId + - relationshipRef: + typeName: AWS::EC2::SecurityGroup + propertyPath: /properties/Id + - relationshipRef: + typeName: AWS::EC2::VPC + propertyPath: /properties/DefaultSecurityGroup type: string - SecurityGroupIds: - type: array - description: The IDs of the security groups to associate with the endpoint network interfaces. If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints. + SubnetIds: uniqueItems: true + description: The IDs of the subnets in which to create endpoint network interfaces. You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can't specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet. x-insertionOrder: false + type: array items: + relationshipRef: + typeName: AWS::EC2::Subnet + propertyPath: /properties/SubnetId type: string - ServiceName: + ServiceNetworkArn: + description: '' type: string - description: The name of the endpoint service. - SubnetIds: - type: array - description: The IDs of the subnets in which to create endpoint network interfaces. You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can't specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet. + VpcId: + description: The ID of the VPC. + type: string + RouteTableIds: uniqueItems: true + description: The IDs of the route tables. Routing is supported only for gateway endpoints. x-insertionOrder: false + type: array items: + relationshipRef: + typeName: AWS::EC2::RouteTable + propertyPath: /properties/RouteTableId type: string + ServiceName: + description: The name of the endpoint service. + type: string + PolicyDocument: + description: |- + An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. + For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` + type: object VpcEndpointType: + description: |- + The type of endpoint. + Default: Gateway type: string enum: - Interface - Gateway - GatewayLoadBalancer - description: |- - The type of endpoint. - Default: Gateway - VpcId: + - ServiceNetwork + - Resource + Id: + description: '' type: string - description: The ID of the VPC. + Tags: + uniqueItems: false + description: '' + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' required: - VpcId - - ServiceName x-stackql-resource-name: vpc_endpoint description: |- Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS, an MKT Partner, or another AWS accounts in your organization. For more information, see the [User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/). An endpoint of type ``Interface`` establishes connections between the subnets in your VPC and an AWS-service, your own service, or a service hosted by another AWS-account. With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces. - An endpoint of type ``gateway`` serves as a target for a route in your route table for traffic destined for S3 or DDB. You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to S3, see [W + An endpoint of type ``gateway`` serves as a target for a route in your route table for traffic destined for S3 or DDB. You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to S3, see [Why can't I connect to an S3 bucket using a gateway VPC endpoint?](https://docs.aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint) + An endpoint of type ``GatewayLoadBalancer`` provides private connectivity between your VPC and virtual appliances from a service provider. x-type-name: AWS::EC2::VPCEndpoint x-stackql-primary-identifier: - Id @@ -9120,6 +10996,8 @@ components: - ServiceName - VpcEndpointType - VpcId + - ServiceNetworkArn + - ResourceConfigurationArn x-read-only-properties: - NetworkInterfaceIds - CreationTimestamp @@ -9127,48 +11005,75 @@ components: - Id x-required-properties: - VpcId - - ServiceName x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false + permissions: + - ec2:CreateTags + - ec2:DeleteTags + - ec2:DescribeVpcEndpoints + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags cloudFormationSystemTags: false x-required-permissions: + read: + - ec2:DescribeVpcEndpoints + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation create: - ec2:CreateVpcEndpoint - ec2:DescribeVpcEndpoints - read: - - ec2:DescribeVpcEndpoints + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - vpc-lattice:CreateServiceNetworkVpcEndpointAssociation + - vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation + - ec2:CreateTags + - ec2:DeleteTags update: - ec2:ModifyVpcEndpoint - ec2:DescribeVpcEndpoints + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - vpc-lattice:CreateServiceNetworkVpcEndpointAssociation + - vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation + - ec2:CreateTags + - ec2:DeleteTags + list: + - ec2:DescribeVpcEndpoints + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation delete: - ec2:DeleteVpcEndpoints - ec2:DescribeVpcEndpoints - list: - - ec2:DescribeVpcEndpoints + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation + - ec2:CreateTags + - ec2:DeleteTags VPCEndpointConnectionNotification: type: object properties: - VPCEndpointConnectionNotificationId: - description: VPC Endpoint Connection ID generated by service - type: string ConnectionEvents: - description: The endpoint events for which to receive notifications. - type: array uniqueItems: false + description: The endpoint events for which to receive notifications. x-insertionOrder: false + type: array items: type: string + VPCEndpointId: + description: The ID of the endpoint. + type: string + VPCEndpointConnectionNotificationId: + description: VPC Endpoint Connection ID generated by service + type: string ConnectionNotificationArn: description: The ARN of the SNS topic for the notifications. type: string ServiceId: description: The ID of the endpoint service. type: string - VPCEndpointId: - description: The ID of the endpoint. - type: string required: - ConnectionEvents - ConnectionNotificationArn @@ -9191,17 +11096,17 @@ components: tagUpdatable: false cloudFormationSystemTags: false x-required-permissions: - create: - - ec2:CreateVpcEndpointConnectionNotification read: - ec2:DescribeVpcEndpointConnectionNotifications + create: + - ec2:CreateVpcEndpointConnectionNotification update: - ec2:ModifyVpcEndpointConnectionNotification - ec2:DescribeVpcEndpointConnectionNotifications - delete: - - ec2:DeleteVpcEndpointConnectionNotifications list: - ec2:DescribeVpcEndpointConnectionNotifications + delete: + - ec2:DeleteVpcEndpointConnectionNotifications VPCEndpointService: type: object properties: @@ -9210,6 +11115,9 @@ components: uniqueItems: false items: type: string + relationshipRef: + typeName: AWS::ElasticLoadBalancingV2::LoadBalancer + propertyPath: /properties/LoadBalancerArn ContributorInsightsEnabled: type: boolean PayerResponsibility: @@ -9223,6 +11131,13 @@ components: uniqueItems: false items: type: string + Tags: + type: array + description: The tags to add to the VPC endpoint service. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' x-stackql-resource-name: vpc_endpoint_service description: Resource Type definition for AWS::EC2::VPCEndpointService x-type-name: AWS::EC2::VPCEndpointService @@ -9233,27 +11148,32 @@ components: x-read-only-properties: - ServiceId x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false + taggable: true + tagOnCreate: true + tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DeleteTags x-required-permissions: create: - ec2:CreateVpcEndpointServiceConfiguration - - ec2:ModifyVpcEndpointServiceConfiguration - ec2:ModifyVpcEndpointServicePayerResponsibility - cloudwatch:ListManagedInsightRules - cloudwatch:DeleteInsightRules - cloudwatch:PutManagedInsightRules - ec2:DescribeVpcEndpointServiceConfigurations + - ec2:CreateTags update: - ec2:ModifyVpcEndpointServiceConfiguration - - ec2:DeleteVpcEndpointServiceConfigurations - ec2:DescribeVpcEndpointServiceConfigurations - ec2:ModifyVpcEndpointServicePayerResponsibility - cloudwatch:ListManagedInsightRules - cloudwatch:DeleteInsightRules - cloudwatch:PutManagedInsightRules + - ec2:CreateTags + - ec2:DeleteTags read: - ec2:DescribeVpcEndpointServiceConfigurations - cloudwatch:ListManagedInsightRules @@ -9262,6 +11182,7 @@ components: - ec2:DescribeVpcEndpointServiceConfigurations - cloudwatch:ListManagedInsightRules - cloudwatch:DeleteInsightRules + - ec2:DeleteTags list: - ec2:DescribeVpcEndpointServiceConfigurations - cloudwatch:ListManagedInsightRules @@ -9269,8 +11190,8 @@ components: type: object properties: AllowedPrincipals: - type: array uniqueItems: false + type: array items: type: string ServiceId: @@ -9292,27 +11213,27 @@ components: tagUpdatable: false cloudFormationSystemTags: false x-required-permissions: - create: + read: - ec2:CreateVpcEndpointServicePermissions - ec2:ModifyVpcEndpointServicePermissions - ec2:DeleteVpcEndpointServicePermissions - ec2:DescribeVpcEndpointServicePermissions - update: + create: - ec2:CreateVpcEndpointServicePermissions - ec2:ModifyVpcEndpointServicePermissions - ec2:DeleteVpcEndpointServicePermissions - ec2:DescribeVpcEndpointServicePermissions - read: + update: - ec2:CreateVpcEndpointServicePermissions - ec2:ModifyVpcEndpointServicePermissions - ec2:DeleteVpcEndpointServicePermissions - ec2:DescribeVpcEndpointServicePermissions - delete: + list: - ec2:CreateVpcEndpointServicePermissions - ec2:ModifyVpcEndpointServicePermissions - ec2:DeleteVpcEndpointServicePermissions - ec2:DescribeVpcEndpointServicePermissions - list: + delete: - ec2:CreateVpcEndpointServicePermissions - ec2:ModifyVpcEndpointServicePermissions - ec2:DeleteVpcEndpointServicePermissions @@ -9379,27 +11300,27 @@ components: VPCPeeringConnection: type: object properties: - Id: - type: string - PeerOwnerId: - description: The AWS account ID of the owner of the accepter VPC. - type: string - PeerRegion: - description: The Region code for the accepter VPC, if the accepter VPC is located in a Region other than the Region in which you make the request. - type: string PeerRoleArn: description: The Amazon Resource Name (ARN) of the VPC peer role for the peering connection in another AWS account. type: string + VpcId: + description: The ID of the VPC. + type: string PeerVpcId: description: The ID of the VPC with which you are creating the VPC peering connection. You must specify this parameter in the request. type: string - VpcId: - description: The ID of the VPC. + Id: + type: string + PeerRegion: + description: The Region code for the accepter VPC, if the accepter VPC is located in a Region other than the Region in which you make the request. + type: string + PeerOwnerId: + description: The AWS account ID of the owner of the accepter VPC. type: string Tags: - type: array uniqueItems: false x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' required: @@ -9424,77 +11345,419 @@ components: - VpcId - PeerVpcId x-tagging: + permissions: + - ec2:CreateTags + - ec2:DeleteTags taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: true tagProperty: /properties/Tags + cloudFormationSystemTags: true x-required-permissions: + read: + - ec2:DescribeVpcPeeringConnections create: - ec2:CreateVpcPeeringConnection - ec2:DescribeVpcPeeringConnections - ec2:AcceptVpcPeeringConnection - ec2:CreateTags - sts:AssumeRole - read: - - ec2:DescribeVpcPeeringConnections update: - ec2:CreateTags - ec2:DeleteTags - ec2:DescribeVpcPeeringConnections + list: + - ec2:DescribeVpcPeeringConnections delete: - ec2:DeleteVpcPeeringConnection - ec2:DescribeVpcPeeringConnections - list: - - ec2:DescribeVpcPeeringConnections - VpnTunnelOptionsSpecification: + CloudwatchLogOptionsSpecification: + description: Options for sending VPN tunnel logs to CloudWatch. + additionalProperties: false type: object + properties: + LogEnabled: + description: |- + Enable or disable VPN tunnel logging feature. Default value is ``False``. + Valid values: ``True`` | ``False`` + type: boolean + LogOutputFormat: + description: |- + Set log format. Default format is ``json``. + Valid values: ``json`` | ``text`` + type: string + enum: + - json + - text + LogGroupArn: + description: The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to. + type: string + Phase1IntegrityAlgorithmsRequestListValue: + description: Specifies the integrity algorithm for the VPN tunnel for phase 1 IKE negotiations. additionalProperties: false + type: object properties: - PreSharedKey: + Value: + description: The value for the integrity algorithm. + type: string + enum: + - SHA1 + - SHA2-256 + - SHA2-384 + - SHA2-512 + Phase2EncryptionAlgorithmsRequestListValue: + description: Specifies the encryption algorithm for the VPN tunnel for phase 2 IKE negotiations. + additionalProperties: false + type: object + properties: + Value: + description: The encryption algorithm. + type: string + enum: + - AES128 + - AES256 + - AES128-GCM-16 + - AES256-GCM-16 + Phase2IntegrityAlgorithmsRequestListValue: + description: Specifies the integrity algorithm for the VPN tunnel for phase 2 IKE negotiations. + additionalProperties: false + type: object + properties: + Value: + description: The integrity algorithm. + type: string + enum: + - SHA1 + - SHA2-256 + - SHA2-384 + - SHA2-512 + Phase1DHGroupNumbersRequestListValue: + description: Specifies a Diffie-Hellman group number for the VPN tunnel for phase 1 IKE negotiations. + additionalProperties: false + type: object + properties: + Value: + description: The Diffie-Hellmann group number. + type: integer + enum: + - 2 + - 14 + - 15 + - 16 + - 17 + - 18 + - 19 + - 20 + - 21 + - 22 + - 23 + - 24 + VpnTunnelOptionsSpecification: + description: The tunnel options for a single VPN tunnel. + additionalProperties: false + type: object + properties: + Phase2EncryptionAlgorithms: + uniqueItems: false + description: |- + One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. + Valid values: ``AES128`` | ``AES256`` | ``AES128-GCM-16`` | ``AES256-GCM-16`` + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Phase2EncryptionAlgorithmsRequestListValue' + Phase2DHGroupNumbers: + uniqueItems: false + description: |- + One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations. + Valid values: ``2`` | ``5`` | ``14`` | ``15`` | ``16`` | ``17`` | ``18`` | ``19`` | ``20`` | ``21`` | ``22`` | ``23`` | ``24`` + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Phase2DHGroupNumbersRequestListValue' + TunnelInsideIpv6Cidr: + description: |- + The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway. + Constraints: A size /126 CIDR block from the local ``fd00::/8`` range. + type: string + StartupAction: + description: |- + The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify ``start`` for AWS to initiate the IKE negotiation. + Valid Values: ``add`` | ``start`` + Default: ``add`` type: string + enum: + - add + - start TunnelInsideCidr: + description: |- + The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. + Constraints: A size /30 CIDR block from the ``169.254.0.0/16`` range. The following CIDR blocks are reserved and cannot be used: + + ``169.254.0.0/30`` + + ``169.254.1.0/30`` + + ``169.254.2.0/30`` + + ``169.254.3.0/30`` + + ``169.254.4.0/30`` + + ``169.254.5.0/30`` + + ``169.254.169.252/30`` + type: string + IKEVersions: + uniqueItems: false + description: |- + The IKE versions that are permitted for the VPN tunnel. + Valid values: ``ikev1`` | ``ikev2`` + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/IKEVersionsRequestListValue' + LogOptions: + description: Options for logging VPN tunnel activity. + $ref: '#/components/schemas/VpnTunnelLogOptionsSpecification' + Phase1DHGroupNumbers: + uniqueItems: false + description: |- + One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations. + Valid values: ``2`` | ``14`` | ``15`` | ``16`` | ``17`` | ``18`` | ``19`` | ``20`` | ``21`` | ``22`` | ``23`` | ``24`` + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Phase1DHGroupNumbersRequestListValue' + ReplayWindowSize: + description: |- + The number of packets in an IKE replay window. + Constraints: A value between 64 and 2048. + Default: ``1024`` + maximum: 2048 + type: integer + minimum: 64 + EnableTunnelLifecycleControl: + description: Turn on or off tunnel endpoint lifecycle control feature. + type: boolean + RekeyMarginTimeSeconds: + description: |- + The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for ``RekeyFuzzPercentage``. + Constraints: A value between 60 and half of ``Phase2LifetimeSeconds``. + Default: ``270`` + type: integer + minimum: 60 + DPDTimeoutAction: + description: |- + The action to take after DPD timeout occurs. Specify ``restart`` to restart the IKE initiation. Specify ``clear`` to end the IKE session. + Valid Values: ``clear`` | ``none`` | ``restart`` + Default: ``clear`` + type: string + enum: + - clear + - none + - restart + Phase2LifetimeSeconds: + description: |- + The lifetime for phase 2 of the IKE negotiation, in seconds. + Constraints: A value between 900 and 3,600. The value must be less than the value for ``Phase1LifetimeSeconds``. + Default: ``3600`` + maximum: 3600 + type: integer + minimum: 900 + Phase2IntegrityAlgorithms: + uniqueItems: false + description: |- + One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. + Valid values: ``SHA1`` | ``SHA2-256`` | ``SHA2-384`` | ``SHA2-512`` + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Phase2IntegrityAlgorithmsRequestListValue' + Phase1IntegrityAlgorithms: + uniqueItems: false + description: |- + One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. + Valid values: ``SHA1`` | ``SHA2-256`` | ``SHA2-384`` | ``SHA2-512`` + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Phase1IntegrityAlgorithmsRequestListValue' + PreSharedKey: + description: |- + The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway. + Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0). + type: string + Phase1LifetimeSeconds: + description: |- + The lifetime for phase 1 of the IKE negotiation, in seconds. + Constraints: A value between 900 and 28,800. + Default: ``28800`` + maximum: 28800 + type: integer + minimum: 900 + RekeyFuzzPercentage: + description: |- + The percentage of the rekey window (determined by ``RekeyMarginTimeSeconds``) during which the rekey time is randomly selected. + Constraints: A value between 0 and 100. + Default: ``100`` + maximum: 100 + type: integer + minimum: 0 + Phase1EncryptionAlgorithms: + uniqueItems: false + description: |- + One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. + Valid values: ``AES128`` | ``AES256`` | ``AES128-GCM-16`` | ``AES256-GCM-16`` + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Phase1EncryptionAlgorithmsRequestListValue' + DPDTimeoutSeconds: + description: |- + The number of seconds after which a DPD timeout occurs. + Constraints: A value greater than or equal to 30. + Default: ``30`` + type: integer + minimum: 30 + Phase1EncryptionAlgorithmsRequestListValue: + description: Specifies the encryption algorithm for the VPN tunnel for phase 1 IKE negotiations. + additionalProperties: false + type: object + properties: + Value: + description: The value for the encryption algorithm. type: string + enum: + - AES128 + - AES256 + - AES128-GCM-16 + - AES256-GCM-16 + IKEVersionsRequestListValue: + description: The IKE version that is permitted for the VPN tunnel. + additionalProperties: false + type: object + properties: + Value: + description: The IKE version. + type: string + enum: + - ikev1 + - ikev2 + VpnTunnelLogOptionsSpecification: + description: Options for logging VPN tunnel activity. + additionalProperties: false + type: object + properties: + CloudwatchLogOptions: + description: Options for sending VPN tunnel logs to CloudWatch. + $ref: '#/components/schemas/CloudwatchLogOptionsSpecification' + Phase2DHGroupNumbersRequestListValue: + description: Specifies a Diffie-Hellman group number for the VPN tunnel for phase 2 IKE negotiations. + additionalProperties: false + type: object + properties: + Value: + description: The Diffie-Hellmann group number. + type: integer + enum: + - 2 + - 5 + - 14 + - 15 + - 16 + - 17 + - 18 + - 19 + - 20 + - 21 + - 22 + - 23 + - 24 VPNConnection: type: object properties: - VpnConnectionId: - description: The provider-assigned unique ID for this managed resource + RemoteIpv6NetworkCidr: + description: |- + The IPv6 CIDR on the AWS side of the VPN connection. + Default: ``::/0`` + type: string + RemoteIpv4NetworkCidr: + description: |- + The IPv4 CIDR on the AWS side of the VPN connection. + Default: ``0.0.0.0/0`` type: string + VpnTunnelOptionsSpecifications: + uniqueItems: false + description: The tunnel options for the VPN connection. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/VpnTunnelOptionsSpecification' CustomerGatewayId: description: The ID of the customer gateway at your end of the VPN connection. type: string + OutsideIpAddressType: + description: |- + The type of IPv4 address assigned to the outside interface of the customer gateway device. + Valid values: ``PrivateIpv4`` | ``PublicIpv4`` + Default: ``PublicIpv4`` + type: string StaticRoutesOnly: - description: Indicates whether the VPN connection uses static routes only. + description: |- + Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. + If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify ``true``. + type: boolean + EnableAcceleration: + description: |- + Indicate whether to enable acceleration for the VPN connection. + Default: ``false`` type: boolean - Tags: - description: Any tags assigned to the VPN connection. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' TransitGatewayId: - description: The ID of the transit gateway associated with the VPN connection. + description: |- + The ID of the transit gateway associated with the VPN connection. + You must specify either ``TransitGatewayId`` or ``VpnGatewayId``, but not both. type: string Type: description: The type of VPN connection. type: string + LocalIpv4NetworkCidr: + description: |- + The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. + Default: ``0.0.0.0/0`` + type: string VpnGatewayId: - description: The ID of the virtual private gateway at the AWS side of the VPN connection. + description: |- + The ID of the virtual private gateway at the AWS side of the VPN connection. + You must specify either ``TransitGatewayId`` or ``VpnGatewayId``, but not both. type: string - VpnTunnelOptionsSpecifications: - description: The tunnel options for the VPN connection. - type: array + TransportTransitGatewayAttachmentId: + description: |- + The transit gateway attachment ID to use for the VPN tunnel. + Required if ``OutsideIpAddressType`` is set to ``PrivateIpv4``. + type: string + LocalIpv6NetworkCidr: + description: |- + The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. + Default: ``::/0`` + type: string + VpnConnectionId: + description: '' + type: string + TunnelInsideIpVersion: + description: |- + Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. + Default: ``ipv4`` + type: string + Tags: uniqueItems: false + description: Any tags assigned to the VPN connection. x-insertionOrder: false + type: array items: - $ref: '#/components/schemas/VpnTunnelOptionsSpecification' + $ref: '#/components/schemas/Tag' required: - Type - CustomerGatewayId x-stackql-resource-name: vpn_connection - description: Resource Type definition for AWS::EC2::VPNConnection + description: |- + Specifies a VPN connection between a virtual private gateway and a VPN customer gateway or a transit gateway and a VPN customer gateway. + To specify a VPN connection between a transit gateway and customer gateway, use the ``TransitGatewayId`` and ``CustomerGatewayId`` properties. + To specify a VPN connection between a virtual private gateway and customer gateway, use the ``VpnGatewayId`` and ``CustomerGatewayId`` properties. + For more information, see [](https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the *User Guide*. x-type-name: AWS::EC2::VPNConnection x-stackql-primary-identifier: - VpnConnectionId @@ -9503,36 +11766,46 @@ components: - CustomerGatewayId - VpnGatewayId - TransitGatewayId - - VpnTunnelOptionsSpecifications + - EnableAcceleration + - LocalIpv4NetworkCidr + - LocalIpv6NetworkCidr + - OutsideIpAddressType + - RemoteIpv4NetworkCidr + - RemoteIpv6NetworkCidr - StaticRoutesOnly + - TransportTransitGatewayAttachmentId + - TunnelInsideIpVersion + - VpnTunnelOptionsSpecifications x-read-only-properties: - VpnConnectionId x-required-properties: - Type - CustomerGatewayId x-tagging: + permissions: + - ec2:CreateTags + - ec2:DeleteTags taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: false tagProperty: /properties/Tags + cloudFormationSystemTags: false x-required-permissions: + read: + - ec2:DescribeVpnConnections create: - ec2:DescribeVpnConnections - ec2:CreateVpnConnection - ec2:CreateTags - delete: - - ec2:DescribeVpnConnections - - ec2:DeleteVpnConnection - - ec2:DeleteTags update: - ec2:DescribeVpnConnections - ec2:CreateTags - ec2:DeleteTags - read: - - ec2:DescribeVpnConnections list: - ec2:DescribeVpnConnections + delete: + - ec2:DescribeVpnConnections + - ec2:DeleteVpnConnection VPNConnectionRoute: type: object properties: @@ -9546,7 +11819,9 @@ components: - DestinationCidrBlock - VpnConnectionId x-stackql-resource-name: vpn_connection_route - description: Resource Type definition for AWS::EC2::VPNConnectionRoute + description: |- + Specifies a static route for a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway. + For more information, see [](https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the *User Guide*. x-type-name: AWS::EC2::VPNConnectionRoute x-stackql-primary-identifier: - DestinationCidrBlock @@ -9560,21 +11835,21 @@ components: x-tagging: taggable: false x-required-permissions: + read: + - ec2:DescribeVpnConnections create: - ec2:CreateVpnConnectionRoute - ec2:DescribeVpnConnections - read: + list: - ec2:DescribeVpnConnections delete: - ec2:DeleteVpnConnectionRoute - ec2:DescribeVpnConnections - list: - - ec2:DescribeVpnConnections VPNGateway: type: object properties: VPNGatewayId: - description: VPN Gateway ID generated by service + description: '' type: string AmazonSideAsn: description: The private Autonomous System Number (ASN) for the Amazon side of a BGP session. @@ -9593,7 +11868,9 @@ components: required: - Type x-stackql-resource-name: vpn_gateway - description: Schema for EC2 VPN Gateway + description: |- + Specifies a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself. + For more information, see [](https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the *User Guide*. x-type-name: AWS::EC2::VPNGateway x-stackql-primary-identifier: - VPNGatewayId @@ -9610,17 +11887,23 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - ec2:CreateTags + - ec2:DeleteTags x-required-permissions: create: - ec2:CreateVpnGateway - ec2:DescribeVpnGateways + - ec2:CreateTags read: - ec2:DescribeVpnGateways update: + - ec2:DescribeVpnGateways - ec2:CreateTags - ec2:DeleteTags delete: - ec2:DeleteVpnGateway + - ec2:DescribeVpnGateways list: - ec2:DescribeVpnGateways CreateCapacityReservationRequest: @@ -9672,6 +11955,8 @@ components: type: boolean InstanceMatchCriteria: type: string + UnusedReservationBillingOwnerId: + type: string x-stackQL-stringOnly: true x-title: CreateCapacityReservationRequest type: object @@ -9780,19 +12065,22 @@ components: description: '' type: string IpAddress: - description: IPv4 address for the customer gateway device's outside interface. The address must be static. + description: IPv4 address for the customer gateway device's outside interface. The address must be static. If ``OutsideIpAddressType`` in your VPN connection options is set to ``PrivateIpv4``, you can use an RFC6598 or RFC1918 private IPv4 address. If ``OutsideIpAddressType`` is set to ``PublicIpv4``, you can use a public IPv4 address. type: string BgpAsnExtended: multipleOf: 1 maximum: 4294967294 - description: '' + description: |- + For customer gateway devices that support BGP, specify the device's ASN. You must specify either ``BgpAsn`` or ``BgpAsnExtended`` when creating the customer gateway. If the ASN is larger than ``2,147,483,647``, you must use ``BgpAsnExtended``. + Valid values: ``2,147,483,648`` to ``4,294,967,295`` type: number minimum: 2147483648 BgpAsn: default: 65000 description: |- - For devices that support BGP, the customer gateway's BGP ASN. + For customer gateway devices that support BGP, specify the device's ASN. You must specify either ``BgpAsn`` or ``BgpAsnExtended`` when creating the customer gateway. If the ASN is larger than ``2,147,483,647``, you must use ``BgpAsnExtended``. Default: 65000 + Valid values: ``1`` to ``2,147,483,647`` type: integer Tags: uniqueItems: false @@ -9802,8 +12090,8 @@ components: items: $ref: '#/components/schemas/Tag' CertificateArn: - pattern: ^arn:(aws[a-zA-Z-]*)?:acm:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:certificate\/[a-zA-Z0-9-_]+$ - description: '' + pattern: ^arn:(aws[a-zA-Z-]*)?:acm:[a-z]{2}((-gov)|(-iso([a-z]{1})?))?-[a-z]+-\d{1}:\d{12}:certificate\/[a-zA-Z0-9-_]+$ + description: The Amazon Resource Name (ARN) for the customer gateway certificate. type: string DeviceName: description: The name of customer gateway device. @@ -9878,46 +12166,46 @@ components: DesiredState: type: object properties: + Context: + type: string TargetCapacitySpecification: $ref: '#/components/schemas/TargetCapacitySpecificationRequest' OnDemandOptions: $ref: '#/components/schemas/OnDemandOptionsRequest' - Type: - type: string - enum: - - maintain - - request - - instant ExcessCapacityTerminationPolicy: type: string enum: - termination - no-termination TagSpecifications: - type: array uniqueItems: false + type: array items: $ref: '#/components/schemas/TagSpecification' SpotOptions: $ref: '#/components/schemas/SpotOptionsRequest' - ValidFrom: - type: string - ReplaceUnhealthyInstances: - type: boolean LaunchTemplateConfigs: - type: array - uniqueItems: false maxItems: 50 + uniqueItems: false + type: array items: $ref: '#/components/schemas/FleetLaunchTemplateConfigRequest' - FleetId: - type: string TerminateInstancesWithExpiration: type: boolean ValidUntil: type: string - Context: + Type: type: string + enum: + - maintain + - request + - instant + FleetId: + type: string + ValidFrom: + type: string + ReplaceUnhealthyInstances: + type: boolean x-stackQL-stringOnly: true x-title: CreateEC2FleetRequest type: object @@ -9987,6 +12275,12 @@ components: The ID of an address pool that you own. Use this parameter to let Amazon EC2 select an address from the address pool. Updates to the ``PublicIpv4Pool`` property may require *some interruptions*. Updates on an EIP reassociates the address on its associated resource. type: string + IpamPoolId: + description: '' + type: string + Address: + description: '' + type: string Tags: description: |- Any tags assigned to the Elastic IP address. @@ -10014,22 +12308,24 @@ components: type: object properties: Id: - description: Composite ID of non-empty properties, to determine the identification. + description: '' type: string AllocationId: - description: The allocation ID. This is required for EC2-VPC. + description: The allocation ID. This is required. type: string NetworkInterfaceId: - description: The ID of the network interface. + description: |- + The ID of the network interface. If the instance has more than one network interface, you must specify a network interface ID. + You can specify either the instance ID or the network interface ID, but not both. type: string InstanceId: - description: The ID of the instance. + description: The ID of the instance. The instance must have exactly one attached network interface. You can specify either the instance ID or the network interface ID, but not both. type: string PrivateIpAddress: - description: The primary or secondary private IP address to associate with the Elastic IP address. + description: The primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address. type: string EIP: - description: The Elastic IP address to associate with the instance. + description: '' type: string x-stackQL-stringOnly: true x-title: CreateEIPAssociationRequest @@ -10249,53 +12545,61 @@ components: PrivateIpAddress: description: 'Assigns a single private IP address to the network interface, which is used as the primary private IP address. If you want to specify multiple private IP address, use the PrivateIpAddresses property. ' type: string + PrimaryIpv6Address: + description: The primary IPv6 address + type: string PrivateIpAddresses: - description: Assigns a list of private IP addresses to the network interface. You can specify a primary private IP address by setting the value of the Primary property to true in the PrivateIpAddressSpecification property. If you want EC2 to automatically assign private IP addresses, use the SecondaryPrivateIpAddressCount property and do not specify this property. - type: array uniqueItems: false + description: Assigns a list of private IP addresses to the network interface. You can specify a primary private IP address by setting the value of the Primary property to true in the PrivateIpAddressSpecification property. If you want EC2 to automatically assign private IP addresses, use the SecondaryPrivateIpAddressCount property and do not specify this property. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/PrivateIpAddressSpecification' SecondaryPrivateIpAddressCount: description: The number of secondary private IPv4 addresses to assign to a network interface. When you specify a number of secondary IPv4 addresses, Amazon EC2 selects these IP addresses within the subnet's IPv4 CIDR range. You can't specify this option and specify more than one private IP address using privateIpAddresses type: integer + Ipv6PrefixCount: + description: 'The number of IPv6 prefixes to assign to a network interface. When you specify a number of IPv6 prefixes, Amazon EC2 selects these prefixes from your existing subnet CIDR reservations, if available, or from free spaces in the subnet. By default, these will be /80 prefixes. You can''t specify a count of IPv6 prefixes if you''ve specified one of the following: specific IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.' + type: integer PrimaryPrivateIpAddress: description: Returns the primary private IP address of the network interface. type: string Ipv4Prefixes: - description: 'Assigns a list of IPv4 prefixes to the network interface. If you want EC2 to automatically assign IPv4 prefixes, use the Ipv4PrefixCount property and do not specify this property. Presently, only /28 prefixes are supported. You can''t specify IPv4 prefixes if you''ve specified one of the following: a count of IPv4 prefixes, specific private IPv4 addresses, or a count of private IPv4 addresses.' - type: array uniqueItems: false + description: 'Assigns a list of IPv4 prefixes to the network interface. If you want EC2 to automatically assign IPv4 prefixes, use the Ipv4PrefixCount property and do not specify this property. Presently, only /28 prefixes are supported. You can''t specify IPv4 prefixes if you''ve specified one of the following: a count of IPv4 prefixes, specific private IPv4 addresses, or a count of private IPv4 addresses.' x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Ipv4PrefixSpecification' Ipv4PrefixCount: description: 'The number of IPv4 prefixes to assign to a network interface. When you specify a number of IPv4 prefixes, Amazon EC2 selects these prefixes from your existing subnet CIDR reservations, if available, or from free spaces in the subnet. By default, these will be /28 prefixes. You can''t specify a count of IPv4 prefixes if you''ve specified one of the following: specific IPv4 prefixes, specific private IPv4 addresses, or a count of private IPv4 addresses.' type: integer + EnablePrimaryIpv6: + description: >- + If you have instances or ENIs that rely on the IPv6 address not changing, to avoid disrupting traffic to instances or ENIs, you can enable a primary IPv6 address. Enable this option to automatically assign an IPv6 associated with the ENI attached to your instance to be the primary IPv6 address. When you enable an IPv6 address to be a primary IPv6, you cannot disable it. Traffic will be routed to the primary IPv6 address until the instance is terminated or the ENI is detached. If + you have multiple IPv6 addresses associated with an ENI and you enable a primary IPv6 address, the first IPv6 address associated with the ENI becomes the primary IPv6 address. + type: boolean GroupSet: - description: A list of security group IDs associated with this network interface. - type: array uniqueItems: false + description: A list of security group IDs associated with this network interface. x-insertionOrder: false + type: array items: type: string Ipv6Addresses: - description: One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet to associate with the network interface. If you're specifying a number of IPv6 addresses, use the Ipv6AddressCount property and don't specify this property. - type: array uniqueItems: true + description: One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet to associate with the network interface. If you're specifying a number of IPv6 addresses, use the Ipv6AddressCount property and don't specify this property. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/InstanceIpv6Address' Ipv6Prefixes: - description: 'Assigns a list of IPv6 prefixes to the network interface. If you want EC2 to automatically assign IPv6 prefixes, use the Ipv6PrefixCount property and do not specify this property. Presently, only /80 prefixes are supported. You can''t specify IPv6 prefixes if you''ve specified one of the following: a count of IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.' - type: array uniqueItems: false + description: 'Assigns a list of IPv6 prefixes to the network interface. If you want EC2 to automatically assign IPv6 prefixes, use the Ipv6PrefixCount property and do not specify this property. Presently, only /80 prefixes are supported. You can''t specify IPv6 prefixes if you''ve specified one of the following: a count of IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.' x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Ipv6PrefixSpecification' - Ipv6PrefixCount: - description: 'The number of IPv6 prefixes to assign to a network interface. When you specify a number of IPv6 prefixes, Amazon EC2 selects these prefixes from your existing subnet CIDR reservations, if available, or from free spaces in the subnet. By default, these will be /80 prefixes. You can''t specify a count of IPv6 prefixes if you''ve specified one of the following: specific IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.' - type: integer SubnetId: description: The ID of the subnet to associate with the network interface. type: string @@ -10306,38 +12610,30 @@ components: description: Indicates the type of network interface. type: string SecondaryPrivateIpAddresses: - description: Returns the secondary private IP addresses of the network interface. - type: array uniqueItems: false + description: Returns the secondary private IP addresses of the network interface. x-insertionOrder: false + type: array items: type: string + VpcId: + description: The ID of the VPC + type: string Ipv6AddressCount: description: The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. To specify specific IPv6 addresses, use the Ipv6Addresses property and don't specify this property. type: integer - EnablePrimaryIpv6: - description: >- - If you have instances or ENIs that rely on the IPv6 address not changing, to avoid disrupting traffic to instances or ENIs, you can enable a primary IPv6 address. Enable this option to automatically assign an IPv6 associated with the ENI attached to your instance to be the primary IPv6 address. When you enable an IPv6 address to be a primary IPv6, you cannot disable it. Traffic will be routed to the primary IPv6 address until the instance is terminated or the ENI is detached. If - you have multiple IPv6 addresses associated with an ENI and you enable a primary IPv6 address, the first IPv6 address associated with the ENI becomes the primary IPv6 address. - type: boolean - PrimaryIpv6Address: - description: The primary IPv6 address - type: string - ConnectionTrackingSpecification: - $ref: '#/components/schemas/ConnectionTrackingSpecification' Id: description: Network interface id. type: string Tags: - description: An arbitrary set of tags (key-value pairs) for this network interface. - type: array uniqueItems: false + description: An arbitrary set of tags (key-value pairs) for this network interface. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' - VpcId: - description: The ID of the VPC - type: string + ConnectionTrackingSpecification: + $ref: '#/components/schemas/ConnectionTrackingSpecification' x-stackQL-stringOnly: true x-title: CreateNetworkInterfaceRequest type: object @@ -10356,12 +12652,11 @@ components: type: object properties: MultiAttachEnabled: - type: boolean description: |- Indicates whether Amazon EBS Multi-Attach is enabled. - CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume. + CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume. + type: boolean KmsKeyId: - type: string description: |- The identifier of the kms-key-long to use for Amazon EBS encryption. If ``KmsKeyId`` is specified, the encrypted state must be ``true``. If you omit this property and your account is enabled for encryption by default, or *Encrypted* is set to ``true``, then the volume is encrypted using the default key specified for your account. If your account does not have a default key, then the volume is encrypted using the aws-managed-key. @@ -10370,13 +12665,13 @@ components: + Key alias. Specify the alias for the key, prefixed with ``alias/``. For example, for a key with the alias ``my_cmk``, use ``alias/my_cmk``. Or to specify the aws-managed-key, use ``alias/aws/ebs``. + Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab. + Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + type: string Encrypted: - type: boolean description: |- - Indicates whether the volume should be encrypted. The effect of setting the encryption state to ``true`` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default) in the *Amazon Elastic Compute Cloud User Guide*. - Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances). + Indicates whether the volume should be encrypted. The effect of setting the encryption state to ``true`` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#encryption-by-default) in the *Amazon EBS User Guide*. + Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption-requirements.html#ebs-encryption_supported_instances). + type: boolean Size: - type: integer description: |- The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size. The following are the supported volumes sizes for each volume type: @@ -10385,23 +12680,23 @@ components: + ``io2``: 4 - 65,536 GiB + ``st1`` and ``sc1``: 125 - 16,384 GiB + ``standard``: 1 - 1024 GiB + type: integer AutoEnableIO: - type: boolean description: Indicates whether the volume is auto-enabled for I/O operations. By default, Amazon EBS disables I/O to the volume from attached EC2 instances when it determines that a volume's data is potentially inconsistent. If the consistency of the volume is not a concern, and you prefer that the volume be made available immediately if it's impaired, you can configure the volume to automatically enable I/O. + type: boolean OutpostArn: - type: string description: The Amazon Resource Name (ARN) of the Outpost. - AvailabilityZone: type: string + AvailabilityZone: description: The ID of the Availability Zone in which to create the volume. For example, ``us-east-1a``. + type: string Throughput: - type: integer description: |- The throughput to provision for a volume, with a maximum of 1,000 MiB/s. This parameter is valid only for ``gp3`` volumes. The default value is 125. Valid Range: Minimum value of 125. Maximum value of 1000. - Iops: type: integer + Iops: description: |- The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. The following are the supported values for each volume type: @@ -10409,13 +12704,16 @@ components: + ``io1``: 100 - 64,000 IOPS + ``io2``: 100 - 256,000 IOPS - For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). On other instances, you can achieve performance up to 32,000 IOPS. + For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html). On other instances, you can achieve performance up to 32,000 IOPS. This parameter is required for ``io1`` and ``io2`` volumes. The default for ``gp3`` volumes is 3,000 IOPS. This parameter is not supported for ``gp2``, ``st1``, ``sc1``, or ``standard`` volumes. + type: integer SnapshotId: - type: string description: The snapshot from which to create the volume. You must specify either a snapshot ID or a volume size. - VolumeType: type: string + VolumeId: + description: '' + type: string + VolumeType: description: |- The volume type. This parameter can be one of the following values: + General Purpose SSD: ``gp2`` | ``gp3`` @@ -10424,16 +12722,14 @@ components: + Cold HDD: ``sc1`` + Magnetic: ``standard`` - For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon Elastic Compute Cloud User Guide*. + For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html). Default: ``gp2`` - VolumeId: type: string - description: '' Tags: - type: array uniqueItems: false description: The tags to apply to the volume during creation. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true @@ -10794,6 +13090,9 @@ components: enum: - free - advanced + EnablePrivateGua: + description: Enable provisioning of GUA space in private pools. + type: boolean Tags: description: An array of key-value pairs to apply to this resource. type: array @@ -11219,7 +13518,7 @@ components: uniqueItems: false description: |- The tags to apply to the launch template on creation. To tag the launch template, the resource type must be ``launch-template``. - To specify the tags for the resources that are created when an instance is launched, you must use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications). + To specify the tags for resources that are created during instance launch, use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications). type: array items: $ref: '#/components/schemas/LaunchTemplateTagSpecification' @@ -11403,7 +13702,7 @@ components: properties: SecondaryAllocationIds: uniqueItems: true - description: Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon VPC User Guide*. + description: Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html) in the *Amazon VPC User Guide*. x-insertionOrder: true type: array items: @@ -11465,19 +13764,19 @@ components: DesiredState: type: object properties: - Id: + VpcId: + description: The ID of the VPC for the network ACL. type: string + Id: description: '' + type: string Tags: - description: The tags for the network ACL. - type: array uniqueItems: false + description: The tags for the network ACL. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' - VpcId: - description: The ID of the VPC for the network ACL. - type: string x-stackQL-stringOnly: true x-title: CreateNetworkAclRequest type: object @@ -11714,14 +14013,14 @@ components: type: object properties: AttachmentId: - description: The ID of the network interface attachment. + description: '' type: string DeleteOnTermination: - description: Whether to delete the network interface when the instance terminates. By default, this value is set to true. + description: Whether to delete the network interface when the instance terminates. By default, this value is set to ``true``. type: boolean default: true DeviceIndex: - description: The network interface's position in the attachment order. For example, the first attached network interface has a DeviceIndex of 0. + description: The network interface's position in the attachment order. For example, the first attached network interface has a ``DeviceIndex`` of 0. type: string InstanceId: description: The ID of the instance to which you will attach the ENI. @@ -11731,6 +14030,7 @@ components: type: string EnaSrdSpecification: $ref: '#/components/schemas/EnaSrdSpecification' + description: Configures ENA Express for the network interface that this action attaches to the instance. x-stackQL-stringOnly: true x-title: CreateNetworkInterfaceAttachmentRequest type: object @@ -11937,16 +14237,16 @@ components: RouteTableId: description: '' type: string + VpcId: + description: The ID of the VPC. + type: string Tags: - description: Any tags assigned to the route table. - type: array uniqueItems: false + description: Any tags assigned to the route table. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' - VpcId: - description: The ID of the VPC. - type: string x-stackQL-stringOnly: true x-title: CreateRouteTableRequest type: object @@ -12141,6 +14441,38 @@ components: x-title: CreateSecurityGroupIngressRequest type: object required: [] + CreateSecurityGroupVpcAssociationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + GroupId: + description: The group ID of the specified security group. + type: string + VpcId: + description: The ID of the VPC in the security group vpc association. + type: string + VpcOwnerId: + description: The owner of the VPC in the security group vpc association. + type: string + State: + description: The state of the security group vpc association. + $ref: '#/components/schemas/SecurityGroupVpcAssociationState' + StateReason: + description: The reason for the state of the security group vpc association. + type: string + x-stackQL-stringOnly: true + x-title: CreateSecurityGroupVpcAssociationRequest + type: object + required: [] CreateSnapshotBlockPublicAccessRequest: properties: ClientToken: @@ -12243,7 +14575,7 @@ components: uniqueItems: false items: type: string - description: The IPv6 network ranges for the subnet, in CIDR notation. + description: '' Ipv6CidrBlock: type: string description: |- @@ -12257,7 +14589,9 @@ components: description: Indicates whether this is an IPv6 only subnet. For more information, see [Subnet basics](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#subnet-basics) in the *User Guide*. EnableDns64: type: boolean - description: Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. For more information, see [DNS64 and NAT64](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-nat64-dns64) in the *User Guide*. + description: |- + Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. + You must first configure a NAT gateway in a public subnet (separate from the subnet containing the IPv6-only workloads). For example, the subnet containing the NAT gateway should have a ``0.0.0.0/0`` route pointing to the internet gateway. For more information, see [Configure DNS64 and NAT64](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-nat64-dns64.html#nat-gateway-nat64-dns64-walkthrough) in the *User Guide*. PrivateDnsNameOptionsOnLaunch: type: object additionalProperties: false @@ -12327,6 +14661,12 @@ components: SubnetId: description: The ID of the subnet type: string + Ipv6AddressAttribute: + type: string + description: The value denoting whether an IPv6 Subnet CIDR Block is public or private. + IpSource: + type: string + description: The IP Source of an IPv6 Subnet CIDR Block. x-stackQL-stringOnly: true x-title: CreateSubnetCidrBlockRequest type: object @@ -12369,17 +14709,17 @@ components: DesiredState: type: object properties: - Id: - type: string - description: '' RouteTableId: - type: string description: |- The ID of the route table. The physical ID changes when the route table ID is changed. - SubnetId: type: string + Id: + description: '' + type: string + SubnetId: description: The ID of the subnet. + type: string x-stackQL-stringOnly: true x-title: CreateSubnetRouteTableAssociationRequest type: object @@ -12397,21 +14737,13 @@ components: DesiredState: type: object properties: - Description: - type: string - AssociationDefaultRouteTableId: - type: string - AutoAcceptSharedAttachments: + DefaultRouteTablePropagation: type: string TransitGatewayArn: type: string - DefaultRouteTablePropagation: + Description: type: string - TransitGatewayCidrBlocks: - type: array - items: - type: string - PropagationDefaultRouteTableId: + AutoAcceptSharedAttachments: type: string DefaultRouteTableAssociation: type: string @@ -12421,16 +14753,26 @@ components: type: string DnsSupport: type: string + SecurityGroupReferencingSupport: + type: string MulticastSupport: type: string AmazonSideAsn: - format: int64 type: integer + format: int64 + TransitGatewayCidrBlocks: + type: array + items: + type: string Tags: - uniqueItems: false type: array + uniqueItems: false items: $ref: '#/components/schemas/Tag' + AssociationDefaultRouteTableId: + type: string + PropagationDefaultRouteTableId: + type: string x-stackQL-stringOnly: true x-title: CreateTransitGatewayRequest type: object @@ -12448,31 +14790,11 @@ components: DesiredState: type: object properties: - Id: - type: string - TransitGatewayId: - type: string - VpcId: - type: string - SubnetIds: - type: array - x-insertionOrder: false - uniqueItems: false - items: - type: string - Tags: - type: array - x-insertionOrder: false - uniqueItems: false - items: - $ref: '#/components/schemas/Tag' Options: description: The options for the transit gateway vpc attachment. + additionalProperties: false type: object properties: - DnsSupport: - description: 'Indicates whether to enable DNS Support for Vpc Attachment. Valid Values: enable | disable' - type: string Ipv6Support: description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' type: string @@ -12482,7 +14804,30 @@ components: SecurityGroupReferencingSupport: description: 'Indicates whether to enable Security Group referencing support for Vpc Attachment. Valid Values: enable | disable' type: string - additionalProperties: false + DnsSupport: + description: 'Indicates whether to enable DNS Support for Vpc Attachment. Valid Values: enable | disable' + type: string + TransitGatewayId: + type: string + VpcId: + type: string + Id: + type: string + SubnetIds: + uniqueItems: false + x-insertionOrder: false + type: array + items: + relationshipRef: + typeName: AWS::EC2::Subnet + propertyPath: /properties/SubnetId + type: string + Tags: + uniqueItems: false + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true x-title: CreateTransitGatewayAttachmentRequest type: object @@ -12657,9 +15002,6 @@ components: MemberType: description: The member type (for example, static). type: string - SourceType: - description: The source type. - type: string x-stackQL-stringOnly: true x-title: CreateTransitGatewayMulticastGroupMemberRequest type: object @@ -12704,9 +15046,6 @@ components: GroupSource: description: Indicates that the resource is a transit gateway multicast group member. type: boolean - MemberType: - description: The member type (for example, static). - type: string SourceType: description: The source type. type: string @@ -12810,12 +15149,12 @@ components: description: The ID of the transit gateway. type: string Tags: - type: array + uniqueItems: false description: Tags are composed of a Key/Value pair. You can use tags to categorize and track each parameter group. The tag value null is permitted. + x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' - x-insertionOrder: false - uniqueItems: false x-stackQL-stringOnly: true x-title: CreateTransitGatewayRouteTableRequest type: object @@ -12879,50 +15218,53 @@ components: DesiredState: type: object properties: - Options: - description: The options for the transit gateway vpc attachment. - additionalProperties: false - type: object - properties: - Ipv6Support: - description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' - type: string - ApplianceModeSupport: - description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' - type: string - DnsSupport: - description: 'Indicates whether to enable DNS Support for Vpc Attachment. Valid Values: enable | disable' - type: string + Id: + type: string TransitGatewayId: type: string VpcId: type: string - RemoveSubnetIds: - uniqueItems: false - x-insertionOrder: false + SubnetIds: type: array + x-insertionOrder: false + uniqueItems: false items: type: string - Id: - type: string - SubnetIds: + AddSubnetIds: + type: array uniqueItems: false x-insertionOrder: false - type: array items: type: string - AddSubnetIds: + RemoveSubnetIds: + type: array uniqueItems: false x-insertionOrder: false - type: array items: type: string Tags: + type: array uniqueItems: false x-insertionOrder: false - type: array items: $ref: '#/components/schemas/Tag' + Options: + description: The options for the transit gateway vpc attachment. + type: object + properties: + DnsSupport: + description: 'Indicates whether to enable DNS Support for Vpc Attachment. Valid Values: enable | disable' + type: string + Ipv6Support: + description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' + type: string + ApplianceModeSupport: + description: 'Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable' + type: string + SecurityGroupReferencingSupport: + description: 'Indicates whether to enable Security Group referencing support for Vpc Attachment. Valid values: enable | disable' + type: string + additionalProperties: false x-stackQL-stringOnly: true x-title: CreateTransitGatewayVpcAttachmentRequest type: object @@ -13233,8 +15575,8 @@ components: InstanceTenancy: description: |- The allowed tenancy of instances launched into the VPC. - + ``default``: An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch. - + ``dedicated``: An instance launched into the VPC runs on dedicated hardware by default, unless you explicitly specify a tenancy of ``host`` during instance launch. You cannot specify a tenancy of ``default`` during instance launch. + + ``default``: An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch. + + ``dedicated``: An instance launched into the VPC runs on dedicated hardware by default, unless you explicitly specify a tenancy of ``host`` during instance launch. You cannot specify a tenancy of ``default`` during instance launch. Updating ``InstanceTenancy`` requires no replacement only if you are updating its value from ``dedicated`` to ``default``. Updating ``InstanceTenancy`` from ``default`` to ``dedicated`` requires replacement. type: string @@ -13294,6 +15636,71 @@ components: x-title: CreateVPCRequest type: object required: [] + CreateVPCBlockPublicAccessExclusionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ExclusionId: + type: string + description: The ID of the exclusion + InternetGatewayExclusionMode: + description: The desired Block Public Access Exclusion Mode for a specific VPC/Subnet. + type: string + enum: + - allow-bidirectional + - allow-egress + VpcId: + type: string + description: The ID of the vpc. Required only if you don't specify SubnetId. + SubnetId: + type: string + description: The ID of the subnet. Required only if you don't specify VpcId + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateVPCBlockPublicAccessExclusionRequest + type: object + required: [] + CreateVPCBlockPublicAccessOptionsRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + InternetGatewayBlockMode: + description: The desired Block Public Access mode for Internet Gateways in your account. We do not allow to create in a off mode as this is the default value + type: string + enum: + - block-bidirectional + - block-ingress + AccountId: + type: string + description: The identifier for the specified AWS account. + x-stackQL-stringOnly: true + x-title: CreateVPCBlockPublicAccessOptionsRequest + type: object + required: [] CreateVPCCidrBlockRequest: properties: ClientToken: @@ -13337,6 +15744,15 @@ components: AmazonProvidedIpv6CidrBlock: type: boolean description: Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses, or the size of the CIDR block. + Ipv6AddressAttribute: + type: string + description: The value denoting whether an IPv6 VPC CIDR Block is public or private. + IpSource: + type: string + description: The IP Source of an IPv6 VPC CIDR Block. + Ipv6CidrBlockNetworkBorderGroup: + type: string + description: The name of the location from which we advertise the IPV6 CIDR block. x-stackQL-stringOnly: true x-title: CreateVPCCidrBlockRequest type: object @@ -13377,75 +15793,118 @@ components: DesiredState: type: object properties: - Id: - type: string + PrivateDnsEnabled: + description: >- + Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, ``kinesis.us-east-1.amazonaws.com``), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC + endpoint service. + To use a private hosted zone, you must set the following VPC attributes to ``true``: ``enableDnsHostnames`` and ``enableDnsSupport``. + This property is supported only for interface endpoints. + Default: ``false`` + type: boolean + IpAddressType: description: '' + type: string + enum: + - ipv4 + - ipv6 + - dualstack + - not-specified CreationTimestamp: + description: '' type: string + DnsOptions: description: '' - DnsEntries: - type: array + $ref: '#/components/schemas/DnsOptionsSpecification' + NetworkInterfaceIds: uniqueItems: false + description: '' x-insertionOrder: false + type: array items: type: string - description: '' - NetworkInterfaceIds: - type: array + DnsEntries: uniqueItems: false + description: '' x-insertionOrder: false + type: array items: type: string + ResourceConfigurationArn: description: '' - PolicyDocument: - type: object - description: |- - An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. - PrivateDnsEnabled: - type: boolean - description: >- - Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, ``kinesis.us-east-1.amazonaws.com``), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC - endpoint service. - To use a private hosted zone, you must set the following VPC attributes to ``true``: ``enableDnsHostnames`` and ``enableDnsSupport``. - This property is supported only for interface endpoints. - Default: ``false`` - RouteTableIds: - type: array - description: The IDs of the route tables. Routing is supported only for gateway endpoints. + type: string + SecurityGroupIds: uniqueItems: true + description: The IDs of the security groups to associate with the endpoint network interfaces. If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints. x-insertionOrder: false + type: array items: + anyOf: + - relationshipRef: + typeName: AWS::EC2::SecurityGroup + propertyPath: /properties/GroupId + - relationshipRef: + typeName: AWS::EC2::SecurityGroup + propertyPath: /properties/Id + - relationshipRef: + typeName: AWS::EC2::VPC + propertyPath: /properties/DefaultSecurityGroup type: string - SecurityGroupIds: - type: array - description: The IDs of the security groups to associate with the endpoint network interfaces. If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints. + SubnetIds: uniqueItems: true + description: The IDs of the subnets in which to create endpoint network interfaces. You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can't specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet. x-insertionOrder: false + type: array items: + relationshipRef: + typeName: AWS::EC2::Subnet + propertyPath: /properties/SubnetId type: string - ServiceName: + ServiceNetworkArn: + description: '' type: string - description: The name of the endpoint service. - SubnetIds: - type: array - description: The IDs of the subnets in which to create endpoint network interfaces. You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can't specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet. + VpcId: + description: The ID of the VPC. + type: string + RouteTableIds: uniqueItems: true + description: The IDs of the route tables. Routing is supported only for gateway endpoints. x-insertionOrder: false + type: array items: + relationshipRef: + typeName: AWS::EC2::RouteTable + propertyPath: /properties/RouteTableId type: string + ServiceName: + description: The name of the endpoint service. + type: string + PolicyDocument: + description: |- + An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. + For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` + type: object VpcEndpointType: + description: |- + The type of endpoint. + Default: Gateway type: string enum: - Interface - Gateway - GatewayLoadBalancer - description: |- - The type of endpoint. - Default: Gateway - VpcId: + - ServiceNetwork + - Resource + Id: + description: '' type: string - description: The ID of the VPC. + Tags: + uniqueItems: false + description: '' + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true x-title: CreateVPCEndpointRequest type: object @@ -13463,25 +15922,25 @@ components: DesiredState: type: object properties: - VPCEndpointConnectionNotificationId: - description: VPC Endpoint Connection ID generated by service - type: string ConnectionEvents: - description: The endpoint events for which to receive notifications. - type: array uniqueItems: false + description: The endpoint events for which to receive notifications. x-insertionOrder: false + type: array items: type: string + VPCEndpointId: + description: The ID of the endpoint. + type: string + VPCEndpointConnectionNotificationId: + description: VPC Endpoint Connection ID generated by service + type: string ConnectionNotificationArn: description: The ARN of the SNS topic for the notifications. type: string ServiceId: description: The ID of the endpoint service. type: string - VPCEndpointId: - description: The ID of the endpoint. - type: string x-stackQL-stringOnly: true x-title: CreateVPCEndpointConnectionNotificationRequest type: object @@ -13504,6 +15963,9 @@ components: uniqueItems: false items: type: string + relationshipRef: + typeName: AWS::ElasticLoadBalancingV2::LoadBalancer + propertyPath: /properties/LoadBalancerArn ContributorInsightsEnabled: type: boolean PayerResponsibility: @@ -13517,6 +15979,13 @@ components: uniqueItems: false items: type: string + Tags: + type: array + description: The tags to add to the VPC endpoint service. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true x-title: CreateVPCEndpointServiceRequest type: object @@ -13535,8 +16004,8 @@ components: type: object properties: AllowedPrincipals: - type: array uniqueItems: false + type: array items: type: string ServiceId: @@ -13587,27 +16056,27 @@ components: DesiredState: type: object properties: - Id: - type: string - PeerOwnerId: - description: The AWS account ID of the owner of the accepter VPC. - type: string - PeerRegion: - description: The Region code for the accepter VPC, if the accepter VPC is located in a Region other than the Region in which you make the request. - type: string PeerRoleArn: description: The Amazon Resource Name (ARN) of the VPC peer role for the peering connection in another AWS account. type: string + VpcId: + description: The ID of the VPC. + type: string PeerVpcId: description: The ID of the VPC with which you are creating the VPC peering connection. You must specify this parameter in the request. type: string - VpcId: - description: The ID of the VPC. + Id: + type: string + PeerRegion: + description: The Region code for the accepter VPC, if the accepter VPC is located in a Region other than the Region in which you make the request. + type: string + PeerOwnerId: + description: The AWS account ID of the owner of the accepter VPC. type: string Tags: - type: array uniqueItems: false x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true @@ -13627,38 +16096,85 @@ components: DesiredState: type: object properties: - VpnConnectionId: - description: The provider-assigned unique ID for this managed resource + RemoteIpv6NetworkCidr: + description: |- + The IPv6 CIDR on the AWS side of the VPN connection. + Default: ``::/0`` + type: string + RemoteIpv4NetworkCidr: + description: |- + The IPv4 CIDR on the AWS side of the VPN connection. + Default: ``0.0.0.0/0`` type: string + VpnTunnelOptionsSpecifications: + uniqueItems: false + description: The tunnel options for the VPN connection. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/VpnTunnelOptionsSpecification' CustomerGatewayId: description: The ID of the customer gateway at your end of the VPN connection. type: string + OutsideIpAddressType: + description: |- + The type of IPv4 address assigned to the outside interface of the customer gateway device. + Valid values: ``PrivateIpv4`` | ``PublicIpv4`` + Default: ``PublicIpv4`` + type: string StaticRoutesOnly: - description: Indicates whether the VPN connection uses static routes only. + description: |- + Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. + If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify ``true``. + type: boolean + EnableAcceleration: + description: |- + Indicate whether to enable acceleration for the VPN connection. + Default: ``false`` type: boolean - Tags: - description: Any tags assigned to the VPN connection. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' TransitGatewayId: - description: The ID of the transit gateway associated with the VPN connection. + description: |- + The ID of the transit gateway associated with the VPN connection. + You must specify either ``TransitGatewayId`` or ``VpnGatewayId``, but not both. type: string Type: description: The type of VPN connection. type: string + LocalIpv4NetworkCidr: + description: |- + The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. + Default: ``0.0.0.0/0`` + type: string VpnGatewayId: - description: The ID of the virtual private gateway at the AWS side of the VPN connection. + description: |- + The ID of the virtual private gateway at the AWS side of the VPN connection. + You must specify either ``TransitGatewayId`` or ``VpnGatewayId``, but not both. type: string - VpnTunnelOptionsSpecifications: - description: The tunnel options for the VPN connection. - type: array + TransportTransitGatewayAttachmentId: + description: |- + The transit gateway attachment ID to use for the VPN tunnel. + Required if ``OutsideIpAddressType`` is set to ``PrivateIpv4``. + type: string + LocalIpv6NetworkCidr: + description: |- + The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. + Default: ``::/0`` + type: string + VpnConnectionId: + description: '' + type: string + TunnelInsideIpVersion: + description: |- + Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. + Default: ``ipv4`` + type: string + Tags: uniqueItems: false + description: Any tags assigned to the VPN connection. x-insertionOrder: false + type: array items: - $ref: '#/components/schemas/VpnTunnelOptionsSpecification' + $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true x-title: CreateVPNConnectionRequest type: object @@ -13700,7 +16216,7 @@ components: type: object properties: VPNGatewayId: - description: VPN Gateway ID generated by service + description: '' type: string AmazonSideAsn: description: The private Autonomous System Number (ASN) for the Amazon side of a BGP session. @@ -13728,6 +16244,357 @@ components: description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: + route_tables_native: + name: route_tables_native + x-cfn-schema-name: RouteTable + x-example-where-clause: WHERE region = 'us-east-1' AND RouteTableId = '' + x-type: native + methods: + describe_route_tables: + serviceName: ec2 + operation: + $ref: '#/paths/~1?Action=DescribeRouteTables&Version=2016-11-15&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/routeTableSet/item + openAPIDocKey: '200' + id: aws.ec2.route_tables_native + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/route_tables_native/methods/describe_route_tables' + update: [] + title: route_tables_native + instances: + name: instances + methods: + bundle: + operation: + $ref: '#/paths/~1?Action=BundleInstance&Version=2016-11-15&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + import: + operation: + $ref: '#/paths/~1?Action=ImportInstance&Version=2016-11-15&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + monitor: + operation: + $ref: '#/paths/~1?Action=MonitorInstances&Version=2016-11-15&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + reboot: + operation: + $ref: '#/paths/~1?Action=RebootInstances&Version=2016-11-15&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + start: + operation: + $ref: '#/paths/~1?Action=StartInstances&Version=2016-11-15&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + stop: + operation: + $ref: '#/paths/~1?Action=StopInstances&Version=2016-11-15&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + unmonitor: + operation: + $ref: '#/paths/~1?Action=UnmonitorInstances&Version=2016-11-15&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Instance&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::EC2::Instance" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::EC2::Instance" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::EC2::Instance" + } + response: + mediaType: application/json + openAPIDocKey: '200' + id: aws.ec2.instances + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/instances/methods/delete_resource' + insert: + - $ref: '#/components/x-stackQL-resources/instances/methods/create_resource' + select: [] + update: + - $ref: '#/components/x-stackQL-resources/instances/methods/update_resource' + x-cfn-schema-name: Instance + x-cfn-type-name: AWS::EC2::Instance + x-identifiers: + - InstanceId + x-type: cloud_control + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Tenancy') as tenancy, + JSON_EXTRACT(Properties, '$.SecurityGroups') as security_groups, + JSON_EXTRACT(Properties, '$.PrivateDnsName') as private_dns_name, + JSON_EXTRACT(Properties, '$.PrivateIpAddress') as private_ip_address, + JSON_EXTRACT(Properties, '$.UserData') as user_data, + JSON_EXTRACT(Properties, '$.BlockDeviceMappings') as block_device_mappings, + JSON_EXTRACT(Properties, '$.IamInstanceProfile') as iam_instance_profile, + JSON_EXTRACT(Properties, '$.Ipv6Addresses') as ipv6_addresses, + JSON_EXTRACT(Properties, '$.KernelId') as kernel_id, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.EbsOptimized') as ebs_optimized, + JSON_EXTRACT(Properties, '$.PropagateTagsToVolumeOnCreation') as propagate_tags_to_volume_on_creation, + JSON_EXTRACT(Properties, '$.ElasticGpuSpecifications') as elastic_gpu_specifications, + JSON_EXTRACT(Properties, '$.ElasticInferenceAccelerators') as elastic_inference_accelerators, + JSON_EXTRACT(Properties, '$.Volumes') as volumes, + JSON_EXTRACT(Properties, '$.PrivateIp') as private_ip, + JSON_EXTRACT(Properties, '$.Ipv6AddressCount') as ipv6_address_count, + JSON_EXTRACT(Properties, '$.LaunchTemplate') as launch_template, + JSON_EXTRACT(Properties, '$.EnclaveOptions') as enclave_options, + JSON_EXTRACT(Properties, '$.NetworkInterfaces') as network_interfaces, + JSON_EXTRACT(Properties, '$.ImageId') as image_id, + JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(Properties, '$.Monitoring') as monitoring, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AdditionalInfo') as additional_info, + JSON_EXTRACT(Properties, '$.HibernationOptions') as hibernation_options, + JSON_EXTRACT(Properties, '$.LicenseSpecifications') as license_specifications, + JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(Properties, '$.PublicIp') as public_ip, + JSON_EXTRACT(Properties, '$.InstanceInitiatedShutdownBehavior') as instance_initiated_shutdown_behavior, + JSON_EXTRACT(Properties, '$.CpuOptions') as cpu_options, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.PrivateDnsNameOptions') as private_dns_name_options, + JSON_EXTRACT(Properties, '$.HostId') as host_id, + JSON_EXTRACT(Properties, '$.HostResourceGroupArn') as host_resource_group_arn, + JSON_EXTRACT(Properties, '$.PublicDnsName') as public_dns_name, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.DisableApiTermination') as disable_api_termination, + JSON_EXTRACT(Properties, '$.KeyName') as key_name, + JSON_EXTRACT(Properties, '$.RamdiskId') as ramdisk_id, + JSON_EXTRACT(Properties, '$.SourceDestCheck') as source_dest_check, + JSON_EXTRACT(Properties, '$.PlacementGroupName') as placement_group_name, + JSON_EXTRACT(Properties, '$.SsmAssociations') as ssm_associations, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Affinity') as affinity, + JSON_EXTRACT(Properties, '$.CreditSpecification') as credit_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Instance' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Tenancy') as tenancy, + JSON_EXTRACT(detail.Properties, '$.SecurityGroups') as security_groups, + JSON_EXTRACT(detail.Properties, '$.PrivateDnsName') as private_dns_name, + JSON_EXTRACT(detail.Properties, '$.PrivateIpAddress') as private_ip_address, + JSON_EXTRACT(detail.Properties, '$.UserData') as user_data, + JSON_EXTRACT(detail.Properties, '$.BlockDeviceMappings') as block_device_mappings, + JSON_EXTRACT(detail.Properties, '$.IamInstanceProfile') as iam_instance_profile, + JSON_EXTRACT(detail.Properties, '$.Ipv6Addresses') as ipv6_addresses, + JSON_EXTRACT(detail.Properties, '$.KernelId') as kernel_id, + JSON_EXTRACT(detail.Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(detail.Properties, '$.EbsOptimized') as ebs_optimized, + JSON_EXTRACT(detail.Properties, '$.PropagateTagsToVolumeOnCreation') as propagate_tags_to_volume_on_creation, + JSON_EXTRACT(detail.Properties, '$.ElasticGpuSpecifications') as elastic_gpu_specifications, + JSON_EXTRACT(detail.Properties, '$.ElasticInferenceAccelerators') as elastic_inference_accelerators, + JSON_EXTRACT(detail.Properties, '$.Volumes') as volumes, + JSON_EXTRACT(detail.Properties, '$.PrivateIp') as private_ip, + JSON_EXTRACT(detail.Properties, '$.Ipv6AddressCount') as ipv6_address_count, + JSON_EXTRACT(detail.Properties, '$.LaunchTemplate') as launch_template, + JSON_EXTRACT(detail.Properties, '$.EnclaveOptions') as enclave_options, + JSON_EXTRACT(detail.Properties, '$.NetworkInterfaces') as network_interfaces, + JSON_EXTRACT(detail.Properties, '$.ImageId') as image_id, + JSON_EXTRACT(detail.Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(detail.Properties, '$.Monitoring') as monitoring, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.AdditionalInfo') as additional_info, + JSON_EXTRACT(detail.Properties, '$.HibernationOptions') as hibernation_options, + JSON_EXTRACT(detail.Properties, '$.LicenseSpecifications') as license_specifications, + JSON_EXTRACT(detail.Properties, '$.InstanceId') as instance_id, + JSON_EXTRACT(detail.Properties, '$.PublicIp') as public_ip, + JSON_EXTRACT(detail.Properties, '$.InstanceInitiatedShutdownBehavior') as instance_initiated_shutdown_behavior, + JSON_EXTRACT(detail.Properties, '$.CpuOptions') as cpu_options, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(detail.Properties, '$.PrivateDnsNameOptions') as private_dns_name_options, + JSON_EXTRACT(detail.Properties, '$.HostId') as host_id, + JSON_EXTRACT(detail.Properties, '$.HostResourceGroupArn') as host_resource_group_arn, + JSON_EXTRACT(detail.Properties, '$.PublicDnsName') as public_dns_name, + JSON_EXTRACT(detail.Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(detail.Properties, '$.DisableApiTermination') as disable_api_termination, + JSON_EXTRACT(detail.Properties, '$.KeyName') as key_name, + JSON_EXTRACT(detail.Properties, '$.RamdiskId') as ramdisk_id, + JSON_EXTRACT(detail.Properties, '$.SourceDestCheck') as source_dest_check, + JSON_EXTRACT(detail.Properties, '$.PlacementGroupName') as placement_group_name, + JSON_EXTRACT(detail.Properties, '$.SsmAssociations') as ssm_associations, + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.Affinity') as affinity, + JSON_EXTRACT(detail.Properties, '$.CreditSpecification') as credit_specification + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::EC2::Instance' + AND detail.data__TypeName = 'AWS::EC2::Instance' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Tenancy') as tenancy, + json_extract_path_text(Properties, 'SecurityGroups') as security_groups, + json_extract_path_text(Properties, 'PrivateDnsName') as private_dns_name, + json_extract_path_text(Properties, 'PrivateIpAddress') as private_ip_address, + json_extract_path_text(Properties, 'UserData') as user_data, + json_extract_path_text(Properties, 'BlockDeviceMappings') as block_device_mappings, + json_extract_path_text(Properties, 'IamInstanceProfile') as iam_instance_profile, + json_extract_path_text(Properties, 'Ipv6Addresses') as ipv6_addresses, + json_extract_path_text(Properties, 'KernelId') as kernel_id, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'EbsOptimized') as ebs_optimized, + json_extract_path_text(Properties, 'PropagateTagsToVolumeOnCreation') as propagate_tags_to_volume_on_creation, + json_extract_path_text(Properties, 'ElasticGpuSpecifications') as elastic_gpu_specifications, + json_extract_path_text(Properties, 'ElasticInferenceAccelerators') as elastic_inference_accelerators, + json_extract_path_text(Properties, 'Volumes') as volumes, + json_extract_path_text(Properties, 'PrivateIp') as private_ip, + json_extract_path_text(Properties, 'Ipv6AddressCount') as ipv6_address_count, + json_extract_path_text(Properties, 'LaunchTemplate') as launch_template, + json_extract_path_text(Properties, 'EnclaveOptions') as enclave_options, + json_extract_path_text(Properties, 'NetworkInterfaces') as network_interfaces, + json_extract_path_text(Properties, 'ImageId') as image_id, + json_extract_path_text(Properties, 'InstanceType') as instance_type, + json_extract_path_text(Properties, 'Monitoring') as monitoring, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AdditionalInfo') as additional_info, + json_extract_path_text(Properties, 'HibernationOptions') as hibernation_options, + json_extract_path_text(Properties, 'LicenseSpecifications') as license_specifications, + json_extract_path_text(Properties, 'InstanceId') as instance_id, + json_extract_path_text(Properties, 'PublicIp') as public_ip, + json_extract_path_text(Properties, 'InstanceInitiatedShutdownBehavior') as instance_initiated_shutdown_behavior, + json_extract_path_text(Properties, 'CpuOptions') as cpu_options, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'PrivateDnsNameOptions') as private_dns_name_options, + json_extract_path_text(Properties, 'HostId') as host_id, + json_extract_path_text(Properties, 'HostResourceGroupArn') as host_resource_group_arn, + json_extract_path_text(Properties, 'PublicDnsName') as public_dns_name, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'DisableApiTermination') as disable_api_termination, + json_extract_path_text(Properties, 'KeyName') as key_name, + json_extract_path_text(Properties, 'RamdiskId') as ramdisk_id, + json_extract_path_text(Properties, 'SourceDestCheck') as source_dest_check, + json_extract_path_text(Properties, 'PlacementGroupName') as placement_group_name, + json_extract_path_text(Properties, 'SsmAssociations') as ssm_associations, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Affinity') as affinity, + json_extract_path_text(Properties, 'CreditSpecification') as credit_specification + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Instance' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Tenancy') as tenancy, + json_extract_path_text(detail.Properties, 'SecurityGroups') as security_groups, + json_extract_path_text(detail.Properties, 'PrivateDnsName') as private_dns_name, + json_extract_path_text(detail.Properties, 'PrivateIpAddress') as private_ip_address, + json_extract_path_text(detail.Properties, 'UserData') as user_data, + json_extract_path_text(detail.Properties, 'BlockDeviceMappings') as block_device_mappings, + json_extract_path_text(detail.Properties, 'IamInstanceProfile') as iam_instance_profile, + json_extract_path_text(detail.Properties, 'Ipv6Addresses') as ipv6_addresses, + json_extract_path_text(detail.Properties, 'KernelId') as kernel_id, + json_extract_path_text(detail.Properties, 'SubnetId') as subnet_id, + json_extract_path_text(detail.Properties, 'EbsOptimized') as ebs_optimized, + json_extract_path_text(detail.Properties, 'PropagateTagsToVolumeOnCreation') as propagate_tags_to_volume_on_creation, + json_extract_path_text(detail.Properties, 'ElasticGpuSpecifications') as elastic_gpu_specifications, + json_extract_path_text(detail.Properties, 'ElasticInferenceAccelerators') as elastic_inference_accelerators, + json_extract_path_text(detail.Properties, 'Volumes') as volumes, + json_extract_path_text(detail.Properties, 'PrivateIp') as private_ip, + json_extract_path_text(detail.Properties, 'Ipv6AddressCount') as ipv6_address_count, + json_extract_path_text(detail.Properties, 'LaunchTemplate') as launch_template, + json_extract_path_text(detail.Properties, 'EnclaveOptions') as enclave_options, + json_extract_path_text(detail.Properties, 'NetworkInterfaces') as network_interfaces, + json_extract_path_text(detail.Properties, 'ImageId') as image_id, + json_extract_path_text(detail.Properties, 'InstanceType') as instance_type, + json_extract_path_text(detail.Properties, 'Monitoring') as monitoring, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'AdditionalInfo') as additional_info, + json_extract_path_text(detail.Properties, 'HibernationOptions') as hibernation_options, + json_extract_path_text(detail.Properties, 'LicenseSpecifications') as license_specifications, + json_extract_path_text(detail.Properties, 'InstanceId') as instance_id, + json_extract_path_text(detail.Properties, 'PublicIp') as public_ip, + json_extract_path_text(detail.Properties, 'InstanceInitiatedShutdownBehavior') as instance_initiated_shutdown_behavior, + json_extract_path_text(detail.Properties, 'CpuOptions') as cpu_options, + json_extract_path_text(detail.Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(detail.Properties, 'PrivateDnsNameOptions') as private_dns_name_options, + json_extract_path_text(detail.Properties, 'HostId') as host_id, + json_extract_path_text(detail.Properties, 'HostResourceGroupArn') as host_resource_group_arn, + json_extract_path_text(detail.Properties, 'PublicDnsName') as public_dns_name, + json_extract_path_text(detail.Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(detail.Properties, 'DisableApiTermination') as disable_api_termination, + json_extract_path_text(detail.Properties, 'KeyName') as key_name, + json_extract_path_text(detail.Properties, 'RamdiskId') as ramdisk_id, + json_extract_path_text(detail.Properties, 'SourceDestCheck') as source_dest_check, + json_extract_path_text(detail.Properties, 'PlacementGroupName') as placement_group_name, + json_extract_path_text(detail.Properties, 'SsmAssociations') as ssm_associations, + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'Affinity') as affinity, + json_extract_path_text(detail.Properties, 'CreditSpecification') as credit_specification + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::EC2::Instance' + AND detail.data__TypeName = 'AWS::EC2::Instance' + AND listing.region = 'us-east-1' capacity_reservations: name: capacity_reservations id: aws.ec2.capacity_reservations @@ -13806,7 +16673,8 @@ components: JSON_EXTRACT(Properties, '$.Id') as id, JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, JSON_EXTRACT(Properties, '$.EphemeralStorage') as ephemeral_storage, - JSON_EXTRACT(Properties, '$.InstanceMatchCriteria') as instance_match_criteria + JSON_EXTRACT(Properties, '$.InstanceMatchCriteria') as instance_match_criteria, + JSON_EXTRACT(Properties, '$.UnusedReservationBillingOwnerId') as unused_reservation_billing_owner_id FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::CapacityReservation' AND data__Identifier = '' AND region = 'us-east-1' @@ -13830,7 +16698,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.InstanceType') as instance_type, JSON_EXTRACT(detail.Properties, '$.EphemeralStorage') as ephemeral_storage, - JSON_EXTRACT(detail.Properties, '$.InstanceMatchCriteria') as instance_match_criteria + JSON_EXTRACT(detail.Properties, '$.InstanceMatchCriteria') as instance_match_criteria, + JSON_EXTRACT(detail.Properties, '$.UnusedReservationBillingOwnerId') as unused_reservation_billing_owner_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -13859,7 +16728,8 @@ components: json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'InstanceType') as instance_type, json_extract_path_text(Properties, 'EphemeralStorage') as ephemeral_storage, - json_extract_path_text(Properties, 'InstanceMatchCriteria') as instance_match_criteria + json_extract_path_text(Properties, 'InstanceMatchCriteria') as instance_match_criteria, + json_extract_path_text(Properties, 'UnusedReservationBillingOwnerId') as unused_reservation_billing_owner_id FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::CapacityReservation' AND data__Identifier = '' AND region = 'us-east-1' @@ -13883,7 +16753,8 @@ components: json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'InstanceType') as instance_type, json_extract_path_text(detail.Properties, 'EphemeralStorage') as ephemeral_storage, - json_extract_path_text(detail.Properties, 'InstanceMatchCriteria') as instance_match_criteria + json_extract_path_text(detail.Properties, 'InstanceMatchCriteria') as instance_match_criteria, + json_extract_path_text(detail.Properties, 'UnusedReservationBillingOwnerId') as unused_reservation_billing_owner_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -14794,19 +17665,19 @@ components: SELECT region, data__Identifier, + JSON_EXTRACT(Properties, '$.Context') as context, JSON_EXTRACT(Properties, '$.TargetCapacitySpecification') as target_capacity_specification, JSON_EXTRACT(Properties, '$.OnDemandOptions') as on_demand_options, - JSON_EXTRACT(Properties, '$.Type') as type, JSON_EXTRACT(Properties, '$.ExcessCapacityTerminationPolicy') as excess_capacity_termination_policy, JSON_EXTRACT(Properties, '$.TagSpecifications') as tag_specifications, JSON_EXTRACT(Properties, '$.SpotOptions') as spot_options, - JSON_EXTRACT(Properties, '$.ValidFrom') as valid_from, - JSON_EXTRACT(Properties, '$.ReplaceUnhealthyInstances') as replace_unhealthy_instances, JSON_EXTRACT(Properties, '$.LaunchTemplateConfigs') as launch_template_configs, - JSON_EXTRACT(Properties, '$.FleetId') as fleet_id, JSON_EXTRACT(Properties, '$.TerminateInstancesWithExpiration') as terminate_instances_with_expiration, JSON_EXTRACT(Properties, '$.ValidUntil') as valid_until, - JSON_EXTRACT(Properties, '$.Context') as context + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.FleetId') as fleet_id, + JSON_EXTRACT(Properties, '$.ValidFrom') as valid_from, + JSON_EXTRACT(Properties, '$.ReplaceUnhealthyInstances') as replace_unhealthy_instances FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EC2Fleet' AND data__Identifier = '' AND region = 'us-east-1' @@ -14815,19 +17686,19 @@ components: ddl: |- SELECT detail.region, + JSON_EXTRACT(detail.Properties, '$.Context') as context, JSON_EXTRACT(detail.Properties, '$.TargetCapacitySpecification') as target_capacity_specification, JSON_EXTRACT(detail.Properties, '$.OnDemandOptions') as on_demand_options, - JSON_EXTRACT(detail.Properties, '$.Type') as type, JSON_EXTRACT(detail.Properties, '$.ExcessCapacityTerminationPolicy') as excess_capacity_termination_policy, JSON_EXTRACT(detail.Properties, '$.TagSpecifications') as tag_specifications, JSON_EXTRACT(detail.Properties, '$.SpotOptions') as spot_options, - JSON_EXTRACT(detail.Properties, '$.ValidFrom') as valid_from, - JSON_EXTRACT(detail.Properties, '$.ReplaceUnhealthyInstances') as replace_unhealthy_instances, JSON_EXTRACT(detail.Properties, '$.LaunchTemplateConfigs') as launch_template_configs, - JSON_EXTRACT(detail.Properties, '$.FleetId') as fleet_id, JSON_EXTRACT(detail.Properties, '$.TerminateInstancesWithExpiration') as terminate_instances_with_expiration, JSON_EXTRACT(detail.Properties, '$.ValidUntil') as valid_until, - JSON_EXTRACT(detail.Properties, '$.Context') as context + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.FleetId') as fleet_id, + JSON_EXTRACT(detail.Properties, '$.ValidFrom') as valid_from, + JSON_EXTRACT(detail.Properties, '$.ReplaceUnhealthyInstances') as replace_unhealthy_instances FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -14841,19 +17712,19 @@ components: SELECT region, data__Identifier, + json_extract_path_text(Properties, 'Context') as context, json_extract_path_text(Properties, 'TargetCapacitySpecification') as target_capacity_specification, json_extract_path_text(Properties, 'OnDemandOptions') as on_demand_options, - json_extract_path_text(Properties, 'Type') as type, json_extract_path_text(Properties, 'ExcessCapacityTerminationPolicy') as excess_capacity_termination_policy, json_extract_path_text(Properties, 'TagSpecifications') as tag_specifications, json_extract_path_text(Properties, 'SpotOptions') as spot_options, - json_extract_path_text(Properties, 'ValidFrom') as valid_from, - json_extract_path_text(Properties, 'ReplaceUnhealthyInstances') as replace_unhealthy_instances, json_extract_path_text(Properties, 'LaunchTemplateConfigs') as launch_template_configs, - json_extract_path_text(Properties, 'FleetId') as fleet_id, json_extract_path_text(Properties, 'TerminateInstancesWithExpiration') as terminate_instances_with_expiration, json_extract_path_text(Properties, 'ValidUntil') as valid_until, - json_extract_path_text(Properties, 'Context') as context + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'FleetId') as fleet_id, + json_extract_path_text(Properties, 'ValidFrom') as valid_from, + json_extract_path_text(Properties, 'ReplaceUnhealthyInstances') as replace_unhealthy_instances FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EC2Fleet' AND data__Identifier = '' AND region = 'us-east-1' @@ -14862,19 +17733,19 @@ components: ddl: |- SELECT detail.region, + json_extract_path_text(detail.Properties, 'Context') as context, json_extract_path_text(detail.Properties, 'TargetCapacitySpecification') as target_capacity_specification, json_extract_path_text(detail.Properties, 'OnDemandOptions') as on_demand_options, - json_extract_path_text(detail.Properties, 'Type') as type, json_extract_path_text(detail.Properties, 'ExcessCapacityTerminationPolicy') as excess_capacity_termination_policy, json_extract_path_text(detail.Properties, 'TagSpecifications') as tag_specifications, json_extract_path_text(detail.Properties, 'SpotOptions') as spot_options, - json_extract_path_text(detail.Properties, 'ValidFrom') as valid_from, - json_extract_path_text(detail.Properties, 'ReplaceUnhealthyInstances') as replace_unhealthy_instances, json_extract_path_text(detail.Properties, 'LaunchTemplateConfigs') as launch_template_configs, - json_extract_path_text(detail.Properties, 'FleetId') as fleet_id, json_extract_path_text(detail.Properties, 'TerminateInstancesWithExpiration') as terminate_instances_with_expiration, json_extract_path_text(detail.Properties, 'ValidUntil') as valid_until, - json_extract_path_text(detail.Properties, 'Context') as context + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'FleetId') as fleet_id, + json_extract_path_text(detail.Properties, 'ValidFrom') as valid_from, + json_extract_path_text(detail.Properties, 'ReplaceUnhealthyInstances') as replace_unhealthy_instances FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -15109,6 +17980,8 @@ components: JSON_EXTRACT(Properties, '$.TransferAddress') as transfer_address, JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, JSON_EXTRACT(Properties, '$.PublicIpv4Pool') as public_ipv4_pool, + JSON_EXTRACT(Properties, '$.IpamPoolId') as ipam_pool_id, + JSON_EXTRACT(Properties, '$.Address') as address, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EIP' AND data__Identifier = '|' @@ -15125,6 +17998,8 @@ components: JSON_EXTRACT(detail.Properties, '$.TransferAddress') as transfer_address, JSON_EXTRACT(detail.Properties, '$.InstanceId') as instance_id, JSON_EXTRACT(detail.Properties, '$.PublicIpv4Pool') as public_ipv4_pool, + JSON_EXTRACT(detail.Properties, '$.IpamPoolId') as ipam_pool_id, + JSON_EXTRACT(detail.Properties, '$.Address') as address, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -15146,6 +18021,8 @@ components: json_extract_path_text(Properties, 'TransferAddress') as transfer_address, json_extract_path_text(Properties, 'InstanceId') as instance_id, json_extract_path_text(Properties, 'PublicIpv4Pool') as public_ipv4_pool, + json_extract_path_text(Properties, 'IpamPoolId') as ipam_pool_id, + json_extract_path_text(Properties, 'Address') as address, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::EIP' AND data__Identifier = '|' @@ -15162,6 +18039,8 @@ components: json_extract_path_text(detail.Properties, 'TransferAddress') as transfer_address, json_extract_path_text(detail.Properties, 'InstanceId') as instance_id, json_extract_path_text(detail.Properties, 'PublicIpv4Pool') as public_ipv4_pool, + json_extract_path_text(detail.Properties, 'IpamPoolId') as ipam_pool_id, + json_extract_path_text(detail.Properties, 'Address') as address, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -15230,7 +18109,9 @@ components: JSON_EXTRACT(detail.Properties, '$.NetworkBorderGroup') as network_border_group, JSON_EXTRACT(detail.Properties, '$.TransferAddress') as transfer_address, JSON_EXTRACT(detail.Properties, '$.InstanceId') as instance_id, - JSON_EXTRACT(detail.Properties, '$.PublicIpv4Pool') as public_ipv4_pool + JSON_EXTRACT(detail.Properties, '$.PublicIpv4Pool') as public_ipv4_pool, + JSON_EXTRACT(detail.Properties, '$.IpamPoolId') as ipam_pool_id, + JSON_EXTRACT(detail.Properties, '$.Address') as address FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -15252,7 +18133,9 @@ components: json_extract_path_text(detail.Properties, 'NetworkBorderGroup') as network_border_group, json_extract_path_text(detail.Properties, 'TransferAddress') as transfer_address, json_extract_path_text(detail.Properties, 'InstanceId') as instance_id, - json_extract_path_text(detail.Properties, 'PublicIpv4Pool') as public_ipv4_pool + json_extract_path_text(detail.Properties, 'PublicIpv4Pool') as public_ipv4_pool, + json_extract_path_text(detail.Properties, 'IpamPoolId') as ipam_pool_id, + json_extract_path_text(detail.Properties, 'Address') as address FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -16104,26 +18987,26 @@ components: data__Identifier, JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.PrivateIpAddress') as private_ip_address, + JSON_EXTRACT(Properties, '$.PrimaryIpv6Address') as primary_ipv6_address, JSON_EXTRACT(Properties, '$.PrivateIpAddresses') as private_ip_addresses, JSON_EXTRACT(Properties, '$.SecondaryPrivateIpAddressCount') as secondary_private_ip_address_count, + JSON_EXTRACT(Properties, '$.Ipv6PrefixCount') as ipv6_prefix_count, JSON_EXTRACT(Properties, '$.PrimaryPrivateIpAddress') as primary_private_ip_address, JSON_EXTRACT(Properties, '$.Ipv4Prefixes') as ipv4_prefixes, JSON_EXTRACT(Properties, '$.Ipv4PrefixCount') as ipv4_prefix_count, + JSON_EXTRACT(Properties, '$.EnablePrimaryIpv6') as enable_primary_ipv6, JSON_EXTRACT(Properties, '$.GroupSet') as group_set, JSON_EXTRACT(Properties, '$.Ipv6Addresses') as ipv6_addresses, JSON_EXTRACT(Properties, '$.Ipv6Prefixes') as ipv6_prefixes, - JSON_EXTRACT(Properties, '$.Ipv6PrefixCount') as ipv6_prefix_count, JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, JSON_EXTRACT(Properties, '$.SourceDestCheck') as source_dest_check, JSON_EXTRACT(Properties, '$.InterfaceType') as interface_type, JSON_EXTRACT(Properties, '$.SecondaryPrivateIpAddresses') as secondary_private_ip_addresses, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, JSON_EXTRACT(Properties, '$.Ipv6AddressCount') as ipv6_address_count, - JSON_EXTRACT(Properties, '$.EnablePrimaryIpv6') as enable_primary_ipv6, - JSON_EXTRACT(Properties, '$.PrimaryIpv6Address') as primary_ipv6_address, - JSON_EXTRACT(Properties, '$.ConnectionTrackingSpecification') as connection_tracking_specification, JSON_EXTRACT(Properties, '$.Id') as id, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + JSON_EXTRACT(Properties, '$.ConnectionTrackingSpecification') as connection_tracking_specification FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInterface' AND data__Identifier = '' AND region = 'us-east-1' @@ -16134,26 +19017,26 @@ components: detail.region, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.PrivateIpAddress') as private_ip_address, + JSON_EXTRACT(detail.Properties, '$.PrimaryIpv6Address') as primary_ipv6_address, JSON_EXTRACT(detail.Properties, '$.PrivateIpAddresses') as private_ip_addresses, JSON_EXTRACT(detail.Properties, '$.SecondaryPrivateIpAddressCount') as secondary_private_ip_address_count, + JSON_EXTRACT(detail.Properties, '$.Ipv6PrefixCount') as ipv6_prefix_count, JSON_EXTRACT(detail.Properties, '$.PrimaryPrivateIpAddress') as primary_private_ip_address, JSON_EXTRACT(detail.Properties, '$.Ipv4Prefixes') as ipv4_prefixes, JSON_EXTRACT(detail.Properties, '$.Ipv4PrefixCount') as ipv4_prefix_count, + JSON_EXTRACT(detail.Properties, '$.EnablePrimaryIpv6') as enable_primary_ipv6, JSON_EXTRACT(detail.Properties, '$.GroupSet') as group_set, JSON_EXTRACT(detail.Properties, '$.Ipv6Addresses') as ipv6_addresses, JSON_EXTRACT(detail.Properties, '$.Ipv6Prefixes') as ipv6_prefixes, - JSON_EXTRACT(detail.Properties, '$.Ipv6PrefixCount') as ipv6_prefix_count, JSON_EXTRACT(detail.Properties, '$.SubnetId') as subnet_id, JSON_EXTRACT(detail.Properties, '$.SourceDestCheck') as source_dest_check, JSON_EXTRACT(detail.Properties, '$.InterfaceType') as interface_type, JSON_EXTRACT(detail.Properties, '$.SecondaryPrivateIpAddresses') as secondary_private_ip_addresses, + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, JSON_EXTRACT(detail.Properties, '$.Ipv6AddressCount') as ipv6_address_count, - JSON_EXTRACT(detail.Properties, '$.EnablePrimaryIpv6') as enable_primary_ipv6, - JSON_EXTRACT(detail.Properties, '$.PrimaryIpv6Address') as primary_ipv6_address, - JSON_EXTRACT(detail.Properties, '$.ConnectionTrackingSpecification') as connection_tracking_specification, JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id + JSON_EXTRACT(detail.Properties, '$.ConnectionTrackingSpecification') as connection_tracking_specification FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -16169,26 +19052,26 @@ components: data__Identifier, json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'PrivateIpAddress') as private_ip_address, + json_extract_path_text(Properties, 'PrimaryIpv6Address') as primary_ipv6_address, json_extract_path_text(Properties, 'PrivateIpAddresses') as private_ip_addresses, json_extract_path_text(Properties, 'SecondaryPrivateIpAddressCount') as secondary_private_ip_address_count, + json_extract_path_text(Properties, 'Ipv6PrefixCount') as ipv6_prefix_count, json_extract_path_text(Properties, 'PrimaryPrivateIpAddress') as primary_private_ip_address, json_extract_path_text(Properties, 'Ipv4Prefixes') as ipv4_prefixes, json_extract_path_text(Properties, 'Ipv4PrefixCount') as ipv4_prefix_count, + json_extract_path_text(Properties, 'EnablePrimaryIpv6') as enable_primary_ipv6, json_extract_path_text(Properties, 'GroupSet') as group_set, json_extract_path_text(Properties, 'Ipv6Addresses') as ipv6_addresses, json_extract_path_text(Properties, 'Ipv6Prefixes') as ipv6_prefixes, - json_extract_path_text(Properties, 'Ipv6PrefixCount') as ipv6_prefix_count, json_extract_path_text(Properties, 'SubnetId') as subnet_id, json_extract_path_text(Properties, 'SourceDestCheck') as source_dest_check, json_extract_path_text(Properties, 'InterfaceType') as interface_type, json_extract_path_text(Properties, 'SecondaryPrivateIpAddresses') as secondary_private_ip_addresses, + json_extract_path_text(Properties, 'VpcId') as vpc_id, json_extract_path_text(Properties, 'Ipv6AddressCount') as ipv6_address_count, - json_extract_path_text(Properties, 'EnablePrimaryIpv6') as enable_primary_ipv6, - json_extract_path_text(Properties, 'PrimaryIpv6Address') as primary_ipv6_address, - json_extract_path_text(Properties, 'ConnectionTrackingSpecification') as connection_tracking_specification, json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'VpcId') as vpc_id + json_extract_path_text(Properties, 'ConnectionTrackingSpecification') as connection_tracking_specification FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkInterface' AND data__Identifier = '' AND region = 'us-east-1' @@ -16199,26 +19082,26 @@ components: detail.region, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'PrivateIpAddress') as private_ip_address, + json_extract_path_text(detail.Properties, 'PrimaryIpv6Address') as primary_ipv6_address, json_extract_path_text(detail.Properties, 'PrivateIpAddresses') as private_ip_addresses, json_extract_path_text(detail.Properties, 'SecondaryPrivateIpAddressCount') as secondary_private_ip_address_count, + json_extract_path_text(detail.Properties, 'Ipv6PrefixCount') as ipv6_prefix_count, json_extract_path_text(detail.Properties, 'PrimaryPrivateIpAddress') as primary_private_ip_address, json_extract_path_text(detail.Properties, 'Ipv4Prefixes') as ipv4_prefixes, json_extract_path_text(detail.Properties, 'Ipv4PrefixCount') as ipv4_prefix_count, + json_extract_path_text(detail.Properties, 'EnablePrimaryIpv6') as enable_primary_ipv6, json_extract_path_text(detail.Properties, 'GroupSet') as group_set, json_extract_path_text(detail.Properties, 'Ipv6Addresses') as ipv6_addresses, json_extract_path_text(detail.Properties, 'Ipv6Prefixes') as ipv6_prefixes, - json_extract_path_text(detail.Properties, 'Ipv6PrefixCount') as ipv6_prefix_count, json_extract_path_text(detail.Properties, 'SubnetId') as subnet_id, json_extract_path_text(detail.Properties, 'SourceDestCheck') as source_dest_check, json_extract_path_text(detail.Properties, 'InterfaceType') as interface_type, json_extract_path_text(detail.Properties, 'SecondaryPrivateIpAddresses') as secondary_private_ip_addresses, + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, json_extract_path_text(detail.Properties, 'Ipv6AddressCount') as ipv6_address_count, - json_extract_path_text(detail.Properties, 'EnablePrimaryIpv6') as enable_primary_ipv6, - json_extract_path_text(detail.Properties, 'PrimaryIpv6Address') as primary_ipv6_address, - json_extract_path_text(detail.Properties, 'ConnectionTrackingSpecification') as connection_tracking_specification, json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'VpcId') as vpc_id + json_extract_path_text(detail.Properties, 'ConnectionTrackingSpecification') as connection_tracking_specification FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -16279,25 +19162,25 @@ components: JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.PrivateIpAddress') as private_ip_address, + JSON_EXTRACT(detail.Properties, '$.PrimaryIpv6Address') as primary_ipv6_address, JSON_EXTRACT(detail.Properties, '$.PrivateIpAddresses') as private_ip_addresses, JSON_EXTRACT(detail.Properties, '$.SecondaryPrivateIpAddressCount') as secondary_private_ip_address_count, + JSON_EXTRACT(detail.Properties, '$.Ipv6PrefixCount') as ipv6_prefix_count, JSON_EXTRACT(detail.Properties, '$.PrimaryPrivateIpAddress') as primary_private_ip_address, JSON_EXTRACT(detail.Properties, '$.Ipv4Prefixes') as ipv4_prefixes, JSON_EXTRACT(detail.Properties, '$.Ipv4PrefixCount') as ipv4_prefix_count, + JSON_EXTRACT(detail.Properties, '$.EnablePrimaryIpv6') as enable_primary_ipv6, JSON_EXTRACT(detail.Properties, '$.GroupSet') as group_set, JSON_EXTRACT(detail.Properties, '$.Ipv6Addresses') as ipv6_addresses, JSON_EXTRACT(detail.Properties, '$.Ipv6Prefixes') as ipv6_prefixes, - JSON_EXTRACT(detail.Properties, '$.Ipv6PrefixCount') as ipv6_prefix_count, JSON_EXTRACT(detail.Properties, '$.SubnetId') as subnet_id, JSON_EXTRACT(detail.Properties, '$.SourceDestCheck') as source_dest_check, JSON_EXTRACT(detail.Properties, '$.InterfaceType') as interface_type, JSON_EXTRACT(detail.Properties, '$.SecondaryPrivateIpAddresses') as secondary_private_ip_addresses, + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, JSON_EXTRACT(detail.Properties, '$.Ipv6AddressCount') as ipv6_address_count, - JSON_EXTRACT(detail.Properties, '$.EnablePrimaryIpv6') as enable_primary_ipv6, - JSON_EXTRACT(detail.Properties, '$.PrimaryIpv6Address') as primary_ipv6_address, - JSON_EXTRACT(detail.Properties, '$.ConnectionTrackingSpecification') as connection_tracking_specification, JSON_EXTRACT(detail.Properties, '$.Id') as id, - JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id + JSON_EXTRACT(detail.Properties, '$.ConnectionTrackingSpecification') as connection_tracking_specification FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -16315,25 +19198,25 @@ components: json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'PrivateIpAddress') as private_ip_address, + json_extract_path_text(detail.Properties, 'PrimaryIpv6Address') as primary_ipv6_address, json_extract_path_text(detail.Properties, 'PrivateIpAddresses') as private_ip_addresses, json_extract_path_text(detail.Properties, 'SecondaryPrivateIpAddressCount') as secondary_private_ip_address_count, + json_extract_path_text(detail.Properties, 'Ipv6PrefixCount') as ipv6_prefix_count, json_extract_path_text(detail.Properties, 'PrimaryPrivateIpAddress') as primary_private_ip_address, json_extract_path_text(detail.Properties, 'Ipv4Prefixes') as ipv4_prefixes, json_extract_path_text(detail.Properties, 'Ipv4PrefixCount') as ipv4_prefix_count, + json_extract_path_text(detail.Properties, 'EnablePrimaryIpv6') as enable_primary_ipv6, json_extract_path_text(detail.Properties, 'GroupSet') as group_set, json_extract_path_text(detail.Properties, 'Ipv6Addresses') as ipv6_addresses, json_extract_path_text(detail.Properties, 'Ipv6Prefixes') as ipv6_prefixes, - json_extract_path_text(detail.Properties, 'Ipv6PrefixCount') as ipv6_prefix_count, json_extract_path_text(detail.Properties, 'SubnetId') as subnet_id, json_extract_path_text(detail.Properties, 'SourceDestCheck') as source_dest_check, json_extract_path_text(detail.Properties, 'InterfaceType') as interface_type, json_extract_path_text(detail.Properties, 'SecondaryPrivateIpAddresses') as secondary_private_ip_addresses, + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, json_extract_path_text(detail.Properties, 'Ipv6AddressCount') as ipv6_address_count, - json_extract_path_text(detail.Properties, 'EnablePrimaryIpv6') as enable_primary_ipv6, - json_extract_path_text(detail.Properties, 'PrimaryIpv6Address') as primary_ipv6_address, - json_extract_path_text(detail.Properties, 'ConnectionTrackingSpecification') as connection_tracking_specification, json_extract_path_text(detail.Properties, 'Id') as id, - json_extract_path_text(detail.Properties, 'VpcId') as vpc_id + json_extract_path_text(detail.Properties, 'ConnectionTrackingSpecification') as connection_tracking_specification FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -16415,8 +19298,8 @@ components: JSON_EXTRACT(Properties, '$.Throughput') as throughput, JSON_EXTRACT(Properties, '$.Iops') as iops, JSON_EXTRACT(Properties, '$.SnapshotId') as snapshot_id, - JSON_EXTRACT(Properties, '$.VolumeType') as volume_type, JSON_EXTRACT(Properties, '$.VolumeId') as volume_id, + JSON_EXTRACT(Properties, '$.VolumeType') as volume_type, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Volume' AND data__Identifier = '' @@ -16436,8 +19319,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Throughput') as throughput, JSON_EXTRACT(detail.Properties, '$.Iops') as iops, JSON_EXTRACT(detail.Properties, '$.SnapshotId') as snapshot_id, - JSON_EXTRACT(detail.Properties, '$.VolumeType') as volume_type, JSON_EXTRACT(detail.Properties, '$.VolumeId') as volume_id, + JSON_EXTRACT(detail.Properties, '$.VolumeType') as volume_type, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -16462,8 +19345,8 @@ components: json_extract_path_text(Properties, 'Throughput') as throughput, json_extract_path_text(Properties, 'Iops') as iops, json_extract_path_text(Properties, 'SnapshotId') as snapshot_id, - json_extract_path_text(Properties, 'VolumeType') as volume_type, json_extract_path_text(Properties, 'VolumeId') as volume_id, + json_extract_path_text(Properties, 'VolumeType') as volume_type, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Volume' AND data__Identifier = '' @@ -16483,8 +19366,8 @@ components: json_extract_path_text(detail.Properties, 'Throughput') as throughput, json_extract_path_text(detail.Properties, 'Iops') as iops, json_extract_path_text(detail.Properties, 'SnapshotId') as snapshot_id, - json_extract_path_text(detail.Properties, 'VolumeType') as volume_type, json_extract_path_text(detail.Properties, 'VolumeId') as volume_id, + json_extract_path_text(detail.Properties, 'VolumeType') as volume_type, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -16554,8 +19437,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Throughput') as throughput, JSON_EXTRACT(detail.Properties, '$.Iops') as iops, JSON_EXTRACT(detail.Properties, '$.SnapshotId') as snapshot_id, - JSON_EXTRACT(detail.Properties, '$.VolumeType') as volume_type, - JSON_EXTRACT(detail.Properties, '$.VolumeId') as volume_id + JSON_EXTRACT(detail.Properties, '$.VolumeId') as volume_id, + JSON_EXTRACT(detail.Properties, '$.VolumeType') as volume_type FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -16581,8 +19464,8 @@ components: json_extract_path_text(detail.Properties, 'Throughput') as throughput, json_extract_path_text(detail.Properties, 'Iops') as iops, json_extract_path_text(detail.Properties, 'SnapshotId') as snapshot_id, - json_extract_path_text(detail.Properties, 'VolumeType') as volume_type, - json_extract_path_text(detail.Properties, 'VolumeId') as volume_id + json_extract_path_text(detail.Properties, 'VolumeId') as volume_id, + json_extract_path_text(detail.Properties, 'VolumeType') as volume_type FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -16591,293 +19474,6 @@ components: WHERE listing.data__TypeName = 'AWS::EC2::Volume' AND detail.data__TypeName = 'AWS::EC2::Volume' AND listing.region = 'us-east-1' - instances: - name: instances - id: aws.ec2.instances - x-cfn-schema-name: Instance - x-cfn-type-name: AWS::EC2::Instance - x-identifiers: - - InstanceId - x-type: cloud_control - methods: - create_resource: - config: - requestBodyTranslate: - algorithm: naive_DesiredState - operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Instance&__detailTransformed=true/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::EC2::Instance" - } - response: - mediaType: application/json - openAPIDocKey: '200' - update_resource: - operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::EC2::Instance" - } - response: - mediaType: application/json - openAPIDocKey: '200' - delete_resource: - operation: - $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::EC2::Instance" - } - response: - mediaType: application/json - openAPIDocKey: '200' - sqlVerbs: - insert: - - $ref: '#/components/x-stackQL-resources/instances/methods/create_resource' - delete: - - $ref: '#/components/x-stackQL-resources/instances/methods/delete_resource' - update: - - $ref: '#/components/x-stackQL-resources/instances/methods/update_resource' - config: - views: - select: - predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - JSON_EXTRACT(Properties, '$.Tenancy') as tenancy, - JSON_EXTRACT(Properties, '$.SecurityGroups') as security_groups, - JSON_EXTRACT(Properties, '$.PrivateDnsName') as private_dns_name, - JSON_EXTRACT(Properties, '$.PrivateIpAddress') as private_ip_address, - JSON_EXTRACT(Properties, '$.UserData') as user_data, - JSON_EXTRACT(Properties, '$.BlockDeviceMappings') as block_device_mappings, - JSON_EXTRACT(Properties, '$.IamInstanceProfile') as iam_instance_profile, - JSON_EXTRACT(Properties, '$.Ipv6Addresses') as ipv6_addresses, - JSON_EXTRACT(Properties, '$.KernelId') as kernel_id, - JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, - JSON_EXTRACT(Properties, '$.EbsOptimized') as ebs_optimized, - JSON_EXTRACT(Properties, '$.PropagateTagsToVolumeOnCreation') as propagate_tags_to_volume_on_creation, - JSON_EXTRACT(Properties, '$.ElasticGpuSpecifications') as elastic_gpu_specifications, - JSON_EXTRACT(Properties, '$.ElasticInferenceAccelerators') as elastic_inference_accelerators, - JSON_EXTRACT(Properties, '$.Volumes') as volumes, - JSON_EXTRACT(Properties, '$.PrivateIp') as private_ip, - JSON_EXTRACT(Properties, '$.Ipv6AddressCount') as ipv6_address_count, - JSON_EXTRACT(Properties, '$.LaunchTemplate') as launch_template, - JSON_EXTRACT(Properties, '$.EnclaveOptions') as enclave_options, - JSON_EXTRACT(Properties, '$.NetworkInterfaces') as network_interfaces, - JSON_EXTRACT(Properties, '$.ImageId') as image_id, - JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, - JSON_EXTRACT(Properties, '$.Monitoring') as monitoring, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.AdditionalInfo') as additional_info, - JSON_EXTRACT(Properties, '$.HibernationOptions') as hibernation_options, - JSON_EXTRACT(Properties, '$.LicenseSpecifications') as license_specifications, - JSON_EXTRACT(Properties, '$.InstanceId') as instance_id, - JSON_EXTRACT(Properties, '$.PublicIp') as public_ip, - JSON_EXTRACT(Properties, '$.InstanceInitiatedShutdownBehavior') as instance_initiated_shutdown_behavior, - JSON_EXTRACT(Properties, '$.CpuOptions') as cpu_options, - JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, - JSON_EXTRACT(Properties, '$.PrivateDnsNameOptions') as private_dns_name_options, - JSON_EXTRACT(Properties, '$.HostId') as host_id, - JSON_EXTRACT(Properties, '$.HostResourceGroupArn') as host_resource_group_arn, - JSON_EXTRACT(Properties, '$.PublicDnsName') as public_dns_name, - JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, - JSON_EXTRACT(Properties, '$.DisableApiTermination') as disable_api_termination, - JSON_EXTRACT(Properties, '$.KeyName') as key_name, - JSON_EXTRACT(Properties, '$.RamdiskId') as ramdisk_id, - JSON_EXTRACT(Properties, '$.SourceDestCheck') as source_dest_check, - JSON_EXTRACT(Properties, '$.PlacementGroupName') as placement_group_name, - JSON_EXTRACT(Properties, '$.SsmAssociations') as ssm_associations, - JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, - JSON_EXTRACT(Properties, '$.State') as state, - JSON_EXTRACT(Properties, '$.Affinity') as affinity, - JSON_EXTRACT(Properties, '$.CreditSpecification') as credit_specification - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Instance' - AND data__Identifier = '' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - detail.region, - JSON_EXTRACT(detail.Properties, '$.Tenancy') as tenancy, - JSON_EXTRACT(detail.Properties, '$.SecurityGroups') as security_groups, - JSON_EXTRACT(detail.Properties, '$.PrivateDnsName') as private_dns_name, - JSON_EXTRACT(detail.Properties, '$.PrivateIpAddress') as private_ip_address, - JSON_EXTRACT(detail.Properties, '$.UserData') as user_data, - JSON_EXTRACT(detail.Properties, '$.BlockDeviceMappings') as block_device_mappings, - JSON_EXTRACT(detail.Properties, '$.IamInstanceProfile') as iam_instance_profile, - JSON_EXTRACT(detail.Properties, '$.Ipv6Addresses') as ipv6_addresses, - JSON_EXTRACT(detail.Properties, '$.KernelId') as kernel_id, - JSON_EXTRACT(detail.Properties, '$.SubnetId') as subnet_id, - JSON_EXTRACT(detail.Properties, '$.EbsOptimized') as ebs_optimized, - JSON_EXTRACT(detail.Properties, '$.PropagateTagsToVolumeOnCreation') as propagate_tags_to_volume_on_creation, - JSON_EXTRACT(detail.Properties, '$.ElasticGpuSpecifications') as elastic_gpu_specifications, - JSON_EXTRACT(detail.Properties, '$.ElasticInferenceAccelerators') as elastic_inference_accelerators, - JSON_EXTRACT(detail.Properties, '$.Volumes') as volumes, - JSON_EXTRACT(detail.Properties, '$.PrivateIp') as private_ip, - JSON_EXTRACT(detail.Properties, '$.Ipv6AddressCount') as ipv6_address_count, - JSON_EXTRACT(detail.Properties, '$.LaunchTemplate') as launch_template, - JSON_EXTRACT(detail.Properties, '$.EnclaveOptions') as enclave_options, - JSON_EXTRACT(detail.Properties, '$.NetworkInterfaces') as network_interfaces, - JSON_EXTRACT(detail.Properties, '$.ImageId') as image_id, - JSON_EXTRACT(detail.Properties, '$.InstanceType') as instance_type, - JSON_EXTRACT(detail.Properties, '$.Monitoring') as monitoring, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.AdditionalInfo') as additional_info, - JSON_EXTRACT(detail.Properties, '$.HibernationOptions') as hibernation_options, - JSON_EXTRACT(detail.Properties, '$.LicenseSpecifications') as license_specifications, - JSON_EXTRACT(detail.Properties, '$.InstanceId') as instance_id, - JSON_EXTRACT(detail.Properties, '$.PublicIp') as public_ip, - JSON_EXTRACT(detail.Properties, '$.InstanceInitiatedShutdownBehavior') as instance_initiated_shutdown_behavior, - JSON_EXTRACT(detail.Properties, '$.CpuOptions') as cpu_options, - JSON_EXTRACT(detail.Properties, '$.AvailabilityZone') as availability_zone, - JSON_EXTRACT(detail.Properties, '$.PrivateDnsNameOptions') as private_dns_name_options, - JSON_EXTRACT(detail.Properties, '$.HostId') as host_id, - JSON_EXTRACT(detail.Properties, '$.HostResourceGroupArn') as host_resource_group_arn, - JSON_EXTRACT(detail.Properties, '$.PublicDnsName') as public_dns_name, - JSON_EXTRACT(detail.Properties, '$.SecurityGroupIds') as security_group_ids, - JSON_EXTRACT(detail.Properties, '$.DisableApiTermination') as disable_api_termination, - JSON_EXTRACT(detail.Properties, '$.KeyName') as key_name, - JSON_EXTRACT(detail.Properties, '$.RamdiskId') as ramdisk_id, - JSON_EXTRACT(detail.Properties, '$.SourceDestCheck') as source_dest_check, - JSON_EXTRACT(detail.Properties, '$.PlacementGroupName') as placement_group_name, - JSON_EXTRACT(detail.Properties, '$.SsmAssociations') as ssm_associations, - JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, - JSON_EXTRACT(detail.Properties, '$.State') as state, - JSON_EXTRACT(detail.Properties, '$.Affinity') as affinity, - JSON_EXTRACT(detail.Properties, '$.CreditSpecification') as credit_specification - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::EC2::Instance' - AND detail.data__TypeName = 'AWS::EC2::Instance' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - json_extract_path_text(Properties, 'Tenancy') as tenancy, - json_extract_path_text(Properties, 'SecurityGroups') as security_groups, - json_extract_path_text(Properties, 'PrivateDnsName') as private_dns_name, - json_extract_path_text(Properties, 'PrivateIpAddress') as private_ip_address, - json_extract_path_text(Properties, 'UserData') as user_data, - json_extract_path_text(Properties, 'BlockDeviceMappings') as block_device_mappings, - json_extract_path_text(Properties, 'IamInstanceProfile') as iam_instance_profile, - json_extract_path_text(Properties, 'Ipv6Addresses') as ipv6_addresses, - json_extract_path_text(Properties, 'KernelId') as kernel_id, - json_extract_path_text(Properties, 'SubnetId') as subnet_id, - json_extract_path_text(Properties, 'EbsOptimized') as ebs_optimized, - json_extract_path_text(Properties, 'PropagateTagsToVolumeOnCreation') as propagate_tags_to_volume_on_creation, - json_extract_path_text(Properties, 'ElasticGpuSpecifications') as elastic_gpu_specifications, - json_extract_path_text(Properties, 'ElasticInferenceAccelerators') as elastic_inference_accelerators, - json_extract_path_text(Properties, 'Volumes') as volumes, - json_extract_path_text(Properties, 'PrivateIp') as private_ip, - json_extract_path_text(Properties, 'Ipv6AddressCount') as ipv6_address_count, - json_extract_path_text(Properties, 'LaunchTemplate') as launch_template, - json_extract_path_text(Properties, 'EnclaveOptions') as enclave_options, - json_extract_path_text(Properties, 'NetworkInterfaces') as network_interfaces, - json_extract_path_text(Properties, 'ImageId') as image_id, - json_extract_path_text(Properties, 'InstanceType') as instance_type, - json_extract_path_text(Properties, 'Monitoring') as monitoring, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'AdditionalInfo') as additional_info, - json_extract_path_text(Properties, 'HibernationOptions') as hibernation_options, - json_extract_path_text(Properties, 'LicenseSpecifications') as license_specifications, - json_extract_path_text(Properties, 'InstanceId') as instance_id, - json_extract_path_text(Properties, 'PublicIp') as public_ip, - json_extract_path_text(Properties, 'InstanceInitiatedShutdownBehavior') as instance_initiated_shutdown_behavior, - json_extract_path_text(Properties, 'CpuOptions') as cpu_options, - json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, - json_extract_path_text(Properties, 'PrivateDnsNameOptions') as private_dns_name_options, - json_extract_path_text(Properties, 'HostId') as host_id, - json_extract_path_text(Properties, 'HostResourceGroupArn') as host_resource_group_arn, - json_extract_path_text(Properties, 'PublicDnsName') as public_dns_name, - json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, - json_extract_path_text(Properties, 'DisableApiTermination') as disable_api_termination, - json_extract_path_text(Properties, 'KeyName') as key_name, - json_extract_path_text(Properties, 'RamdiskId') as ramdisk_id, - json_extract_path_text(Properties, 'SourceDestCheck') as source_dest_check, - json_extract_path_text(Properties, 'PlacementGroupName') as placement_group_name, - json_extract_path_text(Properties, 'SsmAssociations') as ssm_associations, - json_extract_path_text(Properties, 'VpcId') as vpc_id, - json_extract_path_text(Properties, 'State') as state, - json_extract_path_text(Properties, 'Affinity') as affinity, - json_extract_path_text(Properties, 'CreditSpecification') as credit_specification - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::Instance' - AND data__Identifier = '' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(detail.Properties, 'Tenancy') as tenancy, - json_extract_path_text(detail.Properties, 'SecurityGroups') as security_groups, - json_extract_path_text(detail.Properties, 'PrivateDnsName') as private_dns_name, - json_extract_path_text(detail.Properties, 'PrivateIpAddress') as private_ip_address, - json_extract_path_text(detail.Properties, 'UserData') as user_data, - json_extract_path_text(detail.Properties, 'BlockDeviceMappings') as block_device_mappings, - json_extract_path_text(detail.Properties, 'IamInstanceProfile') as iam_instance_profile, - json_extract_path_text(detail.Properties, 'Ipv6Addresses') as ipv6_addresses, - json_extract_path_text(detail.Properties, 'KernelId') as kernel_id, - json_extract_path_text(detail.Properties, 'SubnetId') as subnet_id, - json_extract_path_text(detail.Properties, 'EbsOptimized') as ebs_optimized, - json_extract_path_text(detail.Properties, 'PropagateTagsToVolumeOnCreation') as propagate_tags_to_volume_on_creation, - json_extract_path_text(detail.Properties, 'ElasticGpuSpecifications') as elastic_gpu_specifications, - json_extract_path_text(detail.Properties, 'ElasticInferenceAccelerators') as elastic_inference_accelerators, - json_extract_path_text(detail.Properties, 'Volumes') as volumes, - json_extract_path_text(detail.Properties, 'PrivateIp') as private_ip, - json_extract_path_text(detail.Properties, 'Ipv6AddressCount') as ipv6_address_count, - json_extract_path_text(detail.Properties, 'LaunchTemplate') as launch_template, - json_extract_path_text(detail.Properties, 'EnclaveOptions') as enclave_options, - json_extract_path_text(detail.Properties, 'NetworkInterfaces') as network_interfaces, - json_extract_path_text(detail.Properties, 'ImageId') as image_id, - json_extract_path_text(detail.Properties, 'InstanceType') as instance_type, - json_extract_path_text(detail.Properties, 'Monitoring') as monitoring, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'AdditionalInfo') as additional_info, - json_extract_path_text(detail.Properties, 'HibernationOptions') as hibernation_options, - json_extract_path_text(detail.Properties, 'LicenseSpecifications') as license_specifications, - json_extract_path_text(detail.Properties, 'InstanceId') as instance_id, - json_extract_path_text(detail.Properties, 'PublicIp') as public_ip, - json_extract_path_text(detail.Properties, 'InstanceInitiatedShutdownBehavior') as instance_initiated_shutdown_behavior, - json_extract_path_text(detail.Properties, 'CpuOptions') as cpu_options, - json_extract_path_text(detail.Properties, 'AvailabilityZone') as availability_zone, - json_extract_path_text(detail.Properties, 'PrivateDnsNameOptions') as private_dns_name_options, - json_extract_path_text(detail.Properties, 'HostId') as host_id, - json_extract_path_text(detail.Properties, 'HostResourceGroupArn') as host_resource_group_arn, - json_extract_path_text(detail.Properties, 'PublicDnsName') as public_dns_name, - json_extract_path_text(detail.Properties, 'SecurityGroupIds') as security_group_ids, - json_extract_path_text(detail.Properties, 'DisableApiTermination') as disable_api_termination, - json_extract_path_text(detail.Properties, 'KeyName') as key_name, - json_extract_path_text(detail.Properties, 'RamdiskId') as ramdisk_id, - json_extract_path_text(detail.Properties, 'SourceDestCheck') as source_dest_check, - json_extract_path_text(detail.Properties, 'PlacementGroupName') as placement_group_name, - json_extract_path_text(detail.Properties, 'SsmAssociations') as ssm_associations, - json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, - json_extract_path_text(detail.Properties, 'State') as state, - json_extract_path_text(detail.Properties, 'Affinity') as affinity, - json_extract_path_text(detail.Properties, 'CreditSpecification') as credit_specification - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::EC2::Instance' - AND detail.data__TypeName = 'AWS::EC2::Instance' - AND listing.region = 'us-east-1' instances_list_only: name: instances_list_only id: aws.ec2.instances_list_only @@ -17508,6 +20104,7 @@ components: JSON_EXTRACT(Properties, '$.ScopeCount') as scope_count, JSON_EXTRACT(Properties, '$.OperatingRegions') as operating_regions, JSON_EXTRACT(Properties, '$.Tier') as tier, + JSON_EXTRACT(Properties, '$.EnablePrivateGua') as enable_private_gua, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAM' AND data__Identifier = '' @@ -17528,6 +20125,7 @@ components: JSON_EXTRACT(detail.Properties, '$.ScopeCount') as scope_count, JSON_EXTRACT(detail.Properties, '$.OperatingRegions') as operating_regions, JSON_EXTRACT(detail.Properties, '$.Tier') as tier, + JSON_EXTRACT(detail.Properties, '$.EnablePrivateGua') as enable_private_gua, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -17553,6 +20151,7 @@ components: json_extract_path_text(Properties, 'ScopeCount') as scope_count, json_extract_path_text(Properties, 'OperatingRegions') as operating_regions, json_extract_path_text(Properties, 'Tier') as tier, + json_extract_path_text(Properties, 'EnablePrivateGua') as enable_private_gua, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::IPAM' AND data__Identifier = '' @@ -17573,6 +20172,7 @@ components: json_extract_path_text(detail.Properties, 'ScopeCount') as scope_count, json_extract_path_text(detail.Properties, 'OperatingRegions') as operating_regions, json_extract_path_text(detail.Properties, 'Tier') as tier, + json_extract_path_text(detail.Properties, 'EnablePrivateGua') as enable_private_gua, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -17642,7 +20242,8 @@ components: JSON_EXTRACT(detail.Properties, '$.PrivateDefaultScopeId') as private_default_scope_id, JSON_EXTRACT(detail.Properties, '$.ScopeCount') as scope_count, JSON_EXTRACT(detail.Properties, '$.OperatingRegions') as operating_regions, - JSON_EXTRACT(detail.Properties, '$.Tier') as tier + JSON_EXTRACT(detail.Properties, '$.Tier') as tier, + JSON_EXTRACT(detail.Properties, '$.EnablePrivateGua') as enable_private_gua FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -17668,7 +20269,8 @@ components: json_extract_path_text(detail.Properties, 'PrivateDefaultScopeId') as private_default_scope_id, json_extract_path_text(detail.Properties, 'ScopeCount') as scope_count, json_extract_path_text(detail.Properties, 'OperatingRegions') as operating_regions, - json_extract_path_text(detail.Properties, 'Tier') as tier + json_extract_path_text(detail.Properties, 'Tier') as tier, + json_extract_path_text(detail.Properties, 'EnablePrivateGua') as enable_private_gua FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -20420,9 +23022,9 @@ components: SELECT region, data__Identifier, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, JSON_EXTRACT(Properties, '$.Id') as id, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkAcl' AND data__Identifier = '' AND region = 'us-east-1' @@ -20431,9 +23033,9 @@ components: ddl: |- SELECT detail.region, + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, JSON_EXTRACT(detail.Properties, '$.Id') as id, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -20447,9 +23049,9 @@ components: SELECT region, data__Identifier, + json_extract_path_text(Properties, 'VpcId') as vpc_id, json_extract_path_text(Properties, 'Id') as id, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'VpcId') as vpc_id + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::NetworkAcl' AND data__Identifier = '' AND region = 'us-east-1' @@ -20458,9 +23060,9 @@ components: ddl: |- SELECT detail.region, + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, json_extract_path_text(detail.Properties, 'Id') as id, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'VpcId') as vpc_id + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -20519,8 +23121,8 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Id') as id, - JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(detail.Properties, '$.Id') as id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -20536,8 +23138,8 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Id') as id, - json_extract_path_text(detail.Properties, 'VpcId') as vpc_id + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, + json_extract_path_text(detail.Properties, 'Id') as id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -22480,8 +25082,8 @@ components: region, data__Identifier, JSON_EXTRACT(Properties, '$.RouteTableId') as route_table_id, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::RouteTable' AND data__Identifier = '' AND region = 'us-east-1' @@ -22491,8 +25093,8 @@ components: SELECT detail.region, JSON_EXTRACT(detail.Properties, '$.RouteTableId') as route_table_id, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -22507,8 +25109,8 @@ components: region, data__Identifier, json_extract_path_text(Properties, 'RouteTableId') as route_table_id, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'VpcId') as vpc_id + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::RouteTable' AND data__Identifier = '' AND region = 'us-east-1' @@ -22518,8 +25120,8 @@ components: SELECT detail.region, json_extract_path_text(detail.Properties, 'RouteTableId') as route_table_id, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'VpcId') as vpc_id + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -23176,6 +25778,147 @@ components: json_extract_path_text(Properties, 'Id') as id FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SecurityGroupIngress' AND region = 'us-east-1' + security_group_vpc_associations: + name: security_group_vpc_associations + id: aws.ec2.security_group_vpc_associations + x-cfn-schema-name: SecurityGroupVpcAssociation + x-cfn-type-name: AWS::EC2::SecurityGroupVpcAssociation + x-identifiers: + - GroupId + - VpcId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__SecurityGroupVpcAssociation&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::EC2::SecurityGroupVpcAssociation" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::EC2::SecurityGroupVpcAssociation" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/security_group_vpc_associations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/security_group_vpc_associations/methods/delete_resource' + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.GroupId') as group_id, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.VpcOwnerId') as vpc_owner_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.StateReason') as state_reason + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SecurityGroupVpcAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.GroupId') as group_id, + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(detail.Properties, '$.VpcOwnerId') as vpc_owner_id, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.StateReason') as state_reason + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::EC2::SecurityGroupVpcAssociation' + AND detail.data__TypeName = 'AWS::EC2::SecurityGroupVpcAssociation' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'GroupId') as group_id, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'VpcOwnerId') as vpc_owner_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'StateReason') as state_reason + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SecurityGroupVpcAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'GroupId') as group_id, + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, + json_extract_path_text(detail.Properties, 'VpcOwnerId') as vpc_owner_id, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'StateReason') as state_reason + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::EC2::SecurityGroupVpcAssociation' + AND detail.data__TypeName = 'AWS::EC2::SecurityGroupVpcAssociation' + AND listing.region = 'us-east-1' + security_group_vpc_associations_list_only: + name: security_group_vpc_associations_list_only + id: aws.ec2.security_group_vpc_associations_list_only + x-cfn-schema-name: SecurityGroupVpcAssociation + x-cfn-type-name: AWS::EC2::SecurityGroupVpcAssociation + x-identifiers: + - GroupId + - VpcId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GroupId') as group_id, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SecurityGroupVpcAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GroupId') as group_id, + json_extract_path_text(Properties, 'VpcId') as vpc_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::SecurityGroupVpcAssociation' + AND region = 'us-east-1' snapshot_block_public_accesses: name: snapshot_block_public_accesses id: aws.ec2.snapshot_block_public_accesses @@ -23797,7 +26540,9 @@ components: JSON_EXTRACT(Properties, '$.Ipv6CidrBlock') as ipv6_cidr_block, JSON_EXTRACT(Properties, '$.Ipv6IpamPoolId') as ipv6_ipam_pool_id, JSON_EXTRACT(Properties, '$.Ipv6NetmaskLength') as ipv6_netmask_length, - JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.Ipv6AddressAttribute') as ipv6_address_attribute, + JSON_EXTRACT(Properties, '$.IpSource') as ip_source FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SubnetCidrBlock' AND data__Identifier = '' AND region = 'us-east-1' @@ -23810,7 +26555,9 @@ components: JSON_EXTRACT(detail.Properties, '$.Ipv6CidrBlock') as ipv6_cidr_block, JSON_EXTRACT(detail.Properties, '$.Ipv6IpamPoolId') as ipv6_ipam_pool_id, JSON_EXTRACT(detail.Properties, '$.Ipv6NetmaskLength') as ipv6_netmask_length, - JSON_EXTRACT(detail.Properties, '$.SubnetId') as subnet_id + JSON_EXTRACT(detail.Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(detail.Properties, '$.Ipv6AddressAttribute') as ipv6_address_attribute, + JSON_EXTRACT(detail.Properties, '$.IpSource') as ip_source FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -23828,7 +26575,9 @@ components: json_extract_path_text(Properties, 'Ipv6CidrBlock') as ipv6_cidr_block, json_extract_path_text(Properties, 'Ipv6IpamPoolId') as ipv6_ipam_pool_id, json_extract_path_text(Properties, 'Ipv6NetmaskLength') as ipv6_netmask_length, - json_extract_path_text(Properties, 'SubnetId') as subnet_id + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'Ipv6AddressAttribute') as ipv6_address_attribute, + json_extract_path_text(Properties, 'IpSource') as ip_source FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SubnetCidrBlock' AND data__Identifier = '' AND region = 'us-east-1' @@ -23841,7 +26590,9 @@ components: json_extract_path_text(detail.Properties, 'Ipv6CidrBlock') as ipv6_cidr_block, json_extract_path_text(detail.Properties, 'Ipv6IpamPoolId') as ipv6_ipam_pool_id, json_extract_path_text(detail.Properties, 'Ipv6NetmaskLength') as ipv6_netmask_length, - json_extract_path_text(detail.Properties, 'SubnetId') as subnet_id + json_extract_path_text(detail.Properties, 'SubnetId') as subnet_id, + json_extract_path_text(detail.Properties, 'Ipv6AddressAttribute') as ipv6_address_attribute, + json_extract_path_text(detail.Properties, 'IpSource') as ip_source FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -24059,8 +26810,8 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Id') as id, JSON_EXTRACT(Properties, '$.RouteTableId') as route_table_id, + JSON_EXTRACT(Properties, '$.Id') as id, JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SubnetRouteTableAssociation' AND data__Identifier = '' @@ -24070,8 +26821,8 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.RouteTableId') as route_table_id, + JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.SubnetId') as subnet_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -24086,8 +26837,8 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'RouteTableId') as route_table_id, + json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'SubnetId') as subnet_id FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::SubnetRouteTableAssociation' AND data__Identifier = '' @@ -24097,8 +26848,8 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'RouteTableId') as route_table_id, + json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'SubnetId') as subnet_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -24201,20 +26952,21 @@ components: SELECT region, data__Identifier, + JSON_EXTRACT(Properties, '$.DefaultRouteTablePropagation') as default_route_table_propagation, + JSON_EXTRACT(Properties, '$.TransitGatewayArn') as transit_gateway_arn, JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.AssociationDefaultRouteTableId') as association_default_route_table_id, JSON_EXTRACT(Properties, '$.AutoAcceptSharedAttachments') as auto_accept_shared_attachments, - JSON_EXTRACT(Properties, '$.TransitGatewayArn') as transit_gateway_arn, - JSON_EXTRACT(Properties, '$.DefaultRouteTablePropagation') as default_route_table_propagation, - JSON_EXTRACT(Properties, '$.TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, - JSON_EXTRACT(Properties, '$.PropagationDefaultRouteTableId') as propagation_default_route_table_id, JSON_EXTRACT(Properties, '$.DefaultRouteTableAssociation') as default_route_table_association, JSON_EXTRACT(Properties, '$.Id') as id, JSON_EXTRACT(Properties, '$.VpnEcmpSupport') as vpn_ecmp_support, JSON_EXTRACT(Properties, '$.DnsSupport') as dns_support, + JSON_EXTRACT(Properties, '$.SecurityGroupReferencingSupport') as security_group_referencing_support, JSON_EXTRACT(Properties, '$.MulticastSupport') as multicast_support, JSON_EXTRACT(Properties, '$.AmazonSideAsn') as amazon_side_asn, - JSON_EXTRACT(Properties, '$.Tags') as tags + JSON_EXTRACT(Properties, '$.TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.AssociationDefaultRouteTableId') as association_default_route_table_id, + JSON_EXTRACT(Properties, '$.PropagationDefaultRouteTableId') as propagation_default_route_table_id FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGateway' AND data__Identifier = '' AND region = 'us-east-1' @@ -24223,20 +26975,21 @@ components: ddl: |- SELECT detail.region, + JSON_EXTRACT(detail.Properties, '$.DefaultRouteTablePropagation') as default_route_table_propagation, + JSON_EXTRACT(detail.Properties, '$.TransitGatewayArn') as transit_gateway_arn, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.AssociationDefaultRouteTableId') as association_default_route_table_id, JSON_EXTRACT(detail.Properties, '$.AutoAcceptSharedAttachments') as auto_accept_shared_attachments, - JSON_EXTRACT(detail.Properties, '$.TransitGatewayArn') as transit_gateway_arn, - JSON_EXTRACT(detail.Properties, '$.DefaultRouteTablePropagation') as default_route_table_propagation, - JSON_EXTRACT(detail.Properties, '$.TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, - JSON_EXTRACT(detail.Properties, '$.PropagationDefaultRouteTableId') as propagation_default_route_table_id, JSON_EXTRACT(detail.Properties, '$.DefaultRouteTableAssociation') as default_route_table_association, JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.VpnEcmpSupport') as vpn_ecmp_support, JSON_EXTRACT(detail.Properties, '$.DnsSupport') as dns_support, + JSON_EXTRACT(detail.Properties, '$.SecurityGroupReferencingSupport') as security_group_referencing_support, JSON_EXTRACT(detail.Properties, '$.MulticastSupport') as multicast_support, JSON_EXTRACT(detail.Properties, '$.AmazonSideAsn') as amazon_side_asn, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags + JSON_EXTRACT(detail.Properties, '$.TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.AssociationDefaultRouteTableId') as association_default_route_table_id, + JSON_EXTRACT(detail.Properties, '$.PropagationDefaultRouteTableId') as propagation_default_route_table_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -24250,20 +27003,21 @@ components: SELECT region, data__Identifier, + json_extract_path_text(Properties, 'DefaultRouteTablePropagation') as default_route_table_propagation, + json_extract_path_text(Properties, 'TransitGatewayArn') as transit_gateway_arn, json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'AssociationDefaultRouteTableId') as association_default_route_table_id, json_extract_path_text(Properties, 'AutoAcceptSharedAttachments') as auto_accept_shared_attachments, - json_extract_path_text(Properties, 'TransitGatewayArn') as transit_gateway_arn, - json_extract_path_text(Properties, 'DefaultRouteTablePropagation') as default_route_table_propagation, - json_extract_path_text(Properties, 'TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, - json_extract_path_text(Properties, 'PropagationDefaultRouteTableId') as propagation_default_route_table_id, json_extract_path_text(Properties, 'DefaultRouteTableAssociation') as default_route_table_association, json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'VpnEcmpSupport') as vpn_ecmp_support, json_extract_path_text(Properties, 'DnsSupport') as dns_support, + json_extract_path_text(Properties, 'SecurityGroupReferencingSupport') as security_group_referencing_support, json_extract_path_text(Properties, 'MulticastSupport') as multicast_support, json_extract_path_text(Properties, 'AmazonSideAsn') as amazon_side_asn, - json_extract_path_text(Properties, 'Tags') as tags + json_extract_path_text(Properties, 'TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'AssociationDefaultRouteTableId') as association_default_route_table_id, + json_extract_path_text(Properties, 'PropagationDefaultRouteTableId') as propagation_default_route_table_id FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGateway' AND data__Identifier = '' AND region = 'us-east-1' @@ -24272,20 +27026,21 @@ components: ddl: |- SELECT detail.region, + json_extract_path_text(detail.Properties, 'DefaultRouteTablePropagation') as default_route_table_propagation, + json_extract_path_text(detail.Properties, 'TransitGatewayArn') as transit_gateway_arn, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'AssociationDefaultRouteTableId') as association_default_route_table_id, json_extract_path_text(detail.Properties, 'AutoAcceptSharedAttachments') as auto_accept_shared_attachments, - json_extract_path_text(detail.Properties, 'TransitGatewayArn') as transit_gateway_arn, - json_extract_path_text(detail.Properties, 'DefaultRouteTablePropagation') as default_route_table_propagation, - json_extract_path_text(detail.Properties, 'TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, - json_extract_path_text(detail.Properties, 'PropagationDefaultRouteTableId') as propagation_default_route_table_id, json_extract_path_text(detail.Properties, 'DefaultRouteTableAssociation') as default_route_table_association, json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'VpnEcmpSupport') as vpn_ecmp_support, json_extract_path_text(detail.Properties, 'DnsSupport') as dns_support, + json_extract_path_text(detail.Properties, 'SecurityGroupReferencingSupport') as security_group_referencing_support, json_extract_path_text(detail.Properties, 'MulticastSupport') as multicast_support, json_extract_path_text(detail.Properties, 'AmazonSideAsn') as amazon_side_asn, - json_extract_path_text(detail.Properties, 'Tags') as tags + json_extract_path_text(detail.Properties, 'TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'AssociationDefaultRouteTableId') as association_default_route_table_id, + json_extract_path_text(detail.Properties, 'PropagationDefaultRouteTableId') as propagation_default_route_table_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -24344,19 +27099,20 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.DefaultRouteTablePropagation') as default_route_table_propagation, + JSON_EXTRACT(detail.Properties, '$.TransitGatewayArn') as transit_gateway_arn, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.AssociationDefaultRouteTableId') as association_default_route_table_id, JSON_EXTRACT(detail.Properties, '$.AutoAcceptSharedAttachments') as auto_accept_shared_attachments, - JSON_EXTRACT(detail.Properties, '$.TransitGatewayArn') as transit_gateway_arn, - JSON_EXTRACT(detail.Properties, '$.DefaultRouteTablePropagation') as default_route_table_propagation, - JSON_EXTRACT(detail.Properties, '$.TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, - JSON_EXTRACT(detail.Properties, '$.PropagationDefaultRouteTableId') as propagation_default_route_table_id, JSON_EXTRACT(detail.Properties, '$.DefaultRouteTableAssociation') as default_route_table_association, JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.VpnEcmpSupport') as vpn_ecmp_support, JSON_EXTRACT(detail.Properties, '$.DnsSupport') as dns_support, + JSON_EXTRACT(detail.Properties, '$.SecurityGroupReferencingSupport') as security_group_referencing_support, JSON_EXTRACT(detail.Properties, '$.MulticastSupport') as multicast_support, - JSON_EXTRACT(detail.Properties, '$.AmazonSideAsn') as amazon_side_asn + JSON_EXTRACT(detail.Properties, '$.AmazonSideAsn') as amazon_side_asn, + JSON_EXTRACT(detail.Properties, '$.TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, + JSON_EXTRACT(detail.Properties, '$.AssociationDefaultRouteTableId') as association_default_route_table_id, + JSON_EXTRACT(detail.Properties, '$.PropagationDefaultRouteTableId') as propagation_default_route_table_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -24372,19 +27128,20 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'DefaultRouteTablePropagation') as default_route_table_propagation, + json_extract_path_text(detail.Properties, 'TransitGatewayArn') as transit_gateway_arn, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'AssociationDefaultRouteTableId') as association_default_route_table_id, json_extract_path_text(detail.Properties, 'AutoAcceptSharedAttachments') as auto_accept_shared_attachments, - json_extract_path_text(detail.Properties, 'TransitGatewayArn') as transit_gateway_arn, - json_extract_path_text(detail.Properties, 'DefaultRouteTablePropagation') as default_route_table_propagation, - json_extract_path_text(detail.Properties, 'TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, - json_extract_path_text(detail.Properties, 'PropagationDefaultRouteTableId') as propagation_default_route_table_id, json_extract_path_text(detail.Properties, 'DefaultRouteTableAssociation') as default_route_table_association, json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'VpnEcmpSupport') as vpn_ecmp_support, json_extract_path_text(detail.Properties, 'DnsSupport') as dns_support, + json_extract_path_text(detail.Properties, 'SecurityGroupReferencingSupport') as security_group_referencing_support, json_extract_path_text(detail.Properties, 'MulticastSupport') as multicast_support, - json_extract_path_text(detail.Properties, 'AmazonSideAsn') as amazon_side_asn + json_extract_path_text(detail.Properties, 'AmazonSideAsn') as amazon_side_asn, + json_extract_path_text(detail.Properties, 'TransitGatewayCidrBlocks') as transit_gateway_cidr_blocks, + json_extract_path_text(detail.Properties, 'AssociationDefaultRouteTableId') as association_default_route_table_id, + json_extract_path_text(detail.Properties, 'PropagationDefaultRouteTableId') as propagation_default_route_table_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -24456,12 +27213,12 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Options') as options, JSON_EXTRACT(Properties, '$.TransitGatewayId') as transit_gateway_id, JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.Id') as id, JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.Options') as options + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayAttachment' AND data__Identifier = '' AND region = 'us-east-1' @@ -24470,12 +27227,12 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Options') as options, JSON_EXTRACT(detail.Properties, '$.TransitGatewayId') as transit_gateway_id, JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.Options') as options + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -24489,12 +27246,12 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Options') as options, json_extract_path_text(Properties, 'TransitGatewayId') as transit_gateway_id, json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'Options') as options + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayAttachment' AND data__Identifier = '' AND region = 'us-east-1' @@ -24503,12 +27260,12 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Options') as options, json_extract_path_text(detail.Properties, 'TransitGatewayId') as transit_gateway_id, json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, + json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'Options') as options + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -24567,11 +27324,11 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Options') as options, JSON_EXTRACT(detail.Properties, '$.TransitGatewayId') as transit_gateway_id, JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, - JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, - JSON_EXTRACT(detail.Properties, '$.Options') as options + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -24587,11 +27344,11 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Options') as options, json_extract_path_text(detail.Properties, 'TransitGatewayId') as transit_gateway_id, json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, - json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, - json_extract_path_text(detail.Properties, 'Options') as options + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -25236,8 +27993,7 @@ components: JSON_EXTRACT(Properties, '$.NetworkInterfaceId') as network_interface_id, JSON_EXTRACT(Properties, '$.GroupMember') as group_member, JSON_EXTRACT(Properties, '$.GroupSource') as group_source, - JSON_EXTRACT(Properties, '$.MemberType') as member_type, - JSON_EXTRACT(Properties, '$.SourceType') as source_type + JSON_EXTRACT(Properties, '$.MemberType') as member_type FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastGroupMember' AND data__Identifier = '||' AND region = 'us-east-1' @@ -25255,8 +28011,7 @@ components: JSON_EXTRACT(detail.Properties, '$.NetworkInterfaceId') as network_interface_id, JSON_EXTRACT(detail.Properties, '$.GroupMember') as group_member, JSON_EXTRACT(detail.Properties, '$.GroupSource') as group_source, - JSON_EXTRACT(detail.Properties, '$.MemberType') as member_type, - JSON_EXTRACT(detail.Properties, '$.SourceType') as source_type + JSON_EXTRACT(detail.Properties, '$.MemberType') as member_type FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -25279,8 +28034,7 @@ components: json_extract_path_text(Properties, 'NetworkInterfaceId') as network_interface_id, json_extract_path_text(Properties, 'GroupMember') as group_member, json_extract_path_text(Properties, 'GroupSource') as group_source, - json_extract_path_text(Properties, 'MemberType') as member_type, - json_extract_path_text(Properties, 'SourceType') as source_type + json_extract_path_text(Properties, 'MemberType') as member_type FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastGroupMember' AND data__Identifier = '||' AND region = 'us-east-1' @@ -25298,8 +28052,7 @@ components: json_extract_path_text(detail.Properties, 'NetworkInterfaceId') as network_interface_id, json_extract_path_text(detail.Properties, 'GroupMember') as group_member, json_extract_path_text(detail.Properties, 'GroupSource') as group_source, - json_extract_path_text(detail.Properties, 'MemberType') as member_type, - json_extract_path_text(detail.Properties, 'SourceType') as source_type + json_extract_path_text(detail.Properties, 'MemberType') as member_type FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -25405,7 +28158,6 @@ components: JSON_EXTRACT(Properties, '$.NetworkInterfaceId') as network_interface_id, JSON_EXTRACT(Properties, '$.GroupMember') as group_member, JSON_EXTRACT(Properties, '$.GroupSource') as group_source, - JSON_EXTRACT(Properties, '$.MemberType') as member_type, JSON_EXTRACT(Properties, '$.SourceType') as source_type FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastGroupSource' AND data__Identifier = '||' @@ -25424,7 +28176,6 @@ components: JSON_EXTRACT(detail.Properties, '$.NetworkInterfaceId') as network_interface_id, JSON_EXTRACT(detail.Properties, '$.GroupMember') as group_member, JSON_EXTRACT(detail.Properties, '$.GroupSource') as group_source, - JSON_EXTRACT(detail.Properties, '$.MemberType') as member_type, JSON_EXTRACT(detail.Properties, '$.SourceType') as source_type FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -25448,7 +28199,6 @@ components: json_extract_path_text(Properties, 'NetworkInterfaceId') as network_interface_id, json_extract_path_text(Properties, 'GroupMember') as group_member, json_extract_path_text(Properties, 'GroupSource') as group_source, - json_extract_path_text(Properties, 'MemberType') as member_type, json_extract_path_text(Properties, 'SourceType') as source_type FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayMulticastGroupSource' AND data__Identifier = '||' @@ -25467,7 +28217,6 @@ components: json_extract_path_text(detail.Properties, 'NetworkInterfaceId') as network_interface_id, json_extract_path_text(detail.Properties, 'GroupMember') as group_member, json_extract_path_text(detail.Properties, 'GroupSource') as group_source, - json_extract_path_text(detail.Properties, 'MemberType') as member_type, json_extract_path_text(detail.Properties, 'SourceType') as source_type FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -25899,6 +28648,18 @@ components: response: mediaType: application/json openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::EC2::TransitGatewayRouteTable" + } + response: + mediaType: application/json + openAPIDocKey: '200' delete_resource: operation: $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' @@ -25916,7 +28677,8 @@ components: - $ref: '#/components/x-stackQL-resources/transit_gateway_route_tables/methods/create_resource' delete: - $ref: '#/components/x-stackQL-resources/transit_gateway_route_tables/methods/delete_resource' - update: [] + update: + - $ref: '#/components/x-stackQL-resources/transit_gateway_route_tables/methods/update_resource' config: views: select: @@ -26372,14 +29134,14 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Options') as options, + JSON_EXTRACT(Properties, '$.Id') as id, JSON_EXTRACT(Properties, '$.TransitGatewayId') as transit_gateway_id, JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, - JSON_EXTRACT(Properties, '$.RemoveSubnetIds') as remove_subnet_ids, - JSON_EXTRACT(Properties, '$.Id') as id, JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, JSON_EXTRACT(Properties, '$.AddSubnetIds') as add_subnet_ids, - JSON_EXTRACT(Properties, '$.Tags') as tags + JSON_EXTRACT(Properties, '$.RemoveSubnetIds') as remove_subnet_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Options') as options FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayVpcAttachment' AND data__Identifier = '' AND region = 'us-east-1' @@ -26388,14 +29150,14 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Options') as options, + JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.TransitGatewayId') as transit_gateway_id, JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, - JSON_EXTRACT(detail.Properties, '$.RemoveSubnetIds') as remove_subnet_ids, - JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, JSON_EXTRACT(detail.Properties, '$.AddSubnetIds') as add_subnet_ids, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags + JSON_EXTRACT(detail.Properties, '$.RemoveSubnetIds') as remove_subnet_ids, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.Options') as options FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -26409,14 +29171,14 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Options') as options, + json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'TransitGatewayId') as transit_gateway_id, json_extract_path_text(Properties, 'VpcId') as vpc_id, - json_extract_path_text(Properties, 'RemoveSubnetIds') as remove_subnet_ids, - json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, json_extract_path_text(Properties, 'AddSubnetIds') as add_subnet_ids, - json_extract_path_text(Properties, 'Tags') as tags + json_extract_path_text(Properties, 'RemoveSubnetIds') as remove_subnet_ids, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Options') as options FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::TransitGatewayVpcAttachment' AND data__Identifier = '' AND region = 'us-east-1' @@ -26425,14 +29187,14 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Options') as options, + json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'TransitGatewayId') as transit_gateway_id, json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, - json_extract_path_text(detail.Properties, 'RemoveSubnetIds') as remove_subnet_ids, - json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, json_extract_path_text(detail.Properties, 'AddSubnetIds') as add_subnet_ids, - json_extract_path_text(detail.Properties, 'Tags') as tags + json_extract_path_text(detail.Properties, 'RemoveSubnetIds') as remove_subnet_ids, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Options') as options FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -26491,13 +29253,13 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Options') as options, + JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.TransitGatewayId') as transit_gateway_id, JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, - JSON_EXTRACT(detail.Properties, '$.RemoveSubnetIds') as remove_subnet_ids, - JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, - JSON_EXTRACT(detail.Properties, '$.AddSubnetIds') as add_subnet_ids + JSON_EXTRACT(detail.Properties, '$.AddSubnetIds') as add_subnet_ids, + JSON_EXTRACT(detail.Properties, '$.RemoveSubnetIds') as remove_subnet_ids, + JSON_EXTRACT(detail.Properties, '$.Options') as options FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -26513,13 +29275,13 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Options') as options, + json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'TransitGatewayId') as transit_gateway_id, json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, - json_extract_path_text(detail.Properties, 'RemoveSubnetIds') as remove_subnet_ids, - json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, - json_extract_path_text(detail.Properties, 'AddSubnetIds') as add_subnet_ids + json_extract_path_text(detail.Properties, 'AddSubnetIds') as add_subnet_ids, + json_extract_path_text(detail.Properties, 'RemoveSubnetIds') as remove_subnet_ids, + json_extract_path_text(detail.Properties, 'Options') as options FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -27906,6 +30668,286 @@ components: WHERE listing.data__TypeName = 'AWS::EC2::VPC' AND detail.data__TypeName = 'AWS::EC2::VPC' AND listing.region = 'us-east-1' + vpc_block_public_access_exclusions: + name: vpc_block_public_access_exclusions + id: aws.ec2.vpc_block_public_access_exclusions + x-cfn-schema-name: VPCBlockPublicAccessExclusion + x-cfn-type-name: AWS::EC2::VPCBlockPublicAccessExclusion + x-identifiers: + - ExclusionId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__VPCBlockPublicAccessExclusion&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::EC2::VPCBlockPublicAccessExclusion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::EC2::VPCBlockPublicAccessExclusion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::EC2::VPCBlockPublicAccessExclusion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/vpc_block_public_access_exclusions/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/vpc_block_public_access_exclusions/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/vpc_block_public_access_exclusions/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ExclusionId') as exclusion_id, + JSON_EXTRACT(Properties, '$.InternetGatewayExclusionMode') as internet_gateway_exclusion_mode, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCBlockPublicAccessExclusion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ExclusionId') as exclusion_id, + JSON_EXTRACT(detail.Properties, '$.InternetGatewayExclusionMode') as internet_gateway_exclusion_mode, + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(detail.Properties, '$.SubnetId') as subnet_id, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::EC2::VPCBlockPublicAccessExclusion' + AND detail.data__TypeName = 'AWS::EC2::VPCBlockPublicAccessExclusion' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ExclusionId') as exclusion_id, + json_extract_path_text(Properties, 'InternetGatewayExclusionMode') as internet_gateway_exclusion_mode, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'SubnetId') as subnet_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCBlockPublicAccessExclusion' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ExclusionId') as exclusion_id, + json_extract_path_text(detail.Properties, 'InternetGatewayExclusionMode') as internet_gateway_exclusion_mode, + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, + json_extract_path_text(detail.Properties, 'SubnetId') as subnet_id, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::EC2::VPCBlockPublicAccessExclusion' + AND detail.data__TypeName = 'AWS::EC2::VPCBlockPublicAccessExclusion' + AND listing.region = 'us-east-1' + vpc_block_public_access_exclusions_list_only: + name: vpc_block_public_access_exclusions_list_only + id: aws.ec2.vpc_block_public_access_exclusions_list_only + x-cfn-schema-name: VPCBlockPublicAccessExclusion + x-cfn-type-name: AWS::EC2::VPCBlockPublicAccessExclusion + x-identifiers: + - ExclusionId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ExclusionId') as exclusion_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCBlockPublicAccessExclusion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ExclusionId') as exclusion_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCBlockPublicAccessExclusion' + AND region = 'us-east-1' + vpc_block_public_access_exclusion_tags: + name: vpc_block_public_access_exclusion_tags + id: aws.ec2.vpc_block_public_access_exclusion_tags + x-cfn-schema-name: VPCBlockPublicAccessExclusion + x-cfn-type-name: AWS::EC2::VPCBlockPublicAccessExclusion + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ExclusionId') as exclusion_id, + JSON_EXTRACT(detail.Properties, '$.InternetGatewayExclusionMode') as internet_gateway_exclusion_mode, + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(detail.Properties, '$.SubnetId') as subnet_id + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::EC2::VPCBlockPublicAccessExclusion' + AND detail.data__TypeName = 'AWS::EC2::VPCBlockPublicAccessExclusion' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ExclusionId') as exclusion_id, + json_extract_path_text(detail.Properties, 'InternetGatewayExclusionMode') as internet_gateway_exclusion_mode, + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, + json_extract_path_text(detail.Properties, 'SubnetId') as subnet_id + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::EC2::VPCBlockPublicAccessExclusion' + AND detail.data__TypeName = 'AWS::EC2::VPCBlockPublicAccessExclusion' + AND listing.region = 'us-east-1' + vpc_block_public_access_options: + name: vpc_block_public_access_options + id: aws.ec2.vpc_block_public_access_options + x-cfn-schema-name: VPCBlockPublicAccessOptions + x-cfn-type-name: AWS::EC2::VPCBlockPublicAccessOptions + x-identifiers: + - AccountId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__VPCBlockPublicAccessOptions&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::EC2::VPCBlockPublicAccessOptions" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::EC2::VPCBlockPublicAccessOptions" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::EC2::VPCBlockPublicAccessOptions" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/vpc_block_public_access_options/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/vpc_block_public_access_options/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/vpc_block_public_access_options/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.InternetGatewayBlockMode') as internet_gateway_block_mode, + JSON_EXTRACT(Properties, '$.AccountId') as account_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCBlockPublicAccessOptions' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InternetGatewayBlockMode') as internet_gateway_block_mode, + json_extract_path_text(Properties, 'AccountId') as account_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCBlockPublicAccessOptions' + AND data__Identifier = '' + AND region = 'us-east-1' vpc_cidr_blocks: name: vpc_cidr_blocks id: aws.ec2.vpc_cidr_blocks @@ -27966,7 +31008,10 @@ components: JSON_EXTRACT(Properties, '$.Ipv4NetmaskLength') as ipv4_netmask_length, JSON_EXTRACT(Properties, '$.Ipv6IpamPoolId') as ipv6_ipam_pool_id, JSON_EXTRACT(Properties, '$.Ipv6NetmaskLength') as ipv6_netmask_length, - JSON_EXTRACT(Properties, '$.AmazonProvidedIpv6CidrBlock') as amazon_provided_ipv6_cidr_block + JSON_EXTRACT(Properties, '$.AmazonProvidedIpv6CidrBlock') as amazon_provided_ipv6_cidr_block, + JSON_EXTRACT(Properties, '$.Ipv6AddressAttribute') as ipv6_address_attribute, + JSON_EXTRACT(Properties, '$.IpSource') as ip_source, + JSON_EXTRACT(Properties, '$.Ipv6CidrBlockNetworkBorderGroup') as ipv6_cidr_block_network_border_group FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCCidrBlock' AND data__Identifier = '|' AND region = 'us-east-1' @@ -27984,7 +31029,10 @@ components: JSON_EXTRACT(detail.Properties, '$.Ipv4NetmaskLength') as ipv4_netmask_length, JSON_EXTRACT(detail.Properties, '$.Ipv6IpamPoolId') as ipv6_ipam_pool_id, JSON_EXTRACT(detail.Properties, '$.Ipv6NetmaskLength') as ipv6_netmask_length, - JSON_EXTRACT(detail.Properties, '$.AmazonProvidedIpv6CidrBlock') as amazon_provided_ipv6_cidr_block + JSON_EXTRACT(detail.Properties, '$.AmazonProvidedIpv6CidrBlock') as amazon_provided_ipv6_cidr_block, + JSON_EXTRACT(detail.Properties, '$.Ipv6AddressAttribute') as ipv6_address_attribute, + JSON_EXTRACT(detail.Properties, '$.IpSource') as ip_source, + JSON_EXTRACT(detail.Properties, '$.Ipv6CidrBlockNetworkBorderGroup') as ipv6_cidr_block_network_border_group FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -28007,7 +31055,10 @@ components: json_extract_path_text(Properties, 'Ipv4NetmaskLength') as ipv4_netmask_length, json_extract_path_text(Properties, 'Ipv6IpamPoolId') as ipv6_ipam_pool_id, json_extract_path_text(Properties, 'Ipv6NetmaskLength') as ipv6_netmask_length, - json_extract_path_text(Properties, 'AmazonProvidedIpv6CidrBlock') as amazon_provided_ipv6_cidr_block + json_extract_path_text(Properties, 'AmazonProvidedIpv6CidrBlock') as amazon_provided_ipv6_cidr_block, + json_extract_path_text(Properties, 'Ipv6AddressAttribute') as ipv6_address_attribute, + json_extract_path_text(Properties, 'IpSource') as ip_source, + json_extract_path_text(Properties, 'Ipv6CidrBlockNetworkBorderGroup') as ipv6_cidr_block_network_border_group FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCCidrBlock' AND data__Identifier = '|' AND region = 'us-east-1' @@ -28025,7 +31076,10 @@ components: json_extract_path_text(detail.Properties, 'Ipv4NetmaskLength') as ipv4_netmask_length, json_extract_path_text(detail.Properties, 'Ipv6IpamPoolId') as ipv6_ipam_pool_id, json_extract_path_text(detail.Properties, 'Ipv6NetmaskLength') as ipv6_netmask_length, - json_extract_path_text(detail.Properties, 'AmazonProvidedIpv6CidrBlock') as amazon_provided_ipv6_cidr_block + json_extract_path_text(detail.Properties, 'AmazonProvidedIpv6CidrBlock') as amazon_provided_ipv6_cidr_block, + json_extract_path_text(detail.Properties, 'Ipv6AddressAttribute') as ipv6_address_attribute, + json_extract_path_text(detail.Properties, 'IpSource') as ip_source, + json_extract_path_text(detail.Properties, 'Ipv6CidrBlockNetworkBorderGroup') as ipv6_cidr_block_network_border_group FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -28272,18 +31326,23 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.PrivateDnsEnabled') as private_dns_enabled, + JSON_EXTRACT(Properties, '$.IpAddressType') as ip_address_type, JSON_EXTRACT(Properties, '$.CreationTimestamp') as creation_timestamp, - JSON_EXTRACT(Properties, '$.DnsEntries') as dns_entries, + JSON_EXTRACT(Properties, '$.DnsOptions') as dns_options, JSON_EXTRACT(Properties, '$.NetworkInterfaceIds') as network_interface_ids, - JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, - JSON_EXTRACT(Properties, '$.PrivateDnsEnabled') as private_dns_enabled, - JSON_EXTRACT(Properties, '$.RouteTableIds') as route_table_ids, + JSON_EXTRACT(Properties, '$.DnsEntries') as dns_entries, + JSON_EXTRACT(Properties, '$.ResourceConfigurationArn') as resource_configuration_arn, JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, - JSON_EXTRACT(Properties, '$.ServiceName') as service_name, JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.ServiceNetworkArn') as service_network_arn, + JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.RouteTableIds') as route_table_ids, + JSON_EXTRACT(Properties, '$.ServiceName') as service_name, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, JSON_EXTRACT(Properties, '$.VpcEndpointType') as vpc_endpoint_type, - JSON_EXTRACT(Properties, '$.VpcId') as vpc_id + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpoint' AND data__Identifier = '' AND region = 'us-east-1' @@ -28292,18 +31351,23 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.PrivateDnsEnabled') as private_dns_enabled, + JSON_EXTRACT(detail.Properties, '$.IpAddressType') as ip_address_type, JSON_EXTRACT(detail.Properties, '$.CreationTimestamp') as creation_timestamp, - JSON_EXTRACT(detail.Properties, '$.DnsEntries') as dns_entries, + JSON_EXTRACT(detail.Properties, '$.DnsOptions') as dns_options, JSON_EXTRACT(detail.Properties, '$.NetworkInterfaceIds') as network_interface_ids, - JSON_EXTRACT(detail.Properties, '$.PolicyDocument') as policy_document, - JSON_EXTRACT(detail.Properties, '$.PrivateDnsEnabled') as private_dns_enabled, - JSON_EXTRACT(detail.Properties, '$.RouteTableIds') as route_table_ids, + JSON_EXTRACT(detail.Properties, '$.DnsEntries') as dns_entries, + JSON_EXTRACT(detail.Properties, '$.ResourceConfigurationArn') as resource_configuration_arn, JSON_EXTRACT(detail.Properties, '$.SecurityGroupIds') as security_group_ids, - JSON_EXTRACT(detail.Properties, '$.ServiceName') as service_name, JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(detail.Properties, '$.ServiceNetworkArn') as service_network_arn, + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(detail.Properties, '$.RouteTableIds') as route_table_ids, + JSON_EXTRACT(detail.Properties, '$.ServiceName') as service_name, + JSON_EXTRACT(detail.Properties, '$.PolicyDocument') as policy_document, JSON_EXTRACT(detail.Properties, '$.VpcEndpointType') as vpc_endpoint_type, - JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -28317,18 +31381,23 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'PrivateDnsEnabled') as private_dns_enabled, + json_extract_path_text(Properties, 'IpAddressType') as ip_address_type, json_extract_path_text(Properties, 'CreationTimestamp') as creation_timestamp, - json_extract_path_text(Properties, 'DnsEntries') as dns_entries, + json_extract_path_text(Properties, 'DnsOptions') as dns_options, json_extract_path_text(Properties, 'NetworkInterfaceIds') as network_interface_ids, - json_extract_path_text(Properties, 'PolicyDocument') as policy_document, - json_extract_path_text(Properties, 'PrivateDnsEnabled') as private_dns_enabled, - json_extract_path_text(Properties, 'RouteTableIds') as route_table_ids, + json_extract_path_text(Properties, 'DnsEntries') as dns_entries, + json_extract_path_text(Properties, 'ResourceConfigurationArn') as resource_configuration_arn, json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, - json_extract_path_text(Properties, 'ServiceName') as service_name, json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'ServiceNetworkArn') as service_network_arn, + json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'RouteTableIds') as route_table_ids, + json_extract_path_text(Properties, 'ServiceName') as service_name, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, json_extract_path_text(Properties, 'VpcEndpointType') as vpc_endpoint_type, - json_extract_path_text(Properties, 'VpcId') as vpc_id + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpoint' AND data__Identifier = '' AND region = 'us-east-1' @@ -28337,18 +31406,23 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'PrivateDnsEnabled') as private_dns_enabled, + json_extract_path_text(detail.Properties, 'IpAddressType') as ip_address_type, json_extract_path_text(detail.Properties, 'CreationTimestamp') as creation_timestamp, - json_extract_path_text(detail.Properties, 'DnsEntries') as dns_entries, + json_extract_path_text(detail.Properties, 'DnsOptions') as dns_options, json_extract_path_text(detail.Properties, 'NetworkInterfaceIds') as network_interface_ids, - json_extract_path_text(detail.Properties, 'PolicyDocument') as policy_document, - json_extract_path_text(detail.Properties, 'PrivateDnsEnabled') as private_dns_enabled, - json_extract_path_text(detail.Properties, 'RouteTableIds') as route_table_ids, + json_extract_path_text(detail.Properties, 'DnsEntries') as dns_entries, + json_extract_path_text(detail.Properties, 'ResourceConfigurationArn') as resource_configuration_arn, json_extract_path_text(detail.Properties, 'SecurityGroupIds') as security_group_ids, - json_extract_path_text(detail.Properties, 'ServiceName') as service_name, json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(detail.Properties, 'ServiceNetworkArn') as service_network_arn, + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, + json_extract_path_text(detail.Properties, 'RouteTableIds') as route_table_ids, + json_extract_path_text(detail.Properties, 'ServiceName') as service_name, + json_extract_path_text(detail.Properties, 'PolicyDocument') as policy_document, json_extract_path_text(detail.Properties, 'VpcEndpointType') as vpc_endpoint_type, - json_extract_path_text(detail.Properties, 'VpcId') as vpc_id + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -28387,6 +31461,81 @@ components: json_extract_path_text(Properties, 'Id') as id FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCEndpoint' AND region = 'us-east-1' + vpc_endpoint_tags: + name: vpc_endpoint_tags + id: aws.ec2.vpc_endpoint_tags + x-cfn-schema-name: VPCEndpoint + x-cfn-type-name: AWS::EC2::VPCEndpoint + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.PrivateDnsEnabled') as private_dns_enabled, + JSON_EXTRACT(detail.Properties, '$.IpAddressType') as ip_address_type, + JSON_EXTRACT(detail.Properties, '$.CreationTimestamp') as creation_timestamp, + JSON_EXTRACT(detail.Properties, '$.DnsOptions') as dns_options, + JSON_EXTRACT(detail.Properties, '$.NetworkInterfaceIds') as network_interface_ids, + JSON_EXTRACT(detail.Properties, '$.DnsEntries') as dns_entries, + JSON_EXTRACT(detail.Properties, '$.ResourceConfigurationArn') as resource_configuration_arn, + JSON_EXTRACT(detail.Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(detail.Properties, '$.ServiceNetworkArn') as service_network_arn, + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(detail.Properties, '$.RouteTableIds') as route_table_ids, + JSON_EXTRACT(detail.Properties, '$.ServiceName') as service_name, + JSON_EXTRACT(detail.Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(detail.Properties, '$.VpcEndpointType') as vpc_endpoint_type, + JSON_EXTRACT(detail.Properties, '$.Id') as id + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::EC2::VPCEndpoint' + AND detail.data__TypeName = 'AWS::EC2::VPCEndpoint' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'PrivateDnsEnabled') as private_dns_enabled, + json_extract_path_text(detail.Properties, 'IpAddressType') as ip_address_type, + json_extract_path_text(detail.Properties, 'CreationTimestamp') as creation_timestamp, + json_extract_path_text(detail.Properties, 'DnsOptions') as dns_options, + json_extract_path_text(detail.Properties, 'NetworkInterfaceIds') as network_interface_ids, + json_extract_path_text(detail.Properties, 'DnsEntries') as dns_entries, + json_extract_path_text(detail.Properties, 'ResourceConfigurationArn') as resource_configuration_arn, + json_extract_path_text(detail.Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(detail.Properties, 'ServiceNetworkArn') as service_network_arn, + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, + json_extract_path_text(detail.Properties, 'RouteTableIds') as route_table_ids, + json_extract_path_text(detail.Properties, 'ServiceName') as service_name, + json_extract_path_text(detail.Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(detail.Properties, 'VpcEndpointType') as vpc_endpoint_type, + json_extract_path_text(detail.Properties, 'Id') as id + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::EC2::VPCEndpoint' + AND detail.data__TypeName = 'AWS::EC2::VPCEndpoint' + AND listing.region = 'us-east-1' vpc_endpoint_connection_notifications: name: vpc_endpoint_connection_notifications id: aws.ec2.vpc_endpoint_connection_notifications @@ -28450,11 +31599,11 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.VPCEndpointConnectionNotificationId') as vpc_endpoint_connection_notification_id, JSON_EXTRACT(Properties, '$.ConnectionEvents') as connection_events, + JSON_EXTRACT(Properties, '$.VPCEndpointId') as vpc_endpoint_id, + JSON_EXTRACT(Properties, '$.VPCEndpointConnectionNotificationId') as vpc_endpoint_connection_notification_id, JSON_EXTRACT(Properties, '$.ConnectionNotificationArn') as connection_notification_arn, - JSON_EXTRACT(Properties, '$.ServiceId') as service_id, - JSON_EXTRACT(Properties, '$.VPCEndpointId') as vpc_endpoint_id + JSON_EXTRACT(Properties, '$.ServiceId') as service_id FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpointConnectionNotification' AND data__Identifier = '' AND region = 'us-east-1' @@ -28463,11 +31612,11 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.VPCEndpointConnectionNotificationId') as vpc_endpoint_connection_notification_id, JSON_EXTRACT(detail.Properties, '$.ConnectionEvents') as connection_events, + JSON_EXTRACT(detail.Properties, '$.VPCEndpointId') as vpc_endpoint_id, + JSON_EXTRACT(detail.Properties, '$.VPCEndpointConnectionNotificationId') as vpc_endpoint_connection_notification_id, JSON_EXTRACT(detail.Properties, '$.ConnectionNotificationArn') as connection_notification_arn, - JSON_EXTRACT(detail.Properties, '$.ServiceId') as service_id, - JSON_EXTRACT(detail.Properties, '$.VPCEndpointId') as vpc_endpoint_id + JSON_EXTRACT(detail.Properties, '$.ServiceId') as service_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -28481,11 +31630,11 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'VPCEndpointConnectionNotificationId') as vpc_endpoint_connection_notification_id, json_extract_path_text(Properties, 'ConnectionEvents') as connection_events, + json_extract_path_text(Properties, 'VPCEndpointId') as vpc_endpoint_id, + json_extract_path_text(Properties, 'VPCEndpointConnectionNotificationId') as vpc_endpoint_connection_notification_id, json_extract_path_text(Properties, 'ConnectionNotificationArn') as connection_notification_arn, - json_extract_path_text(Properties, 'ServiceId') as service_id, - json_extract_path_text(Properties, 'VPCEndpointId') as vpc_endpoint_id + json_extract_path_text(Properties, 'ServiceId') as service_id FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpointConnectionNotification' AND data__Identifier = '' AND region = 'us-east-1' @@ -28494,11 +31643,11 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'VPCEndpointConnectionNotificationId') as vpc_endpoint_connection_notification_id, json_extract_path_text(detail.Properties, 'ConnectionEvents') as connection_events, + json_extract_path_text(detail.Properties, 'VPCEndpointId') as vpc_endpoint_id, + json_extract_path_text(detail.Properties, 'VPCEndpointConnectionNotificationId') as vpc_endpoint_connection_notification_id, json_extract_path_text(detail.Properties, 'ConnectionNotificationArn') as connection_notification_arn, - json_extract_path_text(detail.Properties, 'ServiceId') as service_id, - json_extract_path_text(detail.Properties, 'VPCEndpointId') as vpc_endpoint_id + json_extract_path_text(detail.Properties, 'ServiceId') as service_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -28605,7 +31754,8 @@ components: JSON_EXTRACT(Properties, '$.PayerResponsibility') as payer_responsibility, JSON_EXTRACT(Properties, '$.ServiceId') as service_id, JSON_EXTRACT(Properties, '$.AcceptanceRequired') as acceptance_required, - JSON_EXTRACT(Properties, '$.GatewayLoadBalancerArns') as gateway_load_balancer_arns + JSON_EXTRACT(Properties, '$.GatewayLoadBalancerArns') as gateway_load_balancer_arns, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpointService' AND data__Identifier = '' AND region = 'us-east-1' @@ -28619,7 +31769,8 @@ components: JSON_EXTRACT(detail.Properties, '$.PayerResponsibility') as payer_responsibility, JSON_EXTRACT(detail.Properties, '$.ServiceId') as service_id, JSON_EXTRACT(detail.Properties, '$.AcceptanceRequired') as acceptance_required, - JSON_EXTRACT(detail.Properties, '$.GatewayLoadBalancerArns') as gateway_load_balancer_arns + JSON_EXTRACT(detail.Properties, '$.GatewayLoadBalancerArns') as gateway_load_balancer_arns, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -28638,7 +31789,8 @@ components: json_extract_path_text(Properties, 'PayerResponsibility') as payer_responsibility, json_extract_path_text(Properties, 'ServiceId') as service_id, json_extract_path_text(Properties, 'AcceptanceRequired') as acceptance_required, - json_extract_path_text(Properties, 'GatewayLoadBalancerArns') as gateway_load_balancer_arns + json_extract_path_text(Properties, 'GatewayLoadBalancerArns') as gateway_load_balancer_arns, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCEndpointService' AND data__Identifier = '' AND region = 'us-east-1' @@ -28652,7 +31804,8 @@ components: json_extract_path_text(detail.Properties, 'PayerResponsibility') as payer_responsibility, json_extract_path_text(detail.Properties, 'ServiceId') as service_id, json_extract_path_text(detail.Properties, 'AcceptanceRequired') as acceptance_required, - json_extract_path_text(detail.Properties, 'GatewayLoadBalancerArns') as gateway_load_balancer_arns + json_extract_path_text(detail.Properties, 'GatewayLoadBalancerArns') as gateway_load_balancer_arns, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -28691,6 +31844,61 @@ components: json_extract_path_text(Properties, 'ServiceId') as service_id FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::EC2::VPCEndpointService' AND region = 'us-east-1' + vpc_endpoint_service_tags: + name: vpc_endpoint_service_tags + id: aws.ec2.vpc_endpoint_service_tags + x-cfn-schema-name: VPCEndpointService + x-cfn-type-name: AWS::EC2::VPCEndpointService + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.NetworkLoadBalancerArns') as network_load_balancer_arns, + JSON_EXTRACT(detail.Properties, '$.ContributorInsightsEnabled') as contributor_insights_enabled, + JSON_EXTRACT(detail.Properties, '$.PayerResponsibility') as payer_responsibility, + JSON_EXTRACT(detail.Properties, '$.ServiceId') as service_id, + JSON_EXTRACT(detail.Properties, '$.AcceptanceRequired') as acceptance_required, + JSON_EXTRACT(detail.Properties, '$.GatewayLoadBalancerArns') as gateway_load_balancer_arns + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::EC2::VPCEndpointService' + AND detail.data__TypeName = 'AWS::EC2::VPCEndpointService' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'NetworkLoadBalancerArns') as network_load_balancer_arns, + json_extract_path_text(detail.Properties, 'ContributorInsightsEnabled') as contributor_insights_enabled, + json_extract_path_text(detail.Properties, 'PayerResponsibility') as payer_responsibility, + json_extract_path_text(detail.Properties, 'ServiceId') as service_id, + json_extract_path_text(detail.Properties, 'AcceptanceRequired') as acceptance_required, + json_extract_path_text(detail.Properties, 'GatewayLoadBalancerArns') as gateway_load_balancer_arns + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::EC2::VPCEndpointService' + AND detail.data__TypeName = 'AWS::EC2::VPCEndpointService' + AND listing.region = 'us-east-1' vpc_endpoint_service_permissions: name: vpc_endpoint_service_permissions id: aws.ec2.vpc_endpoint_service_permissions @@ -29042,12 +32250,12 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Id') as id, - JSON_EXTRACT(Properties, '$.PeerOwnerId') as peer_owner_id, - JSON_EXTRACT(Properties, '$.PeerRegion') as peer_region, JSON_EXTRACT(Properties, '$.PeerRoleArn') as peer_role_arn, - JSON_EXTRACT(Properties, '$.PeerVpcId') as peer_vpc_id, JSON_EXTRACT(Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(Properties, '$.PeerVpcId') as peer_vpc_id, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.PeerRegion') as peer_region, + JSON_EXTRACT(Properties, '$.PeerOwnerId') as peer_owner_id, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCPeeringConnection' AND data__Identifier = '' @@ -29057,12 +32265,12 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Id') as id, - JSON_EXTRACT(detail.Properties, '$.PeerOwnerId') as peer_owner_id, - JSON_EXTRACT(detail.Properties, '$.PeerRegion') as peer_region, JSON_EXTRACT(detail.Properties, '$.PeerRoleArn') as peer_role_arn, - JSON_EXTRACT(detail.Properties, '$.PeerVpcId') as peer_vpc_id, JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, + JSON_EXTRACT(detail.Properties, '$.PeerVpcId') as peer_vpc_id, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.PeerRegion') as peer_region, + JSON_EXTRACT(detail.Properties, '$.PeerOwnerId') as peer_owner_id, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -29077,12 +32285,12 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Id') as id, - json_extract_path_text(Properties, 'PeerOwnerId') as peer_owner_id, - json_extract_path_text(Properties, 'PeerRegion') as peer_region, json_extract_path_text(Properties, 'PeerRoleArn') as peer_role_arn, - json_extract_path_text(Properties, 'PeerVpcId') as peer_vpc_id, json_extract_path_text(Properties, 'VpcId') as vpc_id, + json_extract_path_text(Properties, 'PeerVpcId') as peer_vpc_id, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'PeerRegion') as peer_region, + json_extract_path_text(Properties, 'PeerOwnerId') as peer_owner_id, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPCPeeringConnection' AND data__Identifier = '' @@ -29092,12 +32300,12 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Id') as id, - json_extract_path_text(detail.Properties, 'PeerOwnerId') as peer_owner_id, - json_extract_path_text(detail.Properties, 'PeerRegion') as peer_region, json_extract_path_text(detail.Properties, 'PeerRoleArn') as peer_role_arn, - json_extract_path_text(detail.Properties, 'PeerVpcId') as peer_vpc_id, json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, + json_extract_path_text(detail.Properties, 'PeerVpcId') as peer_vpc_id, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'PeerRegion') as peer_region, + json_extract_path_text(detail.Properties, 'PeerOwnerId') as peer_owner_id, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -29157,12 +32365,12 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Id') as id, - JSON_EXTRACT(detail.Properties, '$.PeerOwnerId') as peer_owner_id, - JSON_EXTRACT(detail.Properties, '$.PeerRegion') as peer_region, JSON_EXTRACT(detail.Properties, '$.PeerRoleArn') as peer_role_arn, + JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id, JSON_EXTRACT(detail.Properties, '$.PeerVpcId') as peer_vpc_id, - JSON_EXTRACT(detail.Properties, '$.VpcId') as vpc_id + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.PeerRegion') as peer_region, + JSON_EXTRACT(detail.Properties, '$.PeerOwnerId') as peer_owner_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -29178,12 +32386,12 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Id') as id, - json_extract_path_text(detail.Properties, 'PeerOwnerId') as peer_owner_id, - json_extract_path_text(detail.Properties, 'PeerRegion') as peer_region, json_extract_path_text(detail.Properties, 'PeerRoleArn') as peer_role_arn, + json_extract_path_text(detail.Properties, 'VpcId') as vpc_id, json_extract_path_text(detail.Properties, 'PeerVpcId') as peer_vpc_id, - json_extract_path_text(detail.Properties, 'VpcId') as vpc_id + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'PeerRegion') as peer_region, + json_extract_path_text(detail.Properties, 'PeerOwnerId') as peer_owner_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -29255,14 +32463,22 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.VpnConnectionId') as vpn_connection_id, + JSON_EXTRACT(Properties, '$.RemoteIpv6NetworkCidr') as remote_ipv6_network_cidr, + JSON_EXTRACT(Properties, '$.RemoteIpv4NetworkCidr') as remote_ipv4_network_cidr, + JSON_EXTRACT(Properties, '$.VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications, JSON_EXTRACT(Properties, '$.CustomerGatewayId') as customer_gateway_id, + JSON_EXTRACT(Properties, '$.OutsideIpAddressType') as outside_ip_address_type, JSON_EXTRACT(Properties, '$.StaticRoutesOnly') as static_routes_only, - JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.EnableAcceleration') as enable_acceleration, JSON_EXTRACT(Properties, '$.TransitGatewayId') as transit_gateway_id, JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.LocalIpv4NetworkCidr') as local_ipv4_network_cidr, JSON_EXTRACT(Properties, '$.VpnGatewayId') as vpn_gateway_id, - JSON_EXTRACT(Properties, '$.VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications + JSON_EXTRACT(Properties, '$.TransportTransitGatewayAttachmentId') as transport_transit_gateway_attachment_id, + JSON_EXTRACT(Properties, '$.LocalIpv6NetworkCidr') as local_ipv6_network_cidr, + JSON_EXTRACT(Properties, '$.VpnConnectionId') as vpn_connection_id, + JSON_EXTRACT(Properties, '$.TunnelInsideIpVersion') as tunnel_inside_ip_version, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPNConnection' AND data__Identifier = '' AND region = 'us-east-1' @@ -29271,14 +32487,22 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.VpnConnectionId') as vpn_connection_id, + JSON_EXTRACT(detail.Properties, '$.RemoteIpv6NetworkCidr') as remote_ipv6_network_cidr, + JSON_EXTRACT(detail.Properties, '$.RemoteIpv4NetworkCidr') as remote_ipv4_network_cidr, + JSON_EXTRACT(detail.Properties, '$.VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications, JSON_EXTRACT(detail.Properties, '$.CustomerGatewayId') as customer_gateway_id, + JSON_EXTRACT(detail.Properties, '$.OutsideIpAddressType') as outside_ip_address_type, JSON_EXTRACT(detail.Properties, '$.StaticRoutesOnly') as static_routes_only, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.EnableAcceleration') as enable_acceleration, JSON_EXTRACT(detail.Properties, '$.TransitGatewayId') as transit_gateway_id, JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.LocalIpv4NetworkCidr') as local_ipv4_network_cidr, JSON_EXTRACT(detail.Properties, '$.VpnGatewayId') as vpn_gateway_id, - JSON_EXTRACT(detail.Properties, '$.VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications + JSON_EXTRACT(detail.Properties, '$.TransportTransitGatewayAttachmentId') as transport_transit_gateway_attachment_id, + JSON_EXTRACT(detail.Properties, '$.LocalIpv6NetworkCidr') as local_ipv6_network_cidr, + JSON_EXTRACT(detail.Properties, '$.VpnConnectionId') as vpn_connection_id, + JSON_EXTRACT(detail.Properties, '$.TunnelInsideIpVersion') as tunnel_inside_ip_version, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -29292,14 +32516,22 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'VpnConnectionId') as vpn_connection_id, + json_extract_path_text(Properties, 'RemoteIpv6NetworkCidr') as remote_ipv6_network_cidr, + json_extract_path_text(Properties, 'RemoteIpv4NetworkCidr') as remote_ipv4_network_cidr, + json_extract_path_text(Properties, 'VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications, json_extract_path_text(Properties, 'CustomerGatewayId') as customer_gateway_id, + json_extract_path_text(Properties, 'OutsideIpAddressType') as outside_ip_address_type, json_extract_path_text(Properties, 'StaticRoutesOnly') as static_routes_only, - json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'EnableAcceleration') as enable_acceleration, json_extract_path_text(Properties, 'TransitGatewayId') as transit_gateway_id, json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'LocalIpv4NetworkCidr') as local_ipv4_network_cidr, json_extract_path_text(Properties, 'VpnGatewayId') as vpn_gateway_id, - json_extract_path_text(Properties, 'VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications + json_extract_path_text(Properties, 'TransportTransitGatewayAttachmentId') as transport_transit_gateway_attachment_id, + json_extract_path_text(Properties, 'LocalIpv6NetworkCidr') as local_ipv6_network_cidr, + json_extract_path_text(Properties, 'VpnConnectionId') as vpn_connection_id, + json_extract_path_text(Properties, 'TunnelInsideIpVersion') as tunnel_inside_ip_version, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EC2::VPNConnection' AND data__Identifier = '' AND region = 'us-east-1' @@ -29308,14 +32540,22 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'VpnConnectionId') as vpn_connection_id, + json_extract_path_text(detail.Properties, 'RemoteIpv6NetworkCidr') as remote_ipv6_network_cidr, + json_extract_path_text(detail.Properties, 'RemoteIpv4NetworkCidr') as remote_ipv4_network_cidr, + json_extract_path_text(detail.Properties, 'VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications, json_extract_path_text(detail.Properties, 'CustomerGatewayId') as customer_gateway_id, + json_extract_path_text(detail.Properties, 'OutsideIpAddressType') as outside_ip_address_type, json_extract_path_text(detail.Properties, 'StaticRoutesOnly') as static_routes_only, - json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'EnableAcceleration') as enable_acceleration, json_extract_path_text(detail.Properties, 'TransitGatewayId') as transit_gateway_id, json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'LocalIpv4NetworkCidr') as local_ipv4_network_cidr, json_extract_path_text(detail.Properties, 'VpnGatewayId') as vpn_gateway_id, - json_extract_path_text(detail.Properties, 'VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications + json_extract_path_text(detail.Properties, 'TransportTransitGatewayAttachmentId') as transport_transit_gateway_attachment_id, + json_extract_path_text(detail.Properties, 'LocalIpv6NetworkCidr') as local_ipv6_network_cidr, + json_extract_path_text(detail.Properties, 'VpnConnectionId') as vpn_connection_id, + json_extract_path_text(detail.Properties, 'TunnelInsideIpVersion') as tunnel_inside_ip_version, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -29374,13 +32614,21 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.VpnConnectionId') as vpn_connection_id, + JSON_EXTRACT(detail.Properties, '$.RemoteIpv6NetworkCidr') as remote_ipv6_network_cidr, + JSON_EXTRACT(detail.Properties, '$.RemoteIpv4NetworkCidr') as remote_ipv4_network_cidr, + JSON_EXTRACT(detail.Properties, '$.VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications, JSON_EXTRACT(detail.Properties, '$.CustomerGatewayId') as customer_gateway_id, + JSON_EXTRACT(detail.Properties, '$.OutsideIpAddressType') as outside_ip_address_type, JSON_EXTRACT(detail.Properties, '$.StaticRoutesOnly') as static_routes_only, + JSON_EXTRACT(detail.Properties, '$.EnableAcceleration') as enable_acceleration, JSON_EXTRACT(detail.Properties, '$.TransitGatewayId') as transit_gateway_id, JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.LocalIpv4NetworkCidr') as local_ipv4_network_cidr, JSON_EXTRACT(detail.Properties, '$.VpnGatewayId') as vpn_gateway_id, - JSON_EXTRACT(detail.Properties, '$.VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications + JSON_EXTRACT(detail.Properties, '$.TransportTransitGatewayAttachmentId') as transport_transit_gateway_attachment_id, + JSON_EXTRACT(detail.Properties, '$.LocalIpv6NetworkCidr') as local_ipv6_network_cidr, + JSON_EXTRACT(detail.Properties, '$.VpnConnectionId') as vpn_connection_id, + JSON_EXTRACT(detail.Properties, '$.TunnelInsideIpVersion') as tunnel_inside_ip_version FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -29396,13 +32644,21 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'VpnConnectionId') as vpn_connection_id, + json_extract_path_text(detail.Properties, 'RemoteIpv6NetworkCidr') as remote_ipv6_network_cidr, + json_extract_path_text(detail.Properties, 'RemoteIpv4NetworkCidr') as remote_ipv4_network_cidr, + json_extract_path_text(detail.Properties, 'VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications, json_extract_path_text(detail.Properties, 'CustomerGatewayId') as customer_gateway_id, + json_extract_path_text(detail.Properties, 'OutsideIpAddressType') as outside_ip_address_type, json_extract_path_text(detail.Properties, 'StaticRoutesOnly') as static_routes_only, + json_extract_path_text(detail.Properties, 'EnableAcceleration') as enable_acceleration, json_extract_path_text(detail.Properties, 'TransitGatewayId') as transit_gateway_id, json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'LocalIpv4NetworkCidr') as local_ipv4_network_cidr, json_extract_path_text(detail.Properties, 'VpnGatewayId') as vpn_gateway_id, - json_extract_path_text(detail.Properties, 'VpnTunnelOptionsSpecifications') as vpn_tunnel_options_specifications + json_extract_path_text(detail.Properties, 'TransportTransitGatewayAttachmentId') as transport_transit_gateway_attachment_id, + json_extract_path_text(detail.Properties, 'LocalIpv6NetworkCidr') as local_ipv6_network_cidr, + json_extract_path_text(detail.Properties, 'VpnConnectionId') as vpn_connection_id, + json_extract_path_text(detail.Properties, 'TunnelInsideIpVersion') as tunnel_inside_ip_version FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -31675,7 +34931,49 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateRouteTableRequest' + $ref: '#/components/schemas/CreateRouteTableRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__SecurityGroup&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateSecurityGroup + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateSecurityGroupRequest' required: true responses: '200': @@ -31684,7 +34982,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=CreateResource&Version=2021-09-30&__SecurityGroup&__detailTransformed=true: + /?Action=CreateResource&Version=2021-09-30&__SecurityGroupEgress&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -31694,7 +34992,7 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateSecurityGroup + operationId: CreateSecurityGroupEgress parameters: - description: Action Header in: header @@ -31717,7 +35015,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateSecurityGroupRequest' + $ref: '#/components/schemas/CreateSecurityGroupEgressRequest' required: true responses: '200': @@ -31726,7 +35024,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=CreateResource&Version=2021-09-30&__SecurityGroupEgress&__detailTransformed=true: + /?Action=CreateResource&Version=2021-09-30&__SecurityGroupIngress&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -31736,7 +35034,7 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateSecurityGroupEgress + operationId: CreateSecurityGroupIngress parameters: - description: Action Header in: header @@ -31759,7 +35057,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateSecurityGroupEgressRequest' + $ref: '#/components/schemas/CreateSecurityGroupIngressRequest' required: true responses: '200': @@ -31768,7 +35066,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=CreateResource&Version=2021-09-30&__SecurityGroupIngress&__detailTransformed=true: + /?Action=CreateResource&Version=2021-09-30&__SecurityGroupVpcAssociation&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -31778,7 +35076,7 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateSecurityGroupIngress + operationId: CreateSecurityGroupVpcAssociation parameters: - description: Action Header in: header @@ -31801,7 +35099,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateSecurityGroupIngressRequest' + $ref: '#/components/schemas/CreateSecurityGroupVpcAssociationRequest' required: true responses: '200': @@ -32860,6 +36158,90 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__VPCBlockPublicAccessExclusion&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateVPCBlockPublicAccessExclusion + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateVPCBlockPublicAccessExclusionRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__VPCBlockPublicAccessOptions&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateVPCBlockPublicAccessOptions + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateVPCBlockPublicAccessOptionsRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__VPCCidrBlock&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -33322,6 +36704,439 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=DescribeRouteTables&Version=2016-11-15&__nativeEndpoint=true: + get: + x-aws-operation-name: DescribeRouteTables + operationId: GET_DescribeRouteTables + description: >- +

Describes one or more of your route tables.

Each subnet in your VPC must be associated with a route table. If a subnet is not explicitly associated with any route table, it is implicitly associated with the main route table. This command does not return the subnet ID for implicit associations.

For more information, see Route tables in the Amazon Virtual Private Cloud User + Guide.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/DescribeRouteTablesResult' + parameters: + - name: Filter + in: query + required: false + description: >- +

One or more filters.

  • association.route-table-association-id - The ID of an association ID for the route table.

  • association.route-table-id - The ID of the route table involved in the association.

  • association.subnet-id - The ID of the subnet involved in the association.

  • association.main - Indicates whether the route table is the main route table for the VPC + (true | false). Route tables that do not have an association ID are not returned in the response.

  • owner-id - The ID of the Amazon Web Services account that owns the route table.

  • route-table-id - The ID of the route table.

  • route.destination-cidr-block - The IPv4 CIDR range specified in a route in the table.

  • + route.destination-ipv6-cidr-block - The IPv6 CIDR range specified in a route in the route table.

  • route.destination-prefix-list-id - The ID (prefix) of the Amazon Web Service specified in a route in the table.

  • route.egress-only-internet-gateway-id - The ID of an egress-only Internet gateway specified in a route in the route table.

  • route.gateway-id - The ID of a gateway + specified in a route in the table.

  • route.instance-id - The ID of an instance specified in a route in the table.

  • route.nat-gateway-id - The ID of a NAT gateway.

  • route.transit-gateway-id - The ID of a transit gateway.

  • route.origin - Describes how the route was created. CreateRouteTable indicates that the route was automatically created when the + route table was created; CreateRoute indicates that the route was manually added to the route table; EnableVgwRoutePropagation indicates that the route was propagated by route propagation.

  • route.state - The state of a route in the route table (active | blackhole). The blackhole state indicates that the route's target isn't available (for example, the specified gateway isn't attached to the VPC, the + specified NAT instance has been terminated, and so on).

  • route.vpc-peering-connection-id - The ID of a VPC peering connection specified in a route in the table.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value + TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the route table.

+ schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/Filter' + - xml: + name: Filter + - name: DryRun + in: query + required: false + description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + schema: + type: boolean + - name: RouteTableId + in: query + required: false + description: '

One or more route table IDs.

Default: Describes all your route tables.

' + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/RouteTableId' + - xml: + name: item + - name: NextToken + in: query + required: false + description: The token for the next page of results. + schema: + type: string + - name: MaxResults + in: query + required: false + description: The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value. + schema: + type: integer + minimum: 5 + maximum: 100 + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /?Action=BundleInstance&Version=2016-11-15&__nativeEndpoint=true: + get: + x-aws-operation-name: BundleInstance + operationId: GET_BundleInstance + description:

Bundles an Amazon instance store-backed Windows instance.

During bundling, only the root device volume (C:\) is bundled. Data on other instance store volumes is not preserved.

This action is not applicable for Linux/Unix instances or Windows instances that are backed by Amazon EBS.

 + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/BundleInstanceResult' + parameters: + - name: InstanceId + in: query + required: true + description: '

The ID of the instance to bundle.

Type: String

Default: None

Required: Yes

' + schema: + type: string + - name: Storage + in: query + required: true + description: The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error. + schema: + type: object + properties: + undefined: + allOf: + - $ref: '#/components/schemas/S3Storage' + - description: An Amazon S3 storage location. + description: Describes the storage location for an instance store-backed AMI. + - name: DryRun + in: query + required: false + description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /?Action=ImportInstance&Version=2016-11-15&__nativeEndpoint=true: + get: + x-aws-operation-name: ImportInstance + operationId: GET_ImportInstance + description: >- +

Creates an import instance task using metadata from the specified disk image.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead.

This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing a VM to Amazon EC2 in the Amazon EC2 + CLI Reference PDF file.

For information about the import manifest referenced by this API action, see VM Import Manifest.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/ImportInstanceResult' + parameters: + - name: Description + in: query + required: false + description: A description for the instance being imported. + schema: + type: string + - name: DiskImage + in: query + required: false + description: The disk image. + schema: + type: array + items: + $ref: '#/components/schemas/DiskImage' + - name: DryRun + in: query + required: false + description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + schema: + type: boolean + - name: LaunchSpecification + in: query + required: false + description: The launch specification. + schema: + type: object + properties: + additionalInfo: + allOf: + - $ref: '#/components/schemas/String' + - description: Reserved. + architecture: + allOf: + - $ref: '#/components/schemas/ArchitectureValues' + - description: The architecture of the instance. + GroupId: + allOf: + - $ref: '#/components/schemas/SecurityGroupIdStringList' + - description: The security group IDs. + GroupName: + allOf: + - $ref: '#/components/schemas/SecurityGroupStringList' + - description: The security group names. + instanceInitiatedShutdownBehavior: + allOf: + - $ref: '#/components/schemas/ShutdownBehavior' + - description: Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). + instanceType: + allOf: + - $ref: '#/components/schemas/InstanceType' + - description: The instance type. For more information about the instance types that you can import, see Instance Types in the VM Import/Export User Guide. + monitoring: + allOf: + - $ref: '#/components/schemas/Boolean' + - description: Indicates whether monitoring is enabled. + placement: + allOf: + - $ref: '#/components/schemas/Placement' + - description: The placement information for the instance. + privateIpAddress: + allOf: + - $ref: '#/components/schemas/String' + - description: '[EC2-VPC] An available IP address from the IP address range of the subnet.' + subnetId: + allOf: + - $ref: '#/components/schemas/SubnetId' + - description: '[EC2-VPC] The ID of the subnet in which to launch the instance.' + userData: + allOf: + - $ref: '#/components/schemas/UserData' + - description: The Base64-encoded user data to make available to the instance. + description: Describes the launch specification for VM import. + - name: Platform + in: query + required: true + description: The instance operating system. + schema: + type: string + enum: + - Windows + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /?Action=MonitorInstances&Version=2016-11-15&__nativeEndpoint=true: + get: + x-aws-operation-name: MonitorInstances + operationId: GET_MonitorInstances + description:

Enables detailed monitoring for a running instance. Otherwise, basic monitoring is enabled. For more information, see Monitor your instances using CloudWatch in the Amazon EC2 User Guide.

To disable detailed monitoring, see UnmonitorInstances.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/MonitorInstancesResult' + parameters: + - name: InstanceId + in: query + required: true + description: The IDs of the instances. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: DryRun + in: query + required: false + description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /?Action=RebootInstances&Version=2016-11-15&__nativeEndpoint=true: + get: + x-aws-operation-name: RebootInstances + operationId: GET_RebootInstances + description: >- +

Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.

If an instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard reboot.

For more information about troubleshooting, see Troubleshoot an unreachable instance in the Amazon EC2 User Guide.

+ responses: + '200': + description: Success + parameters: + - name: InstanceId + in: query + required: true + description: The instance IDs. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: DryRun + in: query + required: false + description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /?Action=StartInstances&Version=2016-11-15&__nativeEndpoint=true: + get: + x-aws-operation-name: StartInstances + operationId: GET_StartInstances + description: >- +

Starts an Amazon EBS-backed instance that you've previously stopped.

Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for instance usage. However, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Every time you start your + instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM.

Performing this operation on an instance that uses an instance store as its root device returns an error.

If you attempt to start a T3 instance with host tenancy and the + unlimted CPU credit option, the request fails. The unlimited CPU credit option is not supported on Dedicated Hosts. Before you start the instance, either change its CPU credit option to standard, or change its tenancy to default or dedicated.

For more information, see Stop and start your instance in the Amazon EC2 User Guide.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/StartInstancesResult' + parameters: + - name: InstanceId + in: query + required: true + description: The IDs of the instances. + schema: + type: array + items: + $ref: '#/components/schemas/InstanceId' + - name: AdditionalInfo + in: query + required: false + description: Reserved. + schema: + type: string + - name: DryRun + in: query + required: false + description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /?Action=StopInstances&Version=2016-11-15&__nativeEndpoint=true: + get: + x-aws-operation-name: StopInstances + operationId: GET_StopInstances + description: >- +

Stops an Amazon EBS-backed instance. For more information, see Stop and start your instance in the Amazon EC2 User Guide.

You can use the Stop action to hibernate an instance if the instance is enabled for hibernation and it meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

We don't charge usage for a stopped instance, or data transfer fees; however, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for + Amazon EBS volume usage. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

You can't stop or hibernate instance store-backed instances. You can't use the Stop action to hibernate Spot Instances, but you can specify that Amazon EC2 should hibernate Spot Instances when they are interrupted. For more information, see Hibernating interrupted Spot Instances in the Amazon EC2 User Guide.

When you stop or hibernate an instance, we shut it down. You can restart your instance at any time. Before stopping or hibernating an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM, but hibernating an instance does + preserve data stored in RAM. If an instance cannot hibernate successfully, a normal shutdown occurs.

Stopping and hibernating an instance is different to rebooting or terminating it. For example, when you stop or hibernate an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, the root device and any other devices attached during the instance launch are automatically deleted. For more information about the differences + between rebooting, stopping, hibernating, and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

When you stop an instance, we attempt to shut it down forcibly after a short while. If your instance appears stuck in the stopping state after a period of time, there may be an issue with the underlying host computer. For more information, see Troubleshoot stopping your instance in the Amazon EC2 User Guide.

+ responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/StopInstancesResult' + parameters: + - name: InstanceId + in: query + required: true + description: The IDs of the instances. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: Hibernate + in: query + required: false + description: '

Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

Default: false

' + schema: + type: boolean + - name: DryRun + in: query + required: false + description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + schema: + type: boolean + - name: Force + in: query + required: false + description: '

Forces the instances to stop. The instances do not have an opportunity to flush file system caches or file system metadata. If you use this option, you must perform file system check and repair procedures. This option is not recommended for Windows instances.

Default: false

' + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + /?Action=UnmonitorInstances&Version=2016-11-15&__nativeEndpoint=true: + get: + x-aws-operation-name: UnmonitorInstances + operationId: GET_UnmonitorInstances + description: Disables detailed monitoring for a running instance. For more information, see Monitoring your instances and volumes in the Amazon EC2 User Guide. + responses: + '200': + description: Success + content: + text/xml: + schema: + $ref: '#/components/schemas/UnmonitorInstancesResult' + parameters: + - name: InstanceId + in: query + required: true + description: The IDs of the instances. + schema: + type: array + items: + allOf: + - $ref: '#/components/schemas/InstanceId' + - xml: + name: InstanceId + - name: DryRun + in: query + required: false + description: Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + schema: + type: boolean + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params @@ -33332,3 +37147,5 @@ x-stackQL-config: responseToken: key: NextToken location: body + queryParamTranspose: + algorithm: AWSCanonical diff --git a/providers/src/aws/v00.00.00000/services/ecr.yaml b/providers/src/aws/v00.00.00000/services/ecr.yaml index 15e09651..c43593e8 100644 --- a/providers/src/aws/v00.00.00000/services/ecr.yaml +++ b/providers/src/aws/v00.00.00000/services/ecr.yaml @@ -768,9 +768,10 @@ components: enum: - AES256 - KMS + - KMS_DSSE KmsKey: type: string - description: If you use the KMS encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used. + description: If you use the KMS or KMS_DSSE encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used. minLength: 1 maxLength: 2048 EmptyOnDelete: @@ -844,6 +845,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - ecr:TagResource + - ecr:UntagResource x-required-permissions: create: - ecr:CreateRepository @@ -928,6 +932,11 @@ components: description: A list of enumerable Strings representing the repository creation scenarios that the template will apply towards. items: $ref: '#/components/schemas/AppliedForItem' + CustomRoleArn: + type: string + description: The ARN of the role to be assumed by ECR. This role must be in the same account as the registry that you are configuring. + maxLength: 2048 + pattern: ^arn:aws[-a-z0-9]*:iam::[0-9]{12}:role/[A-Za-z0-9+=,-.@_]*$ CreatedAt: description: Create timestamp of the template. type: string @@ -957,6 +966,9 @@ components: - ecr:CreateRepositoryCreationTemplate - ecr:PutLifecyclePolicy - ecr:SetRepositoryPolicy + - ecr:CreateRepository + - iam:CreateServiceLinkedRole + - iam:PassRole read: - ecr:DescribeRepositoryCreationTemplates update: @@ -964,6 +976,9 @@ components: - ecr:UpdateRepositoryCreationTemplate - ecr:PutLifecyclePolicy - ecr:SetRepositoryPolicy + - ecr:CreateRepository + - iam:CreateServiceLinkedRole + - iam:PassRole delete: - ecr:DeleteRepositoryCreationTemplate list: @@ -1215,6 +1230,11 @@ components: description: A list of enumerable Strings representing the repository creation scenarios that the template will apply towards. items: $ref: '#/components/schemas/AppliedForItem' + CustomRoleArn: + type: string + description: The ARN of the role to be assumed by ECR. This role must be in the same account as the registry that you are configuring. + maxLength: 2048 + pattern: ^arn:aws[-a-z0-9]*:iam::[0-9]{12}:role/[A-Za-z0-9+=,-.@_]*$ CreatedAt: description: Create timestamp of the template. type: string @@ -2158,6 +2178,7 @@ components: JSON_EXTRACT(Properties, '$.EncryptionConfiguration') as encryption_configuration, JSON_EXTRACT(Properties, '$.ResourceTags') as resource_tags, JSON_EXTRACT(Properties, '$.AppliedFor') as applied_for, + JSON_EXTRACT(Properties, '$.CustomRoleArn') as custom_role_arn, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::RepositoryCreationTemplate' @@ -2176,6 +2197,7 @@ components: JSON_EXTRACT(detail.Properties, '$.EncryptionConfiguration') as encryption_configuration, JSON_EXTRACT(detail.Properties, '$.ResourceTags') as resource_tags, JSON_EXTRACT(detail.Properties, '$.AppliedFor') as applied_for, + JSON_EXTRACT(detail.Properties, '$.CustomRoleArn') as custom_role_arn, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at FROM aws.cloud_control.resources listing @@ -2199,6 +2221,7 @@ components: json_extract_path_text(Properties, 'EncryptionConfiguration') as encryption_configuration, json_extract_path_text(Properties, 'ResourceTags') as resource_tags, json_extract_path_text(Properties, 'AppliedFor') as applied_for, + json_extract_path_text(Properties, 'CustomRoleArn') as custom_role_arn, json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'UpdatedAt') as updated_at FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECR::RepositoryCreationTemplate' @@ -2217,6 +2240,7 @@ components: json_extract_path_text(detail.Properties, 'EncryptionConfiguration') as encryption_configuration, json_extract_path_text(detail.Properties, 'ResourceTags') as resource_tags, json_extract_path_text(detail.Properties, 'AppliedFor') as applied_for, + json_extract_path_text(detail.Properties, 'CustomRoleArn') as custom_role_arn, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at FROM aws.cloud_control.resources listing diff --git a/providers/src/aws/v00.00.00000/services/ecs.yaml b/providers/src/aws/v00.00.00000/services/ecs.yaml index 4b8800e3..80a94733 100644 --- a/providers/src/aws/v00.00.00000/services/ecs.yaml +++ b/providers/src/aws/v00.00.00000/services/ecs.yaml @@ -385,31 +385,14 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: - ManagedScaling: - description: The managed scaling settings for the Auto Scaling group capacity provider. - type: object - properties: - MinimumScalingStepSize: - type: integer - MaximumScalingStepSize: - type: integer - Status: - type: string - enum: - - DISABLED - - ENABLED - TargetCapacity: - type: integer - InstanceWarmupPeriod: - type: integer - additionalProperties: false AutoScalingGroupProvider: + additionalProperties: false type: object properties: - AutoScalingGroupArn: - type: string ManagedScaling: $ref: '#/components/schemas/ManagedScaling' + AutoScalingGroupArn: + type: string ManagedTerminationProtection: type: string enum: @@ -422,47 +405,53 @@ components: - ENABLED required: - AutoScalingGroupArn + ManagedScaling: + description: The managed scaling settings for the Auto Scaling group capacity provider. additionalProperties: false - Tag: type: object properties: - Key: + Status: type: string + enum: + - DISABLED + - ENABLED + MinimumScalingStepSize: + type: integer + InstanceWarmupPeriod: + type: integer + TargetCapacity: + type: integer + MaximumScalingStepSize: + type: integer + Tag: + additionalProperties: false + type: object + properties: Value: type: string - additionalProperties: false + Key: + type: string CapacityProvider: description: If using ec2 auto-scaling, the name of the associated capacity provider. Otherwise FARGATE, FARGATE_SPOT. - type: string anyOf: - type: string enum: - FARGATE - FARGATE_SPOT - - type: string - minLength: 1 + - minLength: 1 + type: string maxLength: 2048 + type: string CapacityProviderStrategyItem: + additionalProperties: false type: object properties: - Base: - type: integer - description: The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of ``0`` is used. CapacityProvider: type: string - description: The short name of the capacity provider. + Base: + type: integer Weight: type: integer - description: |- - The *weight* value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The ``weight`` value is taken into consideration after the ``base`` value, if defined, is satisfied. - If no ``weight`` value is specified, the default value of ``0`` is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of ``0`` can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of ``0``, any ``RunTask`` or ``CreateService`` actions using the capacity provider strategy will fail. - An example scenario for using weights is defining a strategy that contains two capacity providers and both have a weight of ``1``, then when the ``base`` is satisfied, the tasks will be split evenly across the two capacity providers. Using that same logic, if you specify a weight of ``1`` for *capacityProviderA* and a weight of ``4`` for *capacityProviderB*, then for every one task that's run using *capacityProviderA*, four tasks would use *capacityProviderB*. - additionalProperties: false - description: |- - The details of a capacity provider strategy. A capacity provider strategy can be set when using the ``RunTask`` or ``CreateService`` APIs or as the default capacity provider strategy for a cluster with the ``CreateCluster`` API. - Only capacity providers that are already associated with a cluster and have an ``ACTIVE`` or ``UPDATING`` status can be used in a capacity provider strategy. The ``PutClusterCapacityProviders`` API is used to associate a capacity provider with a cluster. - If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created. New Auto Scaling group capacity providers can be created with the ``CreateCapacityProvider`` API operation. - To use an FARGATElong capacity provider, specify either the ``FARGATE`` or ``FARGATE_SPOT`` capacity providers. The FARGATElong capacity providers are available to all accounts and only need to be associated with a cluster to be used in a capacity provider strategy. ExecuteCommandLogConfiguration: description: The log configuration for the results of the execute command actions. The logs can be sent to CloudWatch Logs or an Amazon S3 bucket. additionalProperties: false @@ -503,6 +492,17 @@ components: Name: description: The name of the cluster setting. The value is ``containerInsights`` . type: string + ManagedStorageConfiguration: + description: The managed storage configuration for the cluster. + additionalProperties: false + type: object + properties: + FargateEphemeralStorageKmsKeyId: + description: Specify the KMSlong key ID for the Fargate ephemeral storage. + type: string + KmsKeyId: + description: Specify a KMSlong key ID to encrypt the managed storage. + type: string ServiceConnectDefaults: description: >- Use this parameter to set a default Service Connect namespace. After you set a default Service Connect namespace, any new services with Service Connect turned on that are created in the cluster are added as client services in the namespace. This setting only applies to new services that set the ``enabled`` parameter to ``true`` in the ``ServiceConnectConfiguration``. You can set the namespace of each service individually in the ``ServiceConnectConfiguration`` to override this default @@ -520,10 +520,13 @@ components: For more information about CMAPlong, see [Working with Services](https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) in the *Developer Guide*. type: string ClusterConfiguration: - description: The execute command configuration for the cluster. + description: The execute command and managed storage configuration for the cluster. additionalProperties: false type: object properties: + ManagedStorageConfiguration: + description: The details of the managed storage configuration. + $ref: '#/components/schemas/ManagedStorageConfiguration' ExecuteCommandConfiguration: description: The details of the execute command configuration. $ref: '#/components/schemas/ExecuteCommandConfiguration' @@ -549,46 +552,46 @@ components: description: The log configuration for the results of the execute command actions. The logs can be sent to CloudWatch Logs or an Amazon S3 bucket. When ``logging=OVERRIDE`` is specified, a ``logConfiguration`` must be provided. $ref: '#/components/schemas/ExecuteCommandLogConfiguration' Cluster: + minLength: 1 description: The name of the cluster type: string - minLength: 1 maxLength: 2048 - CapacityProviders: + DefaultCapacityProviderStrategy: description: List of capacity providers to associate with the cluster type: array items: - $ref: '#/components/schemas/CapacityProvider' + $ref: '#/components/schemas/CapacityProviderStrategy' + CapacityProviders: uniqueItems: true - DefaultCapacityProviderStrategy: description: List of capacity providers to associate with the cluster type: array items: - $ref: '#/components/schemas/CapacityProviderStrategy' + $ref: '#/components/schemas/CapacityProvider' CapacityProviderStrategy: + additionalProperties: false type: object properties: + CapacityProvider: + $ref: '#/components/schemas/CapacityProvider' Base: + maximum: 100000 type: integer minimum: 0 - maximum: 100000 Weight: + maximum: 1000 type: integer minimum: 0 - maximum: 1000 - CapacityProvider: - $ref: '#/components/schemas/CapacityProvider' required: - CapacityProvider - additionalProperties: false ClusterCapacityProviderAssociations: type: object properties: + DefaultCapacityProviderStrategy: + $ref: '#/components/schemas/DefaultCapacityProviderStrategy' CapacityProviders: $ref: '#/components/schemas/CapacityProviders' Cluster: $ref: '#/components/schemas/Cluster' - DefaultCapacityProviderStrategy: - $ref: '#/components/schemas/DefaultCapacityProviderStrategy' required: - CapacityProviders - Cluster @@ -605,34 +608,35 @@ components: - Cluster - DefaultCapacityProviderStrategy x-tagging: - cloudFormationSystemTags: false tagOnCreate: false - tagUpdatable: false taggable: false + tagUpdatable: false + cloudFormationSystemTags: false x-required-permissions: + read: + - ecs:DescribeClusters create: - ecs:DescribeClusters - ecs:PutClusterCapacityProviders - read: - - ecs:DescribeClusters + - ecs:DescribeCapacityProviders update: - ecs:DescribeClusters - ecs:PutClusterCapacityProviders - delete: - - ecs:PutClusterCapacityProviders - - ecs:DescribeClusters list: - ecs:DescribeClusters - ecs:ListClusters + delete: + - ecs:PutClusterCapacityProviders + - ecs:DescribeClusters PrimaryTaskSet: type: object properties: - Cluster: - description: The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in. - type: string TaskSetId: description: The ID or full Amazon Resource Name (ARN) of the task set. type: string + Cluster: + description: The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in. + type: string Service: description: The short name or full Amazon Resource Name (ARN) of the service to create the task set in. type: string @@ -659,457 +663,395 @@ components: tagUpdatable: false cloudFormationSystemTags: false x-required-permissions: + read: [] create: - ecs:DescribeTaskSets - ecs:UpdateServicePrimaryTaskSet - read: [] update: - ecs:DescribeTaskSets - ecs:UpdateServicePrimaryTaskSet delete: [] - AwsVpcConfiguration: - description: The VPC subnets and security groups associated with a task. All specified subnets and security groups must be from the same VPC. - type: object - properties: - AssignPublicIp: - description: Whether the task's elastic network interface receives a public IP address. The default value is DISABLED. - type: string - enum: - - DISABLED - - ENABLED - SecurityGroups: - description: The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. There is a limit of 5 security groups that can be specified per AwsVpcConfiguration. - type: array - items: - type: string - maxItems: 5 - Subnets: - description: The subnets associated with the task or service. There is a limit of 16 subnets that can be specified per AwsVpcConfiguration. - type: array - items: - type: string - maxItems: 16 - required: - - Subnets + TimeoutConfiguration: + description: |- + An object that represents the timeout configurations for Service Connect. + If ``idleTimeout`` is set to a time that is less than ``perRequestTimeout``, the connection will close when the ``idleTimeout`` is reached and not the ``perRequestTimeout``. additionalProperties: false - DeploymentAlarms: type: object properties: - AlarmNames: - type: array - items: - type: string - description: One or more CloudWatch alarm names. Use a "," to separate the alarms. - Rollback: - type: boolean - description: Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. - Enable: - type: boolean - description: Determines whether to use the CloudWatch alarm option in the service deployment process. - required: - - AlarmNames - - Rollback - - Enable - additionalProperties: false + PerRequestTimeoutSeconds: + description: The amount of time waiting for the upstream to respond with a complete response per request. A value of ``0`` can be set to disable ``perRequestTimeout``. ``perRequestTimeout`` can only be set if Service Connect ``appProtocol`` isn't ``TCP``. Only ``idleTimeout`` is allowed for ``TCP`` ``appProtocol``. + type: integer + IdleTimeoutSeconds: + description: |- + The amount of time in seconds a connection will stay active while idle. A value of ``0`` can be set to disable ``idleTimeout``. + The ``idleTimeout`` default for ``HTTP``/``HTTP2``/``GRPC`` is 5 minutes. + The ``idleTimeout`` default for ``TCP`` is 1 hour. + type: integer + DeploymentAlarms: description: |- One of the methods which provide a way for you to quickly identify when a deployment has failed, and then to optionally roll back the failure to the last working deployment. When the alarms are generated, Amazon ECS sets the service deployment to failed. Set the rollback parameter to have Amazon ECS to roll back your service to the last completed deployment after a failure. You can only use the ``DeploymentAlarms`` method to detect failures when the ``DeploymentController`` is set to ``ECS`` (rolling update). For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide*. - DeploymentCircuitBreaker: + additionalProperties: false type: object properties: + AlarmNames: + description: One or more CloudWatch alarm names. Use a "," to separate the alarms. + type: array + items: + type: string Enable: + description: Determines whether to use the CloudWatch alarm option in the service deployment process. type: boolean - description: Determines whether to use the deployment circuit breaker logic for the service. Rollback: + description: Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. type: boolean - description: Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is on, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. required: - - Enable + - AlarmNames - Rollback + - Enable + ServiceConnectTlsCertificateAuthority: + description: The certificate root authority that secures your service. additionalProperties: false - description: |- - The deployment circuit breaker can only be used for services using the rolling update (``ECS``) deployment type. - The *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If it is turned on, a service deployment will transition to a failed state and stop launching new tasks. You can also configure Amazon ECS to roll back your service to the last completed deployment after a failure. For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide*. - For more information about API failure reasons, see [API failure reasons](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/api_failures_messages.html) in the *Amazon Elastic Container Service Developer Guide*. - DeploymentConfiguration: - type: object - properties: - DeploymentCircuitBreaker: - $ref: '#/components/schemas/DeploymentCircuitBreaker' - description: |- - The deployment circuit breaker can only be used for services using the rolling update (``ECS``) deployment type. - The *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If you use the deployment circuit breaker, a service deployment will transition to a failed state and stop launching new tasks. If you use the rollback option, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide* - MaximumPercent: - type: integer - description: >- - If a service is using the rolling update (``ECS``) deployment type, the ``maximumPercent`` parameter represents an upper limit on the number of your service's tasks that are allowed in the ``RUNNING`` or ``PENDING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the ``REPLICA`` service scheduler and has a ``desiredCount`` of - four tasks and a ``maximumPercent`` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default ``maximumPercent`` value for a service using the ``REPLICA`` service scheduler is 200%. - If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and tasks that use the EC2 launch type, the *maximum percent* value is set to the default value and is used to define the upper limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service. - MinimumHealthyPercent: - type: integer - description: >- - If a service is using the rolling update (``ECS``) deployment type, the ``minimumHealthyPercent`` represents a lower limit on the number of your service's tasks that must remain in the ``RUNNING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a ``desiredCount`` of four tasks and a ``minimumHealthyPercent`` of 50%, - the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks. - For services that *do not* use a load balancer, the following should be noted: - + A service is considered healthy if all essential containers within the tasks in the service pass their health checks. - + If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a ``RUNNING`` state before the task is counted towards the minimum healthy percent total. - + If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings. - - For services that *do* use a load balancer, the following should be noted: - + If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total. - + If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total. - - If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value and is used to define the lower limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service. - Alarms: - $ref: '#/components/schemas/DeploymentAlarms' - description: Information about the CloudWatch alarms. - additionalProperties: false - description: The ``DeploymentConfiguration`` property specifies optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks. - DeploymentController: type: object properties: - Type: + AwsPcaAuthorityArn: + description: The ARN of the AWS Private Certificate Authority certificate. type: string - enum: - - CODE_DEPLOY - - ECS - - EXTERNAL - description: |- - The deployment controller type to use. There are three deployment controller types available: - + ECS The rolling update (ECS) deployment type involves replacing the current running version of the container with the latest version. The number of containers Amazon ECS adds or removes from the service during a rolling update is controlled by adjusting the minimum and maximum number of healthy tasks allowed during a service deployment, as specified in the DeploymentConfiguration. + CODE_DEPLOY The blue/green (CODE_DEPLOY) deployment type uses the blue/green deployment model powered by , which allows you to verify a new deployment of a service before sending production traffic to it. + EXTERNAL The external (EXTERNAL) deployment type enables you to use any third-party deployment controller for full control over the deployment process for an Amazon ECS service. + VpcLatticeConfiguration: + description: The VPC Lattice configuration for your service that holds the information for the target group(s) Amazon ECS tasks will be registered to. additionalProperties: false - description: The deployment controller to use for the service. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide*. - EBSTagSpecification: type: object - required: - - ResourceType properties: - ResourceType: + TargetGroupArn: + description: The full Amazon Resource Name (ARN) of the target group or groups associated with the VPC Lattice configuration that the Amazon ECS tasks will be registered to. type: string - description: The type of volume resource. - Tags: - type: array - items: - $ref: '#/components/schemas/Tag' - description: The tags applied to this Amazon EBS volume. ``AmazonECSCreated`` and ``AmazonECSManaged`` are reserved tags that can't be used. - PropagateTags: + PortName: + description: The name of the port mapping to register in the VPC Lattice target group. This is the name of the ``portMapping`` you defined in your task definition. type: string - enum: - - SERVICE - - TASK_DEFINITION - description: "Determines whether to propagate the tags from the task definition to \Lthe Amazon EBS volume. Tags can only propagate to a ``SERVICE`` specified in \L``ServiceVolumeConfiguration``. If no value is specified, the tags aren't \Lpropagated." - description: The tag specifications of an Amazon EBS volume. + RoleArn: + description: "The ARN of the IAM role to associate with this VPC Lattice configuration. This is the Amazon ECS\L infrastructure IAM role that is used to manage your VPC Lattice infrastructure." + type: string + required: + - RoleArn + - TargetGroupArn + - PortName LoadBalancer: description: 'A load balancer object representing the load balancer to use with the task set. The supported load balancer types are either an Application Load Balancer or a Network Load Balancer. ' + additionalProperties: false type: object properties: - ContainerName: - description: The name of the container (as it appears in a container definition) to associate with the load balancer. - type: string - ContainerPort: - description: The port on the container to associate with the load balancer. This port must correspond to a containerPort in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they are launched on must allow ingress traffic on the hostPort of the port mapping. - type: integer TargetGroupArn: description: >- The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set. A target group ARN is only specified when using an Application Load Balancer or Network Load Balancer. If you are using a Classic Load Balancer this should be omitted. For services using the ECS deployment controller, you can specify one or multiple target groups. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html in the Amazon Elastic Container Service Developer Guide. For services using the CODE_DEPLOY deployment controller, you are required to define two target groups for the load balancer. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-bluegreen.html in the Amazon Elastic Container Service Developer Guide. If your service's task definition uses the awsvpc network mode (which is required for the Fargate launch type), you must choose ip as the target type, not instance, when creating your target groups because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance. type: string - additionalProperties: false - LogConfiguration: - type: object - required: - - LogDriver - properties: - LogDriver: - type: string - description: |- - The log driver to use for the container. - For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``. - For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``logentries``,``syslog``, ``splunk``, and ``awsfirelens``. - For more information about using the ``awslogs`` log driver, see [Using the awslogs log driver](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide*. - For more information about using the ``awsfirelens`` log driver, see [Custom log routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide*. - If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software. - Options: - type: object - x-patternProperties: - .{1,}: - type: string - additionalProperties: false - description: 'The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format ''{{.Server.APIVersion}}''``' - SecretOptions: - type: array - x-insertionOrder: false - items: - $ref: '#/components/schemas/Secret' - description: The secrets to pass to the log configuration. For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. - additionalProperties: false - description: The ``LogConfiguration`` property specifies log configuration options to send to a custom log driver for the container. - NetworkConfiguration: - description: An object representing the network configuration for a task or service. - type: object - properties: - AwsVpcConfiguration: - $ref: '#/components/schemas/AwsVpcConfiguration' - additionalProperties: false - PlacementConstraint: - type: object - properties: - Expression: - type: string - description: A cluster query language expression to apply to the constraint. The expression can have a maximum length of 2000 characters. You can't specify an expression if the constraint type is ``distinctInstance``. For more information, see [Cluster query language](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html) in the *Amazon Elastic Container Service Developer Guide*. - Type: + ContainerName: + description: The name of the container (as it appears in a container definition) to associate with the load balancer. type: string - enum: - - distinctInstance - - memberOf - description: The type of constraint. Use ``distinctInstance`` to ensure that each task in a particular group is running on a different container instance. Use ``memberOf`` to restrict the selection to a group of valid candidates. - required: - - Type - additionalProperties: false - description: The ``PlacementConstraint`` property specifies an object representing a constraint on task placement in the task definition. For more information, see [Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) in the *Amazon Elastic Container Service Developer Guide*. + ContainerPort: + description: The port on the container to associate with the load balancer. This port must correspond to a containerPort in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they are launched on must allow ingress traffic on the hostPort of the port mapping. + type: integer PlacementStrategy: + description: The task placement strategy for a task or service. For more information, see [Task placement strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html) in the *Amazon Elastic Container Service Developer Guide*. + additionalProperties: false type: object properties: Field: + description: The field to apply the placement strategy against. For the ``spread`` placement strategy, valid values are ``instanceId`` (or ``host``, which has the same effect), or any platform or custom attribute that's applied to a container instance, such as ``attribute:ecs.availability-zone``. For the ``binpack`` placement strategy, valid values are ``cpu`` and ``memory``. For the ``random`` placement strategy, this field is not used. type: string - description: The field to apply the placement strategy against. For the ``spread`` placement strategy, valid values are ``instanceId`` (or ``host``, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as ``attribute:ecs.availability-zone``. For the ``binpack`` placement strategy, valid values are ``CPU`` and ``MEMORY``. For the ``random`` placement strategy, this field is not used. Type: + description: >- + The type of placement strategy. The ``random`` placement strategy randomly places tasks on available candidates. The ``spread`` placement strategy spreads placement across available candidates evenly based on the ``field`` parameter. The ``binpack`` strategy places tasks on available candidates that have the least available amount of the resource that's specified with the ``field`` parameter. For example, if you binpack on memory, a task is placed on the instance with the least + amount of remaining memory but still enough to run the task. type: string enum: - binpack - random - spread - description: >- - The type of placement strategy. The ``random`` placement strategy randomly places tasks on available candidates. The ``spread`` placement strategy spreads placement across available candidates evenly based on the ``field`` parameter. The ``binpack`` strategy places tasks on available candidates that have the least available amount of the resource that's specified with the ``field`` parameter. For example, if you binpack on memory, a task is placed on the instance with the least - amount of remaining memory but still enough to run the task. required: - Type - additionalProperties: false - description: The ``PlacementStrategy`` property specifies the task placement strategy for a task or service. For more information, see [Task Placement Strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html) in the *Amazon Elastic Container Service Developer Guide*. - Secret: - type: object - required: - - Name - - ValueFrom - properties: - Name: - type: string - description: The name of the secret. - ValueFrom: - type: string - description: |- - The secret to expose to the container. The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store. - For information about the require IAMlong permissions, see [Required IAM permissions for Amazon ECS secrets](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html#secrets-iam) (for Secrets Manager) or [Required IAM permissions for Amazon ECS secrets](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-parameters.html) (for Systems Manager Parameter store) in the *Amazon Elastic Container Service Developer Guide*. - If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified. - additionalProperties: false - description: |- - An object representing the secret to expose to your container. Secrets can be exposed to a container in the following ways: - + To inject sensitive data into your containers as environment variables, use the ``secrets`` container definition parameter. - + To reference sensitive information in the log configuration of a container, use the ``secretOptions`` container definition parameter. - - For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. - ServiceConnectClientAlias: - type: object - properties: - Port: - type: integer - description: |- - The listening port number for the Service Connect proxy. This port is available inside of all of the tasks within the same namespace. - To avoid changing your applications in client Amazon ECS services, set this to the same port that the client application uses by default. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. - DnsName: - type: string - description: |- - The ``dnsName`` is the name that you use in the applications of client tasks to connect to this service. The name must be a valid DNS name but doesn't need to be fully-qualified. The name can include up to 127 characters. The name can include lowercase letters, numbers, underscores (_), hyphens (-), and periods (.). The name can't start with a hyphen. - If this parameter isn't specified, the default value of ``discoveryName.namespace`` is used. If the ``discoveryName`` isn't specified, the port mapping name from the task definition is used in ``portName.namespace``. - To avoid changing your applications in client Amazon ECS services, set this to the same name that the client application uses by default. For example, a few common names are ``database``, ``db``, or the lowercase name of a database, such as ``mysql`` or ``redis``. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. - required: - - Port - additionalProperties: false + ServiceConnectConfiguration: description: |- - Each alias ("endpoint") is a fully-qualified name and port number that other tasks ("clients") can use to connect to this service. - Each name and port mapping must be unique within the namespace. + The Service Connect configuration of your Amazon ECS service. The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. - ServiceConnectConfiguration: + additionalProperties: false type: object properties: - Enabled: - type: boolean - description: Specifies whether to use Service Connect with this service. - Namespace: - type: string - description: The namespace name or full Amazon Resource Name (ARN) of the CMAPlong namespace for use with Service Connect. The namespace must be in the same AWS Region as the Amazon ECS service and cluster. The type of namespace doesn't affect Service Connect. For more information about CMAPlong, see [Working with Services](https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) in the *Developer Guide*. Services: - type: array - items: - $ref: '#/components/schemas/ServiceConnectService' description: |- The list of Service Connect service objects. These are names and aliases (also known as endpoints) that are used by other Amazon ECS services to connect to this service. This field is not required for a "client" Amazon ECS service that's a member of a namespace only to connect to other services within the namespace. An example of this would be a frontend application that accepts incoming requests from either a load balancer that's attached to the service or by other means. An object selects a port from the task definition, assigns a name for the CMAPlong service, and a list of aliases (endpoints) and ports for client applications to refer to this service. + type: array + items: + $ref: '#/components/schemas/ServiceConnectService' + Enabled: + description: Specifies whether to use Service Connect with this service. + type: boolean LogConfiguration: - $ref: '#/components/schemas/LogConfiguration' description: |- - The log configuration for the container. This parameter maps to ``LogConfig`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--log-driver`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/run/). - By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation. + The log configuration for the container. This parameter maps to ``LogConfig`` in the docker container create command and the ``--log-driver`` option to docker run. + By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. Understand the following when specifying a log configuration for your containers. + Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``. - For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``logentries``,``syslog``, ``splunk``, and ``awsfirelens``. + For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``,``syslog``, ``splunk``, and ``awsfirelens``. + This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. + For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*. + For tasks that are on FARGATElong, because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to. - required: - - Enabled - additionalProperties: false - description: |- - The Service Connect configuration of your Amazon ECS service. The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. - Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. - ServiceConnectService: - type: object - properties: - PortName: - type: string - description: The ``portName`` must match the name of one of the ``portMappings`` from all the containers in the task definition of this Amazon ECS service. - DiscoveryName: + $ref: '#/components/schemas/LogConfiguration' + Namespace: + description: The namespace name or full Amazon Resource Name (ARN) of the CMAPlong namespace for use with Service Connect. The namespace must be in the same AWS Region as the Amazon ECS service and cluster. The type of namespace doesn't affect Service Connect. For more information about CMAPlong, see [Working with Services](https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) in the *Developer Guide*. type: string - description: |- - The ``discoveryName`` is the name of the new CMAP service that Amazon ECS creates for this Amazon ECS service. This must be unique within the CMAP namespace. The name can contain up to 64 characters. The name can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen. - If the ``discoveryName`` isn't specified, the port mapping name from the task definition is used in ``portName.namespace``. - ClientAliases: - type: array - items: - $ref: '#/components/schemas/ServiceConnectClientAlias' - description: |- - The list of client aliases for this Service Connect service. You use these to assign names that can be used by client applications. The maximum number of client aliases that you can have in this list is 1. - Each alias ("endpoint") is a fully-qualified name and port number that other Amazon ECS tasks ("clients") can use to connect to this service. - Each name and port mapping must be unique within the namespace. - For each ``ServiceConnectService``, you must provide at least one ``clientAlias`` with one ``port``. - IngressPortOverride: - type: integer - description: |- - The port number for the Service Connect proxy to listen on. - Use the value of this field to bypass the proxy for traffic on the port number specified in the named ``portMapping`` in the task definition of this application, and then use it in your VPC security groups to allow traffic into the proxy for this Amazon ECS service. - In ``awsvpc`` mode and Fargate, the default value is the container port number. The container port number is in the ``portMapping`` in the task definition. In bridge mode, the default value is the ephemeral port of the Service Connect proxy. - Tls: - $ref: '#/components/schemas/ServiceConnectTlsConfiguration' - description: A reference to an object that represents a Transport Layer Security (TLS) configuration. - Timeout: - $ref: '#/components/schemas/TimeoutConfiguration' - description: A reference to an object that represents the configured timeouts for Service Connect. required: - - PortName - additionalProperties: false - description: The Service Connect service object configuration. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + - Enabled ServiceConnectTlsConfiguration: + description: The key that encrypts and decrypts your resources for Service Connect TLS. + additionalProperties: false type: object properties: IssuerCertificateAuthority: - $ref: '#/components/schemas/ServiceConnectTlsCertificateAuthority' description: The signer certificate authority. + $ref: '#/components/schemas/ServiceConnectTlsCertificateAuthority' KmsKey: - type: string description: The AWS Key Management Service key. - RoleArn: type: string + RoleArn: description: The Amazon Resource Name (ARN) of the IAM role that's associated with the Service Connect TLS. + type: string required: - IssuerCertificateAuthority + DeploymentController: + description: The deployment controller to use for the service. additionalProperties: false - description: An object that represents the configuration for Service Connect TLS. - ServiceConnectTlsCertificateAuthority: type: object properties: - AwsPcaAuthorityArn: + Type: + description: |- + The deployment controller type to use. There are three deployment controller types available: + + ECS The rolling update (ECS) deployment type involves replacing the current running version of the container with the latest version. The number of containers Amazon ECS adds or removes from the service during a rolling update is controlled by adjusting the minimum and maximum number of healthy tasks allowed during a service deployment, as specified in the DeploymentConfiguration. + CODE_DEPLOY The blue/green (CODE_DEPLOY) deployment type uses the blue/green deployment model powered by , which allows you to verify a new deployment of a service before sending production traffic to it. + EXTERNAL The external (EXTERNAL) deployment type enables you to use any third-party deployment controller for full control over the deployment process for an Amazon ECS service. type: string - description: The ARN of the AWS Private Certificate Authority certificate. + enum: + - CODE_DEPLOY + - ECS + - EXTERNAL + LogConfiguration: + description: The ``LogConfiguration`` property specifies log configuration options to send to a custom log driver for the container. additionalProperties: false - description: An object that represents the AWS Private Certificate Authority certificate. - ServiceManagedEBSVolumeConfiguration: type: object required: - - RoleArn + - LogDriver properties: - Encrypted: - type: boolean - description: Indicates whether the volume should be encrypted. If no value is specified, encryption is turned on by default. This parameter maps 1:1 with the ``Encrypted`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. - KmsKeyId: - type: string - description: |- - The Amazon Resource Name (ARN) identifier of the AWS Key Management Service key to use for Amazon EBS encryption. When encryption is turned on and no AWS Key Management Service key is specified, the default AWS managed key for Amazon EBS volumes is used. This parameter maps 1:1 with the ``KmsKeyId`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. - AWS authenticates the AWS Key Management Service key asynchronously. Therefore, if you specify an ID, alias, or ARN that is invalid, the action can appear to complete, but eventually fails. - VolumeType: - type: string + SecretOptions: + description: The secrets to pass to the log configuration. For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Secret' + Options: + x-patternProperties: + .{1,}: + type: string description: |- - The volume type. This parameter maps 1:1 with the ``VolumeType`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html) in the *Amazon EC2 User Guide*. - The following are the supported volume types. - + General Purpose SSD: ``gp2``|``gp3`` - + Provisioned IOPS SSD: ``io1``|``io2`` - + Throughput Optimized HDD: ``st1`` - + Cold HDD: ``sc1`` - + Magnetic: ``standard`` - The magnetic volume type is not supported on Fargate. - SizeInGiB: - type: integer + The configuration options to send to the log driver. + The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: + + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. + To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. + When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. + Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. + When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. + When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. For more information, see [Under the hood: FireLens for Amazon ECS Tasks](https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/). + When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. + This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + additionalProperties: false + type: object + LogDriver: description: |- - The size of the volume in GiB. You must specify either a volume size or a snapshot ID. If you specify a snapshot ID, the snapshot size is used for the volume size by default. You can optionally specify a volume size greater than or equal to the snapshot size. This parameter maps 1:1 with the ``Size`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. - The following are the supported volume size values for each volume type. - + ``gp2`` and ``gp3``: 1-16,384 - + ``io1`` and ``io2``: 4-16,384 - + ``st1`` and ``sc1``: 125-16,384 - + ``standard``: 1-1,024 - SnapshotId: + The log driver to use for the container. + For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``. + For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``syslog``, ``splunk``, and ``awsfirelens``. + For more information about using the ``awslogs`` log driver, see [Send Amazon ECS logs to CloudWatch](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide*. + For more information about using the ``awsfirelens`` log driver, see [Send Amazon ECS logs to an service or Partner](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html). + If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software. type: string - description: The snapshot that Amazon ECS uses to create the volume. You must specify either a snapshot ID or a volume size. This parameter maps 1:1 with the ``SnapshotId`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. - Iops: - type: integer + Secret: + description: |- + An object representing the secret to expose to your container. Secrets can be exposed to a container in the following ways: + + To inject sensitive data into your containers as environment variables, use the ``secrets`` container definition parameter. + + To reference sensitive information in the log configuration of a container, use the ``secretOptions`` container definition parameter. + + For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. + additionalProperties: false + type: object + required: + - Name + - ValueFrom + properties: + ValueFrom: description: |- - The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. - The following are the supported values for each volume type. - + ``gp3``: 3,000 - 16,000 IOPS - + ``io1``: 100 - 64,000 IOPS - + ``io2``: 100 - 256,000 IOPS - - This parameter is required for ``io1`` and ``io2`` volume types. The default for ``gp3`` volumes is ``3,000 IOPS``. This parameter is not supported for ``st1``, ``sc1``, or ``standard`` volume types. - This parameter maps 1:1 with the ``Iops`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. - Throughput: - type: integer + The secret to expose to the container. The supported values are either the full ARN of the ASMlong secret or the full ARN of the parameter in the SSM Parameter Store. + For information about the require IAMlong permissions, see [Required IAM permissions for Amazon ECS secrets](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html#secrets-iam) (for Secrets Manager) or [Required IAM permissions for Amazon ECS secrets](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-parameters.html) (for Systems Manager Parameter store) in the *Amazon Elastic Container Service Developer Guide*. + If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified. + type: string + Name: + description: The name of the secret. + type: string + AwsVpcConfiguration: + description: The VPC subnets and security groups associated with a task. All specified subnets and security groups must be from the same VPC. + additionalProperties: false + type: object + properties: + SecurityGroups: + maxItems: 5 + description: The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. There is a limit of 5 security groups that can be specified per AwsVpcConfiguration. + type: array + items: + type: string + Subnets: + maxItems: 16 + description: The subnets associated with the task or service. There is a limit of 16 subnets that can be specified per AwsVpcConfiguration. + type: array + items: + type: string + AssignPublicIp: + description: Whether the task's elastic network interface receives a public IP address. The default value is DISABLED. + type: string + enum: + - DISABLED + - ENABLED + required: + - Subnets + PlacementConstraint: + description: |- + An object representing a constraint on task placement. For more information, see [Task placement constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) in the *Amazon Elastic Container Service Developer Guide*. + If you're using the Fargate launch type, task placement constraints aren't supported. + additionalProperties: false + type: object + properties: + Type: + description: The type of constraint. Use ``distinctInstance`` to ensure that each task in a particular group is running on a different container instance. Use ``memberOf`` to restrict the selection to a group of valid candidates. + type: string + enum: + - distinctInstance + - memberOf + Expression: + description: A cluster query language expression to apply to the constraint. The expression can have a maximum length of 2000 characters. You can't specify an expression if the constraint type is ``distinctInstance``. For more information, see [Cluster query language](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html) in the *Amazon Elastic Container Service Developer Guide*. + type: string + required: + - Type + ServiceManagedEBSVolumeConfiguration: + description: |- + The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. These settings are used to create each Amazon EBS volume, with one volume created for each task in the service. For information about the supported launch types and operating systems, see [Supported operating systems and launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ebs-volumes.html#ebs-volumes-configuration) in the*Amazon Elastic Container Service Developer Guide*. + Many of these parameters map 1:1 with the Amazon EBS ``CreateVolume`` API request parameters. + additionalProperties: false + type: object + required: + - RoleArn + properties: + SnapshotId: + description: The snapshot that Amazon ECS uses to create the volume. You must specify either a snapshot ID or a volume size. This parameter maps 1:1 with the ``SnapshotId`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + type: string + VolumeType: description: |- - The throughput to provision for a volume, in MiB/s, with a maximum of 1,000 MiB/s. This parameter maps 1:1 with the ``Throughput`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. - This parameter is only supported for the ``gp3`` volume type. + The volume type. This parameter maps 1:1 with the ``VolumeType`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html) in the *Amazon EC2 User Guide*. + The following are the supported volume types. + + General Purpose SSD: ``gp2``|``gp3`` + + Provisioned IOPS SSD: ``io1``|``io2`` + + Throughput Optimized HDD: ``st1`` + + Cold HDD: ``sc1`` + + Magnetic: ``standard`` + The magnetic volume type is not supported on Fargate. + type: string + KmsKeyId: + description: |- + The Amazon Resource Name (ARN) identifier of the AWS Key Management Service key to use for Amazon EBS encryption. When encryption is turned on and no AWS Key Management Service key is specified, the default AWS managed key for Amazon EBS volumes is used. This parameter maps 1:1 with the ``KmsKeyId`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + AWS authenticates the AWS Key Management Service key asynchronously. Therefore, if you specify an ID, alias, or ARN that is invalid, the action can appear to complete, but eventually fails. + type: string TagSpecifications: + description: The tags to apply to the volume. Amazon ECS applies service-managed tags by default. This parameter maps 1:1 with the ``TagSpecifications.N`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. type: array items: $ref: '#/components/schemas/EBSTagSpecification' - description: The tags to apply to the volume. Amazon ECS applies service-managed tags by default. This parameter maps 1:1 with the ``TagSpecifications.N`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. - RoleArn: + FilesystemType: + description: "The filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start.\n The available Linux filesystem types are\L ``ext3``, ``ext4``, and ``xfs``. If no value is specified, the ``xfs`` filesystem type is used by default.\n The available Windows filesystem types are ``NTFS``." type: string + Encrypted: + description: Indicates whether the volume should be encrypted. If no value is specified, encryption is turned on by default. This parameter maps 1:1 with the ``Encrypted`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + type: boolean + Throughput: + description: |- + The throughput to provision for a volume, in MiB/s, with a maximum of 1,000 MiB/s. This parameter maps 1:1 with the ``Throughput`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + This parameter is only supported for the ``gp3`` volume type. + type: integer + Iops: + description: |- + The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. + The following are the supported values for each volume type. + + ``gp3``: 3,000 - 16,000 IOPS + + ``io1``: 100 - 64,000 IOPS + + ``io2``: 100 - 256,000 IOPS + + This parameter is required for ``io1`` and ``io2`` volume types. The default for ``gp3`` volumes is ``3,000 IOPS``. This parameter is not supported for ``st1``, ``sc1``, or ``standard`` volume types. + This parameter maps 1:1 with the ``Iops`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + type: integer + SizeInGiB: + description: |- + The size of the volume in GiB. You must specify either a volume size or a snapshot ID. If you specify a snapshot ID, the snapshot size is used for the volume size by default. You can optionally specify a volume size greater than or equal to the snapshot size. This parameter maps 1:1 with the ``Size`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. + The following are the supported volume size values for each volume type. + + ``gp2`` and ``gp3``: 1-16,384 + + ``io1`` and ``io2``: 4-16,384 + + ``st1`` and ``sc1``: 125-16,384 + + ``standard``: 1-1,024 + type: integer + RoleArn: description: The ARN of the IAM role to associate with this volume. This is the Amazon ECS infrastructure IAM role that is used to manage your AWS infrastructure. We recommend using the Amazon ECS-managed ``AmazonECSInfrastructureRolePolicyForVolumes`` IAM policy with this role. For more information, see [Amazon ECS infrastructure IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/infrastructure_IAM_role.html) in the *Amazon ECS Developer Guide*. - FilesystemType: type: string - description: "The Linux filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start.\n The available filesystem types are\L ``ext3``, ``ext4``, and ``xfs``. If no value is specified, the ``xfs`` filesystem type is used by default." + ServiceConnectClientAlias: description: |- - The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. These settings are used to create each Amazon EBS volume, with one volume created for each task in the service. - Many of these parameters map 1:1 with the Amazon EBS ``CreateVolume`` API request parameters. - TimeoutConfiguration: + Each alias ("endpoint") is a fully-qualified name and port number that other tasks ("clients") can use to connect to this service. + Each name and port mapping must be unique within the namespace. + Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + additionalProperties: false type: object properties: - IdleTimeoutSeconds: - type: integer + DnsName: description: |- - The amount of time in seconds a connection will stay active while idle. A value of ``0`` can be set to disable ``idleTimeout``. - The ``idleTimeout`` default for ``HTTP``/``HTTP2``/``GRPC`` is 5 minutes. - The ``idleTimeout`` default for ``TCP`` is 1 hour. - PerRequestTimeoutSeconds: + The ``dnsName`` is the name that you use in the applications of client tasks to connect to this service. The name must be a valid DNS name but doesn't need to be fully-qualified. The name can include up to 127 characters. The name can include lowercase letters, numbers, underscores (_), hyphens (-), and periods (.). The name can't start with a hyphen. + If this parameter isn't specified, the default value of ``discoveryName.namespace`` is used. If the ``discoveryName`` isn't specified, the port mapping name from the task definition is used in ``portName.namespace``. + To avoid changing your applications in client Amazon ECS services, set this to the same name that the client application uses by default. For example, a few common names are ``database``, ``db``, or the lowercase name of a database, such as ``mysql`` or ``redis``. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + type: string + Port: + description: |- + The listening port number for the Service Connect proxy. This port is available inside of all of the tasks within the same namespace. + To avoid changing your applications in client Amazon ECS services, set this to the same port that the client application uses by default. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. type: integer - description: The amount of time waiting for the upstream to respond with a complete response per request. A value of ``0`` can be set to disable ``perRequestTimeout``. ``perRequestTimeout`` can only be set if Service Connect ``appProtocol`` isn't ``TCP``. Only ``idleTimeout`` is allowed for ``TCP`` ``appProtocol``. + required: + - Port + ServiceVolumeConfiguration: + description: The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. additionalProperties: false - description: |- - An object that represents the timeout configurations for Service Connect. - If ``idleTimeout`` is set to a time that is less than ``perRequestTimeout``, the connection will close when the ``idleTimeout`` is reached and not the ``perRequestTimeout``. + type: object + required: + - Name + properties: + ManagedEBSVolume: + description: The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. These settings are used to create each Amazon EBS volume, with one volume created for each task in the service. The Amazon EBS volumes are visible in your account in the Amazon EC2 console once they are created. + $ref: '#/components/schemas/ServiceManagedEBSVolumeConfiguration' + Name: + description: The name of the volume. This value must match the volume name from the ``Volume`` object in the task definition. + type: string + NetworkConfiguration: + description: An object representing the network configuration for a task or service. + additionalProperties: false + type: object + properties: + AwsVpcConfiguration: + $ref: '#/components/schemas/AwsVpcConfiguration' ServiceRegistry: + additionalProperties: false type: object properties: ContainerName: @@ -1117,151 +1059,211 @@ components: The container name value, already specified in the task definition, to be used for your service discovery service. If the task definition that your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition that your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value, but not both. type: string + Port: + description: The port value used if your service discovery service specified an SRV record. This field may be used if both the awsvpc network mode and SRV records are used. + type: integer ContainerPort: description: >- The port value, already specified in the task definition, to be used for your service discovery service. If the task definition your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value, but not both. type: integer - Port: - description: The port value used if your service discovery service specified an SRV record. This field may be used if both the awsvpc network mode and SRV records are used. - type: integer RegistryArn: description: The Amazon Resource Name (ARN) of the service registry. The currently supported service registry is AWS Cloud Map. For more information, see https://docs.aws.amazon.com/cloud-map/latest/api/API_CreateService.html type: string + DeploymentCircuitBreaker: + description: |- + The deployment circuit breaker can only be used for services using the rolling update (``ECS``) deployment type. + The *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If it is turned on, a service deployment will transition to a failed state and stop launching new tasks. You can also configure Amazon ECS to roll back your service to the last completed deployment after a failure. For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide*. + For more information about API failure reasons, see [API failure reasons](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/api_failures_messages.html) in the *Amazon Elastic Container Service Developer Guide*. additionalProperties: false - ServiceVolumeConfiguration: type: object + properties: + Enable: + description: Determines whether to use the deployment circuit breaker logic for the service. + type: boolean + Rollback: + description: Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is on, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. + type: boolean required: - - Name + - Enable + - Rollback + DeploymentConfiguration: + description: Optional deployment parameters that control how many tasks run during a deployment and the ordering of stopping and starting tasks. + additionalProperties: false + type: object properties: - Name: - type: string - description: The name of the volume. This value must match the volume name from the ``Volume`` object in the task definition. - ManagedEBSVolume: - $ref: '#/components/schemas/ServiceManagedEBSVolumeConfiguration' - description: The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. These settings are used to create each Amazon EBS volume, with one volume created for each task in the service. The Amazon EBS volumes are visible in your account in the Amazon EC2 console once they are created. - description: The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. - Service: + Alarms: + description: Information about the CloudWatch alarms. + $ref: '#/components/schemas/DeploymentAlarms' + DeploymentCircuitBreaker: + description: |- + The deployment circuit breaker can only be used for services using the rolling update (``ECS``) deployment type. + The *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If you use the deployment circuit breaker, a service deployment will transition to a failed state and stop launching new tasks. If you use the rollback option, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide* + $ref: '#/components/schemas/DeploymentCircuitBreaker' + MaximumPercent: + description: >- + If a service is using the rolling update (``ECS``) deployment type, the ``maximumPercent`` parameter represents an upper limit on the number of your service's tasks that are allowed in the ``RUNNING`` or ``PENDING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the ``REPLICA`` service scheduler and has a ``desiredCount`` of + four tasks and a ``maximumPercent`` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default ``maximumPercent`` value for a service using the ``REPLICA`` service scheduler is 200%. + The Amazon ECS scheduler uses this parameter to replace unhealthy tasks by starting replacement tasks first and then stopping the unhealthy tasks, as long as cluster resources for starting replacement tasks are available. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html). + If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. + You can't specify a custom ``maximumPercent`` value for a service that uses either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and has tasks that use the EC2 launch type. + If the service uses either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types, and the tasks in the service use the Fargate launch type, the maximum percent value is not used. The value is still returned when describing your service. + type: integer + MinimumHealthyPercent: + description: >- + If a service is using the rolling update (``ECS``) deployment type, the ``minimumHealthyPercent`` represents a lower limit on the number of your service's tasks that must remain in the ``RUNNING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a ``desiredCount`` of four tasks and a ``minimumHealthyPercent`` of 50%, + the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks. + If any tasks are unhealthy and if ``maximumPercent`` doesn't allow the Amazon ECS scheduler to start replacement tasks, the scheduler stops the unhealthy tasks one-by-one — using the ``minimumHealthyPercent`` as a constraint — to clear up capacity to launch replacement tasks. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) . + For services that *do not* use a load balancer, the following should be noted: + + A service is considered healthy if all essential containers within the tasks in the service pass their health checks. + + If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a ``RUNNING`` state before the task is counted towards the minimum healthy percent total. + + If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings. + + For services that *do* use a load balancer, the following should be noted: + + If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total. + + If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total. + + The default value for a replica service for ``minimumHealthyPercent`` is 100%. The default ``minimumHealthyPercent`` value for a service using the ``DAEMON`` service schedule is 0% for the CLI, the AWS SDKs, and the APIs and 50% for the AWS Management Console. + The minimum number of healthy tasks during a deployment is the ``desiredCount`` multiplied by the ``minimumHealthyPercent``/100, rounded up to the nearest integer value. + If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. + You can't specify a custom ``minimumHealthyPercent`` value for a service that uses either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and has tasks that use the EC2 launch type. + If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service. + type: integer + EBSTagSpecification: + description: The tag specifications of an Amazon EBS volume. + additionalProperties: false type: object + required: + - ResourceType properties: - ServiceArn: + PropagateTags: + description: "Determines whether to propagate the tags from the task definition to \Lthe Amazon EBS volume. Tags can only propagate to a ``SERVICE`` specified in \L``ServiceVolumeConfiguration``. If no value is specified, the tags aren't \Lpropagated." type: string - description: '' - CapacityProviderStrategy: + enum: + - SERVICE + - TASK_DEFINITION + ResourceType: + description: The type of volume resource. + type: string + Tags: + description: The tags applied to this Amazon EBS volume. ``AmazonECSCreated`` and ``AmazonECSManaged`` are reserved tags that can't be used. type: array items: - $ref: '#/components/schemas/CapacityProviderStrategyItem' + $ref: '#/components/schemas/Tag' + ServiceConnectService: + description: The Service Connect service object configuration. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + additionalProperties: false + type: object + properties: + Timeout: + description: A reference to an object that represents the configured timeouts for Service Connect. + $ref: '#/components/schemas/TimeoutConfiguration' + IngressPortOverride: description: |- - The capacity provider strategy to use for the service. - If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. - A capacity provider strategy may contain a maximum of 6 capacity providers. - Cluster: - type: string - description: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed. - DeploymentConfiguration: - $ref: '#/components/schemas/DeploymentConfiguration' - description: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks. - DeploymentController: - $ref: '#/components/schemas/DeploymentController' - description: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used. - DesiredCount: - type: integer - description: |- - The number of instantiations of the specified task definition to place and keep running in your service. - For new services, if a desired count is not specified, a default value of ``1`` is used. When using the ``DAEMON`` scheduling strategy, the desired count is not required. - For existing services, if a desired count is not specified, it is omitted from the operation. - EnableECSManagedTags: - type: boolean - description: |- - Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see [Tagging your Amazon ECS resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) in the *Amazon Elastic Container Service Developer Guide*. - When you use Amazon ECS managed tags, you need to set the ``propagateTags`` request parameter. - EnableExecuteCommand: - type: boolean - description: Determines whether the execute command functionality is turned on for the service. If ``true``, the execute command functionality is turned on for all containers in tasks as part of the service. - HealthCheckGracePeriodSeconds: + The port number for the Service Connect proxy to listen on. + Use the value of this field to bypass the proxy for traffic on the port number specified in the named ``portMapping`` in the task definition of this application, and then use it in your VPC security groups to allow traffic into the proxy for this Amazon ECS service. + In ``awsvpc`` mode and Fargate, the default value is the container port number. The container port number is in the ``portMapping`` in the task definition. In bridge mode, the default value is the ephemeral port of the Service Connect proxy. type: integer + ClientAliases: description: |- - The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of ``0`` is used. - If you do not use an Elastic Load Balancing, we recommend that you use the ``startPeriod`` in the task definition health check parameters. For more information, see [Health check](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HealthCheck.html). - If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up. - LaunchType: - type: string - enum: - - EC2 - - FARGATE - - EXTERNAL - description: The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide*. - LoadBalancers: + The list of client aliases for this Service Connect service. You use these to assign names that can be used by client applications. The maximum number of client aliases that you can have in this list is 1. + Each alias ("endpoint") is a fully-qualified name and port number that other Amazon ECS tasks ("clients") can use to connect to this service. + Each name and port mapping must be unique within the namespace. + For each ``ServiceConnectService``, you must provide at least one ``clientAlias`` with one ``port``. type: array items: - $ref: '#/components/schemas/LoadBalancer' - description: A list of load balancer objects to associate with the service. If you specify the ``Role`` property, ``LoadBalancers`` must be specified as well. For information about the number of load balancers that you can specify per service, see [Service Load Balancing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html) in the *Amazon Elastic Container Service Developer Guide*. - Name: + $ref: '#/components/schemas/ServiceConnectClientAlias' + Tls: + description: A reference to an object that represents a Transport Layer Security (TLS) configuration. + $ref: '#/components/schemas/ServiceConnectTlsConfiguration' + DiscoveryName: + description: |- + The ``discoveryName`` is the name of the new CMAP service that Amazon ECS creates for this Amazon ECS service. This must be unique within the CMAP namespace. The name can contain up to 64 characters. The name can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen. + If the ``discoveryName`` isn't specified, the port mapping name from the task definition is used in ``portName.namespace``. type: string - description: '' - NetworkConfiguration: - $ref: '#/components/schemas/NetworkConfiguration' - description: The network configuration for the service. This parameter is required for task definitions that use the ``awsvpc`` network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. - PlacementConstraints: - type: array - items: - $ref: '#/components/schemas/PlacementConstraint' - description: An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime. - PlacementStrategies: - type: array - items: - $ref: '#/components/schemas/PlacementStrategy' - description: The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service. - PlatformVersion: + PortName: + description: The ``portName`` must match the name of one of the ``portMappings`` from all the containers in the task definition of this Amazon ECS service. type: string + required: + - PortName + Service: + type: object + properties: + PlatformVersion: default: LATEST description: The platform version that your tasks in the service are running on. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the ``LATEST`` platform version is used. For more information, see [platform versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html) in the *Amazon Elastic Container Service Developer Guide*. + type: string PropagateTags: + description: |- + Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action. + You must set this to a value other than ``NONE`` when you use Cost Explorer. For more information, see [Amazon ECS usage reports](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/usage-reports.html) in the *Amazon Elastic Container Service Developer Guide*. + The default is ``NONE``. type: string enum: - SERVICE - TASK_DEFINITION + ServiceArn: + description: '' + type: string + PlacementStrategies: + description: The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service. + type: array + items: + $ref: '#/components/schemas/PlacementStrategy' + ServiceRegistries: description: |- - Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action. - The default is ``NONE``. - Role: + The details of the service discovery registry to associate with this service. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html). + Each service may be associated with one service registry. Multiple service registries for each service isn't supported. + type: array + items: + $ref: '#/components/schemas/ServiceRegistry' + VolumeConfigurations: + description: The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. + type: array + items: + $ref: '#/components/schemas/ServiceVolumeConfiguration' + CapacityProviderStrategy: + description: |- + The capacity provider strategy to use for the service. + If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. + A capacity provider strategy can contain a maximum of 20 capacity providers. + type: array + items: + $ref: '#/components/schemas/CapacityProviderStrategyItem' + LaunchType: + description: The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide*. + type: string + enum: + - EC2 + - FARGATE + - EXTERNAL + Name: + description: '' type: string + AvailabilityZoneRebalancing: + default: DISABLED description: |- - The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition doesn't use the ``awsvpc`` network mode. If you specify the ``role`` parameter, you must also specify a load balancer object with the ``loadBalancers`` parameter. - If your account has already created the Amazon ECS service-linked role, that role is used for your service unless you specify a role here. The service-linked role is required if your task definition uses the ``awsvpc`` network mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you don't specify a role here. For more information, see [Using service-linked roles for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) in the *Amazon Elastic Container Service Developer Guide*. - If your specified role has a path other than ``/``, then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the name ``bar`` has a path of ``/foo/`` then you would specify ``/foo/bar`` as the role name. For more information, see [Friendly names and paths](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) in the *IAM User Guide*. - SchedulingStrategy: + Indicates whether to use Availability Zone rebalancing for the service. + For more information, see [Balancing an Amazon ECS service across Availability Zones](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html) in the *Amazon Elastic Container Service Developer Guide*. type: string enum: - - DAEMON - - REPLICA + - ENABLED + - DISABLED + SchedulingStrategy: description: |- The scheduling strategy to use for the service. For more information, see [Services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html). There are two service scheduler strategies available: + ``REPLICA``-The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. This scheduler strategy is required if the service uses the ``CODE_DEPLOY`` or ``EXTERNAL`` deployment controller types. + ``DAEMON``-The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that don't meet the placement constraints. When you're using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies. Tasks using the Fargate launch type or the ``CODE_DEPLOY`` or ``EXTERNAL`` deployment controller types don't support the ``DAEMON`` scheduling strategy. - ServiceConnectConfiguration: - $ref: '#/components/schemas/ServiceConnectConfiguration' - description: |- - The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. - Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. - ServiceName: type: string - description: |- - The name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions. - The stack update fails if you change any properties that require replacement and the ``ServiceName`` is configured. This is because AWS CloudFormation creates the replacement service first, but each ``ServiceName`` must be unique in the cluster. - ServiceRegistries: - type: array - items: - $ref: '#/components/schemas/ServiceRegistry' - description: |- - The details of the service discovery registry to associate with this service. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html). - Each service may be associated with one service registry. Multiple service registries for each service isn't supported. + enum: + - DAEMON + - REPLICA + NetworkConfiguration: + description: The network configuration for the service. This parameter is required for task definitions that use the ``awsvpc`` network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. + $ref: '#/components/schemas/NetworkConfiguration' Tags: - type: array - items: - $ref: '#/components/schemas/Tag' description: |- The metadata that you apply to the service to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. When a service is deleted, the tags are deleted as well. The following basic restrictions apply to tags: @@ -1272,22 +1274,79 @@ components: + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. + Tag keys and values are case-sensitive. + Do not use ``aws:``, ``AWS:``, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit. - TaskDefinition: + type: array + items: + $ref: '#/components/schemas/Tag' + HealthCheckGracePeriodSeconds: + description: |- + The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you don't specify a health check grace period value, the default value of ``0`` is used. If you don't use any of the health checks, then ``healthCheckGracePeriodSeconds`` is unused. + If your service's tasks take a while to start and respond to health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up. + type: integer + EnableECSManagedTags: + description: |- + Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see [Tagging your Amazon ECS resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) in the *Amazon Elastic Container Service Developer Guide*. + When you use Amazon ECS managed tags, you need to set the ``propagateTags`` request parameter. + type: boolean + EnableExecuteCommand: + description: Determines whether the execute command functionality is turned on for the service. If ``true``, the execute command functionality is turned on for all containers in tasks as part of the service. + type: boolean + PlacementConstraints: + description: An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime. + type: array + items: + $ref: '#/components/schemas/PlacementConstraint' + Cluster: + description: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed. + type: string + LoadBalancers: + description: A list of load balancer objects to associate with the service. If you specify the ``Role`` property, ``LoadBalancers`` must be specified as well. For information about the number of load balancers that you can specify per service, see [Service Load Balancing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html) in the *Amazon Elastic Container Service Developer Guide*. + type: array + items: + $ref: '#/components/schemas/LoadBalancer' + ServiceConnectConfiguration: + description: |- + The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. + Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + $ref: '#/components/schemas/ServiceConnectConfiguration' + DesiredCount: + description: |- + The number of instantiations of the specified task definition to place and keep running in your service. + For new services, if a desired count is not specified, a default value of ``1`` is used. When using the ``DAEMON`` scheduling strategy, the desired count is not required. + For existing services, if a desired count is not specified, it is omitted from the operation. + type: integer + VpcLatticeConfigurations: + description: The VPC Lattice configuration for the service being created. + type: array + items: + $ref: '#/components/schemas/VpcLatticeConfiguration' + DeploymentController: + description: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used. + $ref: '#/components/schemas/DeploymentController' + Role: + description: |- + The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition doesn't use the ``awsvpc`` network mode. If you specify the ``role`` parameter, you must also specify a load balancer object with the ``loadBalancers`` parameter. + If your account has already created the Amazon ECS service-linked role, that role is used for your service unless you specify a role here. The service-linked role is required if your task definition uses the ``awsvpc`` network mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you don't specify a role here. For more information, see [Using service-linked roles for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) in the *Amazon Elastic Container Service Developer Guide*. + If your specified role has a path other than ``/``, then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the name ``bar`` has a path of ``/foo/`` then you would specify ``/foo/bar`` as the role name. For more information, see [Friendly names and paths](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) in the *IAM User Guide*. type: string + TaskDefinition: description: |- The ``family`` and ``revision`` (``family:revision``) or full ARN of the task definition to run in your service. If a ``revision`` isn't specified, the latest ``ACTIVE`` revision is used. A task definition must be specified if the service uses either the ``ECS`` or ``CODE_DEPLOY`` deployment controllers. For more information about deployment types, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html). - VolumeConfigurations: - type: array - items: - $ref: '#/components/schemas/ServiceVolumeConfiguration' - description: The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. + type: string + ServiceName: + description: |- + The name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions. + The stack update fails if you change any properties that require replacement and the ``ServiceName`` is configured. This is because AWS CloudFormation creates the replacement service first, but each ``ServiceName`` must be unique in the cluster. + type: string + DeploymentConfiguration: + description: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks. + $ref: '#/components/schemas/DeploymentConfiguration' x-stackql-resource-name: service description: |- The ``AWS::ECS::Service`` resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers. - The stack update fails if you change any properties that require replacement and at least one Amazon ECS Service Connect ``ServiceConnectService`` is configured. This is because AWS CloudFormation creates the replacement service first, but each ``ServiceConnectService`` must have a name that is unique in the namespace. - Starting April 15, 2023, AWS; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, ECS, or EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service. + The stack update fails if you change any properties that require replacement and at least one ECS Service Connect ``ServiceConnectConfiguration`` property the is configured. This is because AWS CloudFormation creates the replacement service first, but each ``ServiceConnectService`` must have a name that is unique in the namespace. + Starting April 15, 2023, AWS; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, ECS, or EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service. x-type-name: AWS::ECS::Service x-stackql-primary-identifier: - ServiceArn @@ -1306,375 +1365,439 @@ components: - ServiceArn - Name x-tagging: + permissions: + - ecs:TagResource + - ecs:UntagResource + - ecs:ListTagsForResource taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: true tagProperty: /properties/Tags + cloudFormationSystemTags: false x-required-permissions: + read: + - ecs:DescribeServices create: - ecs:CreateService - ecs:DescribeServices - iam:PassRole - ecs:TagResource - read: - - ecs:DescribeServices update: - ecs:DescribeServices - ecs:ListTagsForResource - ecs:TagResource - ecs:UntagResource - ecs:UpdateService - delete: - - ecs:DeleteService - - ecs:DescribeServices list: - ecs:DescribeServices - ecs:ListClusters - ecs:ListServices - ContainerDefinition: - description: The ``ContainerDefinition`` property specifies a container definition. Container definitions are used in task definitions to describe the different containers that are launched as part of a task. + delete: + - ecs:DeleteService + - ecs:DescribeServices + VolumeFrom: + description: Details on a data volume from another container in the same task definition. + additionalProperties: false type: object - required: - - Name - - Image properties: - Command: - type: array - x-insertionOrder: true - items: - type: string - description: >- - The command that's passed to the container. This parameter maps to ``Cmd`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``COMMAND`` parameter to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). For more information, see - [https://docs.docker.com/engine/reference/builder/#cmd](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/builder/#cmd). If there are multiple arguments, each argument is a separated string in the array. - Cpu: - type: integer + ReadOnly: + description: If this value is ``true``, the container has read-only access to the volume. If this value is ``false``, then the container can write to the volume. The default value is ``false``. + type: boolean + SourceContainer: + description: The name of another container within the same task definition to mount volumes from. + type: string + ContainerDependency: + description: |- + The ``ContainerDependency`` property specifies the dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. + Your Amazon ECS container instances require at least version 1.26.0 of the container agent to enable container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + For tasks using the Fargate launch type, this parameter requires that the task or service uses platform version 1.3.0 or later. + additionalProperties: false + type: object + properties: + Condition: description: |- - The number of ``cpu`` units reserved for the container. This parameter maps to ``CpuShares`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--cpu-shares`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level ``cpu`` value. - You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the [Amazon EC2 Instances](https://docs.aws.amazon.com/ec2/instance-types/) detail page by 1,024. - Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units. - On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. For more information, see [CPU share constraint](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#cpu-share-constraint) in the Docker documentation. The minimum valid CPU share value that the Linux kernel allows is 2. However, the CPU parameter isn't required, and you can use CPU values below 2 in your container definitions. For CPU values below 2 (including null), the behavior varies based on your Amazon ECS container agent version: - + *Agent versions less than or equal to 1.1.0:* Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares. - + *Agent versions greater than or equal to 1.2.0:* Null, zero, and CPU values of 1 are passed to Docker as 2. - - On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as ``0``, which Windows interprets as 1% of one CPU. - CredentialSpecs: + The dependency condition of the container. The following are the available conditions and their behavior: + + ``START`` - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start. + + ``COMPLETE`` - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can't be set on an essential container. + + ``SUCCESS`` - This condition is the same as ``COMPLETE``, but it also requires that the container exits with a ``zero`` status. This condition can't be set on an essential container. + + ``HEALTHY`` - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup. + type: string + ContainerName: + description: The name of a container. + type: string + HealthCheck: + description: |- + The ``HealthCheck`` property specifies an object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the ``HEALTHCHECK`` parameter of docker run. + The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image. + If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it. + The following are notes about container health check support: + + Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html). + + Container health checks are supported for Fargate tasks if you are using platform version 1.1.0 or greater. For more information, see [Platform Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html). + + Container health checks are not supported for tasks that are part of a service that is configured to use a Classic Load Balancer. + additionalProperties: false + type: object + properties: + Command: + description: |- + A string array representing the command that the container runs to determine if it is healthy. The string array must start with ``CMD`` to run the command arguments directly, or ``CMD-SHELL`` to run the command with the container's default shell. + When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets. + ``[ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]`` + You don't include the double quotes and brackets when you use the AWS Management Console. + ``CMD-SHELL, curl -f http://localhost/ || exit 1`` + An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the docker container create command. + x-insertionOrder: true type: array - x-insertionOrder: false items: type: string + Timeout: + description: The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. + type: integer + Retries: + description: The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. + type: integer + Interval: + description: The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. + type: integer + StartPeriod: description: |- - A list of ARNs in SSM or Amazon S3 to a credential spec (``CredSpec``) file that configures the container for Active Directory authentication. We recommend that you use this parameter instead of the ``dockerSecurityOptions``. The maximum number of ARNs is 1. - There are two formats for each ARN. - + credentialspecdomainless:MyARN You use credentialspecdomainless:MyARN to provide a CredSpec with an additional section for a secret in . You provide the login credentials to the domain in the secret. Each task that runs on any container instance can join different domains. You can use this format without joining the container instance to a domain. + credentialspec:MyARN You use credentialspec:MyARN to provide a CredSpec for a single domain. You must join the container instance to the domain before you start any tasks that use this task definition. - In both formats, replace ``MyARN`` with the ARN in SSM or Amazon S3. - If you provide a ``credentialspecdomainless:MyARN``, the ``credspec`` must provide a ARN in ASMlong for a secret containing the username, password, and the domain to connect to. For better security, the instance isn't joined to the domain for domainless authentication. Other applications on the instance can't use the domainless credentials. You can use this parameter to run tasks on the same instance, even it the tasks need to join different domains. For more information, see [Using gMSAs for Windows Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html) and [Using gMSAs for Linux Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html). - DependsOn: - type: array + The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the ``startPeriod`` is off. + If a health check succeeds within the ``startPeriod``, then the container is considered healthy and any subsequent failures count toward the maximum number of retries. + type: integer + HostEntry: + description: The ``HostEntry`` property specifies a hostname and an IP address that are added to the ``/etc/hosts`` file of a container through the ``extraHosts`` parameter of its ``ContainerDefinition`` resource. + additionalProperties: false + type: object + properties: + Hostname: + description: The hostname to use in the ``/etc/hosts`` entry. + type: string + IpAddress: + description: The IP address to use in the ``/etc/hosts`` entry. + type: string + ContainerDefinition: + description: The ``ContainerDefinition`` property specifies a container definition. Container definitions are used in task definitions to describe the different containers that are launched as part of a task. + additionalProperties: false + type: object + required: + - Name + - Image + properties: + User: + description: |- + The user to use inside the container. This parameter maps to ``User`` in the docker container create command and the ``--user`` option to docker run. + When running tasks using the ``host`` network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security. + You can specify the ``user`` using the following formats. If specifying a UID or GID, you must specify it as a positive integer. + + ``user`` + + ``user:group`` + + ``uid`` + + ``uid:gid`` + + ``user:gid`` + + ``uid:group`` + + This parameter is not supported for Windows containers. + type: string + Secrets: + description: The secrets to pass to the container. For more information, see [Specifying Sensitive Data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. x-insertionOrder: false + type: array items: - $ref: '#/components/schemas/ContainerDependency' + $ref: '#/components/schemas/Secret' + Memory: + description: >- + The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task ``memory`` value, if one is specified. This parameter maps to ``Memory`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote + API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--memory`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + If using the Fargate launch type, this parameter is optional. + If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level ``memory`` and ``memoryReservation`` value, ``memory`` must be greater than ``memoryReservation``. If you specify ``memoryReservation``, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of ``memory`` is used. + The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container, so you should not specify fewer than 6 MiB of memory for your containers. + The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container, so you should not specify fewer than 4 MiB of memory for your containers. + type: integer + Privileged: description: |- - The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. - For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent to turn on container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. - For tasks using the Fargate launch type, the task or service requires the following platforms: + When this parameter is true, the container is given elevated privileges on the host container instance (similar to the ``root`` user). This parameter maps to ``Privileged`` in the docker container create command and the ``--privileged`` option to docker run + This parameter is not supported for Windows containers or tasks run on FARGATElong. + type: boolean + HealthCheck: + description: The container health check command and associated configuration parameters for the container. This parameter maps to ``HealthCheck`` in the docker container create command and the ``HEALTHCHECK`` parameter of docker run. + $ref: '#/components/schemas/HealthCheck' + StartTimeout: + description: |- + Time duration (in seconds) to wait before giving up on resolving dependencies for a container. For example, you specify two containers in a task definition with containerA having a dependency on containerB reaching a ``COMPLETE``, ``SUCCESS``, or ``HEALTHY`` status. If a ``startTimeout`` value is specified for containerB and it doesn't reach the desired status within that time then containerA gives up and not start. This results in the task transitioning to a ``STOPPED`` state. + When the ``ECS_CONTAINER_START_TIMEOUT`` container agent configuration variable is used, it's enforced independently from this start timeout value. + For tasks using the Fargate launch type, the task or service requires the following platforms: + Linux platform version ``1.3.0`` or later. + Windows platform version ``1.0.0`` or later. - If the task definition is used in a blue/green deployment that uses [AWS::CodeDeploy::DeploymentGroup BlueGreenDeploymentConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-bluegreendeploymentconfiguration.html), the ``dependsOn`` parameter is not supported. For more information see [Issue #680](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/680) on the on the GitHub website. - DisableNetworking: - type: boolean + For tasks using the EC2 launch type, your container instances require at least version ``1.26.0`` of the container agent to use a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version ``1.26.0-1`` of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + The valid values for Fargate are 2-120 seconds. + type: integer + VolumesFrom: + uniqueItems: true + description: Data volumes to mount from another container. This parameter maps to ``VolumesFrom`` in the docker container create command and the ``--volumes-from`` option to docker run. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/VolumeFrom' + Cpu: description: |- - When this parameter is true, networking is off within the container. This parameter maps to ``NetworkDisabled`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/). - This parameter is not supported for Windows containers. - DnsSearchDomains: + The number of ``cpu`` units reserved for the container. This parameter maps to ``CpuShares`` in the docker container create commandand the ``--cpu-shares`` option to docker run. + This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level ``cpu`` value. + You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the [Amazon EC2 Instances](https://docs.aws.amazon.com/ec2/instance-types/) detail page by 1,024. + Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units. + On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version: + + *Agent versions less than or equal to 1.1.0:* Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares. + + *Agent versions greater than or equal to 1.2.0:* Null, zero, and CPU values of 1 are passed to Docker as 2. + + *Agent versions greater than or equal to 1.84.0:* CPU values greater than 256 vCPU are passed to Docker as 256, which is equivalent to 262144 CPU shares. + + On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as ``0``, which Windows interprets as 1% of one CPU. + type: integer + EntryPoint: + description: |- + Early versions of the Amazon ECS container agent don't properly handle ``entryPoint`` parameters. If you have problems using ``entryPoint``, update your container agent or enter your commands and arguments as ``command`` array items instead. + The entry point that's passed to the container. This parameter maps to ``Entrypoint`` in the docker container create command and the ``--entrypoint`` option to docker run. + x-insertionOrder: true type: array - x-insertionOrder: false items: type: string + DnsServers: description: |- - A list of DNS search domains that are presented to the container. This parameter maps to ``DnsSearch`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--dns-search`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + A list of DNS servers that are presented to the container. This parameter maps to ``Dns`` in the docker container create command and the ``--dns`` option to docker run. This parameter is not supported for Windows containers. - DnsServers: - type: array x-insertionOrder: false + type: array items: type: string + ReadonlyRootFilesystem: description: |- - A list of DNS servers that are presented to the container. This parameter maps to ``Dns`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--dns`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ``ReadonlyRootfs`` in the docker container create command and the ``--read-only`` option to docker run. This parameter is not supported for Windows containers. - DockerLabels: - type: object - x-patternProperties: - .{1,}: - type: string - additionalProperties: false + type: boolean + Image: description: >- - A key/value map of labels to add to the container. This parameter maps to ``Labels`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--label`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). This parameter requires - version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` - DockerSecurityOptions: - type: array + The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either ``repository-url/image:tag`` or ``repository-url/image@digest``. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to ``Image`` in the docker container create command and the + ``IMAGE`` parameter of docker run. + + When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks. + + Images in Amazon ECR repositories can be specified by either using the full ``registry/repository:tag`` or ``registry/repository@digest``. For example, ``012345678910.dkr.ecr..amazonaws.com/:latest`` or ``012345678910.dkr.ecr..amazonaws.com/@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE``. + + Images in official repositories on Docker Hub use a single name (for example, ``ubuntu`` or ``mongo``). + + Images in other repositories on Docker Hub are qualified with an organization name (for example, ``amazon/amazon-ecs-agent``). + + Images in other online repositories are qualified further by a domain name (for example, ``quay.io/assemblyline/ubuntu``). + type: string + Essential: + description: |- + If the ``essential`` parameter of a container is marked as ``true``, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the ``essential`` parameter of a container is marked as ``false``, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential. + All tasks must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see [Application Architecture](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/application_architecture.html) in the *Amazon Elastic Container Service Developer Guide*. + type: boolean + LogConfiguration: + description: |- + The log configuration specification for the container. + This parameter maps to ``LogConfig`` in the docker Create a container command and the ``--log-driver`` option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However, the container may use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information on the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation. + Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the [LogConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html) data type). Additional log drivers may be available in future releases of the Amazon ECS container agent. + This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Developer Guide*. + $ref: '#/components/schemas/LogConfiguration' + ResourceRequirements: + description: The type and amount of a resource to assign to a container. The only supported resource is a GPU. x-insertionOrder: false + type: array items: - type: string + $ref: '#/components/schemas/ResourceRequirement' + EnvironmentFiles: + description: |- + A list of files containing the environment variables to pass to a container. This parameter maps to the ``--env-file`` option to docker run. + You can specify up to ten environment files. The file must have a ``.env`` file extension. Each line in an environment file contains an environment variable in ``VARIABLE=VALUE`` format. Lines beginning with ``#`` are treated as comments and are ignored. + If there are environment variables specified using the ``environment`` parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see [Specifying Environment Variables](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html) in the *Amazon Elastic Container Service Developer Guide*. + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/EnvironmentFile' + Name: + description: The name of a container. If you're linking multiple containers together in a task definition, the ``name`` of one container can be entered in the ``links`` of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to ``name`` in the docker container create command and the ``--name`` option to docker run. + type: string + FirelensConfiguration: + description: The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see [Custom Log Routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide*. + $ref: '#/components/schemas/FirelensConfiguration' + DockerSecurityOptions: description: |- - A list of strings to provide custom configuration for multiple security systems. For more information about valid values, see [Docker Run Security Configuration](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). This field isn't valid for containers in tasks using the Fargate launch type. + A list of strings to provide custom configuration for multiple security systems. This field isn't valid for containers in tasks using the Fargate launch type. For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems. For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see [Using gMSAs for Windows Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html) and [Using gMSAs for Linux Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html) in the *Amazon Elastic Container Service Developer Guide*. - This parameter maps to ``SecurityOpt`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--security-opt`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + This parameter maps to ``SecurityOpt`` in the docker container create command and the ``--security-opt`` option to docker run. The Amazon ECS container agent running on a container instance must register with the ``ECS_SELINUX_CAPABLE=true`` or ``ECS_APPARMOR_CAPABLE=true`` environment variables before containers placed on that instance can use these security options. For more information, see [Amazon ECS Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*. - For more information about valid values, see [Docker Run Security Configuration](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - Valid values: "no-new-privileges" | "apparmor:PROFILE" | "label:value" | "credentialspec:CredentialSpecFilePath" - EntryPoint: + Valid values: "no-new-privileges" | "apparmor:PROFILE" | "label:value" | "credentialspec:CredentialSpecFilePath" + x-insertionOrder: false type: array - x-insertionOrder: true items: type: string - description: |- - Early versions of the Amazon ECS container agent don't properly handle ``entryPoint`` parameters. If you have problems using ``entryPoint``, update your container agent or enter your commands and arguments as ``command`` array items instead. - The entry point that's passed to the container. This parameter maps to ``Entrypoint`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--entrypoint`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). For more information, see [https://docs.docker.com/engine/reference/builder/#entrypoint](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/builder/#entrypoint). - Environment: - description: |- - The environment variables to pass to a container. This parameter maps to ``Env`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--env`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - We don't recommend that you use plaintext environment variables for sensitive information, such as credential data. - type: array + SystemControls: + description: A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in the docker container create command and the ``--sysctl`` option to docker run. For example, you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections. x-insertionOrder: false - uniqueItems: true - items: - $ref: '#/components/schemas/KeyValuePair' - EnvironmentFiles: - description: |- - A list of files containing the environment variables to pass to a container. This parameter maps to the ``--env-file`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - You can specify up to ten environment files. The file must have a ``.env`` file extension. Each line in an environment file contains an environment variable in ``VARIABLE=VALUE`` format. Lines beginning with ``#`` are treated as comments and are ignored. For more information about the environment variable file syntax, see [Declare default environment variables in file](https://docs.aws.amazon.com/https://docs.docker.com/compose/env-file/). - If there are environment variables specified using the ``environment`` parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see [Specifying Environment Variables](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html) in the *Amazon Elastic Container Service Developer Guide*. type: array - x-insertionOrder: true items: - $ref: '#/components/schemas/EnvironmentFile' - Essential: + $ref: '#/components/schemas/SystemControl' + Interactive: + description: When this parameter is ``true``, you can deploy containerized applications that require ``stdin`` or a ``tty`` to be allocated. This parameter maps to ``OpenStdin`` in the docker container create command and the ``--interactive`` option to docker run. type: boolean + DnsSearchDomains: description: |- - If the ``essential`` parameter of a container is marked as ``true``, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the ``essential`` parameter of a container is marked as ``false``, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential. - All tasks must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see [Application Architecture](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/application_architecture.html) in the *Amazon Elastic Container Service Developer Guide*. - ExtraHosts: - type: array + A list of DNS search domains that are presented to the container. This parameter maps to ``DnsSearch`` in the docker container create command and the ``--dns-search`` option to docker run. + This parameter is not supported for Windows containers. x-insertionOrder: false + type: array items: - $ref: '#/components/schemas/HostEntry' - description: >- - A list of hostnames and IP address mappings to append to the ``/etc/hosts`` file on the container. This parameter maps to ``ExtraHosts`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--add-host`` option to [docker - run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - This parameter isn't supported for Windows containers or tasks that use the ``awsvpc`` network mode. - FirelensConfiguration: - $ref: '#/components/schemas/FirelensConfiguration' - description: The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see [Custom Log Routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide*. - HealthCheck: - $ref: '#/components/schemas/HealthCheck' - description: >- - The container health check command and associated configuration parameters for the container. This parameter maps to ``HealthCheck`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``HEALTHCHECK`` parameter of [docker - run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - Hostname: - type: string + type: string + CredentialSpecs: description: |- - The hostname to use for your container. This parameter maps to ``Hostname`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--hostname`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - The ``hostname`` parameter is not supported if you're using the ``awsvpc`` network mode. - Image: - description: >- - The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either ``repository-url/image:tag`` or ``repository-url/image@digest``. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to ``Image`` in the [Create a - container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``IMAGE`` parameter of [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - + When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks. - + Images in Amazon ECR repositories can be specified by either using the full ``registry/repository:tag`` or ``registry/repository@digest``. For example, ``012345678910.dkr.ecr..amazonaws.com/:latest`` or ``012345678910.dkr.ecr..amazonaws.com/@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE``. - + Images in official repositories on Docker Hub use a single name (for example, ``ubuntu`` or ``mongo``). - + Images in other repositories on Docker Hub are qualified with an organization name (for example, ``amazon/amazon-ecs-agent``). - + Images in other online repositories are qualified further by a domain name (for example, ``quay.io/assemblyline/ubuntu``). - type: string - Links: - type: array + A list of ARNs in SSM or Amazon S3 to a credential spec (``CredSpec``) file that configures the container for Active Directory authentication. We recommend that you use this parameter instead of the ``dockerSecurityOptions``. The maximum number of ARNs is 1. + There are two formats for each ARN. + + credentialspecdomainless:MyARN You use credentialspecdomainless:MyARN to provide a CredSpec with an additional section for a secret in . You provide the login credentials to the domain in the secret. Each task that runs on any container instance can join different domains. You can use this format without joining the container instance to a domain. + credentialspec:MyARN You use credentialspec:MyARN to provide a CredSpec for a single domain. You must join the container instance to the domain before you start any tasks that use this task definition. + In both formats, replace ``MyARN`` with the ARN in SSM or Amazon S3. + If you provide a ``credentialspecdomainless:MyARN``, the ``credspec`` must provide a ARN in ASMlong for a secret containing the username, password, and the domain to connect to. For better security, the instance isn't joined to the domain for domainless authentication. Other applications on the instance can't use the domainless credentials. You can use this parameter to run tasks on the same instance, even it the tasks need to join different domains. For more information, see [Using gMSAs for Windows Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html) and [Using gMSAs for Linux Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html). x-insertionOrder: false - uniqueItems: true + type: array items: type: string + Ulimits: description: >- - The ``links`` parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is ``bridge``. The ``name:internalName`` construct is analogous to ``name:alias`` in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. For more information about linking Docker containers, go to [Legacy container - links](https://docs.aws.amazon.com/https://docs.docker.com/network/links/) in the Docker documentation. This parameter maps to ``Links`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--link`` option to [docker - run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + A list of ``ulimits`` to set in the container. This parameter maps to ``Ulimits`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--ulimit`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/). Valid naming values are displayed in the + [Ulimit](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Ulimit.html) data type. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` This parameter is not supported for Windows containers. - Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings. - LinuxParameters: - $ref: '#/components/schemas/LinuxParameters' - description: |- - Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see [KernelCapabilities](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html). - This parameter is not supported for Windows containers. - LogConfiguration: - $ref: '#/components/schemas/LogConfiguration' + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Ulimit' + StopTimeout: description: |- - The log configuration specification for the container. - This parameter maps to ``LogConfig`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--log-driver`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/). By default, containers use the same logging driver that the Docker daemon uses. However, the container may use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information on the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation. - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the [LogConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html) data type). Additional log drivers may be available in future releases of the Amazon ECS container agent. - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` - The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*. - Memory: - description: >- - The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task ``memory`` value, if one is specified. This parameter maps to ``Memory`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote - API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--memory`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - If using the Fargate launch type, this parameter is optional. - If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level ``memory`` and ``memoryReservation`` value, ``memory`` must be greater than ``memoryReservation``. If you specify ``memoryReservation``, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of ``memory`` is used. - The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container, so you should not specify fewer than 6 MiB of memory for your containers. - The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container, so you should not specify fewer than 4 MiB of memory for your containers. + Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. + For tasks using the Fargate launch type, the task or service requires the following platforms: + + Linux platform version ``1.3.0`` or later. + + Windows platform version ``1.0.0`` or later. + + For tasks that use the Fargate launch type, the max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used. + For tasks that use the EC2 launch type, if the ``stopTimeout`` parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ``ECS_CONTAINER_STOP_TIMEOUT`` is used. If neither the ``stopTimeout`` parameter or the ``ECS_CONTAINER_STOP_TIMEOUT`` agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + The valid values for Fargate are 2-120 seconds. type: integer + WorkingDirectory: + description: The working directory to run commands inside the container in. This parameter maps to ``WorkingDir`` in the docker container create command and the ``--workdir`` option to docker run. + type: string MemoryReservation: - type: integer description: >- - The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the ``memory`` parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to ``MemoryReservation`` in the [Create a - container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--memory-reservation`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the ``memory`` parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to ``MemoryReservation`` in the docker container create + command and the ``--memory-reservation`` option to docker run. If a task-level memory value is not specified, you must specify a non-zero integer for one or both of ``memory`` or ``memoryReservation`` in a container definition. If you specify both, ``memory`` must be greater than ``memoryReservation``. If you specify ``memoryReservation``, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of ``memory`` is used. For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a ``memoryReservation`` of 128 MiB, and a ``memory`` hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed. The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers. The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers. - MountPoints: + type: integer + RepositoryCredentials: + description: The private repository authentication credentials to use. + $ref: '#/components/schemas/RepositoryCredentials' + ExtraHosts: + description: |- + A list of hostnames and IP address mappings to append to the ``/etc/hosts`` file on the container. This parameter maps to ``ExtraHosts`` in the docker container create command and the ``--add-host`` option to docker run. + This parameter isn't supported for Windows containers or tasks that use the ``awsvpc`` network mode. + x-insertionOrder: false type: array - x-insertionOrder: true - uniqueItems: true items: - $ref: '#/components/schemas/MountPoint' + $ref: '#/components/schemas/HostEntry' + Hostname: description: |- - The mount points for data volumes in your container. - This parameter maps to ``Volumes`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--volume`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - Windows containers can mount whole directories on the same drive as ``$env:ProgramData``. Windows containers can't mount directories on a different drive, and mount point can't be across drives. - Name: + The hostname to use for your container. This parameter maps to ``Hostname`` in the docker container create command and the ``--hostname`` option to docker run. + The ``hostname`` parameter is not supported if you're using the ``awsvpc`` network mode. + type: string + LinuxParameters: + description: |- + Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see [KernelCapabilities](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html). + This parameter is not supported for Windows containers. + $ref: '#/components/schemas/LinuxParameters' + VersionConsistency: + default: enabled description: >- - The name of a container. If you're linking multiple containers together in a task definition, the ``name`` of one container can be entered in the ``links`` of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to ``name`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote - API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--name`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). + Specifies whether Amazon ECS will resolve the container image tag provided in the container definition to an image digest. By default, the value is ``enabled``. If you set the value for a container as ``disabled``, Amazon ECS will not resolve the provided container image tag to a digest and will use the original image URI specified in the container definition for deployment. For more information about container image resolution, see [Container image + resolution](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html#deployment-container-image-stability) in the *Amazon ECS Developer Guide*. type: string + enum: + - enabled + - disabled + RestartPolicy: + description: The restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. For more information, see [Restart individual containers in Amazon ECS tasks with container restart policies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-restart-policy.html) in the *Amazon Elastic Container Service Developer Guide*. + $ref: '#/components/schemas/RestartPolicy' + DisableNetworking: + description: |- + When this parameter is true, networking is off within the container. This parameter maps to ``NetworkDisabled`` in the docker container create command. + This parameter is not supported for Windows containers. + type: boolean + PseudoTerminal: + description: When this parameter is ``true``, a TTY is allocated. This parameter maps to ``Tty`` in the docker container create command and the ``--tty`` option to docker run. + type: boolean + MountPoints: + uniqueItems: true + description: |- + The mount points for data volumes in your container. + This parameter maps to ``Volumes`` in the docker container create command and the ``--volume`` option to docker run. + Windows containers can mount whole directories on the same drive as ``$env:ProgramData``. Windows containers can't mount directories on a different drive, and mount point can't be across drives. + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/MountPoint' + DependsOn: + description: |- + The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. + For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent to turn on container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + For tasks using the Fargate launch type, the task or service requires the following platforms: + + Linux platform version ``1.3.0`` or later. + + Windows platform version ``1.0.0`` or later. + + If the task definition is used in a blue/green deployment that uses [AWS::CodeDeploy::DeploymentGroup BlueGreenDeploymentConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codedeploy-deploymentgroup-bluegreendeploymentconfiguration.html), the ``dependsOn`` parameter is not supported. For more information see [Issue #680](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/680) on the on the GitHub website. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ContainerDependency' + DockerLabels: + x-patternProperties: + .{1,}: + type: string + description: 'A key/value map of labels to add to the container. This parameter maps to ``Labels`` in the docker container create command and the ``--label`` option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format ''{{.Server.APIVersion}}''``' + additionalProperties: false + type: object PortMappings: + uniqueItems: true description: |- The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic. For task definitions that use the ``awsvpc`` network mode, you should only specify the ``containerPort``. The ``hostPort`` can be left blank or it must be the same value as the ``containerPort``. Port mappings on Windows use the ``NetNAT`` gateway address rather than ``localhost``. There is no loopback for port mappings on Windows, so you cannot access a container's mapped port from the host itself. This parameter maps to ``PortBindings`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--publish`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/). If the network mode of a task definition is set to ``none``, then you can't specify port mappings. If the network mode of a task definition is set to ``host``, then host ports must either be undefined or they must match the container port in the port mapping. After a task reaches the ``RUNNING`` status, manual and automatic host and container port assignments are visible in the *Network Bindings* section of a container description for a selected task in the Amazon ECS console. The assignments are also visible in the ``networkBindings`` section [DescribeTasks](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html) responses. - type: array x-insertionOrder: false - uniqueItems: true - items: - $ref: '#/components/schemas/PortMapping' - Privileged: - type: boolean - description: >- - When this parameter is true, the container is given elevated privileges on the host container instance (similar to the ``root`` user). This parameter maps to ``Privileged`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--privileged`` option to [docker - run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - This parameter is not supported for Windows containers or tasks run on FARGATElong. - ReadonlyRootFilesystem: - type: boolean - description: >- - When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ``ReadonlyRootfs`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--read-only`` option to [docker - run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - This parameter is not supported for Windows containers. - RepositoryCredentials: - $ref: '#/components/schemas/RepositoryCredentials' - description: The private repository authentication credentials to use. - ResourceRequirements: type: array - x-insertionOrder: false items: - $ref: '#/components/schemas/ResourceRequirement' - description: The type and amount of a resource to assign to a container. The only supported resource is a GPU. - Secrets: + $ref: '#/components/schemas/PortMapping' + Command: + description: The command that's passed to the container. This parameter maps to ``Cmd`` in the docker container create command and the ``COMMAND`` parameter to docker run. If there are multiple arguments, each argument is a separated string in the array. + x-insertionOrder: true type: array - x-insertionOrder: false items: - $ref: '#/components/schemas/Secret' - description: The secrets to pass to the container. For more information, see [Specifying Sensitive Data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. - StartTimeout: - type: integer - description: |- - Time duration (in seconds) to wait before giving up on resolving dependencies for a container. For example, you specify two containers in a task definition with containerA having a dependency on containerB reaching a ``COMPLETE``, ``SUCCESS``, or ``HEALTHY`` status. If a ``startTimeout`` value is specified for containerB and it doesn't reach the desired status within that time then containerA gives up and not start. This results in the task transitioning to a ``STOPPED`` state. - When the ``ECS_CONTAINER_START_TIMEOUT`` container agent configuration variable is used, it's enforced independently from this start timeout value. - For tasks using the Fargate launch type, the task or service requires the following platforms: - + Linux platform version ``1.3.0`` or later. - + Windows platform version ``1.0.0`` or later. - - For tasks using the EC2 launch type, your container instances require at least version ``1.26.0`` of the container agent to use a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version ``1.26.0-1`` of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. - The valid values are 2-120 seconds. - StopTimeout: - type: integer + type: string + Environment: + uniqueItems: true description: |- - Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. - For tasks using the Fargate launch type, the task or service requires the following platforms: - + Linux platform version ``1.3.0`` or later. - + Windows platform version ``1.0.0`` or later. - - The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used. - For tasks that use the EC2 launch type, if the ``stopTimeout`` parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ``ECS_CONTAINER_STOP_TIMEOUT`` is used. If neither the ``stopTimeout`` parameter or the ``ECS_CONTAINER_STOP_TIMEOUT`` agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. - The valid values are 2-120 seconds. - Ulimits: - type: array + The environment variables to pass to a container. This parameter maps to ``Env`` in the docker container create command and the ``--env`` option to docker run. + We don't recommend that you use plaintext environment variables for sensitive information, such as credential data. x-insertionOrder: false + type: array items: - $ref: '#/components/schemas/Ulimit' - description: >- - A list of ``ulimits`` to set in the container. This parameter maps to ``Ulimits`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--ulimit`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/). Valid naming values are displayed in the - [Ulimit](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Ulimit.html) data type. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` - This parameter is not supported for Windows containers. - User: - type: string + $ref: '#/components/schemas/KeyValuePair' + Links: + uniqueItems: true description: |- - The user to use inside the container. This parameter maps to ``User`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--user`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - When running tasks using the ``host`` network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security. - You can specify the ``user`` using the following formats. If specifying a UID or GID, you must specify it as a positive integer. - + ``user`` - + ``user:group`` - + ``uid`` - + ``uid:gid`` - + ``user:gid`` - + ``uid:group`` - + The ``links`` parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is ``bridge``. The ``name:internalName`` construct is analogous to ``name:alias`` in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.. This parameter maps to ``Links`` in the docker container create command and the ``--link`` option to docker run. This parameter is not supported for Windows containers. - VolumesFrom: - type: array + Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings. x-insertionOrder: false - uniqueItems: true - items: - $ref: '#/components/schemas/VolumeFrom' - description: Data volumes to mount from another container. This parameter maps to ``VolumesFrom`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--volumes-from`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - WorkingDirectory: - type: string - description: The working directory to run commands inside the container in. This parameter maps to ``WorkingDir`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--workdir`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - Interactive: - type: boolean - description: >- - When this parameter is ``true``, you can deploy containerized applications that require ``stdin`` or a ``tty`` to be allocated. This parameter maps to ``OpenStdin`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--interactive`` option to [docker - run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - PseudoTerminal: - type: boolean - description: When this parameter is ``true``, a TTY is allocated. This parameter maps to ``Tty`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--tty`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - SystemControls: type: array - x-insertionOrder: false items: - $ref: '#/components/schemas/SystemControl' - description: >- - A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--sysctl`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). For example, - you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections. - additionalProperties: false + type: string SystemControl: - type: object - properties: - Namespace: - type: string - description: The namespaced kernel parameter to set a ``value`` for. - Value: - type: string - description: |- - The namespaced kernel parameter to set a ``value`` for. - Valid IPC namespace values: ``"kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced"``, and ``Sysctls`` that start with ``"fs.mqueue.*"`` - Valid network namespace values: ``Sysctls`` that start with ``"net.*"`` - All of these values are supported by Fargate. - additionalProperties: false - description: >- - A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--sysctl`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). For example, you - can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections. + description: |- + A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in the docker container create command and the ``--sysctl`` option to docker run. For example, you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections. We don't recommend that you specify network-related ``systemControls`` parameters for multiple containers in a single task that also uses either the ``awsvpc`` or ``host`` network mode. Doing this has the following disadvantages: + For tasks that use the ``awsvpc`` network mode including Fargate, if you set ``systemControls`` for any container, it applies to all containers in the task. If you set different ``systemControls`` for multiple containers in a single task, the container that's started last determines which ``systemControls`` take effect. + For tasks that use the ``host`` network mode, the network namespace ``systemControls`` aren't supported. @@ -1685,382 +1808,167 @@ components: This parameter is not supported for Windows containers. This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate. - ContainerDependency: - type: object - properties: - ContainerName: - type: string - description: The name of a container. - Condition: - type: string - description: |- - The dependency condition of the container. The following are the available conditions and their behavior: - + ``START`` - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start. - + ``COMPLETE`` - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can't be set on an essential container. - + ``SUCCESS`` - This condition is the same as ``COMPLETE``, but it also requires that the container exits with a ``zero`` status. This condition can't be set on an essential container. - + ``HEALTHY`` - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup. additionalProperties: false - description: |- - The ``ContainerDependency`` property specifies the dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. - Your Amazon ECS container instances require at least version 1.26.0 of the container agent to enable container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. - For tasks using the Fargate launch type, this parameter requires that the task or service uses platform version 1.3.0 or later. - Device: type: object properties: - ContainerPath: + Value: + description: |- + The namespaced kernel parameter to set a ``value`` for. + Valid IPC namespace values: ``"kernel.msgmax" | "kernel.msgmnb" | "kernel.msgmni" | "kernel.sem" | "kernel.shmall" | "kernel.shmmax" | "kernel.shmmni" | "kernel.shm_rmid_forced"``, and ``Sysctls`` that start with ``"fs.mqueue.*"`` + Valid network namespace values: ``Sysctls`` that start with ``"net.*"`` + All of these values are supported by Fargate. type: string - description: The path inside the container at which to expose the host device. - HostPath: + Namespace: + description: The namespaced kernel parameter to set a ``value`` for. type: string - description: The path for the device on the host container instance. - Permissions: - type: array - x-insertionOrder: false - uniqueItems: true - items: - type: string - description: The explicit permissions to provide to the container for the device. By default, the container has permissions for ``read``, ``write``, and ``mknod`` for the device. - additionalProperties: false - description: The ``Device`` property specifies an object representing a container instance host device. DockerVolumeConfiguration: + description: The ``DockerVolumeConfiguration`` property specifies a Docker volume configuration and is used when you use Docker volumes. Docker volumes are only supported when you are using the EC2 launch type. Windows containers only support the use of the ``local`` driver. To use bind mounts, specify a ``host`` instead. + additionalProperties: false type: object properties: - Autoprovision: - type: boolean - description: |- - If this value is ``true``, the Docker volume is created if it doesn't already exist. - This field is only used if the ``scope`` is ``shared``. - Driver: - type: string - description: >- - The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use ``docker plugin ls`` to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. For more information, see [Docker plugin - discovery](https://docs.aws.amazon.com/https://docs.docker.com/engine/extend/plugin_api/#plugin-discovery). This parameter maps to ``Driver`` in the [Create a volume](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``xxdriver`` option to [docker volume - create](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/volume_create/). DriverOpts: - type: object x-patternProperties: .{1,}: type: string + description: A map of Docker driver-specific options passed through. This parameter maps to ``DriverOpts`` in the docker create-volume command and the ``xxopt`` option to docker volume create. additionalProperties: false - description: A map of Docker driver-specific options passed through. This parameter maps to ``DriverOpts`` in the [Create a volume](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``xxopt`` option to [docker volume create](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/volume_create/). - Labels: type: object - x-patternProperties: - .{1,}: - type: string - additionalProperties: false - description: Custom metadata to add to your Docker volume. This parameter maps to ``Labels`` in the [Create a volume](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``xxlabel`` option to [docker volume create](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/volume_create/). Scope: - type: string description: The scope for the Docker volume that determines its lifecycle. Docker volumes that are scoped to a ``task`` are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped as ``shared`` persist after the task stops. - additionalProperties: false - description: The ``DockerVolumeConfiguration`` property specifies a Docker volume configuration and is used when you use Docker volumes. Docker volumes are only supported when you are using the EC2 launch type. Windows containers only support the use of the ``local`` driver. To use bind mounts, specify a ``host`` instead. - AuthorizationConfig: - type: object - properties: - IAM: - type: string - enum: - - ENABLED - - DISABLED - description: >- - Determines whether to use the Amazon ECS task role defined in a task definition when mounting the Amazon EFS file system. If it is turned on, transit encryption must be turned on in the ``EFSVolumeConfiguration``. If this parameter is omitted, the default value of ``DISABLED`` is used. For more information, see [Using Amazon EFS access points](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html#efs-volume-accesspoints) in the *Amazon Elastic Container Service - Developer Guide*. - AccessPointId: - type: string - description: >- - The Amazon EFS access point ID to use. If an access point is specified, the root directory value specified in the ``EFSVolumeConfiguration`` must either be omitted or set to ``/`` which will enforce the path set on the EFS access point. If an access point is used, transit encryption must be on in the ``EFSVolumeConfiguration``. For more information, see [Working with Amazon EFS access points](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html) in the *Amazon Elastic - File System User Guide*. - additionalProperties: false - description: The authorization configuration details for the Amazon EFS file system. - EFSVolumeConfiguration: - type: object - required: - - FilesystemId - properties: - FilesystemId: - type: string - description: The Amazon EFS file system ID to use. - RootDirectory: type: string + Autoprovision: description: |- - The directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume will be used. Specifying ``/`` will have the same effect as omitting this parameter. - If an EFS access point is specified in the ``authorizationConfig``, the root directory parameter must either be omitted or set to ``/`` which will enforce the path set on the EFS access point. - TransitEncryption: - type: string - enum: - - ENABLED - - DISABLED - description: Determines whether to use encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be turned on if Amazon EFS IAM authorization is used. If this parameter is omitted, the default value of ``DISABLED`` is used. For more information, see [Encrypting data in transit](https://docs.aws.amazon.com/efs/latest/ug/encryption-in-transit.html) in the *Amazon Elastic File System User Guide*. - TransitEncryptionPort: - type: integer - description: The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses. For more information, see [EFS mount helper](https://docs.aws.amazon.com/efs/latest/ug/efs-mount-helper.html) in the *Amazon Elastic File System User Guide*. - AuthorizationConfig: - $ref: '#/components/schemas/AuthorizationConfig' - description: The authorization configuration details for the Amazon EFS file system. - additionalProperties: false - description: This parameter is specified when you're using an Amazon Elastic File System file system for task storage. For more information, see [Amazon EFS volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html) in the *Amazon Elastic Container Service Developer Guide*. - EnvironmentFile: - type: object - properties: - Value: - type: string - description: The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file. - Type: - type: string - description: The file type to use. Environment files are objects in Amazon S3. The only supported value is ``s3``. - additionalProperties: false - description: |- - A list of files containing the environment variables to pass to a container. You can specify up to ten environment files. The file must have a ``.env`` file extension. Each line in an environment file should contain an environment variable in ``VARIABLE=VALUE`` format. Lines beginning with ``#`` are treated as comments and are ignored. - If there are environment variables specified using the ``environment`` parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see [Use a file to pass environment variables to a container](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/use-environment-file.html) in the *Amazon Elastic Container Service Developer Guide*. - Environment variable files are objects in Amazon S3 and all Amazon S3 security considerations apply. - You must use the following platforms for the Fargate launch type: - + Linux platform version ``1.4.0`` or later. - + Windows platform version ``1.0.0`` or later. - - Consider the following when using the Fargate launch type: - + The file is handled like a native Docker env-file. - + There is no support for shell escape handling. - + The container entry point interperts the ``VARIABLE`` values. - EphemeralStorage: - type: object - properties: - SizeInGiB: - type: integer - description: The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is ``20`` GiB and the maximum supported value is ``200`` GiB. - additionalProperties: false - description: |- - The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on FARGATElong. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon ECS Developer Guide;*. - For tasks using the Fargate launch type, the task requires the following platforms: - + Linux platform version ``1.4.0`` or later. - + Windows platform version ``1.0.0`` or later. - FSxAuthorizationConfig: - type: object - required: - - CredentialsParameter - - Domain - properties: - CredentialsParameter: - type: string - description: '' - Domain: - type: string - description: '' - additionalProperties: false - description: '' - FSxWindowsFileServerVolumeConfiguration: - type: object - required: - - FileSystemId - - RootDirectory - properties: - FileSystemId: - type: string - description: The Amazon FSx for Windows File Server file system ID to use. - RootDirectory: - type: string - description: The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host. - AuthorizationConfig: - $ref: '#/components/schemas/FSxAuthorizationConfig' - description: The authorization configuration details for the Amazon FSx for Windows File Server file system. - additionalProperties: false - description: |- - This parameter is specified when you're using [Amazon FSx for Windows File Server](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html) file system for task storage. - For more information and the input format, see [Amazon FSx for Windows File Server volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/wfsx-volumes.html) in the *Amazon Elastic Container Service Developer Guide*. - FirelensConfiguration: - type: object - properties: - Type: + If this value is ``true``, the Docker volume is created if it doesn't already exist. + This field is only used if the ``scope`` is ``shared``. + type: boolean + Driver: + description: >- + The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use ``docker plugin ls`` to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. This parameter maps to ``Driver`` in the docker container create command and the ``xxdriver`` option to + docker volume create. type: string - description: The log router to use. The valid values are ``fluentd`` or ``fluentbit``. - Options: - type: object + Labels: x-patternProperties: .{1,}: type: string + description: Custom metadata to add to your Docker volume. This parameter maps to ``Labels`` in the docker container create command and the ``xxlabel`` option to docker volume create. additionalProperties: false - description: |- - The options to use when configuring the log router. This field is optional and can be used to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. - If specified, valid option keys are: - + ``enable-ecs-log-metadata``, which can be ``true`` or ``false`` - + ``config-file-type``, which can be ``s3`` or ``file`` - + ``config-file-value``, which is either an S3 ARN or a file path - additionalProperties: false + type: object + FirelensConfiguration: description: The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see [Custom log routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide*. - HealthCheck: - description: |- - The ``HealthCheck`` property specifies an object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the ``HEALTHCHECK`` parameter of [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/). - The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image. - If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it. - The following are notes about container health check support: - + Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html). - + Container health checks are supported for Fargate tasks if you are using platform version 1.1.0 or greater. For more information, see [Platform Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html). - + Container health checks are not supported for tasks that are part of a service that is configured to use a Classic Load Balancer. - type: object - properties: - Command: - description: |- - A string array representing the command that the container runs to determine if it is healthy. The string array must start with ``CMD`` to run the command arguments directly, or ``CMD-SHELL`` to run the command with the container's default shell. - When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets. - ``[ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]`` - You don't include the double quotes and brackets when you use the AWS Management Console. - ``CMD-SHELL, curl -f http://localhost/ || exit 1`` - An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/). - type: array - x-insertionOrder: true - items: - type: string - Interval: - description: The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. - type: integer - Timeout: - description: The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. - type: integer - Retries: - description: The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. - type: integer - StartPeriod: - description: |- - The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the ``startPeriod`` is off. - If a health check succeeds within the ``startPeriod``, then the container is considered healthy and any subsequent failures count toward the maximum number of retries. - type: integer additionalProperties: false - HostEntry: type: object properties: - Hostname: - type: string - description: The hostname to use in the ``/etc/hosts`` entry. - IpAddress: - type: string - description: The IP address to use in the ``/etc/hosts`` entry. - additionalProperties: false - description: The ``HostEntry`` property specifies a hostname and an IP address that are added to the ``/etc/hosts`` file of a container through the ``extraHosts`` parameter of its ``ContainerDefinition`` resource. - HostVolumeProperties: - type: object - properties: - SourcePath: + Options: + x-patternProperties: + .{1,}: + type: string + description: |- + The options to use when configuring the log router. This field is optional and can be used to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. + If specified, valid option keys are: + + ``enable-ecs-log-metadata``, which can be ``true`` or ``false`` + + ``config-file-type``, which can be ``s3`` or ``file`` + + ``config-file-value``, which is either an S3 ARN or a file path + additionalProperties: false + type: object + Type: + description: The log router to use. The valid values are ``fluentd`` or ``fluentbit``. type: string - description: >- - When the ``host`` parameter is used, specify a ``sourcePath`` to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the ``host`` parameter contains a ``sourcePath`` file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the ``sourcePath`` value doesn't exist on the host container - instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. - If you're using the Fargate launch type, the ``sourcePath`` parameter is not supported. + RuntimePlatform: + description: |- + Information about the platform for the Amazon ECS service or task. + For more information about ``RuntimePlatform``, see [RuntimePlatform](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#runtime-platform) in the *Amazon Elastic Container Service Developer Guide*. additionalProperties: false - description: The ``HostVolumeProperties`` property specifies details on a container instance bind mount host volume. - InferenceAccelerator: type: object properties: - DeviceName: + OperatingSystemFamily: + description: The operating system. type: string - description: The Elastic Inference accelerator device name. The ``deviceName`` must also be referenced in a container definition as a [ResourceRequirement](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ResourceRequirement.html). - DeviceType: + CpuArchitecture: + description: |- + The CPU architecture. + You can run your Linux tasks on an ARM-based platform by setting the value to ``ARM64``. This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate. type: string - description: The Elastic Inference accelerator type to use. - additionalProperties: false - description: Details on an Elastic Inference accelerator. For more information, see [Working with Amazon Elastic Inference on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html) in the *Amazon Elastic Container Service Developer Guide*. KernelCapabilities: + description: The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more detailed information about these Linux capabilities, see the [capabilities(7)](https://docs.aws.amazon.com/http://man7.org/linux/man-pages/man7/capabilities.7.html) Linux manual page. + additionalProperties: false type: object properties: Add: - type: array + description: |- + The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to ``CapAdd`` in the docker container create command and the ``--cap-add`` option to docker run. + Tasks launched on FARGATElong only support adding the ``SYS_PTRACE`` kernel capability. + Valid values: ``"ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"`` x-insertionOrder: false + type: array items: type: string - description: >- - The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to ``CapAdd`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--cap-add`` option to [docker - run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - Tasks launched on FARGATElong only support adding the ``SYS_PTRACE`` kernel capability. - Valid values: ``"ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"`` Drop: - type: array + description: |- + The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to ``CapDrop`` in the docker container create command and the ``--cap-drop`` option to docker run. + Valid values: ``"ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"`` x-insertionOrder: false + type: array items: type: string - description: >- - The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to ``CapDrop`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--cap-drop`` option to [docker - run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - Valid values: ``"ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"`` + Tmpfs: + description: The container path, mount options, and size of the tmpfs mount. additionalProperties: false - description: >- - The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more information about the default capabilities and the non-default available capabilities, see [Runtime privilege and Linux capabilities](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) in the *Docker run reference*. For more detailed information about these Linux capabilities, see the - [capabilities(7)](https://docs.aws.amazon.com/http://man7.org/linux/man-pages/man7/capabilities.7.html) Linux manual page. - KeyValuePair: type: object + required: + - Size properties: - Name: - type: string - description: The name of the key-value pair. For environment variables, this is the name of the environment variable. - Value: + Size: + description: The maximum size (in MiB) of the tmpfs volume. + type: integer + ContainerPath: + description: The absolute file path where the tmpfs volume is to be mounted. type: string - description: The value of the key-value pair. For environment variables, this is the value of the environment variable. - additionalProperties: false - description: A key-value pair object. - LinuxParameters: - type: object - properties: - Capabilities: - $ref: '#/components/schemas/KernelCapabilities' + MountOptions: description: |- - The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. - For tasks that use the Fargate launch type, ``capabilities`` is supported for all platform versions but the ``add`` parameter is only supported if using platform version 1.4.0 or later. - Devices: - type: array + The list of tmpfs volume mount options. + Valid values: ``"defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol"`` x-insertionOrder: false - items: - $ref: '#/components/schemas/Device' - description: |- - Any host devices to expose to the container. This parameter maps to ``Devices`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--device`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - If you're using tasks that use the Fargate launch type, the ``devices`` parameter isn't supported. - InitProcessEnabled: - type: boolean - description: >- - Run an ``init`` process inside the container that forwards signals and reaps processes. This parameter maps to the ``--init`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo - docker version --format '{{.Server.APIVersion}}'`` - MaxSwap: - type: integer - description: |- - The total amount of swap memory (in MiB) a container can use. This parameter will be translated to the ``--memory-swap`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) where the value would be the sum of the container memory plus the ``maxSwap`` value. - If a ``maxSwap`` value of ``0`` is specified, the container will not use swap. Accepted values are ``0`` or any positive integer. If the ``maxSwap`` parameter is omitted, the container will use the swap configuration for the container instance it is running on. A ``maxSwap`` value must be set for the ``swappiness`` parameter to be used. - If you're using tasks that use the Fargate launch type, the ``maxSwap`` parameter isn't supported. - If you're using tasks on Amazon Linux 2023 the ``swappiness`` parameter isn't supported. - SharedMemorySize: - type: integer - description: |- - The value for the size (in MiB) of the ``/dev/shm`` volume. This parameter maps to the ``--shm-size`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - If you are using tasks that use the Fargate launch type, the ``sharedMemorySize`` parameter is not supported. - Swappiness: - type: integer - description: >- - This allows you to tune a container's memory swappiness behavior. A ``swappiness`` value of ``0`` will cause swapping to not happen unless absolutely necessary. A ``swappiness`` value of ``100`` will cause pages to be swapped very aggressively. Accepted values are whole numbers between ``0`` and ``100``. If the ``swappiness`` parameter is not specified, a default value of ``60`` is used. If a value is not specified for ``maxSwap`` then this parameter is ignored. This parameter maps - to the ``--memory-swappiness`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - If you're using tasks that use the Fargate launch type, the ``swappiness`` parameter isn't supported. - If you're using tasks on Amazon Linux 2023 the ``swappiness`` parameter isn't supported. - Tmpfs: type: array - x-insertionOrder: false items: - $ref: '#/components/schemas/Tmpfs' - description: |- - The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the ``--tmpfs`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). - If you're using tasks that use the Fargate launch type, the ``tmpfs`` parameter isn't supported. + type: string + AuthorizationConfig: + description: The authorization configuration details for the Amazon EFS file system. additionalProperties: false - description: The Linux-specific options that are applied to the container, such as Linux [KernelCapabilities](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html). - PortMapping: type: object properties: - Name: + IAM: + description: >- + Determines whether to use the Amazon ECS task role defined in a task definition when mounting the Amazon EFS file system. If it is turned on, transit encryption must be turned on in the ``EFSVolumeConfiguration``. If this parameter is omitted, the default value of ``DISABLED`` is used. For more information, see [Using Amazon EFS access points](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html#efs-volume-accesspoints) in the *Amazon Elastic Container Service + Developer Guide*. type: string + enum: + - ENABLED + - DISABLED + AccessPointId: + description: >- + The Amazon EFS access point ID to use. If an access point is specified, the root directory value specified in the ``EFSVolumeConfiguration`` must either be omitted or set to ``/`` which will enforce the path set on the EFS access point. If an access point is used, transit encryption must be on in the ``EFSVolumeConfiguration``. For more information, see [Working with Amazon EFS access points](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html) in the *Amazon Elastic + File System User Guide*. + type: string + PortMapping: + description: |- + The ``PortMapping`` property specifies a port mapping. Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition. + If you are using containers in a task with the ``awsvpc`` or ``host`` network mode, exposed ports should be specified using ``containerPort``. The ``hostPort`` can be left blank or it must be the same value as the ``containerPort``. + After a task reaches the ``RUNNING`` status, manual and automatic host and container port assignments are visible in the ``networkBindings`` section of [DescribeTasks](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html) API responses. + additionalProperties: false + type: object + properties: + AppProtocol: description: |- - The name that's used for the port mapping. This parameter only applies to Service Connect. This parameter is the name that you use in the ``serviceConnectConfiguration`` of a service. The name can include up to 64 characters. The characters can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen. - For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. - ContainerPort: - type: integer - description: |- - The port number on the container that's bound to the user-specified or automatically assigned host port. - If you use containers in a task with the ``awsvpc`` or ``host`` network mode, specify the exposed ports using ``containerPort``. - If you use containers in a task with the ``bridge`` network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see ``hostPort``. Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance. - ContainerPortRange: + The application protocol that's used for the port mapping. This parameter only applies to Service Connect. We recommend that you set this parameter to be consistent with the protocol that your application uses. If you set this parameter, Amazon ECS adds protocol-specific connection handling to the Service Connect proxy. If you set this parameter, Amazon ECS adds protocol-specific telemetry in the Amazon ECS console and CloudWatch. + If you don't set a value for this parameter, then TCP is used. However, Amazon ECS doesn't add protocol-specific telemetry for TCP. + ``appProtocol`` is immutable in a Service Connect service. Updating this field requires a service deletion and redeployment. + Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. type: string + enum: + - http + - http2 + - grpc + ContainerPortRange: description: |- The port number range on the container that's bound to the dynamically mapped host port range. The following rules apply when you specify a ``containerPortRange``: @@ -2082,8 +1990,8 @@ components: For information about how to turn off the docker-proxy in the Docker daemon config file, see [Docker daemon](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/bootstrap_container_instance.html#bootstrap_docker_daemon) in the *Amazon ECS Developer Guide*. You can call [DescribeTasks](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html) to view the ``hostPortRange`` which are the host ports that are bound to the container ports. + type: string HostPort: - type: integer description: |- The port number on the container instance to reserve for your container. If you specify a ``containerPortRange``, leave this field empty and the value of the ``hostPort`` is set as follows: @@ -2094,263 +2002,404 @@ components: If you use containers in a task with the ``bridge`` network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the ``hostPort`` (or set it to ``0``) while specifying a ``containerPort`` and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version. The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under ``/proc/sys/net/ipv4/ip_local_port_range``. If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 (Linux) or 49152 through 65535 (Windows) is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range. The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the ``remainingResources`` of [DescribeContainerInstances](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeContainerInstances.html) output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota. + type: integer + ContainerPort: + description: |- + The port number on the container that's bound to the user-specified or automatically assigned host port. + If you use containers in a task with the ``awsvpc`` or ``host`` network mode, specify the exposed ports using ``containerPort``. + If you use containers in a task with the ``bridge`` network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see ``hostPort``. Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance. + type: integer Protocol: - type: string description: The protocol used for the port mapping. Valid values are ``tcp`` and ``udp``. The default is ``tcp``. ``protocol`` is immutable in a Service Connect service. Updating this field requires a service deletion and redeployment. - AppProtocol: - type: string - enum: - - http - - http2 - - grpc - description: |- - The application protocol that's used for the port mapping. This parameter only applies to Service Connect. We recommend that you set this parameter to be consistent with the protocol that your application uses. If you set this parameter, Amazon ECS adds protocol-specific connection handling to the Service Connect proxy. If you set this parameter, Amazon ECS adds protocol-specific telemetry in the Amazon ECS console and CloudWatch. - If you don't set a value for this parameter, then TCP is used. However, Amazon ECS doesn't add protocol-specific telemetry for TCP. - ``appProtocol`` is immutable in a Service Connect service. Updating this field requires a service deletion and redeployment. - Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. - additionalProperties: false - description: |- - The ``PortMapping`` property specifies a port mapping. Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition. - If you are using containers in a task with the ``awsvpc`` or ``host`` network mode, exposed ports should be specified using ``containerPort``. The ``hostPort`` can be left blank or it must be the same value as the ``containerPort``. - After a task reaches the ``RUNNING`` status, manual and automatic host and container port assignments are visible in the ``networkBindings`` section of [DescribeTasks](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html) API responses. - MountPoint: - type: object - properties: - ContainerPath: type: string - description: The path on the container to mount the host volume at. - ReadOnly: - type: boolean - description: If this value is ``true``, the container has read-only access to the volume. If this value is ``false``, then the container can write to the volume. The default value is ``false``. - SourceVolume: + Name: + description: The name that's used for the port mapping. This parameter is the name that you use in the ``serviceConnectConfiguration`` and the ``vpcLatticeConfigurations`` of a service. The name can include up to 64 characters. The characters can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen. type: string - description: The name of the volume to mount. Must be a volume name referenced in the ``name`` parameter of task definition ``volume``. + TaskDefinitionPlacementConstraint: + description: |- + The constraint on task placement in the task definition. For more information, see [Task placement constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) in the *Amazon Elastic Container Service Developer Guide*. + Task placement constraints aren't supported for tasks run on FARGATElong. additionalProperties: false - description: The details for a volume mount point that's used in a container definition. - ProxyConfiguration: type: object required: - - ContainerName + - Type properties: - ContainerName: - type: string - description: The name of the container that will serve as the App Mesh proxy. - ProxyConfigurationProperties: - type: array - x-insertionOrder: false - uniqueItems: true - items: - $ref: '#/components/schemas/KeyValuePair' - description: |- - The set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified as key-value pairs. - + ``IgnoredUID`` - (Required) The user ID (UID) of the proxy container as defined by the ``user`` parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If ``IgnoredGID`` is specified, this field can be empty. - + ``IgnoredGID`` - (Required) The group ID (GID) of the proxy container as defined by the ``user`` parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If ``IgnoredUID`` is specified, this field can be empty. - + ``AppPorts`` - (Required) The list of ports that the application uses. Network traffic to these ports is forwarded to the ``ProxyIngressPort`` and ``ProxyEgressPort``. - + ``ProxyIngressPort`` - (Required) Specifies the port that incoming traffic to the ``AppPorts`` is directed to. - + ``ProxyEgressPort`` - (Required) Specifies the port that outgoing traffic from the ``AppPorts`` is directed to. - + ``EgressIgnoredPorts`` - (Required) The egress traffic going to the specified ports is ignored and not redirected to the ``ProxyEgressPort``. It can be an empty list. - + ``EgressIgnoredIPs`` - (Required) The egress traffic going to the specified IP addresses is ignored and not redirected to the ``ProxyEgressPort``. It can be an empty list. Type: + description: The type of constraint. The ``MemberOf`` constraint restricts selection to be from a group of valid candidates. type: string - description: The proxy type. The only supported value is ``APPMESH``. - additionalProperties: false + Expression: + description: A cluster query language expression to apply to the constraint. For more information, see [Cluster query language](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html) in the *Amazon Elastic Container Service Developer Guide*. + type: string + FSxAuthorizationConfig: description: |- - The configuration details for the App Mesh proxy. - For tasks that use the EC2 launch type, the container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) - RepositoryCredentials: + The authorization configuration details for Amazon FSx for Windows File Server file system. See [FSxWindowsFileServerVolumeConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FSxWindowsFileServerVolumeConfiguration.html) in the *Amazon ECS API Reference*. + For more information and the input format, see [Amazon FSx for Windows File Server Volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/wfsx-volumes.html) in the *Amazon Elastic Container Service Developer Guide*. + additionalProperties: false type: object + required: + - CredentialsParameter + - Domain properties: CredentialsParameter: + description: The authorization credential option to use. The authorization credential options can be provided using either the Amazon Resource Name (ARN) of an ASMlong secret or SSM Parameter Store parameter. The ARN refers to the stored credentials. type: string - description: |- - The Amazon Resource Name (ARN) of the secret containing the private repository credentials. - When you use the Amazon ECS API, CLI, or AWS SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret. + Domain: + description: A fully qualified domain name hosted by an [](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html) Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2. + type: string + EFSVolumeConfiguration: + description: This parameter is specified when you're using an Amazon Elastic File System file system for task storage. For more information, see [Amazon EFS volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html) in the *Amazon Elastic Container Service Developer Guide*. additionalProperties: false - description: The repository credentials for private registry authentication. - ResourceRequirement: type: object required: - - Type - - Value + - FilesystemId properties: - Type: + FilesystemId: + description: The Amazon EFS file system ID to use. type: string - description: The type of resource to assign to a container. The supported values are ``GPU`` or ``InferenceAccelerator``. - Value: + TransitEncryption: + description: Determines whether to use encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be turned on if Amazon EFS IAM authorization is used. If this parameter is omitted, the default value of ``DISABLED`` is used. For more information, see [Encrypting data in transit](https://docs.aws.amazon.com/efs/latest/ug/encryption-in-transit.html) in the *Amazon Elastic File System User Guide*. + type: string + enum: + - ENABLED + - DISABLED + AuthorizationConfig: + description: The authorization configuration details for the Amazon EFS file system. + $ref: '#/components/schemas/AuthorizationConfig' + RootDirectory: + description: |- + The directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume will be used. Specifying ``/`` will have the same effect as omitting this parameter. + If an EFS access point is specified in the ``authorizationConfig``, the root directory parameter must either be omitted or set to ``/`` which will enforce the path set on the EFS access point. type: string - description: |- - The value for the specified resource type. - If the ``GPU`` type is used, the value is the number of physical ``GPUs`` the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on. - If the ``InferenceAccelerator`` type is used, the ``value`` matches the ``deviceName`` for an [InferenceAccelerator](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_InferenceAccelerator.html) specified in a task definition. + TransitEncryptionPort: + description: The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses. For more information, see [EFS mount helper](https://docs.aws.amazon.com/efs/latest/ug/efs-mount-helper.html) in the *Amazon Elastic File System User Guide*. + type: integer + RepositoryCredentials: + description: The repository credentials for private registry authentication. additionalProperties: false - description: The type and amount of a resource to assign to a container. The supported resource types are GPUs and Elastic Inference accelerators. For more information, see [Working with GPUs on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-gpu.html) or [Working with Amazon Elastic Inference on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html) in the *Amazon Elastic Container Service Developer Guide* - RuntimePlatform: type: object properties: - CpuArchitecture: - type: string + CredentialsParameter: description: |- - The CPU architecture. - You can run your Linux tasks on an ARM-based platform by setting the value to ``ARM64``. This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate. - OperatingSystemFamily: + The Amazon Resource Name (ARN) of the secret containing the private repository credentials. + When you use the Amazon ECS API, CLI, or AWS SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the AWS Management Console, you must specify the full ARN of the secret. type: string - description: The operating system. + KeyValuePair: + description: A key-value pair object. additionalProperties: false - description: |- - Information about the platform for the Amazon ECS service or task. - For more information about ``RuntimePlatform``, see [RuntimePlatform](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#runtime-platform) in the *Amazon Elastic Container Service Developer Guide*. - TaskDefinitionPlacementConstraint: type: object - required: - - Type properties: - Type: + Value: + description: The value of the key-value pair. For environment variables, this is the value of the environment variable. type: string - description: The type of constraint. The ``MemberOf`` constraint restricts selection to be from a group of valid candidates. - Expression: + Name: + description: The name of the key-value pair. For environment variables, this is the name of the environment variable. type: string - description: A cluster query language expression to apply to the constraint. For more information, see [Cluster query language](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html) in the *Amazon Elastic Container Service Developer Guide*. + Device: + description: The ``Device`` property specifies an object representing a container instance host device. additionalProperties: false - description: |- - The constraint on task placement in the task definition. For more information, see [Task placement constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) in the *Amazon Elastic Container Service Developer Guide*. - Task placement constraints aren't supported for tasks run on FARGATElong. - Tmpfs: type: object - required: - - Size properties: + HostPath: + description: The path for the device on the host container instance. + type: string + Permissions: + uniqueItems: true + description: The explicit permissions to provide to the container for the device. By default, the container has permissions for ``read``, ``write``, and ``mknod`` for the device. + x-insertionOrder: false + type: array + items: + type: string ContainerPath: + description: The path inside the container at which to expose the host device. type: string - description: The absolute file path where the tmpfs volume is to be mounted. - MountOptions: + LinuxParameters: + description: The Linux-specific options that are applied to the container, such as Linux [KernelCapabilities](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html). + additionalProperties: false + type: object + properties: + Capabilities: + description: |- + The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. + For tasks that use the Fargate launch type, ``capabilities`` is supported for all platform versions but the ``add`` parameter is only supported if using platform version 1.4.0 or later. + $ref: '#/components/schemas/KernelCapabilities' + Swappiness: + description: >- + This allows you to tune a container's memory swappiness behavior. A ``swappiness`` value of ``0`` will cause swapping to not happen unless absolutely necessary. A ``swappiness`` value of ``100`` will cause pages to be swapped very aggressively. Accepted values are whole numbers between ``0`` and ``100``. If the ``swappiness`` parameter is not specified, a default value of ``60`` is used. If a value is not specified for ``maxSwap`` then this parameter is ignored. This parameter maps + to the ``--memory-swappiness`` option to docker run. + If you're using tasks that use the Fargate launch type, the ``swappiness`` parameter isn't supported. + If you're using tasks on Amazon Linux 2023 the ``swappiness`` parameter isn't supported. + type: integer + Tmpfs: + description: |- + The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the ``--tmpfs`` option to docker run. + If you're using tasks that use the Fargate launch type, the ``tmpfs`` parameter isn't supported. + x-insertionOrder: false type: array + items: + $ref: '#/components/schemas/Tmpfs' + SharedMemorySize: + description: |- + The value for the size (in MiB) of the ``/dev/shm`` volume. This parameter maps to the ``--shm-size`` option to docker run. + If you are using tasks that use the Fargate launch type, the ``sharedMemorySize`` parameter is not supported. + type: integer + Devices: + description: |- + Any host devices to expose to the container. This parameter maps to ``Devices`` in the docker container create command and the ``--device`` option to docker run. + If you're using tasks that use the Fargate launch type, the ``devices`` parameter isn't supported. x-insertionOrder: false + type: array items: - type: string + $ref: '#/components/schemas/Device' + InitProcessEnabled: + description: 'Run an ``init`` process inside the container that forwards signals and reaps processes. This parameter maps to the ``--init`` option to docker run. This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format ''{{.Server.APIVersion}}''``' + type: boolean + MaxSwap: description: |- - The list of tmpfs volume mount options. - Valid values: ``"defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol"`` - Size: + The total amount of swap memory (in MiB) a container can use. This parameter will be translated to the ``--memory-swap`` option to docker run where the value would be the sum of the container memory plus the ``maxSwap`` value. + If a ``maxSwap`` value of ``0`` is specified, the container will not use swap. Accepted values are ``0`` or any positive integer. If the ``maxSwap`` parameter is omitted, the container will use the swap configuration for the container instance it is running on. A ``maxSwap`` value must be set for the ``swappiness`` parameter to be used. + If you're using tasks that use the Fargate launch type, the ``maxSwap`` parameter isn't supported. + If you're using tasks on Amazon Linux 2023 the ``swappiness`` parameter isn't supported. type: integer - description: The maximum size (in MiB) of the tmpfs volume. - additionalProperties: false - description: The container path, mount options, and size of the tmpfs mount. Ulimit: + description: |- + The ``ulimit`` settings to pass to the container. + Amazon ECS tasks hosted on FARGATElong use the default resource limit values set by the operating system with the exception of the ``nofile`` resource limit parameter which FARGATElong overrides. The ``nofile`` resource limit sets a restriction on the number of open files that a container can use. The default ``nofile`` soft limit is ``65535`` and the default hard limit is ``65535``. + You can specify the ``ulimit`` settings for a container in a task definition. + additionalProperties: false type: object required: - HardLimit - Name - SoftLimit properties: + SoftLimit: + description: The soft limit for the ``ulimit`` type. The value can be specified in bytes, seconds, or as a count, depending on the ``type`` of the ``ulimit``. + type: integer HardLimit: + description: The hard limit for the ``ulimit`` type. The value can be specified in bytes, seconds, or as a count, depending on the ``type`` of the ``ulimit``. type: integer - description: The hard limit for the ``ulimit`` type. Name: - type: string description: The ``type`` of the ``ulimit``. - SoftLimit: + type: string + RestartPolicy: + description: >- + You can enable a restart policy for each container defined in your task definition, to overcome transient failures faster and maintain task availability. When you enable a restart policy for a container, Amazon ECS can restart the container if it exits, without needing to replace the task. For more information, see [Restart individual containers in Amazon ECS tasks with container restart policies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-restart-policy.html) + in the *Amazon Elastic Container Service Developer Guide*. + additionalProperties: false + type: object + properties: + IgnoredExitCodes: + description: A list of exit codes that Amazon ECS will ignore and not attempt a restart on. You can specify a maximum of 50 container exit codes. By default, Amazon ECS does not ignore any exit codes. + x-insertionOrder: false + type: array + items: + type: integer + RestartAttemptPeriod: + description: A period of time (in seconds) that the container must run for before a restart can be attempted. A container can be restarted only once every ``restartAttemptPeriod`` seconds. If a container isn't able to run for this time period and exits early, it will not be restarted. You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod`` of 1800 seconds. By default, a container must run for 300 seconds before it can be restarted. type: integer - description: The soft limit for the ``ulimit`` type. + Enabled: + description: Specifies whether a restart policy is enabled for the container. + type: boolean + HostVolumeProperties: + description: The ``HostVolumeProperties`` property specifies details on a container instance bind mount host volume. + additionalProperties: false + type: object + properties: + SourcePath: + description: >- + When the ``host`` parameter is used, specify a ``sourcePath`` to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the ``host`` parameter contains a ``sourcePath`` file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the ``sourcePath`` value doesn't exist on the host container + instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. + If you're using the Fargate launch type, the ``sourcePath`` parameter is not supported. + type: string + MountPoint: + description: The details for a volume mount point that's used in a container definition. additionalProperties: false + type: object + properties: + ReadOnly: + description: If this value is ``true``, the container has read-only access to the volume. If this value is ``false``, then the container can write to the volume. The default value is ``false``. + type: boolean + SourceVolume: + description: The name of the volume to mount. Must be a volume name referenced in the ``name`` parameter of task definition ``volume``. + type: string + ContainerPath: + description: The path on the container to mount the host volume at. + type: string + ProxyConfiguration: description: |- - The ``ulimit`` settings to pass to the container. - Amazon ECS tasks hosted on FARGATElong use the default resource limit values set by the operating system with the exception of the ``nofile`` resource limit parameter which FARGATElong overrides. The ``nofile`` resource limit sets a restriction on the number of open files that a container can use. The default ``nofile`` soft limit is ``1024`` and the default hard limit is ``65535``. - You can specify the ``ulimit`` settings for a container in a task definition. + The configuration details for the App Mesh proxy. + For tasks that use the EC2 launch type, the container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) + additionalProperties: false + type: object + required: + - ContainerName + properties: + ProxyConfigurationProperties: + uniqueItems: true + description: |- + The set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified as key-value pairs. + + ``IgnoredUID`` - (Required) The user ID (UID) of the proxy container as defined by the ``user`` parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If ``IgnoredGID`` is specified, this field can be empty. + + ``IgnoredGID`` - (Required) The group ID (GID) of the proxy container as defined by the ``user`` parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If ``IgnoredUID`` is specified, this field can be empty. + + ``AppPorts`` - (Required) The list of ports that the application uses. Network traffic to these ports is forwarded to the ``ProxyIngressPort`` and ``ProxyEgressPort``. + + ``ProxyIngressPort`` - (Required) Specifies the port that incoming traffic to the ``AppPorts`` is directed to. + + ``ProxyEgressPort`` - (Required) Specifies the port that outgoing traffic from the ``AppPorts`` is directed to. + + ``EgressIgnoredPorts`` - (Required) The egress traffic going to the specified ports is ignored and not redirected to the ``ProxyEgressPort``. It can be an empty list. + + ``EgressIgnoredIPs`` - (Required) The egress traffic going to the specified IP addresses is ignored and not redirected to the ``ProxyEgressPort``. It can be an empty list. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/KeyValuePair' + Type: + description: The proxy type. The only supported value is ``APPMESH``. + type: string + ContainerName: + description: The name of the container that will serve as the App Mesh proxy. + type: string Volume: + description: >- + The data volume configuration for tasks launched using this task definition. Specifying a volume configuration in a task definition is optional. The volume configuration may contain multiple volumes but only one volume configured at launch is supported. Each volume defined in the volume configuration may only specify a ``name`` and one of either ``configuredAtLaunch``, ``dockerVolumeConfiguration``, ``efsVolumeConfiguration``, ``fsxWindowsFileServerVolumeConfiguration``, or ``host``. If + an empty volume configuration is specified, by default Amazon ECS uses a host volume. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html). + additionalProperties: false type: object properties: + EFSVolumeConfiguration: + description: This parameter is specified when you use an Amazon Elastic File System file system for task storage. + $ref: '#/components/schemas/EFSVolumeConfiguration' + Host: + description: |- + This parameter is specified when you use bind mount host volumes. The contents of the ``host`` parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the ``host`` parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. + Windows containers can mount whole directories on the same drive as ``$env:ProgramData``. Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount ``C:\my\path:C:\my\path`` and ``D:\:D:\``, but not ``D:\my\path:C:\my\path`` or ``D:\:C:\my\path``. + $ref: '#/components/schemas/HostVolumeProperties' ConfiguredAtLaunch: - type: boolean description: |- Indicates whether the volume should be configured at launch time. This is used to create Amazon EBS volumes for standalone tasks or tasks created as part of a service. Each task definition revision may only have one volume configured at launch in the volume configuration. To configure a volume at launch time, use this task definition revision and specify a ``volumeConfigurations`` object when calling the ``CreateService``, ``UpdateService``, ``RunTask`` or ``StartTask`` APIs. + type: boolean DockerVolumeConfiguration: - $ref: '#/components/schemas/DockerVolumeConfiguration' description: |- This parameter is specified when you use Docker volumes. Windows containers only support the use of the ``local`` driver. To use bind mounts, specify the ``host`` parameter instead. Docker volumes aren't supported by tasks run on FARGATElong. - EFSVolumeConfiguration: - $ref: '#/components/schemas/EFSVolumeConfiguration' - description: This parameter is specified when you use an Amazon Elastic File System file system for task storage. + $ref: '#/components/schemas/DockerVolumeConfiguration' FSxWindowsFileServerVolumeConfiguration: - $ref: '#/components/schemas/FSxWindowsFileServerVolumeConfiguration' description: This parameter is specified when you use Amazon FSx for Windows File Server file system for task storage. - Host: - $ref: '#/components/schemas/HostVolumeProperties' - description: |- - This parameter is specified when you use bind mount host volumes. The contents of the ``host`` parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the ``host`` parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. - Windows containers can mount whole directories on the same drive as ``$env:ProgramData``. Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount ``C:\my\path:C:\my\path`` and ``D:\:D:\``, but not ``D:\my\path:C:\my\path`` or ``D:\:C:\my\path``. + $ref: '#/components/schemas/FSxWindowsFileServerVolumeConfiguration' Name: - type: string description: |- The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. When using a volume configured at launch, the ``name`` is required and must also be specified as the volume name in the ``ServiceVolumeConfiguration`` or ``TaskVolumeConfiguration`` parameter when creating your service or standalone task. For all other types of volumes, this name is referenced in the ``sourceVolume`` parameter of the ``mountPoints`` object in the container definition. When a volume is using the ``efsVolumeConfiguration``, the name is required. + type: string + EnvironmentFile: + description: |- + A list of files containing the environment variables to pass to a container. You can specify up to ten environment files. The file must have a ``.env`` file extension. Each line in an environment file should contain an environment variable in ``VARIABLE=VALUE`` format. Lines beginning with ``#`` are treated as comments and are ignored. + If there are environment variables specified using the ``environment`` parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see [Use a file to pass environment variables to a container](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/use-environment-file.html) in the *Amazon Elastic Container Service Developer Guide*. + Environment variable files are objects in Amazon S3 and all Amazon S3 security considerations apply. + You must use the following platforms for the Fargate launch type: + + Linux platform version ``1.4.0`` or later. + + Windows platform version ``1.0.0`` or later. + + Consider the following when using the Fargate launch type: + + The file is handled like a native Docker env-file. + + There is no support for shell escape handling. + + The container entry point interperts the ``VARIABLE`` values. + additionalProperties: false + type: object + properties: + Type: + description: The file type to use. Environment files are objects in Amazon S3. The only supported value is ``s3``. + type: string + Value: + description: The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file. + type: string + ResourceRequirement: + description: The type and amount of a resource to assign to a container. The supported resource types are GPUs and Elastic Inference accelerators. For more information, see [Working with GPUs on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-gpu.html) or [Working with Amazon Elastic Inference on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html) in the *Amazon Elastic Container Service Developer Guide* + additionalProperties: false + type: object + required: + - Type + - Value + properties: + Type: + description: The type of resource to assign to a container. + type: string + Value: + description: |- + The value for the specified resource type. + When the type is ``GPU``, the value is the number of physical ``GPUs`` the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on. + When the type is ``InferenceAccelerator``, the ``value`` matches the ``deviceName`` for an [InferenceAccelerator](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_InferenceAccelerator.html) specified in a task definition. + type: string + InferenceAccelerator: + description: Details on an Elastic Inference accelerator. For more information, see [Working with Amazon Elastic Inference on Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html) in the *Amazon Elastic Container Service Developer Guide*. + additionalProperties: false + type: object + properties: + DeviceType: + description: The Elastic Inference accelerator type to use. + type: string + DeviceName: + description: The Elastic Inference accelerator device name. The ``deviceName`` must also be referenced in a container definition as a [ResourceRequirement](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ResourceRequirement.html). + type: string + EphemeralStorage: + description: |- + The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on FARGATElong. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon ECS Developer Guide;*. + For tasks using the Fargate launch type, the task requires the following platforms: + + Linux platform version ``1.4.0`` or later. + + Windows platform version ``1.0.0`` or later. additionalProperties: false - description: >- - The data volume configuration for tasks launched using this task definition. Specifying a volume configuration in a task definition is optional. The volume configuration may contain multiple volumes but only one volume configured at launch is supported. Each volume defined in the volume configuration may only specify a ``name`` and one of either ``configuredAtLaunch``, ``dockerVolumeConfiguration``, ``efsVolumeConfiguration``, ``fsxWindowsFileServerVolumeConfiguration``, or ``host``. If - an empty volume configuration is specified, by default Amazon ECS uses a host volume. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html). - VolumeFrom: type: object properties: - ReadOnly: - type: boolean - description: If this value is ``true``, the container has read-only access to the volume. If this value is ``false``, then the container can write to the volume. The default value is ``false``. - SourceContainer: - type: string - description: The name of another container within the same task definition to mount volumes from. + SizeInGiB: + description: The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is ``21`` GiB and the maximum supported value is ``200`` GiB. + type: integer + FSxWindowsFileServerVolumeConfiguration: + description: |- + This parameter is specified when you're using [Amazon FSx for Windows File Server](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html) file system for task storage. + For more information and the input format, see [Amazon FSx for Windows File Server volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/wfsx-volumes.html) in the *Amazon Elastic Container Service Developer Guide*. additionalProperties: false - description: Details on a data volume from another container in the same task definition. - TaskDefinition: type: object + required: + - FileSystemId + - RootDirectory properties: - TaskDefinitionArn: - description: '' + AuthorizationConfig: + description: The authorization configuration details for the Amazon FSx for Windows File Server file system. + $ref: '#/components/schemas/FSxAuthorizationConfig' + FileSystemId: + description: The Amazon FSx for Windows File Server file system ID to use. type: string - Family: + RootDirectory: + description: The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host. type: string + TaskDefinition: + type: object + properties: + TaskRoleArn: description: |- - The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. - A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. - To use revision numbers when you update a task definition, specify this property. If you don't specify a value, CFNlong generates a new task definition each time that you update it. - ContainerDefinitions: - type: array - x-insertionOrder: false - uniqueItems: true - items: - $ref: '#/components/schemas/ContainerDefinition' - description: A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*. - Cpu: + The short name or full Amazon Resource Name (ARN) of the IAMlong role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see [Amazon ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*. + IAM roles for tasks on Windows require that the ``-EnableTaskIAMRole`` option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see [Windows IAM roles for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html) in the *Amazon Elastic Container Service Developer Guide*. + String validation is done on the ECS side. If an invalid string value is given for ``TaskRoleArn``, it may cause the Cloudformation job to hang. type: string - description: |- - The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. - The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. - + 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - + 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - + 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - + 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - + 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - + 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments - This option requires Linux platform ``1.4.0`` or later. - + 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments - This option requires Linux platform ``1.4.0`` or later. - ExecutionRoleArn: + IpcMode: + description: >- + The IPC resource namespace to use for the containers in the task. The valid values are ``host``, ``task``, or ``none``. If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task + are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. + If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. + If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see [System Controls](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) in the *Amazon Elastic Container Service Developer Guide*. + + For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. + + For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. + + This parameter is not supported for Windows containers or tasks run on FARGATElong. type: string - description: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see [Amazon ECS task execution IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html) in the *Amazon Elastic Container Service Developer Guide*. - EphemeralStorage: - $ref: '#/components/schemas/EphemeralStorage' - description: The ephemeral storage settings to use for tasks run with the task definition. InferenceAccelerators: - type: array - x-insertionOrder: false uniqueItems: true + description: The Elastic Inference accelerators to use for the containers in the task. + x-insertionOrder: false + type: array items: $ref: '#/components/schemas/InferenceAccelerator' - description: The Elastic Inference accelerators to use for the containers in the task. Memory: - type: string description: |- The amount (in MiB) of memory used by the task. If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see [ContainerDefinition](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html). @@ -2364,80 +2413,97 @@ components: This option requires Linux platform ``1.4.0`` or later. + Between 32GB and 120 GB in 8 GB increments - Available ``cpu`` values: 16384 (16 vCPU) This option requires Linux platform ``1.4.0`` or later. - NetworkMode: type: string - description: |- - The Docker networking mode to use for the containers in the task. The valid values are ``none``, ``bridge``, ``awsvpc``, and ``host``. If no network mode is specified, the default is ``bridge``. - For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ```` or ``awsvpc`` can be used. If the network mode is set to ``none``, you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. - With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. - When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. - If the network mode is ``awsvpc``, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. - If the network mode is ``host``, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. - For more information, see [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings) in the *Docker run reference*. PlacementConstraints: - type: array - x-insertionOrder: false uniqueItems: true - items: - $ref: '#/components/schemas/TaskDefinitionPlacementConstraint' description: |- An array of placement constraint objects to use for tasks. This parameter isn't supported for tasks run on FARGATElong. - ProxyConfiguration: - $ref: '#/components/schemas/ProxyConfiguration' + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/TaskDefinitionPlacementConstraint' + Cpu: description: |- - The configuration details for the App Mesh proxy. - Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. + If you use the EC2 launch type, this field is optional. Supported values are between ``128`` CPU units (``0.125`` vCPUs) and ``10240`` CPU units (``10`` vCPUs). + The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. + + 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) + + 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) + + 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) + + 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) + + 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) + + 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments + This option requires Linux platform ``1.4.0`` or later. + + 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments + This option requires Linux platform ``1.4.0`` or later. + type: string RequiresCompatibilities: - type: array - x-insertionOrder: false uniqueItems: true - items: - type: string description: The task launch types the task definition was validated against. The valid values are ``EC2``, ``FARGATE``, and ``EXTERNAL``. For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide*. - TaskRoleArn: - type: string - description: |- - The short name or full Amazon Resource Name (ARN) of the IAMlong role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see [Amazon ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*. - IAM roles for tasks on Windows require that the ``-EnableTaskIAMRole`` option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see [Windows IAM roles for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html) in the *Amazon Elastic Container Service Developer Guide*. - Volumes: - type: array x-insertionOrder: false - uniqueItems: true + type: array items: - $ref: '#/components/schemas/Volume' + type: string + NetworkMode: description: |- - The list of data volume definitions for the task. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon Elastic Container Service Developer Guide*. - The ``host`` and ``sourcePath`` parameters aren't supported for tasks run on FARGATElong. - PidMode: + The Docker networking mode to use for the containers in the task. The valid values are ``none``, ``bridge``, ``awsvpc``, and ``host``. If no network mode is specified, the default is ``bridge``. + For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ```` or ``awsvpc`` can be used. If the network mode is set to ``none``, you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. + With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. + When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. + If the network mode is ``awsvpc``, the task is allocated an elastic network interface, and you must specify a [NetworkConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html) value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. + If the network mode is ``host``, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. type: string + PidMode: description: |- The process namespace to use for the containers in the task. The valid values are ``host`` or ``task``. On Fargate for Linux containers, the only valid value is ``task``. For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. - If no value is specified, the default is a private namespace for each container. For more information, see [PID settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid) in the *Docker run reference*. - If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/). + If no value is specified, the default is a private namespace for each container. + If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. This parameter is not supported for Windows containers. This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate. + type: string + EnableFaultInjection: + description: Enables fault injection and allows for fault injection requests to be accepted from the task's containers. The default value is ``false``. + type: boolean + ExecutionRoleArn: + description: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For informationabout the required IAM roles for Amazon ECS, see [IAM roles for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html) in the *Amazon Elastic Container Service Developer Guide*. + type: string RuntimePlatform: - $ref: '#/components/schemas/RuntimePlatform' description: The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type. - IpcMode: - type: string - description: >- - The IPC resource namespace to use for the containers in the task. The valid values are ``host``, ``task``, or ``none``. If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task - are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see [IPC settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc) in the *Docker run reference*. - If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/). - If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see [System Controls](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) in the *Amazon Elastic Container Service Developer Guide*. - + For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - + For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. - - This parameter is not supported for Windows containers or tasks run on FARGATElong. - Tags: + $ref: '#/components/schemas/RuntimePlatform' + ProxyConfiguration: + description: |- + The configuration details for the App Mesh proxy. + Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + $ref: '#/components/schemas/ProxyConfiguration' + Volumes: + uniqueItems: true + description: |- + The list of data volume definitions for the task. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon Elastic Container Service Developer Guide*. + The ``host`` and ``sourcePath`` parameters aren't supported for tasks run on FARGATElong. + x-insertionOrder: false type: array + items: + $ref: '#/components/schemas/Volume' + ContainerDefinitions: + uniqueItems: true + description: A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*. x-insertionOrder: false + type: array items: - $ref: '#/components/schemas/Tag' + $ref: '#/components/schemas/ContainerDefinition' + Family: + description: |- + The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. + A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. + To use revision numbers when you update a task definition, specify this property. If you don't specify a value, CFNlong generates a new task definition each time that you update it. + type: string + EphemeralStorage: + description: The ephemeral storage settings to use for tasks run with the task definition. + $ref: '#/components/schemas/EphemeralStorage' + Tags: description: |- The metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them. The following basic restrictions apply to tags: @@ -2448,11 +2514,18 @@ components: + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. + Tag keys and values are case-sensitive. + Do not use ``aws:``, ``AWS:``, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + TaskDefinitionArn: + description: '' + type: string x-stackql-resource-name: task_definition description: |- Registers a new task definition from the supplied ``family`` and ``containerDefinitions``. Optionally, you can add data volumes to your containers with the ``volumes`` parameter. For more information about task definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*. You can specify a role for your task with the ``taskRoleArn`` parameter. When you specify a role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the AWS services that are specified in the policy that's associated with the role. For more information, see [IAM Roles for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*. - You can specify a Docker networking mode for the containers in your task definition with the ``networkMode`` parameter. The available network modes correspond to those described in [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#/network-settings) in the Docker run reference. If you specify the ``awsvpc`` network mode, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. + You can specify a Docker networking mode for the containers in your task definition with the ``networkMode`` parameter. If you specify the ``awsvpc`` network mode, the task is allocated an elastic network interface, and you must specify a [NetworkConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html) when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. In the following example or examples, the Authorization header contents (``AUTHPARAMS``) must be replaced with an AWS Signature Version 4 signature. For more information, see [Signature Version 4 Signing Process](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) in the *General Reference*. You only need to learn how to sign HTTP requests if you intend to create them manually. When you use the [](https://docs.aws.amazon.com/cli/) or one of the [SDKs](https://docs.aws.amazon.com/tools/) to make requests to AWS, these tools automatically sign the requests for you, with the access key that you specify when you configure the tools. When you use these tools, you don't have to sign requests yourself. x-type-name: AWS::ECS::TaskDefinition @@ -2462,6 +2535,7 @@ components: - Family - ContainerDefinitions - Cpu + - EnableFaultInjection - ExecutionRoleArn - InferenceAccelerators - Memory @@ -2478,20 +2552,24 @@ components: x-read-only-properties: - TaskDefinitionArn x-tagging: + permissions: + - ecs:TagResource + - ecs:UntagResource + - ecs:ListTagsForResource taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: true tagProperty: /properties/Tags + cloudFormationSystemTags: true x-required-permissions: + read: + - ecs:DescribeTaskDefinition create: - ecs:RegisterTaskDefinition - ecs:DescribeTaskDefinition - ecs:TagResource - iam:GetRole - iam:PassRole - read: - - ecs:DescribeTaskDefinition update: - ecs:TagResource - ecs:UntagResource @@ -2499,73 +2577,77 @@ components: - ecs:DescribeTaskDefinition - iam:GetRole - iam:PassRole + list: + - ecs:ListTaskDefinitions + - ecs:DescribeTaskDefinition delete: - ecs:DeregisterTaskDefinition - ecs:DescribeTaskDefinition - iam:GetRole - iam:PassRole - list: - - ecs:ListTaskDefinitions - - ecs:DescribeTaskDefinition Scale: + additionalProperties: false type: object properties: + Value: + description: The value, specified as a percent total of a service's desiredCount, to scale the task set. Accepted values are numbers between 0 and 100. + maximum: 100 + type: number + minimum: 0 Unit: description: The unit of measure for the scale value. type: string enum: - PERCENT - Value: - description: The value, specified as a percent total of a service's desiredCount, to scale the task set. Accepted values are numbers between 0 and 100. - type: number - minimum: 0 - maximum: 100 - additionalProperties: false TaskSet: type: object properties: - Cluster: - description: The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in. + PlatformVersion: + description: The platform version that the tasks in the task set should use. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used by default. type: string ExternalId: description: 'An optional non-unique tag that identifies this task set in external systems. If the task set is associated with a service discovery registry, the tasks in this task set will have the ECS_TASK_SET_EXTERNAL_ID AWS Cloud Map attribute set to the provided value. ' type: string - Id: - description: The ID of the task set. - type: string - LaunchType: - description: 'The launch type that new tasks in the task set will use. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html in the Amazon Elastic Container Service Developer Guide. ' + Cluster: + description: The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in. type: string - enum: - - EC2 - - FARGATE LoadBalancers: type: array items: $ref: '#/components/schemas/LoadBalancer' - NetworkConfiguration: - $ref: '#/components/schemas/NetworkConfiguration' - PlatformVersion: - description: The platform version that the tasks in the task set should use. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used by default. + Service: + description: The short name or full Amazon Resource Name (ARN) of the service to create the task set in. type: string Scale: description: A floating-point percentage of the desired number of tasks to place and keep running in the task set. $ref: '#/components/schemas/Scale' - Service: - description: The short name or full Amazon Resource Name (ARN) of the service to create the task set in. + ServiceRegistries: + description: The details of the service discovery registries to assign to this task set. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html. + type: array + items: + $ref: '#/components/schemas/ServiceRegistry' + CapacityProviderStrategy: + type: array + items: + $ref: '#/components/schemas/CapacityProviderStrategyItem' + LaunchType: + description: 'The launch type that new tasks in the task set will use. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html in the Amazon Elastic Container Service Developer Guide. ' + type: string + enum: + - EC2 + - FARGATE + TaskDefinition: + description: The short name or full Amazon Resource Name (ARN) of the task definition for the tasks in the task set to use. + type: string + NetworkConfiguration: + $ref: '#/components/schemas/NetworkConfiguration' + Id: + description: The ID of the task set. type: string - ServiceRegistries: - description: The details of the service discovery registries to assign to this task set. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html. - type: array - items: - $ref: '#/components/schemas/ServiceRegistry' Tags: type: array items: $ref: '#/components/schemas/Tag' - TaskDefinition: - description: The short name or full Amazon Resource Name (ARN) of the task definition for the tasks in the task set to use. - type: string required: - Cluster - Service @@ -2587,6 +2669,7 @@ components: - Service - ServiceRegistries - TaskDefinition + - CapacityProviderStrategy x-read-only-properties: - Id x-required-properties: @@ -2594,17 +2677,22 @@ components: - Service - TaskDefinition x-tagging: + permissions: + - ecs:TagResource + - ecs:UntagResource + - ecs:ListTagsForResource taggable: true tagOnCreate: true tagUpdatable: true + tagProperty: /properties/Tags cloudFormationSystemTags: false x-required-permissions: + read: + - ecs:DescribeTaskSets create: - ecs:CreateTaskSet - ecs:DescribeTaskSets - ecs:TagResource - read: - - ecs:DescribeTaskSets update: - ecs:DescribeTaskSets - ecs:TagResource @@ -2626,12 +2714,12 @@ components: DesiredState: type: object properties: + DefaultCapacityProviderStrategy: + $ref: '#/components/schemas/DefaultCapacityProviderStrategy' CapacityProviders: $ref: '#/components/schemas/CapacityProviders' Cluster: $ref: '#/components/schemas/Cluster' - DefaultCapacityProviderStrategy: - $ref: '#/components/schemas/DefaultCapacityProviderStrategy' x-stackQL-stringOnly: true x-title: CreateClusterCapacityProviderAssociationsRequest type: object @@ -2649,12 +2737,12 @@ components: DesiredState: type: object properties: - Cluster: - description: The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in. - type: string TaskSetId: description: The ID or full Amazon Resource Name (ARN) of the task set. type: string + Cluster: + description: The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in. + type: string Service: description: The short name or full Amazon Resource Name (ARN) of the service to create the task set in. type: string @@ -2675,124 +2763,81 @@ components: DesiredState: type: object properties: - ServiceArn: + PlatformVersion: + default: LATEST + description: The platform version that your tasks in the service are running on. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the ``LATEST`` platform version is used. For more information, see [platform versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html) in the *Amazon Elastic Container Service Developer Guide*. + type: string + PropagateTags: + description: |- + Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action. + You must set this to a value other than ``NONE`` when you use Cost Explorer. For more information, see [Amazon ECS usage reports](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/usage-reports.html) in the *Amazon Elastic Container Service Developer Guide*. + The default is ``NONE``. type: string + enum: + - SERVICE + - TASK_DEFINITION + ServiceArn: description: '' - CapacityProviderStrategy: + type: string + PlacementStrategies: + description: The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service. type: array items: - $ref: '#/components/schemas/CapacityProviderStrategyItem' + $ref: '#/components/schemas/PlacementStrategy' + ServiceRegistries: + description: |- + The details of the service discovery registry to associate with this service. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html). + Each service may be associated with one service registry. Multiple service registries for each service isn't supported. + type: array + items: + $ref: '#/components/schemas/ServiceRegistry' + VolumeConfigurations: + description: The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. + type: array + items: + $ref: '#/components/schemas/ServiceVolumeConfiguration' + CapacityProviderStrategy: description: |- The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. - A capacity provider strategy may contain a maximum of 6 capacity providers. - Cluster: - type: string - description: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed. - DeploymentConfiguration: - $ref: '#/components/schemas/DeploymentConfiguration' - description: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks. - DeploymentController: - $ref: '#/components/schemas/DeploymentController' - description: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used. - DesiredCount: - type: integer - description: |- - The number of instantiations of the specified task definition to place and keep running in your service. - For new services, if a desired count is not specified, a default value of ``1`` is used. When using the ``DAEMON`` scheduling strategy, the desired count is not required. - For existing services, if a desired count is not specified, it is omitted from the operation. - EnableECSManagedTags: - type: boolean - description: |- - Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see [Tagging your Amazon ECS resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) in the *Amazon Elastic Container Service Developer Guide*. - When you use Amazon ECS managed tags, you need to set the ``propagateTags`` request parameter. - EnableExecuteCommand: - type: boolean - description: Determines whether the execute command functionality is turned on for the service. If ``true``, the execute command functionality is turned on for all containers in tasks as part of the service. - HealthCheckGracePeriodSeconds: - type: integer - description: |- - The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of ``0`` is used. - If you do not use an Elastic Load Balancing, we recommend that you use the ``startPeriod`` in the task definition health check parameters. For more information, see [Health check](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HealthCheck.html). - If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up. + A capacity provider strategy can contain a maximum of 20 capacity providers. + type: array + items: + $ref: '#/components/schemas/CapacityProviderStrategyItem' LaunchType: + description: The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide*. type: string enum: - EC2 - FARGATE - EXTERNAL - description: The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide*. - LoadBalancers: - type: array - items: - $ref: '#/components/schemas/LoadBalancer' - description: A list of load balancer objects to associate with the service. If you specify the ``Role`` property, ``LoadBalancers`` must be specified as well. For information about the number of load balancers that you can specify per service, see [Service Load Balancing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html) in the *Amazon Elastic Container Service Developer Guide*. Name: - type: string description: '' - NetworkConfiguration: - $ref: '#/components/schemas/NetworkConfiguration' - description: The network configuration for the service. This parameter is required for task definitions that use the ``awsvpc`` network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. - PlacementConstraints: - type: array - items: - $ref: '#/components/schemas/PlacementConstraint' - description: An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime. - PlacementStrategies: - type: array - items: - $ref: '#/components/schemas/PlacementStrategy' - description: The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service. - PlatformVersion: - type: string - default: LATEST - description: The platform version that your tasks in the service are running on. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the ``LATEST`` platform version is used. For more information, see [platform versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html) in the *Amazon Elastic Container Service Developer Guide*. - PropagateTags: - type: string - enum: - - SERVICE - - TASK_DEFINITION - description: |- - Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action. - The default is ``NONE``. - Role: type: string + AvailabilityZoneRebalancing: + default: DISABLED description: |- - The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition doesn't use the ``awsvpc`` network mode. If you specify the ``role`` parameter, you must also specify a load balancer object with the ``loadBalancers`` parameter. - If your account has already created the Amazon ECS service-linked role, that role is used for your service unless you specify a role here. The service-linked role is required if your task definition uses the ``awsvpc`` network mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you don't specify a role here. For more information, see [Using service-linked roles for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) in the *Amazon Elastic Container Service Developer Guide*. - If your specified role has a path other than ``/``, then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the name ``bar`` has a path of ``/foo/`` then you would specify ``/foo/bar`` as the role name. For more information, see [Friendly names and paths](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) in the *IAM User Guide*. - SchedulingStrategy: + Indicates whether to use Availability Zone rebalancing for the service. + For more information, see [Balancing an Amazon ECS service across Availability Zones](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html) in the *Amazon Elastic Container Service Developer Guide*. type: string enum: - - DAEMON - - REPLICA + - ENABLED + - DISABLED + SchedulingStrategy: description: |- The scheduling strategy to use for the service. For more information, see [Services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html). There are two service scheduler strategies available: + ``REPLICA``-The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. This scheduler strategy is required if the service uses the ``CODE_DEPLOY`` or ``EXTERNAL`` deployment controller types. + ``DAEMON``-The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that don't meet the placement constraints. When you're using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies. Tasks using the Fargate launch type or the ``CODE_DEPLOY`` or ``EXTERNAL`` deployment controller types don't support the ``DAEMON`` scheduling strategy. - ServiceConnectConfiguration: - $ref: '#/components/schemas/ServiceConnectConfiguration' - description: |- - The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. - Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. - ServiceName: type: string - description: |- - The name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions. - The stack update fails if you change any properties that require replacement and the ``ServiceName`` is configured. This is because AWS CloudFormation creates the replacement service first, but each ``ServiceName`` must be unique in the cluster. - ServiceRegistries: - type: array - items: - $ref: '#/components/schemas/ServiceRegistry' - description: |- - The details of the service discovery registry to associate with this service. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html). - Each service may be associated with one service registry. Multiple service registries for each service isn't supported. + enum: + - DAEMON + - REPLICA + NetworkConfiguration: + description: The network configuration for the service. This parameter is required for task definitions that use the ``awsvpc`` network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. + $ref: '#/components/schemas/NetworkConfiguration' Tags: - type: array - items: - $ref: '#/components/schemas/Tag' description: |- The metadata that you apply to the service to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. When a service is deleted, the tags are deleted as well. The following basic restrictions apply to tags: @@ -2803,17 +2848,74 @@ components: + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. + Tag keys and values are case-sensitive. + Do not use ``aws:``, ``AWS:``, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit. - TaskDefinition: + type: array + items: + $ref: '#/components/schemas/Tag' + HealthCheckGracePeriodSeconds: + description: |- + The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you don't specify a health check grace period value, the default value of ``0`` is used. If you don't use any of the health checks, then ``healthCheckGracePeriodSeconds`` is unused. + If your service's tasks take a while to start and respond to health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up. + type: integer + EnableECSManagedTags: + description: |- + Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see [Tagging your Amazon ECS resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) in the *Amazon Elastic Container Service Developer Guide*. + When you use Amazon ECS managed tags, you need to set the ``propagateTags`` request parameter. + type: boolean + EnableExecuteCommand: + description: Determines whether the execute command functionality is turned on for the service. If ``true``, the execute command functionality is turned on for all containers in tasks as part of the service. + type: boolean + PlacementConstraints: + description: An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime. + type: array + items: + $ref: '#/components/schemas/PlacementConstraint' + Cluster: + description: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed. + type: string + LoadBalancers: + description: A list of load balancer objects to associate with the service. If you specify the ``Role`` property, ``LoadBalancers`` must be specified as well. For information about the number of load balancers that you can specify per service, see [Service Load Balancing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html) in the *Amazon Elastic Container Service Developer Guide*. + type: array + items: + $ref: '#/components/schemas/LoadBalancer' + ServiceConnectConfiguration: + description: |- + The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. + Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. + $ref: '#/components/schemas/ServiceConnectConfiguration' + DesiredCount: + description: |- + The number of instantiations of the specified task definition to place and keep running in your service. + For new services, if a desired count is not specified, a default value of ``1`` is used. When using the ``DAEMON`` scheduling strategy, the desired count is not required. + For existing services, if a desired count is not specified, it is omitted from the operation. + type: integer + VpcLatticeConfigurations: + description: The VPC Lattice configuration for the service being created. + type: array + items: + $ref: '#/components/schemas/VpcLatticeConfiguration' + DeploymentController: + description: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used. + $ref: '#/components/schemas/DeploymentController' + Role: + description: |- + The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition doesn't use the ``awsvpc`` network mode. If you specify the ``role`` parameter, you must also specify a load balancer object with the ``loadBalancers`` parameter. + If your account has already created the Amazon ECS service-linked role, that role is used for your service unless you specify a role here. The service-linked role is required if your task definition uses the ``awsvpc`` network mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you don't specify a role here. For more information, see [Using service-linked roles for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) in the *Amazon Elastic Container Service Developer Guide*. + If your specified role has a path other than ``/``, then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the name ``bar`` has a path of ``/foo/`` then you would specify ``/foo/bar`` as the role name. For more information, see [Friendly names and paths](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) in the *IAM User Guide*. type: string + TaskDefinition: description: |- The ``family`` and ``revision`` (``family:revision``) or full ARN of the task definition to run in your service. If a ``revision`` isn't specified, the latest ``ACTIVE`` revision is used. A task definition must be specified if the service uses either the ``ECS`` or ``CODE_DEPLOY`` deployment controllers. For more information about deployment types, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html). - VolumeConfigurations: - type: array - items: - $ref: '#/components/schemas/ServiceVolumeConfiguration' - description: The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. + type: string + ServiceName: + description: |- + The name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions. + The stack update fails if you change any properties that require replacement and the ``ServiceName`` is configured. This is because AWS CloudFormation creates the replacement service first, but each ``ServiceName`` must be unique in the cluster. + type: string + DeploymentConfiguration: + description: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks. + $ref: '#/components/schemas/DeploymentConfiguration' x-stackQL-stringOnly: true x-title: CreateServiceRequest type: object @@ -2824,58 +2926,38 @@ components: type: string RoleArn: type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - TaskDefinitionArn: - description: '' - type: string - Family: - type: string - description: |- - The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. - A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. - To use revision numbers when you update a task definition, specify this property. If you don't specify a value, CFNlong generates a new task definition each time that you update it. - ContainerDefinitions: - type: array - x-insertionOrder: false - uniqueItems: true - items: - $ref: '#/components/schemas/ContainerDefinition' - description: A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*. - Cpu: - type: string - description: |- - The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. - The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. - + 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - + 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - + 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - + 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - + 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - + 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments - This option requires Linux platform ``1.4.0`` or later. - + 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments - This option requires Linux platform ``1.4.0`` or later. - ExecutionRoleArn: + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + TaskRoleArn: + description: |- + The short name or full Amazon Resource Name (ARN) of the IAMlong role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see [Amazon ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*. + IAM roles for tasks on Windows require that the ``-EnableTaskIAMRole`` option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see [Windows IAM roles for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html) in the *Amazon Elastic Container Service Developer Guide*. + String validation is done on the ECS side. If an invalid string value is given for ``TaskRoleArn``, it may cause the Cloudformation job to hang. + type: string + IpcMode: + description: >- + The IPC resource namespace to use for the containers in the task. The valid values are ``host``, ``task``, or ``none``. If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a + task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. + If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. + If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see [System Controls](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) in the *Amazon Elastic Container Service Developer Guide*. + + For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. + + For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. + + This parameter is not supported for Windows containers or tasks run on FARGATElong. type: string - description: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see [Amazon ECS task execution IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html) in the *Amazon Elastic Container Service Developer Guide*. - EphemeralStorage: - $ref: '#/components/schemas/EphemeralStorage' - description: The ephemeral storage settings to use for tasks run with the task definition. InferenceAccelerators: - type: array - x-insertionOrder: false uniqueItems: true + description: The Elastic Inference accelerators to use for the containers in the task. + x-insertionOrder: false + type: array items: $ref: '#/components/schemas/InferenceAccelerator' - description: The Elastic Inference accelerators to use for the containers in the task. Memory: - type: string description: |- The amount (in MiB) of memory used by the task. If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see [ContainerDefinition](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html). @@ -2889,80 +2971,97 @@ components: This option requires Linux platform ``1.4.0`` or later. + Between 32GB and 120 GB in 8 GB increments - Available ``cpu`` values: 16384 (16 vCPU) This option requires Linux platform ``1.4.0`` or later. - NetworkMode: type: string - description: |- - The Docker networking mode to use for the containers in the task. The valid values are ``none``, ``bridge``, ``awsvpc``, and ``host``. If no network mode is specified, the default is ``bridge``. - For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ```` or ``awsvpc`` can be used. If the network mode is set to ``none``, you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. - With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. - When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. - If the network mode is ``awsvpc``, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. - If the network mode is ``host``, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. - For more information, see [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings) in the *Docker run reference*. PlacementConstraints: - type: array - x-insertionOrder: false uniqueItems: true - items: - $ref: '#/components/schemas/TaskDefinitionPlacementConstraint' description: |- An array of placement constraint objects to use for tasks. This parameter isn't supported for tasks run on FARGATElong. - ProxyConfiguration: - $ref: '#/components/schemas/ProxyConfiguration' + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/TaskDefinitionPlacementConstraint' + Cpu: description: |- - The configuration details for the App Mesh proxy. - Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. + If you use the EC2 launch type, this field is optional. Supported values are between ``128`` CPU units (``0.125`` vCPUs) and ``10240`` CPU units (``10`` vCPUs). + The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. + + 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) + + 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) + + 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) + + 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) + + 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) + + 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments + This option requires Linux platform ``1.4.0`` or later. + + 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments + This option requires Linux platform ``1.4.0`` or later. + type: string RequiresCompatibilities: - type: array - x-insertionOrder: false uniqueItems: true - items: - type: string description: The task launch types the task definition was validated against. The valid values are ``EC2``, ``FARGATE``, and ``EXTERNAL``. For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide*. - TaskRoleArn: - type: string - description: |- - The short name or full Amazon Resource Name (ARN) of the IAMlong role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see [Amazon ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*. - IAM roles for tasks on Windows require that the ``-EnableTaskIAMRole`` option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see [Windows IAM roles for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html) in the *Amazon Elastic Container Service Developer Guide*. - Volumes: - type: array x-insertionOrder: false - uniqueItems: true + type: array items: - $ref: '#/components/schemas/Volume' + type: string + NetworkMode: description: |- - The list of data volume definitions for the task. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon Elastic Container Service Developer Guide*. - The ``host`` and ``sourcePath`` parameters aren't supported for tasks run on FARGATElong. - PidMode: + The Docker networking mode to use for the containers in the task. The valid values are ``none``, ``bridge``, ``awsvpc``, and ``host``. If no network mode is specified, the default is ``bridge``. + For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ```` or ``awsvpc`` can be used. If the network mode is set to ``none``, you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode. + With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. + When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. + If the network mode is ``awsvpc``, the task is allocated an elastic network interface, and you must specify a [NetworkConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html) value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. + If the network mode is ``host``, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. type: string + PidMode: description: |- The process namespace to use for the containers in the task. The valid values are ``host`` or ``task``. On Fargate for Linux containers, the only valid value is ``task``. For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task. If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same process namespace. - If no value is specified, the default is a private namespace for each container. For more information, see [PID settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid) in the *Docker run reference*. - If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/). + If no value is specified, the default is a private namespace for each container. + If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. This parameter is not supported for Windows containers. This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate. + type: string + EnableFaultInjection: + description: Enables fault injection and allows for fault injection requests to be accepted from the task's containers. The default value is ``false``. + type: boolean + ExecutionRoleArn: + description: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For informationabout the required IAM roles for Amazon ECS, see [IAM roles for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html) in the *Amazon Elastic Container Service Developer Guide*. + type: string RuntimePlatform: - $ref: '#/components/schemas/RuntimePlatform' description: The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type. - IpcMode: - type: string - description: >- - The IPC resource namespace to use for the containers in the task. The valid values are ``host``, ``task``, or ``none``. If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a - task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see [IPC settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc) in the *Docker run reference*. - If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/). - If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see [System Controls](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) in the *Amazon Elastic Container Service Developer Guide*. - + For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported. - + For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task. - - This parameter is not supported for Windows containers or tasks run on FARGATElong. - Tags: + $ref: '#/components/schemas/RuntimePlatform' + ProxyConfiguration: + description: |- + The configuration details for the App Mesh proxy. + Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ``ecs-init`` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version ``20190301`` or later, they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + $ref: '#/components/schemas/ProxyConfiguration' + Volumes: + uniqueItems: true + description: |- + The list of data volume definitions for the task. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon Elastic Container Service Developer Guide*. + The ``host`` and ``sourcePath`` parameters aren't supported for tasks run on FARGATElong. + x-insertionOrder: false type: array + items: + $ref: '#/components/schemas/Volume' + ContainerDefinitions: + uniqueItems: true + description: A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*. x-insertionOrder: false + type: array items: - $ref: '#/components/schemas/Tag' + $ref: '#/components/schemas/ContainerDefinition' + Family: + description: |- + The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. + A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. + To use revision numbers when you update a task definition, specify this property. If you don't specify a value, CFNlong generates a new task definition each time that you update it. + type: string + EphemeralStorage: + description: The ephemeral storage settings to use for tasks run with the task definition. + $ref: '#/components/schemas/EphemeralStorage' + Tags: description: |- The metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them. The following basic restrictions apply to tags: @@ -2973,6 +3072,13 @@ components: + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. + Tag keys and values are case-sensitive. + Do not use ``aws:``, ``AWS:``, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + TaskDefinitionArn: + description: '' + type: string x-stackQL-stringOnly: true x-title: CreateTaskDefinitionRequest type: object @@ -2990,48 +3096,52 @@ components: DesiredState: type: object properties: - Cluster: - description: The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in. + PlatformVersion: + description: The platform version that the tasks in the task set should use. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used by default. type: string ExternalId: description: 'An optional non-unique tag that identifies this task set in external systems. If the task set is associated with a service discovery registry, the tasks in this task set will have the ECS_TASK_SET_EXTERNAL_ID AWS Cloud Map attribute set to the provided value. ' type: string - Id: - description: The ID of the task set. - type: string - LaunchType: - description: 'The launch type that new tasks in the task set will use. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html in the Amazon Elastic Container Service Developer Guide. ' + Cluster: + description: The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in. type: string - enum: - - EC2 - - FARGATE LoadBalancers: type: array items: $ref: '#/components/schemas/LoadBalancer' - NetworkConfiguration: - $ref: '#/components/schemas/NetworkConfiguration' - PlatformVersion: - description: The platform version that the tasks in the task set should use. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used by default. + Service: + description: The short name or full Amazon Resource Name (ARN) of the service to create the task set in. type: string Scale: description: A floating-point percentage of the desired number of tasks to place and keep running in the task set. $ref: '#/components/schemas/Scale' - Service: - description: The short name or full Amazon Resource Name (ARN) of the service to create the task set in. - type: string ServiceRegistries: description: The details of the service discovery registries to assign to this task set. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html. type: array items: $ref: '#/components/schemas/ServiceRegistry' - Tags: + CapacityProviderStrategy: type: array items: - $ref: '#/components/schemas/Tag' + $ref: '#/components/schemas/CapacityProviderStrategyItem' + LaunchType: + description: 'The launch type that new tasks in the task set will use. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html in the Amazon Elastic Container Service Developer Guide. ' + type: string + enum: + - EC2 + - FARGATE TaskDefinition: description: The short name or full Amazon Resource Name (ARN) of the task definition for the tasks in the task set to use. type: string + NetworkConfiguration: + $ref: '#/components/schemas/NetworkConfiguration' + Id: + description: The ID of the task set. + type: string + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true x-title: CreateTaskSetRequest type: object @@ -3107,9 +3217,9 @@ components: SELECT region, data__Identifier, + JSON_EXTRACT(Properties, '$.DefaultCapacityProviderStrategy') as default_capacity_provider_strategy, JSON_EXTRACT(Properties, '$.CapacityProviders') as capacity_providers, - JSON_EXTRACT(Properties, '$.Cluster') as cluster, - JSON_EXTRACT(Properties, '$.DefaultCapacityProviderStrategy') as default_capacity_provider_strategy + JSON_EXTRACT(Properties, '$.Cluster') as cluster FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::ClusterCapacityProviderAssociations' AND data__Identifier = '' AND region = 'us-east-1' @@ -3118,9 +3228,9 @@ components: ddl: |- SELECT detail.region, + JSON_EXTRACT(detail.Properties, '$.DefaultCapacityProviderStrategy') as default_capacity_provider_strategy, JSON_EXTRACT(detail.Properties, '$.CapacityProviders') as capacity_providers, - JSON_EXTRACT(detail.Properties, '$.Cluster') as cluster, - JSON_EXTRACT(detail.Properties, '$.DefaultCapacityProviderStrategy') as default_capacity_provider_strategy + JSON_EXTRACT(detail.Properties, '$.Cluster') as cluster FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3134,9 +3244,9 @@ components: SELECT region, data__Identifier, + json_extract_path_text(Properties, 'DefaultCapacityProviderStrategy') as default_capacity_provider_strategy, json_extract_path_text(Properties, 'CapacityProviders') as capacity_providers, - json_extract_path_text(Properties, 'Cluster') as cluster, - json_extract_path_text(Properties, 'DefaultCapacityProviderStrategy') as default_capacity_provider_strategy + json_extract_path_text(Properties, 'Cluster') as cluster FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::ClusterCapacityProviderAssociations' AND data__Identifier = '' AND region = 'us-east-1' @@ -3145,9 +3255,9 @@ components: ddl: |- SELECT detail.region, + json_extract_path_text(detail.Properties, 'DefaultCapacityProviderStrategy') as default_capacity_provider_strategy, json_extract_path_text(detail.Properties, 'CapacityProviders') as capacity_providers, - json_extract_path_text(detail.Properties, 'Cluster') as cluster, - json_extract_path_text(detail.Properties, 'DefaultCapacityProviderStrategy') as default_capacity_provider_strategy + json_extract_path_text(detail.Properties, 'Cluster') as cluster FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3293,31 +3403,33 @@ components: SELECT region, data__Identifier, + JSON_EXTRACT(Properties, '$.PlatformVersion') as platform_version, + JSON_EXTRACT(Properties, '$.PropagateTags') as propagate_tags, JSON_EXTRACT(Properties, '$.ServiceArn') as service_arn, + JSON_EXTRACT(Properties, '$.PlacementStrategies') as placement_strategies, + JSON_EXTRACT(Properties, '$.ServiceRegistries') as service_registries, + JSON_EXTRACT(Properties, '$.VolumeConfigurations') as volume_configurations, JSON_EXTRACT(Properties, '$.CapacityProviderStrategy') as capacity_provider_strategy, - JSON_EXTRACT(Properties, '$.Cluster') as cluster, - JSON_EXTRACT(Properties, '$.DeploymentConfiguration') as deployment_configuration, - JSON_EXTRACT(Properties, '$.DeploymentController') as deployment_controller, - JSON_EXTRACT(Properties, '$.DesiredCount') as desired_count, - JSON_EXTRACT(Properties, '$.EnableECSManagedTags') as enable_ecs_managed_tags, - JSON_EXTRACT(Properties, '$.EnableExecuteCommand') as enable_execute_command, - JSON_EXTRACT(Properties, '$.HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, JSON_EXTRACT(Properties, '$.LaunchType') as launch_type, - JSON_EXTRACT(Properties, '$.LoadBalancers') as load_balancers, JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.AvailabilityZoneRebalancing') as availability_zone_rebalancing, + JSON_EXTRACT(Properties, '$.SchedulingStrategy') as scheduling_strategy, JSON_EXTRACT(Properties, '$.NetworkConfiguration') as network_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, + JSON_EXTRACT(Properties, '$.EnableECSManagedTags') as enable_ecs_managed_tags, + JSON_EXTRACT(Properties, '$.EnableExecuteCommand') as enable_execute_command, JSON_EXTRACT(Properties, '$.PlacementConstraints') as placement_constraints, - JSON_EXTRACT(Properties, '$.PlacementStrategies') as placement_strategies, - JSON_EXTRACT(Properties, '$.PlatformVersion') as platform_version, - JSON_EXTRACT(Properties, '$.PropagateTags') as propagate_tags, - JSON_EXTRACT(Properties, '$.Role') as role, - JSON_EXTRACT(Properties, '$.SchedulingStrategy') as scheduling_strategy, + JSON_EXTRACT(Properties, '$.Cluster') as cluster, + JSON_EXTRACT(Properties, '$.LoadBalancers') as load_balancers, JSON_EXTRACT(Properties, '$.ServiceConnectConfiguration') as service_connect_configuration, - JSON_EXTRACT(Properties, '$.ServiceName') as service_name, - JSON_EXTRACT(Properties, '$.ServiceRegistries') as service_registries, - JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.DesiredCount') as desired_count, + JSON_EXTRACT(Properties, '$.VpcLatticeConfigurations') as vpc_lattice_configurations, + JSON_EXTRACT(Properties, '$.DeploymentController') as deployment_controller, + JSON_EXTRACT(Properties, '$.Role') as role, JSON_EXTRACT(Properties, '$.TaskDefinition') as task_definition, - JSON_EXTRACT(Properties, '$.VolumeConfigurations') as volume_configurations + JSON_EXTRACT(Properties, '$.ServiceName') as service_name, + JSON_EXTRACT(Properties, '$.DeploymentConfiguration') as deployment_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::Service' AND data__Identifier = '|' AND region = 'us-east-1' @@ -3326,31 +3438,33 @@ components: ddl: |- SELECT detail.region, + JSON_EXTRACT(detail.Properties, '$.PlatformVersion') as platform_version, + JSON_EXTRACT(detail.Properties, '$.PropagateTags') as propagate_tags, JSON_EXTRACT(detail.Properties, '$.ServiceArn') as service_arn, + JSON_EXTRACT(detail.Properties, '$.PlacementStrategies') as placement_strategies, + JSON_EXTRACT(detail.Properties, '$.ServiceRegistries') as service_registries, + JSON_EXTRACT(detail.Properties, '$.VolumeConfigurations') as volume_configurations, JSON_EXTRACT(detail.Properties, '$.CapacityProviderStrategy') as capacity_provider_strategy, - JSON_EXTRACT(detail.Properties, '$.Cluster') as cluster, - JSON_EXTRACT(detail.Properties, '$.DeploymentConfiguration') as deployment_configuration, - JSON_EXTRACT(detail.Properties, '$.DeploymentController') as deployment_controller, - JSON_EXTRACT(detail.Properties, '$.DesiredCount') as desired_count, - JSON_EXTRACT(detail.Properties, '$.EnableECSManagedTags') as enable_ecs_managed_tags, - JSON_EXTRACT(detail.Properties, '$.EnableExecuteCommand') as enable_execute_command, - JSON_EXTRACT(detail.Properties, '$.HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, JSON_EXTRACT(detail.Properties, '$.LaunchType') as launch_type, - JSON_EXTRACT(detail.Properties, '$.LoadBalancers') as load_balancers, JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZoneRebalancing') as availability_zone_rebalancing, + JSON_EXTRACT(detail.Properties, '$.SchedulingStrategy') as scheduling_strategy, JSON_EXTRACT(detail.Properties, '$.NetworkConfiguration') as network_configuration, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, + JSON_EXTRACT(detail.Properties, '$.EnableECSManagedTags') as enable_ecs_managed_tags, + JSON_EXTRACT(detail.Properties, '$.EnableExecuteCommand') as enable_execute_command, JSON_EXTRACT(detail.Properties, '$.PlacementConstraints') as placement_constraints, - JSON_EXTRACT(detail.Properties, '$.PlacementStrategies') as placement_strategies, - JSON_EXTRACT(detail.Properties, '$.PlatformVersion') as platform_version, - JSON_EXTRACT(detail.Properties, '$.PropagateTags') as propagate_tags, - JSON_EXTRACT(detail.Properties, '$.Role') as role, - JSON_EXTRACT(detail.Properties, '$.SchedulingStrategy') as scheduling_strategy, + JSON_EXTRACT(detail.Properties, '$.Cluster') as cluster, + JSON_EXTRACT(detail.Properties, '$.LoadBalancers') as load_balancers, JSON_EXTRACT(detail.Properties, '$.ServiceConnectConfiguration') as service_connect_configuration, - JSON_EXTRACT(detail.Properties, '$.ServiceName') as service_name, - JSON_EXTRACT(detail.Properties, '$.ServiceRegistries') as service_registries, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.DesiredCount') as desired_count, + JSON_EXTRACT(detail.Properties, '$.VpcLatticeConfigurations') as vpc_lattice_configurations, + JSON_EXTRACT(detail.Properties, '$.DeploymentController') as deployment_controller, + JSON_EXTRACT(detail.Properties, '$.Role') as role, JSON_EXTRACT(detail.Properties, '$.TaskDefinition') as task_definition, - JSON_EXTRACT(detail.Properties, '$.VolumeConfigurations') as volume_configurations + JSON_EXTRACT(detail.Properties, '$.ServiceName') as service_name, + JSON_EXTRACT(detail.Properties, '$.DeploymentConfiguration') as deployment_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3364,31 +3478,33 @@ components: SELECT region, data__Identifier, + json_extract_path_text(Properties, 'PlatformVersion') as platform_version, + json_extract_path_text(Properties, 'PropagateTags') as propagate_tags, json_extract_path_text(Properties, 'ServiceArn') as service_arn, + json_extract_path_text(Properties, 'PlacementStrategies') as placement_strategies, + json_extract_path_text(Properties, 'ServiceRegistries') as service_registries, + json_extract_path_text(Properties, 'VolumeConfigurations') as volume_configurations, json_extract_path_text(Properties, 'CapacityProviderStrategy') as capacity_provider_strategy, - json_extract_path_text(Properties, 'Cluster') as cluster, - json_extract_path_text(Properties, 'DeploymentConfiguration') as deployment_configuration, - json_extract_path_text(Properties, 'DeploymentController') as deployment_controller, - json_extract_path_text(Properties, 'DesiredCount') as desired_count, - json_extract_path_text(Properties, 'EnableECSManagedTags') as enable_ecs_managed_tags, - json_extract_path_text(Properties, 'EnableExecuteCommand') as enable_execute_command, - json_extract_path_text(Properties, 'HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, json_extract_path_text(Properties, 'LaunchType') as launch_type, - json_extract_path_text(Properties, 'LoadBalancers') as load_balancers, json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'AvailabilityZoneRebalancing') as availability_zone_rebalancing, + json_extract_path_text(Properties, 'SchedulingStrategy') as scheduling_strategy, json_extract_path_text(Properties, 'NetworkConfiguration') as network_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, + json_extract_path_text(Properties, 'EnableECSManagedTags') as enable_ecs_managed_tags, + json_extract_path_text(Properties, 'EnableExecuteCommand') as enable_execute_command, json_extract_path_text(Properties, 'PlacementConstraints') as placement_constraints, - json_extract_path_text(Properties, 'PlacementStrategies') as placement_strategies, - json_extract_path_text(Properties, 'PlatformVersion') as platform_version, - json_extract_path_text(Properties, 'PropagateTags') as propagate_tags, - json_extract_path_text(Properties, 'Role') as role, - json_extract_path_text(Properties, 'SchedulingStrategy') as scheduling_strategy, + json_extract_path_text(Properties, 'Cluster') as cluster, + json_extract_path_text(Properties, 'LoadBalancers') as load_balancers, json_extract_path_text(Properties, 'ServiceConnectConfiguration') as service_connect_configuration, - json_extract_path_text(Properties, 'ServiceName') as service_name, - json_extract_path_text(Properties, 'ServiceRegistries') as service_registries, - json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'DesiredCount') as desired_count, + json_extract_path_text(Properties, 'VpcLatticeConfigurations') as vpc_lattice_configurations, + json_extract_path_text(Properties, 'DeploymentController') as deployment_controller, + json_extract_path_text(Properties, 'Role') as role, json_extract_path_text(Properties, 'TaskDefinition') as task_definition, - json_extract_path_text(Properties, 'VolumeConfigurations') as volume_configurations + json_extract_path_text(Properties, 'ServiceName') as service_name, + json_extract_path_text(Properties, 'DeploymentConfiguration') as deployment_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::Service' AND data__Identifier = '|' AND region = 'us-east-1' @@ -3397,31 +3513,33 @@ components: ddl: |- SELECT detail.region, + json_extract_path_text(detail.Properties, 'PlatformVersion') as platform_version, + json_extract_path_text(detail.Properties, 'PropagateTags') as propagate_tags, json_extract_path_text(detail.Properties, 'ServiceArn') as service_arn, + json_extract_path_text(detail.Properties, 'PlacementStrategies') as placement_strategies, + json_extract_path_text(detail.Properties, 'ServiceRegistries') as service_registries, + json_extract_path_text(detail.Properties, 'VolumeConfigurations') as volume_configurations, json_extract_path_text(detail.Properties, 'CapacityProviderStrategy') as capacity_provider_strategy, - json_extract_path_text(detail.Properties, 'Cluster') as cluster, - json_extract_path_text(detail.Properties, 'DeploymentConfiguration') as deployment_configuration, - json_extract_path_text(detail.Properties, 'DeploymentController') as deployment_controller, - json_extract_path_text(detail.Properties, 'DesiredCount') as desired_count, - json_extract_path_text(detail.Properties, 'EnableECSManagedTags') as enable_ecs_managed_tags, - json_extract_path_text(detail.Properties, 'EnableExecuteCommand') as enable_execute_command, - json_extract_path_text(detail.Properties, 'HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, json_extract_path_text(detail.Properties, 'LaunchType') as launch_type, - json_extract_path_text(detail.Properties, 'LoadBalancers') as load_balancers, json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'AvailabilityZoneRebalancing') as availability_zone_rebalancing, + json_extract_path_text(detail.Properties, 'SchedulingStrategy') as scheduling_strategy, json_extract_path_text(detail.Properties, 'NetworkConfiguration') as network_configuration, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, + json_extract_path_text(detail.Properties, 'EnableECSManagedTags') as enable_ecs_managed_tags, + json_extract_path_text(detail.Properties, 'EnableExecuteCommand') as enable_execute_command, json_extract_path_text(detail.Properties, 'PlacementConstraints') as placement_constraints, - json_extract_path_text(detail.Properties, 'PlacementStrategies') as placement_strategies, - json_extract_path_text(detail.Properties, 'PlatformVersion') as platform_version, - json_extract_path_text(detail.Properties, 'PropagateTags') as propagate_tags, - json_extract_path_text(detail.Properties, 'Role') as role, - json_extract_path_text(detail.Properties, 'SchedulingStrategy') as scheduling_strategy, + json_extract_path_text(detail.Properties, 'Cluster') as cluster, + json_extract_path_text(detail.Properties, 'LoadBalancers') as load_balancers, json_extract_path_text(detail.Properties, 'ServiceConnectConfiguration') as service_connect_configuration, - json_extract_path_text(detail.Properties, 'ServiceName') as service_name, - json_extract_path_text(detail.Properties, 'ServiceRegistries') as service_registries, - json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'DesiredCount') as desired_count, + json_extract_path_text(detail.Properties, 'VpcLatticeConfigurations') as vpc_lattice_configurations, + json_extract_path_text(detail.Properties, 'DeploymentController') as deployment_controller, + json_extract_path_text(detail.Properties, 'Role') as role, json_extract_path_text(detail.Properties, 'TaskDefinition') as task_definition, - json_extract_path_text(detail.Properties, 'VolumeConfigurations') as volume_configurations + json_extract_path_text(detail.Properties, 'ServiceName') as service_name, + json_extract_path_text(detail.Properties, 'DeploymentConfiguration') as deployment_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3483,30 +3601,32 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.PlatformVersion') as platform_version, + JSON_EXTRACT(detail.Properties, '$.PropagateTags') as propagate_tags, JSON_EXTRACT(detail.Properties, '$.ServiceArn') as service_arn, + JSON_EXTRACT(detail.Properties, '$.PlacementStrategies') as placement_strategies, + JSON_EXTRACT(detail.Properties, '$.ServiceRegistries') as service_registries, + JSON_EXTRACT(detail.Properties, '$.VolumeConfigurations') as volume_configurations, JSON_EXTRACT(detail.Properties, '$.CapacityProviderStrategy') as capacity_provider_strategy, - JSON_EXTRACT(detail.Properties, '$.Cluster') as cluster, - JSON_EXTRACT(detail.Properties, '$.DeploymentConfiguration') as deployment_configuration, - JSON_EXTRACT(detail.Properties, '$.DeploymentController') as deployment_controller, - JSON_EXTRACT(detail.Properties, '$.DesiredCount') as desired_count, - JSON_EXTRACT(detail.Properties, '$.EnableECSManagedTags') as enable_ecs_managed_tags, - JSON_EXTRACT(detail.Properties, '$.EnableExecuteCommand') as enable_execute_command, - JSON_EXTRACT(detail.Properties, '$.HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, JSON_EXTRACT(detail.Properties, '$.LaunchType') as launch_type, - JSON_EXTRACT(detail.Properties, '$.LoadBalancers') as load_balancers, JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZoneRebalancing') as availability_zone_rebalancing, + JSON_EXTRACT(detail.Properties, '$.SchedulingStrategy') as scheduling_strategy, JSON_EXTRACT(detail.Properties, '$.NetworkConfiguration') as network_configuration, + JSON_EXTRACT(detail.Properties, '$.HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, + JSON_EXTRACT(detail.Properties, '$.EnableECSManagedTags') as enable_ecs_managed_tags, + JSON_EXTRACT(detail.Properties, '$.EnableExecuteCommand') as enable_execute_command, JSON_EXTRACT(detail.Properties, '$.PlacementConstraints') as placement_constraints, - JSON_EXTRACT(detail.Properties, '$.PlacementStrategies') as placement_strategies, - JSON_EXTRACT(detail.Properties, '$.PlatformVersion') as platform_version, - JSON_EXTRACT(detail.Properties, '$.PropagateTags') as propagate_tags, - JSON_EXTRACT(detail.Properties, '$.Role') as role, - JSON_EXTRACT(detail.Properties, '$.SchedulingStrategy') as scheduling_strategy, + JSON_EXTRACT(detail.Properties, '$.Cluster') as cluster, + JSON_EXTRACT(detail.Properties, '$.LoadBalancers') as load_balancers, JSON_EXTRACT(detail.Properties, '$.ServiceConnectConfiguration') as service_connect_configuration, - JSON_EXTRACT(detail.Properties, '$.ServiceName') as service_name, - JSON_EXTRACT(detail.Properties, '$.ServiceRegistries') as service_registries, + JSON_EXTRACT(detail.Properties, '$.DesiredCount') as desired_count, + JSON_EXTRACT(detail.Properties, '$.VpcLatticeConfigurations') as vpc_lattice_configurations, + JSON_EXTRACT(detail.Properties, '$.DeploymentController') as deployment_controller, + JSON_EXTRACT(detail.Properties, '$.Role') as role, JSON_EXTRACT(detail.Properties, '$.TaskDefinition') as task_definition, - JSON_EXTRACT(detail.Properties, '$.VolumeConfigurations') as volume_configurations + JSON_EXTRACT(detail.Properties, '$.ServiceName') as service_name, + JSON_EXTRACT(detail.Properties, '$.DeploymentConfiguration') as deployment_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3522,30 +3642,32 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'PlatformVersion') as platform_version, + json_extract_path_text(detail.Properties, 'PropagateTags') as propagate_tags, json_extract_path_text(detail.Properties, 'ServiceArn') as service_arn, + json_extract_path_text(detail.Properties, 'PlacementStrategies') as placement_strategies, + json_extract_path_text(detail.Properties, 'ServiceRegistries') as service_registries, + json_extract_path_text(detail.Properties, 'VolumeConfigurations') as volume_configurations, json_extract_path_text(detail.Properties, 'CapacityProviderStrategy') as capacity_provider_strategy, - json_extract_path_text(detail.Properties, 'Cluster') as cluster, - json_extract_path_text(detail.Properties, 'DeploymentConfiguration') as deployment_configuration, - json_extract_path_text(detail.Properties, 'DeploymentController') as deployment_controller, - json_extract_path_text(detail.Properties, 'DesiredCount') as desired_count, - json_extract_path_text(detail.Properties, 'EnableECSManagedTags') as enable_ecs_managed_tags, - json_extract_path_text(detail.Properties, 'EnableExecuteCommand') as enable_execute_command, - json_extract_path_text(detail.Properties, 'HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, json_extract_path_text(detail.Properties, 'LaunchType') as launch_type, - json_extract_path_text(detail.Properties, 'LoadBalancers') as load_balancers, json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'AvailabilityZoneRebalancing') as availability_zone_rebalancing, + json_extract_path_text(detail.Properties, 'SchedulingStrategy') as scheduling_strategy, json_extract_path_text(detail.Properties, 'NetworkConfiguration') as network_configuration, + json_extract_path_text(detail.Properties, 'HealthCheckGracePeriodSeconds') as health_check_grace_period_seconds, + json_extract_path_text(detail.Properties, 'EnableECSManagedTags') as enable_ecs_managed_tags, + json_extract_path_text(detail.Properties, 'EnableExecuteCommand') as enable_execute_command, json_extract_path_text(detail.Properties, 'PlacementConstraints') as placement_constraints, - json_extract_path_text(detail.Properties, 'PlacementStrategies') as placement_strategies, - json_extract_path_text(detail.Properties, 'PlatformVersion') as platform_version, - json_extract_path_text(detail.Properties, 'PropagateTags') as propagate_tags, - json_extract_path_text(detail.Properties, 'Role') as role, - json_extract_path_text(detail.Properties, 'SchedulingStrategy') as scheduling_strategy, + json_extract_path_text(detail.Properties, 'Cluster') as cluster, + json_extract_path_text(detail.Properties, 'LoadBalancers') as load_balancers, json_extract_path_text(detail.Properties, 'ServiceConnectConfiguration') as service_connect_configuration, - json_extract_path_text(detail.Properties, 'ServiceName') as service_name, - json_extract_path_text(detail.Properties, 'ServiceRegistries') as service_registries, + json_extract_path_text(detail.Properties, 'DesiredCount') as desired_count, + json_extract_path_text(detail.Properties, 'VpcLatticeConfigurations') as vpc_lattice_configurations, + json_extract_path_text(detail.Properties, 'DeploymentController') as deployment_controller, + json_extract_path_text(detail.Properties, 'Role') as role, json_extract_path_text(detail.Properties, 'TaskDefinition') as task_definition, - json_extract_path_text(detail.Properties, 'VolumeConfigurations') as volume_configurations + json_extract_path_text(detail.Properties, 'ServiceName') as service_name, + json_extract_path_text(detail.Properties, 'DeploymentConfiguration') as deployment_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3617,24 +3739,25 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.TaskDefinitionArn') as task_definition_arn, - JSON_EXTRACT(Properties, '$.Family') as family, - JSON_EXTRACT(Properties, '$.ContainerDefinitions') as container_definitions, - JSON_EXTRACT(Properties, '$.Cpu') as cpu, - JSON_EXTRACT(Properties, '$.ExecutionRoleArn') as execution_role_arn, - JSON_EXTRACT(Properties, '$.EphemeralStorage') as ephemeral_storage, + JSON_EXTRACT(Properties, '$.TaskRoleArn') as task_role_arn, + JSON_EXTRACT(Properties, '$.IpcMode') as ipc_mode, JSON_EXTRACT(Properties, '$.InferenceAccelerators') as inference_accelerators, JSON_EXTRACT(Properties, '$.Memory') as memory, - JSON_EXTRACT(Properties, '$.NetworkMode') as network_mode, JSON_EXTRACT(Properties, '$.PlacementConstraints') as placement_constraints, - JSON_EXTRACT(Properties, '$.ProxyConfiguration') as proxy_configuration, + JSON_EXTRACT(Properties, '$.Cpu') as cpu, JSON_EXTRACT(Properties, '$.RequiresCompatibilities') as requires_compatibilities, - JSON_EXTRACT(Properties, '$.TaskRoleArn') as task_role_arn, - JSON_EXTRACT(Properties, '$.Volumes') as volumes, + JSON_EXTRACT(Properties, '$.NetworkMode') as network_mode, JSON_EXTRACT(Properties, '$.PidMode') as pid_mode, + JSON_EXTRACT(Properties, '$.EnableFaultInjection') as enable_fault_injection, + JSON_EXTRACT(Properties, '$.ExecutionRoleArn') as execution_role_arn, JSON_EXTRACT(Properties, '$.RuntimePlatform') as runtime_platform, - JSON_EXTRACT(Properties, '$.IpcMode') as ipc_mode, - JSON_EXTRACT(Properties, '$.Tags') as tags + JSON_EXTRACT(Properties, '$.ProxyConfiguration') as proxy_configuration, + JSON_EXTRACT(Properties, '$.Volumes') as volumes, + JSON_EXTRACT(Properties, '$.ContainerDefinitions') as container_definitions, + JSON_EXTRACT(Properties, '$.Family') as family, + JSON_EXTRACT(Properties, '$.EphemeralStorage') as ephemeral_storage, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TaskDefinitionArn') as task_definition_arn FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::TaskDefinition' AND data__Identifier = '' AND region = 'us-east-1' @@ -3643,24 +3766,25 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.TaskDefinitionArn') as task_definition_arn, - JSON_EXTRACT(detail.Properties, '$.Family') as family, - JSON_EXTRACT(detail.Properties, '$.ContainerDefinitions') as container_definitions, - JSON_EXTRACT(detail.Properties, '$.Cpu') as cpu, - JSON_EXTRACT(detail.Properties, '$.ExecutionRoleArn') as execution_role_arn, - JSON_EXTRACT(detail.Properties, '$.EphemeralStorage') as ephemeral_storage, + JSON_EXTRACT(detail.Properties, '$.TaskRoleArn') as task_role_arn, + JSON_EXTRACT(detail.Properties, '$.IpcMode') as ipc_mode, JSON_EXTRACT(detail.Properties, '$.InferenceAccelerators') as inference_accelerators, JSON_EXTRACT(detail.Properties, '$.Memory') as memory, - JSON_EXTRACT(detail.Properties, '$.NetworkMode') as network_mode, JSON_EXTRACT(detail.Properties, '$.PlacementConstraints') as placement_constraints, - JSON_EXTRACT(detail.Properties, '$.ProxyConfiguration') as proxy_configuration, + JSON_EXTRACT(detail.Properties, '$.Cpu') as cpu, JSON_EXTRACT(detail.Properties, '$.RequiresCompatibilities') as requires_compatibilities, - JSON_EXTRACT(detail.Properties, '$.TaskRoleArn') as task_role_arn, - JSON_EXTRACT(detail.Properties, '$.Volumes') as volumes, + JSON_EXTRACT(detail.Properties, '$.NetworkMode') as network_mode, JSON_EXTRACT(detail.Properties, '$.PidMode') as pid_mode, + JSON_EXTRACT(detail.Properties, '$.EnableFaultInjection') as enable_fault_injection, + JSON_EXTRACT(detail.Properties, '$.ExecutionRoleArn') as execution_role_arn, JSON_EXTRACT(detail.Properties, '$.RuntimePlatform') as runtime_platform, - JSON_EXTRACT(detail.Properties, '$.IpcMode') as ipc_mode, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags + JSON_EXTRACT(detail.Properties, '$.ProxyConfiguration') as proxy_configuration, + JSON_EXTRACT(detail.Properties, '$.Volumes') as volumes, + JSON_EXTRACT(detail.Properties, '$.ContainerDefinitions') as container_definitions, + JSON_EXTRACT(detail.Properties, '$.Family') as family, + JSON_EXTRACT(detail.Properties, '$.EphemeralStorage') as ephemeral_storage, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.TaskDefinitionArn') as task_definition_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3674,24 +3798,25 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'TaskDefinitionArn') as task_definition_arn, - json_extract_path_text(Properties, 'Family') as family, - json_extract_path_text(Properties, 'ContainerDefinitions') as container_definitions, - json_extract_path_text(Properties, 'Cpu') as cpu, - json_extract_path_text(Properties, 'ExecutionRoleArn') as execution_role_arn, - json_extract_path_text(Properties, 'EphemeralStorage') as ephemeral_storage, + json_extract_path_text(Properties, 'TaskRoleArn') as task_role_arn, + json_extract_path_text(Properties, 'IpcMode') as ipc_mode, json_extract_path_text(Properties, 'InferenceAccelerators') as inference_accelerators, json_extract_path_text(Properties, 'Memory') as memory, - json_extract_path_text(Properties, 'NetworkMode') as network_mode, json_extract_path_text(Properties, 'PlacementConstraints') as placement_constraints, - json_extract_path_text(Properties, 'ProxyConfiguration') as proxy_configuration, + json_extract_path_text(Properties, 'Cpu') as cpu, json_extract_path_text(Properties, 'RequiresCompatibilities') as requires_compatibilities, - json_extract_path_text(Properties, 'TaskRoleArn') as task_role_arn, - json_extract_path_text(Properties, 'Volumes') as volumes, + json_extract_path_text(Properties, 'NetworkMode') as network_mode, json_extract_path_text(Properties, 'PidMode') as pid_mode, + json_extract_path_text(Properties, 'EnableFaultInjection') as enable_fault_injection, + json_extract_path_text(Properties, 'ExecutionRoleArn') as execution_role_arn, json_extract_path_text(Properties, 'RuntimePlatform') as runtime_platform, - json_extract_path_text(Properties, 'IpcMode') as ipc_mode, - json_extract_path_text(Properties, 'Tags') as tags + json_extract_path_text(Properties, 'ProxyConfiguration') as proxy_configuration, + json_extract_path_text(Properties, 'Volumes') as volumes, + json_extract_path_text(Properties, 'ContainerDefinitions') as container_definitions, + json_extract_path_text(Properties, 'Family') as family, + json_extract_path_text(Properties, 'EphemeralStorage') as ephemeral_storage, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TaskDefinitionArn') as task_definition_arn FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::TaskDefinition' AND data__Identifier = '' AND region = 'us-east-1' @@ -3700,24 +3825,25 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'TaskDefinitionArn') as task_definition_arn, - json_extract_path_text(detail.Properties, 'Family') as family, - json_extract_path_text(detail.Properties, 'ContainerDefinitions') as container_definitions, - json_extract_path_text(detail.Properties, 'Cpu') as cpu, - json_extract_path_text(detail.Properties, 'ExecutionRoleArn') as execution_role_arn, - json_extract_path_text(detail.Properties, 'EphemeralStorage') as ephemeral_storage, + json_extract_path_text(detail.Properties, 'TaskRoleArn') as task_role_arn, + json_extract_path_text(detail.Properties, 'IpcMode') as ipc_mode, json_extract_path_text(detail.Properties, 'InferenceAccelerators') as inference_accelerators, json_extract_path_text(detail.Properties, 'Memory') as memory, - json_extract_path_text(detail.Properties, 'NetworkMode') as network_mode, json_extract_path_text(detail.Properties, 'PlacementConstraints') as placement_constraints, - json_extract_path_text(detail.Properties, 'ProxyConfiguration') as proxy_configuration, + json_extract_path_text(detail.Properties, 'Cpu') as cpu, json_extract_path_text(detail.Properties, 'RequiresCompatibilities') as requires_compatibilities, - json_extract_path_text(detail.Properties, 'TaskRoleArn') as task_role_arn, - json_extract_path_text(detail.Properties, 'Volumes') as volumes, + json_extract_path_text(detail.Properties, 'NetworkMode') as network_mode, json_extract_path_text(detail.Properties, 'PidMode') as pid_mode, + json_extract_path_text(detail.Properties, 'EnableFaultInjection') as enable_fault_injection, + json_extract_path_text(detail.Properties, 'ExecutionRoleArn') as execution_role_arn, json_extract_path_text(detail.Properties, 'RuntimePlatform') as runtime_platform, - json_extract_path_text(detail.Properties, 'IpcMode') as ipc_mode, - json_extract_path_text(detail.Properties, 'Tags') as tags + json_extract_path_text(detail.Properties, 'ProxyConfiguration') as proxy_configuration, + json_extract_path_text(detail.Properties, 'Volumes') as volumes, + json_extract_path_text(detail.Properties, 'ContainerDefinitions') as container_definitions, + json_extract_path_text(detail.Properties, 'Family') as family, + json_extract_path_text(detail.Properties, 'EphemeralStorage') as ephemeral_storage, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'TaskDefinitionArn') as task_definition_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3776,23 +3902,24 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.TaskDefinitionArn') as task_definition_arn, - JSON_EXTRACT(detail.Properties, '$.Family') as family, - JSON_EXTRACT(detail.Properties, '$.ContainerDefinitions') as container_definitions, - JSON_EXTRACT(detail.Properties, '$.Cpu') as cpu, - JSON_EXTRACT(detail.Properties, '$.ExecutionRoleArn') as execution_role_arn, - JSON_EXTRACT(detail.Properties, '$.EphemeralStorage') as ephemeral_storage, + JSON_EXTRACT(detail.Properties, '$.TaskRoleArn') as task_role_arn, + JSON_EXTRACT(detail.Properties, '$.IpcMode') as ipc_mode, JSON_EXTRACT(detail.Properties, '$.InferenceAccelerators') as inference_accelerators, JSON_EXTRACT(detail.Properties, '$.Memory') as memory, - JSON_EXTRACT(detail.Properties, '$.NetworkMode') as network_mode, JSON_EXTRACT(detail.Properties, '$.PlacementConstraints') as placement_constraints, - JSON_EXTRACT(detail.Properties, '$.ProxyConfiguration') as proxy_configuration, + JSON_EXTRACT(detail.Properties, '$.Cpu') as cpu, JSON_EXTRACT(detail.Properties, '$.RequiresCompatibilities') as requires_compatibilities, - JSON_EXTRACT(detail.Properties, '$.TaskRoleArn') as task_role_arn, - JSON_EXTRACT(detail.Properties, '$.Volumes') as volumes, + JSON_EXTRACT(detail.Properties, '$.NetworkMode') as network_mode, JSON_EXTRACT(detail.Properties, '$.PidMode') as pid_mode, + JSON_EXTRACT(detail.Properties, '$.EnableFaultInjection') as enable_fault_injection, + JSON_EXTRACT(detail.Properties, '$.ExecutionRoleArn') as execution_role_arn, JSON_EXTRACT(detail.Properties, '$.RuntimePlatform') as runtime_platform, - JSON_EXTRACT(detail.Properties, '$.IpcMode') as ipc_mode + JSON_EXTRACT(detail.Properties, '$.ProxyConfiguration') as proxy_configuration, + JSON_EXTRACT(detail.Properties, '$.Volumes') as volumes, + JSON_EXTRACT(detail.Properties, '$.ContainerDefinitions') as container_definitions, + JSON_EXTRACT(detail.Properties, '$.Family') as family, + JSON_EXTRACT(detail.Properties, '$.EphemeralStorage') as ephemeral_storage, + JSON_EXTRACT(detail.Properties, '$.TaskDefinitionArn') as task_definition_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3808,23 +3935,24 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'TaskDefinitionArn') as task_definition_arn, - json_extract_path_text(detail.Properties, 'Family') as family, - json_extract_path_text(detail.Properties, 'ContainerDefinitions') as container_definitions, - json_extract_path_text(detail.Properties, 'Cpu') as cpu, - json_extract_path_text(detail.Properties, 'ExecutionRoleArn') as execution_role_arn, - json_extract_path_text(detail.Properties, 'EphemeralStorage') as ephemeral_storage, + json_extract_path_text(detail.Properties, 'TaskRoleArn') as task_role_arn, + json_extract_path_text(detail.Properties, 'IpcMode') as ipc_mode, json_extract_path_text(detail.Properties, 'InferenceAccelerators') as inference_accelerators, json_extract_path_text(detail.Properties, 'Memory') as memory, - json_extract_path_text(detail.Properties, 'NetworkMode') as network_mode, json_extract_path_text(detail.Properties, 'PlacementConstraints') as placement_constraints, - json_extract_path_text(detail.Properties, 'ProxyConfiguration') as proxy_configuration, + json_extract_path_text(detail.Properties, 'Cpu') as cpu, json_extract_path_text(detail.Properties, 'RequiresCompatibilities') as requires_compatibilities, - json_extract_path_text(detail.Properties, 'TaskRoleArn') as task_role_arn, - json_extract_path_text(detail.Properties, 'Volumes') as volumes, + json_extract_path_text(detail.Properties, 'NetworkMode') as network_mode, json_extract_path_text(detail.Properties, 'PidMode') as pid_mode, + json_extract_path_text(detail.Properties, 'EnableFaultInjection') as enable_fault_injection, + json_extract_path_text(detail.Properties, 'ExecutionRoleArn') as execution_role_arn, json_extract_path_text(detail.Properties, 'RuntimePlatform') as runtime_platform, - json_extract_path_text(detail.Properties, 'IpcMode') as ipc_mode + json_extract_path_text(detail.Properties, 'ProxyConfiguration') as proxy_configuration, + json_extract_path_text(detail.Properties, 'Volumes') as volumes, + json_extract_path_text(detail.Properties, 'ContainerDefinitions') as container_definitions, + json_extract_path_text(detail.Properties, 'Family') as family, + json_extract_path_text(detail.Properties, 'EphemeralStorage') as ephemeral_storage, + json_extract_path_text(detail.Properties, 'TaskDefinitionArn') as task_definition_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3898,18 +4026,19 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Cluster') as cluster, + JSON_EXTRACT(Properties, '$.PlatformVersion') as platform_version, JSON_EXTRACT(Properties, '$.ExternalId') as external_id, - JSON_EXTRACT(Properties, '$.Id') as id, - JSON_EXTRACT(Properties, '$.LaunchType') as launch_type, + JSON_EXTRACT(Properties, '$.Cluster') as cluster, JSON_EXTRACT(Properties, '$.LoadBalancers') as load_balancers, - JSON_EXTRACT(Properties, '$.NetworkConfiguration') as network_configuration, - JSON_EXTRACT(Properties, '$.PlatformVersion') as platform_version, - JSON_EXTRACT(Properties, '$.Scale') as scale, JSON_EXTRACT(Properties, '$.Service') as service, + JSON_EXTRACT(Properties, '$.Scale') as scale, JSON_EXTRACT(Properties, '$.ServiceRegistries') as service_registries, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.TaskDefinition') as task_definition + JSON_EXTRACT(Properties, '$.CapacityProviderStrategy') as capacity_provider_strategy, + JSON_EXTRACT(Properties, '$.LaunchType') as launch_type, + JSON_EXTRACT(Properties, '$.TaskDefinition') as task_definition, + JSON_EXTRACT(Properties, '$.NetworkConfiguration') as network_configuration, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::TaskSet' AND data__Identifier = '||' AND region = 'us-east-1' @@ -3919,18 +4048,19 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Cluster') as cluster, + json_extract_path_text(Properties, 'PlatformVersion') as platform_version, json_extract_path_text(Properties, 'ExternalId') as external_id, - json_extract_path_text(Properties, 'Id') as id, - json_extract_path_text(Properties, 'LaunchType') as launch_type, + json_extract_path_text(Properties, 'Cluster') as cluster, json_extract_path_text(Properties, 'LoadBalancers') as load_balancers, - json_extract_path_text(Properties, 'NetworkConfiguration') as network_configuration, - json_extract_path_text(Properties, 'PlatformVersion') as platform_version, - json_extract_path_text(Properties, 'Scale') as scale, json_extract_path_text(Properties, 'Service') as service, + json_extract_path_text(Properties, 'Scale') as scale, json_extract_path_text(Properties, 'ServiceRegistries') as service_registries, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'TaskDefinition') as task_definition + json_extract_path_text(Properties, 'CapacityProviderStrategy') as capacity_provider_strategy, + json_extract_path_text(Properties, 'LaunchType') as launch_type, + json_extract_path_text(Properties, 'TaskDefinition') as task_definition, + json_extract_path_text(Properties, 'NetworkConfiguration') as network_configuration, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ECS::TaskSet' AND data__Identifier = '||' AND region = 'us-east-1' diff --git a/providers/src/aws/v00.00.00000/services/efs.yaml b/providers/src/aws/v00.00.00000/services/efs.yaml index 2a4e4e62..86be9bd5 100644 --- a/providers/src/aws/v00.00.00000/services/efs.yaml +++ b/providers/src/aws/v00.00.00000/services/efs.yaml @@ -519,8 +519,12 @@ components: taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: false + cloudFormationSystemTags: true tagProperty: /properties/AccessPointTags + permissions: + - elasticfilesystem:TagResource + - elasticfilesystem:ListTagsForResource + - elasticfilesystem:UntagResource x-required-permissions: create: - elasticfilesystem:CreateAccessPoint @@ -569,8 +573,8 @@ components: description: The number of days after files were last accessed in primary storage (the Standard storage class) at which to move them to Archive storage. Metadata operations such as listing the contents of a directory don't count as file access events. description: |- Describes a policy used by Lifecycle management that specifies when to transition files into and out of the EFS storage classes. For more information, see [Managing file system storage](https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html). - + Each ``LifecyclePolicy`` object can have only a single transition. This means that in a request body, ``LifecyclePolicies`` must be structured as an array of ``LifecyclePolicy`` objects, one object for each transition, ``TransitionToIA``, ``TransitionToArchive``, ``TransitionToPrimaryStorageClass``. - + See the AWS::EFS::FileSystem examples for the correct ``LifecyclePolicy`` structure. Do not use the syntax shown on this page. + + Each ``LifecyclePolicy`` object can have only a single transition. This means that in a request body, ``LifecyclePolicies`` must be structured as an array of ``LifecyclePolicy`` objects, one object for each transition, ``TransitionToIA``, ``TransitionToArchive``, ``TransitionToPrimaryStorageClass``. + + See the AWS::EFS::FileSystem examples for the correct ``LifecyclePolicy`` structure. Do not use the syntax shown on this page. BackupPolicy: type: object additionalProperties: false @@ -600,7 +604,7 @@ components: The status of the file system's replication overwrite protection. + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. description: Describes the protection on the file system. @@ -608,7 +612,14 @@ components: type: object additionalProperties: false properties: + Status: + type: string + description: Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. + StatusMessage: + type: string + description: Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. FileSystemId: + pattern: ^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$ type: string description: The ID of the destination Amazon EFS file system. Region: @@ -616,10 +627,13 @@ components: description: |- The AWS-Region in which the destination file system is located. For One Zone file systems, the replication configuration must specify the AWS-Region in which the destination file system is located. + RoleArn: + type: string + description: The Amazon Resource Name (ARN) of the current source file system in the replication configuration. AvailabilityZoneName: type: string description: |- - The AWS For One Zone file systems, the replication configuration must specify the Availability Zone in which the destination file system is located. + For One Zone file systems, the replication configuration must specify the Availability Zone in which the destination file system is located. Use the format ``us-east-1a`` to specify the Availability Zone. For more information about One Zone file systems, see [EFS file system types](https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) in the *Amazon EFS User Guide*. One Zone file system type is not available in all Availability Zones in AWS-Regions where Amazon EFS is available. KmsKeyId: @@ -675,17 +689,17 @@ components: description: |- An array of ``LifecyclePolicy`` objects that define the file system's ``LifecycleConfiguration`` object. A ``LifecycleConfiguration`` object informs Lifecycle management of the following: + When to move files in the file system from primary storage to IA storage. - + When to move files in the file system from primary storage or IA storage to Archive storage. - + When to move files that are in IA or Archive storage to primary storage. + + When to move files in the file system from primary storage or IA storage to Archive storage. + + When to move files that are in IA or Archive storage to primary storage. - EFS requires that each ``LifecyclePolicy`` object have only a single transition. This means that in a request body, ``LifecyclePolicies`` needs to be structured as an array of ``LifecyclePolicy`` objects, one object for each transition, ``TransitionToIA``, ``TransitionToArchive`` ``TransitionToPrimaryStorageClass``. See the example requests in the following section for more information. + EFS requires that each ``LifecyclePolicy`` object have only a single transition. This means that in a request body, ``LifecyclePolicies`` needs to be structured as an array of ``LifecyclePolicy`` objects, one object for each transition, ``TransitionToIA``, ``TransitionToArchive`` ``TransitionToPrimaryStorageClass``. See the example requests in the following section for more information. FileSystemProtection: $ref: '#/components/schemas/FileSystemProtection' description: Describes the protection on the file system. PerformanceMode: type: string description: |- - The Performance mode of the file system. We recommend ``generalPurpose`` performance mode for all file systems. File systems using the ``maxIO`` performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The ``maxIO`` mode is not supported on One Zone file systems. + The performance mode of the file system. We recommend ``generalPurpose`` performance mode for all file systems. File systems using the ``maxIO`` performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The ``maxIO`` mode is not supported on One Zone file systems. Due to the higher per-operation latencies with Max I/O, we recommend using General Purpose performance mode for all file systems. Default is ``generalPurpose``. ProvisionedThroughputInMibps: @@ -733,12 +747,19 @@ components: x-read-only-properties: - Arn - FileSystemId + - ReplicationConfiguration/Destinations/*/Status + - ReplicationConfiguration/Destinations/*/StatusMessage x-tagging: taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: false + cloudFormationSystemTags: true tagProperty: /properties/FileSystemTags + permissions: + - elasticfilesystem:TagResource + - elasticfilesystem:ListTagsForResource + - elasticfilesystem:UntagResource + - elasticfilesystem:DeleteTags x-required-permissions: create: - elasticfilesystem:CreateFileSystem @@ -753,6 +774,8 @@ components: - kms:DescribeKey - kms:GenerateDataKeyWithoutPlaintext - kms:CreateGrant + - iam:PassRole + - iam:CreateServiceLinkedRole read: - elasticfilesystem:DescribeBackupPolicy - elasticfilesystem:DescribeFileSystemPolicy @@ -780,6 +803,8 @@ components: - kms:DescribeKey - kms:GenerateDataKeyWithoutPlaintext - kms:CreateGrant + - iam:PassRole + - iam:CreateServiceLinkedRole delete: - elasticfilesystem:DescribeFileSystems - elasticfilesystem:DeleteFileSystem @@ -941,17 +966,17 @@ components: description: |- An array of ``LifecyclePolicy`` objects that define the file system's ``LifecycleConfiguration`` object. A ``LifecycleConfiguration`` object informs Lifecycle management of the following: + When to move files in the file system from primary storage to IA storage. - + When to move files in the file system from primary storage or IA storage to Archive storage. - + When to move files that are in IA or Archive storage to primary storage. + + When to move files in the file system from primary storage or IA storage to Archive storage. + + When to move files that are in IA or Archive storage to primary storage. - EFS requires that each ``LifecyclePolicy`` object have only a single transition. This means that in a request body, ``LifecyclePolicies`` needs to be structured as an array of ``LifecyclePolicy`` objects, one object for each transition, ``TransitionToIA``, ``TransitionToArchive`` ``TransitionToPrimaryStorageClass``. See the example requests in the following section for more information. + EFS requires that each ``LifecyclePolicy`` object have only a single transition. This means that in a request body, ``LifecyclePolicies`` needs to be structured as an array of ``LifecyclePolicy`` objects, one object for each transition, ``TransitionToIA``, ``TransitionToArchive`` ``TransitionToPrimaryStorageClass``. See the example requests in the following section for more information. FileSystemProtection: $ref: '#/components/schemas/FileSystemProtection' description: Describes the protection on the file system. PerformanceMode: type: string description: |- - The Performance mode of the file system. We recommend ``generalPurpose`` performance mode for all file systems. File systems using the ``maxIO`` performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The ``maxIO`` mode is not supported on One Zone file systems. + The performance mode of the file system. We recommend ``generalPurpose`` performance mode for all file systems. File systems using the ``maxIO`` performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The ``maxIO`` mode is not supported on One Zone file systems. Due to the higher per-operation latencies with Max I/O, we recommend using General Purpose performance mode for all file systems. Default is ``generalPurpose``. ProvisionedThroughputInMibps: diff --git a/providers/src/aws/v00.00.00000/services/eks.yaml b/providers/src/aws/v00.00.00000/services/eks.yaml index 06456578..e1a36e58 100644 --- a/providers/src/aws/v00.00.00000/services/eks.yaml +++ b/providers/src/aws/v00.00.00000/services/eks.yaml @@ -503,6 +503,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - eks:TagResource + - eks:UntagResource x-required-permissions: create: - eks:CreateAccessEntry @@ -585,6 +588,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - eks:TagResource + - eks:UntagResource x-required-permissions: create: - eks:CreatePodIdentityAssociation @@ -684,6 +690,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - eks:TagResource + - eks:UntagResource x-required-permissions: create: - eks:CreateAddon @@ -711,81 +720,65 @@ components: - eks:UntagResource - eks:CreatePodIdentityAssociation - eks:DeletePodIdentityAssociation - Logging: - description: Enable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs based on log types. By default, cluster control plane logs aren't exported to CloudWatch Logs. - additionalProperties: false + Provider: type: object - properties: - ClusterLogging: - description: 'The cluster control plane logging configuration for your cluster. ' - $ref: '#/components/schemas/ClusterLogging' - EnabledTypes: - description: Enable control plane logs for your cluster, all log types will be disabled if the array is empty - x-insertionOrder: false - type: array - items: - $ref: '#/components/schemas/LoggingTypeConfig' - ControlPlanePlacement: - description: Specify the placement group of the control plane machines for your cluster. additionalProperties: false - type: object properties: - GroupName: - description: Specify the placement group name of the control place machines for your cluster. + KeyArn: + description: Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same region as the cluster, and if the KMS key was created in a different account, the user must have access to the KMS key. type: string - OutpostConfig: - description: An object representing the Outpost configuration to use for AWS EKS outpost cluster. - additionalProperties: false + EncryptionConfig: + description: The encryption configuration for the cluster type: object properties: - OutpostArns: - description: Specify one or more Arn(s) of Outpost(s) on which you would like to create your cluster. - x-insertionOrder: false + Provider: + description: The encryption provider for the cluster. + $ref: '#/components/schemas/Provider' + Resources: + description: Specifies the resources to be encrypted. The only supported value is "secrets". type: array + x-insertionOrder: false items: - minItems: 1 type: string - ControlPlanePlacement: - description: Specify the placement group of the control plane machines for your cluster. - $ref: '#/components/schemas/ControlPlanePlacement' - ControlPlaneInstanceType: - description: Specify the Instance type of the machines that should be used to create your cluster. - type: string - required: - - OutpostArns - - ControlPlaneInstanceType - AccessConfig: - description: An object representing the Access Config to use for the cluster. additionalProperties: false + ResourcesVpcConfig: + description: An object representing the VPC configuration to use for an Amazon EKS cluster. type: object - properties: - AuthenticationMode: - description: Specify the authentication mode that should be used to create your cluster. - type: string - enum: - - CONFIG_MAP - - API_AND_CONFIG_MAP - - API - BootstrapClusterCreatorAdminPermissions: - description: Set this value to false to avoid creating a default cluster admin Access Entry using the IAM principal used to create the cluster. - type: boolean - EncryptionConfig: - description: The encryption configuration for the cluster additionalProperties: false - type: object properties: - Resources: - description: Specifies the resources to be encrypted. The only supported value is "secrets". + EndpointPrivateAccess: + description: >- + Set this value to true to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for + communication with the nodes or Fargate pods. + type: boolean + EndpointPublicAccess: + description: Set this value to false to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true, which enables public access for your Kubernetes API server. + type: boolean + PublicAccessCidrs: + description: The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes or AWS Fargate pods in the cluster, then ensure that you specify the necessary CIDR blocks. + type: array x-insertionOrder: false + items: + type: string + minItems: 1 + SecurityGroupIds: + description: Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. If you don't specify a security group, the default security group for your VPC is used. type: array + x-insertionOrder: false items: type: string - Provider: - description: The encryption provider for the cluster. - $ref: '#/components/schemas/Provider' + minItems: 1 + SubnetIds: + description: Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane. + type: array + x-insertionOrder: false + items: + type: string + minItems: 1 + required: + - SubnetIds LoggingTypeConfig: description: Enabled Logging Type - additionalProperties: false type: object properties: Type: @@ -797,49 +790,122 @@ components: - authenticator - controllerManager - scheduler - ResourcesVpcConfig: - description: An object representing the VPC configuration to use for an Amazon EKS cluster. additionalProperties: false + EnabledTypes: + description: Enable control plane logs for your cluster, all log types will be disabled if the array is empty + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/LoggingTypeConfig' + ClusterLogging: + description: 'The cluster control plane logging configuration for your cluster. ' type: object + additionalProperties: false properties: - EndpointPublicAccess: - description: Set this value to false to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true, which enables public access for your Kubernetes API server. - type: boolean - PublicAccessCidrs: - description: The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes or AWS Fargate pods in the cluster, then ensure that you specify the necessary CIDR blocks. - x-insertionOrder: false + EnabledTypes: + $ref: '#/components/schemas/EnabledTypes' + Logging: + description: Enable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs based on log types. By default, cluster control plane logs aren't exported to CloudWatch Logs. + type: object + additionalProperties: false + properties: + ClusterLogging: + description: 'The cluster control plane logging configuration for your cluster. ' + $ref: '#/components/schemas/ClusterLogging' + RemoteNodeNetwork: + description: Network configuration of nodes run on-premises with EKS Hybrid Nodes. + type: object + properties: + Cidrs: + description: Specifies the list of remote node CIDRs. type: array + x-insertionOrder: false items: - minItems: 1 type: string - EndpointPrivateAccess: - description: >- - Set this value to true to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for - communication with the nodes or Fargate pods. - type: boolean - SecurityGroupIds: - description: Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. If you don't specify a security group, the default security group for your VPC is used. - x-insertionOrder: false + minItems: 1 + additionalProperties: false + required: + - Cidrs + RemoteNodeNetworks: + description: Network configuration of nodes run on-premises with EKS Hybrid Nodes. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/RemoteNodeNetwork' + RemotePodNetwork: + description: Network configuration of pods run on-premises with EKS Hybrid Nodes. + type: object + properties: + Cidrs: + description: Specifies the list of remote pod CIDRs. type: array + x-insertionOrder: false items: - minItems: 1 type: string - SubnetIds: - description: Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane. - x-insertionOrder: false + minItems: 1 + additionalProperties: false + required: + - Cidrs + RemotePodNetworks: + description: Network configuration of pods run on-premises with EKS Hybrid Nodes. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/RemotePodNetwork' + RemoteNetworkConfig: + description: Configuration fields for specifying on-premises node and pod CIDRs that are external to the VPC passed during cluster creation. + additionalProperties: false + type: object + properties: + RemoteNodeNetworks: + description: Network configuration of nodes run on-premises with EKS Hybrid Nodes. + $ref: '#/components/schemas/RemoteNodeNetworks' + RemotePodNetworks: + description: Network configuration of pods run on-premises with EKS Hybrid Nodes. + $ref: '#/components/schemas/RemotePodNetworks' + required: + - RemoteNodeNetworks + ComputeConfig: + description: 'Todo: add description' + additionalProperties: false + type: object + properties: + Enabled: + description: 'Todo: add description' + type: boolean + NodeRoleArn: + description: 'Todo: add description' + type: string + NodePools: + description: 'Todo: add description' type: array + x-insertionOrder: false items: - minItems: 1 type: string - required: - - SubnetIds - ClusterLogging: - description: 'The cluster control plane logging configuration for your cluster. ' + BlockStorage: + description: 'Todo: add description' additionalProperties: false type: object properties: - EnabledTypes: - $ref: '#/components/schemas/EnabledTypes' + Enabled: + description: 'Todo: add description' + type: boolean + StorageConfig: + description: 'Todo: add description' + additionalProperties: false + type: object + properties: + BlockStorage: + description: 'Todo: add description' + $ref: '#/components/schemas/BlockStorage' + ElasticLoadBalancing: + description: 'Todo: add description' + additionalProperties: false + type: object + properties: + Enabled: + description: 'Todo: add description' + type: boolean KubernetesNetworkConfig: description: The Kubernetes network configuration for the cluster. additionalProperties: false @@ -857,73 +923,145 @@ components: enum: - ipv4 - ipv6 - Provider: + ElasticLoadBalancing: + description: 'Todo: add description' + $ref: '#/components/schemas/ElasticLoadBalancing' + ControlPlanePlacement: + description: Specify the placement group of the control plane machines for your cluster. + type: object + additionalProperties: false + properties: + GroupName: + description: Specify the placement group name of the control place machines for your cluster. + type: string + OutpostConfig: + description: An object representing the Outpost configuration to use for AWS EKS outpost cluster. additionalProperties: false type: object properties: - KeyArn: - description: Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same region as the cluster, and if the KMS key was created in a different account, the user must have access to the KMS key. + OutpostArns: + description: Specify one or more Arn(s) of Outpost(s) on which you would like to create your cluster. + type: array + x-insertionOrder: false + items: + type: string + minItems: 1 + ControlPlaneInstanceType: + description: Specify the Instance type of the machines that should be used to create your cluster. type: string - Cluster: + ControlPlanePlacement: + description: Specify the placement group of the control plane machines for your cluster. + $ref: '#/components/schemas/ControlPlanePlacement' + required: + - OutpostArns + - ControlPlaneInstanceType + AccessConfig: + description: An object representing the Access Config to use for the cluster. + additionalProperties: false type: object properties: - Logging: - $ref: '#/components/schemas/Logging' - EncryptionConfigKeyArn: - description: Amazon Resource Name (ARN) or alias of the customer master key (CMK). + BootstrapClusterCreatorAdminPermissions: + description: Set this value to false to avoid creating a default cluster admin Access Entry using the IAM principal used to create the cluster. + type: boolean + AuthenticationMode: + description: Specify the authentication mode that should be used to create your cluster. type: string - AccessConfig: - $ref: '#/components/schemas/AccessConfig' - CertificateAuthorityData: - description: The certificate-authority-data for your cluster. + enum: + - CONFIG_MAP + - API_AND_CONFIG_MAP + - API + UpgradePolicy: + description: An object representing the Upgrade Policy to use for the cluster. + additionalProperties: false + type: object + properties: + SupportType: + description: Specify the support type for your cluster. type: string + enum: + - STANDARD + - EXTENDED + ZonalShiftConfig: + description: The current zonal shift configuration to use for the cluster. + additionalProperties: false + type: object + properties: + Enabled: + description: Set this value to true to enable zonal shift for the cluster. + type: boolean + Cluster: + type: object + properties: EncryptionConfig: - x-insertionOrder: false type: array + x-insertionOrder: false items: - maxItems: 1 $ref: '#/components/schemas/EncryptionConfig' + maxItems: 1 KubernetesNetworkConfig: $ref: '#/components/schemas/KubernetesNetworkConfig' - RoleArn: - description: The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. - type: string + Logging: + $ref: '#/components/schemas/Logging' Name: - minLength: 1 - pattern: ^[0-9A-Za-z][A-Za-z0-9\-_]* description: The unique name to give to your cluster. type: string + pattern: ^[0-9A-Za-z][A-Za-z0-9\-_]* + minLength: 1 maxLength: 100 - Endpoint: - description: The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com. - type: string - Version: - pattern: 1\.\d\d - description: The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used. - type: string - ClusterSecurityGroupId: - description: The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication. - type: string Id: description: The unique ID given to your cluster. type: string + ResourcesVpcConfig: + $ref: '#/components/schemas/ResourcesVpcConfig' OutpostConfig: $ref: '#/components/schemas/OutpostConfig' - Arn: - description: The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod. + AccessConfig: + $ref: '#/components/schemas/AccessConfig' + UpgradePolicy: + $ref: '#/components/schemas/UpgradePolicy' + RemoteNetworkConfig: + $ref: '#/components/schemas/RemoteNetworkConfig' + ComputeConfig: + $ref: '#/components/schemas/ComputeConfig' + StorageConfig: + $ref: '#/components/schemas/StorageConfig' + RoleArn: + description: The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. type: string - ResourcesVpcConfig: - $ref: '#/components/schemas/ResourcesVpcConfig' + Version: + description: The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used. + type: string + pattern: 1\.\d\d Tags: - uniqueItems: true description: An array of key-value pairs to apply to this resource. - x-insertionOrder: false type: array + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' + Arn: + description: The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod. + type: string + Endpoint: + description: The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com. + type: string + CertificateAuthorityData: + description: The certificate-authority-data for your cluster. + type: string + ClusterSecurityGroupId: + description: The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication. + type: string + EncryptionConfigKeyArn: + description: Amazon Resource Name (ARN) or alias of the customer master key (CMK). + type: string OpenIdConnectIssuerUrl: description: The issuer URL for the cluster's OIDC identity provider, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E. If you need to remove https:// from this output value, you can include the following code in your template. type: string + BootstrapSelfManagedAddons: + description: Set this value to false to avoid creating the default networking add-ons when the cluster is created. + type: boolean + ZonalShiftConfig: + $ref: '#/components/schemas/ZonalShiftConfig' required: - RoleArn - ResourcesVpcConfig @@ -935,12 +1073,16 @@ components: x-create-only-properties: - OutpostConfig - EncryptionConfig - - KubernetesNetworkConfig + - KubernetesNetworkConfig/IpFamily + - KubernetesNetworkConfig/ServiceIpv4Cidr - AccessConfig/BootstrapClusterCreatorAdminPermissions - Name - RoleArn + - BootstrapSelfManagedAddons + - RemoteNetworkConfig x-write-only-properties: - AccessConfig/BootstrapClusterCreatorAdminPermissions + - BootstrapSelfManagedAddons x-read-only-properties: - Id - Arn @@ -957,15 +1099,17 @@ components: taggable: true tagOnCreate: true tagUpdatable: true - tagProperty: /properties/Tags cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - eks:TagResource + - eks:UntagResource x-required-permissions: - read: - - eks:DescribeCluster create: - eks:CreateCluster - eks:DescribeCluster - eks:TagResource + - eks:CreateAccessEntry - iam:PassRole - iam:GetRole - iam:ListAttachedRolePolicies @@ -980,6 +1124,8 @@ components: - ec2:DescribeVpcs - kms:DescribeKey - kms:CreateGrant + read: + - eks:DescribeCluster update: - iam:PassRole - eks:UpdateClusterConfig @@ -988,11 +1134,11 @@ components: - eks:DescribeUpdate - eks:TagResource - eks:UntagResource - list: - - eks:ListClusters delete: - eks:DeleteCluster - eks:DescribeCluster + list: + - eks:ListClusters Selector: type: object additionalProperties: false @@ -1084,6 +1230,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - eks:TagResource + - eks:UntagResource x-required-permissions: create: - eks:CreateFargateProfile @@ -1295,6 +1444,14 @@ components: type: number minimum: 1 maximum: 100 + NodeRepairConfig: + description: The node auto repair configuration for node group. + type: object + additionalProperties: false + properties: + Enabled: + description: Set this value to true to enable node auto repair for the node group. + type: boolean Nodegroup: type: object properties: @@ -1371,6 +1528,9 @@ components: UpdateConfig: description: The node group update configuration. $ref: '#/components/schemas/UpdateConfig' + NodeRepairConfig: + description: The node auto repair configuration for node group. + $ref: '#/components/schemas/NodeRepairConfig' Version: description: The Kubernetes version to use for your managed nodes. type: string @@ -1412,6 +1572,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - eks:TagResource + - eks:UntagResource x-required-permissions: create: - eks:CreateNodegroup @@ -1626,63 +1789,76 @@ components: DesiredState: type: object properties: - Logging: - $ref: '#/components/schemas/Logging' - EncryptionConfigKeyArn: - description: Amazon Resource Name (ARN) or alias of the customer master key (CMK). - type: string - AccessConfig: - $ref: '#/components/schemas/AccessConfig' - CertificateAuthorityData: - description: The certificate-authority-data for your cluster. - type: string EncryptionConfig: - x-insertionOrder: false type: array + x-insertionOrder: false items: - maxItems: 1 $ref: '#/components/schemas/EncryptionConfig' + maxItems: 1 KubernetesNetworkConfig: $ref: '#/components/schemas/KubernetesNetworkConfig' - RoleArn: - description: The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. - type: string + Logging: + $ref: '#/components/schemas/Logging' Name: - minLength: 1 - pattern: ^[0-9A-Za-z][A-Za-z0-9\-_]* description: The unique name to give to your cluster. type: string + pattern: ^[0-9A-Za-z][A-Za-z0-9\-_]* + minLength: 1 maxLength: 100 - Endpoint: - description: The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com. - type: string - Version: - pattern: 1\.\d\d - description: The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used. - type: string - ClusterSecurityGroupId: - description: The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication. - type: string Id: description: The unique ID given to your cluster. type: string + ResourcesVpcConfig: + $ref: '#/components/schemas/ResourcesVpcConfig' OutpostConfig: $ref: '#/components/schemas/OutpostConfig' - Arn: - description: The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod. + AccessConfig: + $ref: '#/components/schemas/AccessConfig' + UpgradePolicy: + $ref: '#/components/schemas/UpgradePolicy' + RemoteNetworkConfig: + $ref: '#/components/schemas/RemoteNetworkConfig' + ComputeConfig: + $ref: '#/components/schemas/ComputeConfig' + StorageConfig: + $ref: '#/components/schemas/StorageConfig' + RoleArn: + description: The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. type: string - ResourcesVpcConfig: - $ref: '#/components/schemas/ResourcesVpcConfig' + Version: + description: The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used. + type: string + pattern: 1\.\d\d Tags: - uniqueItems: true description: An array of key-value pairs to apply to this resource. - x-insertionOrder: false type: array + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' + Arn: + description: The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod. + type: string + Endpoint: + description: The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com. + type: string + CertificateAuthorityData: + description: The certificate-authority-data for your cluster. + type: string + ClusterSecurityGroupId: + description: The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication. + type: string + EncryptionConfigKeyArn: + description: Amazon Resource Name (ARN) or alias of the customer master key (CMK). + type: string OpenIdConnectIssuerUrl: description: The issuer URL for the cluster's OIDC identity provider, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E. If you need to remove https:// from this output value, you can include the following code in your template. type: string + BootstrapSelfManagedAddons: + description: Set this value to false to avoid creating the default networking add-ons when the cluster is created. + type: boolean + ZonalShiftConfig: + $ref: '#/components/schemas/ZonalShiftConfig' x-stackQL-stringOnly: true x-title: CreateClusterRequest type: object @@ -1859,6 +2035,9 @@ components: UpdateConfig: description: The node group update configuration. $ref: '#/components/schemas/UpdateConfig' + NodeRepairConfig: + description: The node auto repair configuration for node group. + $ref: '#/components/schemas/NodeRepairConfig' Version: description: The Kubernetes version to use for your managed nodes. type: string @@ -2612,23 +2791,29 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Logging') as logging, - JSON_EXTRACT(Properties, '$.EncryptionConfigKeyArn') as encryption_config_key_arn, - JSON_EXTRACT(Properties, '$.AccessConfig') as access_config, - JSON_EXTRACT(Properties, '$.CertificateAuthorityData') as certificate_authority_data, JSON_EXTRACT(Properties, '$.EncryptionConfig') as encryption_config, JSON_EXTRACT(Properties, '$.KubernetesNetworkConfig') as kubernetes_network_config, - JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Logging') as logging, JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, - JSON_EXTRACT(Properties, '$.Version') as version, - JSON_EXTRACT(Properties, '$.ClusterSecurityGroupId') as cluster_security_group_id, JSON_EXTRACT(Properties, '$.Id') as id, - JSON_EXTRACT(Properties, '$.OutpostConfig') as outpost_config, - JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.ResourcesVpcConfig') as resources_vpc_config, + JSON_EXTRACT(Properties, '$.OutpostConfig') as outpost_config, + JSON_EXTRACT(Properties, '$.AccessConfig') as access_config, + JSON_EXTRACT(Properties, '$.UpgradePolicy') as upgrade_policy, + JSON_EXTRACT(Properties, '$.RemoteNetworkConfig') as remote_network_config, + JSON_EXTRACT(Properties, '$.ComputeConfig') as compute_config, + JSON_EXTRACT(Properties, '$.StorageConfig') as storage_config, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Version') as version, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.OpenIdConnectIssuerUrl') as open_id_connect_issuer_url + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.CertificateAuthorityData') as certificate_authority_data, + JSON_EXTRACT(Properties, '$.ClusterSecurityGroupId') as cluster_security_group_id, + JSON_EXTRACT(Properties, '$.EncryptionConfigKeyArn') as encryption_config_key_arn, + JSON_EXTRACT(Properties, '$.OpenIdConnectIssuerUrl') as open_id_connect_issuer_url, + JSON_EXTRACT(Properties, '$.BootstrapSelfManagedAddons') as bootstrap_self_managed_addons, + JSON_EXTRACT(Properties, '$.ZonalShiftConfig') as zonal_shift_config FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::Cluster' AND data__Identifier = '' AND region = 'us-east-1' @@ -2637,23 +2822,29 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Logging') as logging, - JSON_EXTRACT(detail.Properties, '$.EncryptionConfigKeyArn') as encryption_config_key_arn, - JSON_EXTRACT(detail.Properties, '$.AccessConfig') as access_config, - JSON_EXTRACT(detail.Properties, '$.CertificateAuthorityData') as certificate_authority_data, JSON_EXTRACT(detail.Properties, '$.EncryptionConfig') as encryption_config, JSON_EXTRACT(detail.Properties, '$.KubernetesNetworkConfig') as kubernetes_network_config, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Logging') as logging, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, - JSON_EXTRACT(detail.Properties, '$.Version') as version, - JSON_EXTRACT(detail.Properties, '$.ClusterSecurityGroupId') as cluster_security_group_id, JSON_EXTRACT(detail.Properties, '$.Id') as id, - JSON_EXTRACT(detail.Properties, '$.OutpostConfig') as outpost_config, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.ResourcesVpcConfig') as resources_vpc_config, + JSON_EXTRACT(detail.Properties, '$.OutpostConfig') as outpost_config, + JSON_EXTRACT(detail.Properties, '$.AccessConfig') as access_config, + JSON_EXTRACT(detail.Properties, '$.UpgradePolicy') as upgrade_policy, + JSON_EXTRACT(detail.Properties, '$.RemoteNetworkConfig') as remote_network_config, + JSON_EXTRACT(detail.Properties, '$.ComputeConfig') as compute_config, + JSON_EXTRACT(detail.Properties, '$.StorageConfig') as storage_config, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Version') as version, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.OpenIdConnectIssuerUrl') as open_id_connect_issuer_url + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(detail.Properties, '$.CertificateAuthorityData') as certificate_authority_data, + JSON_EXTRACT(detail.Properties, '$.ClusterSecurityGroupId') as cluster_security_group_id, + JSON_EXTRACT(detail.Properties, '$.EncryptionConfigKeyArn') as encryption_config_key_arn, + JSON_EXTRACT(detail.Properties, '$.OpenIdConnectIssuerUrl') as open_id_connect_issuer_url, + JSON_EXTRACT(detail.Properties, '$.BootstrapSelfManagedAddons') as bootstrap_self_managed_addons, + JSON_EXTRACT(detail.Properties, '$.ZonalShiftConfig') as zonal_shift_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2667,23 +2858,29 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Logging') as logging, - json_extract_path_text(Properties, 'EncryptionConfigKeyArn') as encryption_config_key_arn, - json_extract_path_text(Properties, 'AccessConfig') as access_config, - json_extract_path_text(Properties, 'CertificateAuthorityData') as certificate_authority_data, json_extract_path_text(Properties, 'EncryptionConfig') as encryption_config, json_extract_path_text(Properties, 'KubernetesNetworkConfig') as kubernetes_network_config, - json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Logging') as logging, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'Endpoint') as endpoint, - json_extract_path_text(Properties, 'Version') as version, - json_extract_path_text(Properties, 'ClusterSecurityGroupId') as cluster_security_group_id, json_extract_path_text(Properties, 'Id') as id, - json_extract_path_text(Properties, 'OutpostConfig') as outpost_config, - json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'ResourcesVpcConfig') as resources_vpc_config, + json_extract_path_text(Properties, 'OutpostConfig') as outpost_config, + json_extract_path_text(Properties, 'AccessConfig') as access_config, + json_extract_path_text(Properties, 'UpgradePolicy') as upgrade_policy, + json_extract_path_text(Properties, 'RemoteNetworkConfig') as remote_network_config, + json_extract_path_text(Properties, 'ComputeConfig') as compute_config, + json_extract_path_text(Properties, 'StorageConfig') as storage_config, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Version') as version, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'OpenIdConnectIssuerUrl') as open_id_connect_issuer_url + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'CertificateAuthorityData') as certificate_authority_data, + json_extract_path_text(Properties, 'ClusterSecurityGroupId') as cluster_security_group_id, + json_extract_path_text(Properties, 'EncryptionConfigKeyArn') as encryption_config_key_arn, + json_extract_path_text(Properties, 'OpenIdConnectIssuerUrl') as open_id_connect_issuer_url, + json_extract_path_text(Properties, 'BootstrapSelfManagedAddons') as bootstrap_self_managed_addons, + json_extract_path_text(Properties, 'ZonalShiftConfig') as zonal_shift_config FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EKS::Cluster' AND data__Identifier = '' AND region = 'us-east-1' @@ -2692,23 +2889,29 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Logging') as logging, - json_extract_path_text(detail.Properties, 'EncryptionConfigKeyArn') as encryption_config_key_arn, - json_extract_path_text(detail.Properties, 'AccessConfig') as access_config, - json_extract_path_text(detail.Properties, 'CertificateAuthorityData') as certificate_authority_data, json_extract_path_text(detail.Properties, 'EncryptionConfig') as encryption_config, json_extract_path_text(detail.Properties, 'KubernetesNetworkConfig') as kubernetes_network_config, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Logging') as logging, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, - json_extract_path_text(detail.Properties, 'Version') as version, - json_extract_path_text(detail.Properties, 'ClusterSecurityGroupId') as cluster_security_group_id, json_extract_path_text(detail.Properties, 'Id') as id, - json_extract_path_text(detail.Properties, 'OutpostConfig') as outpost_config, - json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'ResourcesVpcConfig') as resources_vpc_config, + json_extract_path_text(detail.Properties, 'OutpostConfig') as outpost_config, + json_extract_path_text(detail.Properties, 'AccessConfig') as access_config, + json_extract_path_text(detail.Properties, 'UpgradePolicy') as upgrade_policy, + json_extract_path_text(detail.Properties, 'RemoteNetworkConfig') as remote_network_config, + json_extract_path_text(detail.Properties, 'ComputeConfig') as compute_config, + json_extract_path_text(detail.Properties, 'StorageConfig') as storage_config, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Version') as version, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'OpenIdConnectIssuerUrl') as open_id_connect_issuer_url + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, + json_extract_path_text(detail.Properties, 'CertificateAuthorityData') as certificate_authority_data, + json_extract_path_text(detail.Properties, 'ClusterSecurityGroupId') as cluster_security_group_id, + json_extract_path_text(detail.Properties, 'EncryptionConfigKeyArn') as encryption_config_key_arn, + json_extract_path_text(detail.Properties, 'OpenIdConnectIssuerUrl') as open_id_connect_issuer_url, + json_extract_path_text(detail.Properties, 'BootstrapSelfManagedAddons') as bootstrap_self_managed_addons, + json_extract_path_text(detail.Properties, 'ZonalShiftConfig') as zonal_shift_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2767,22 +2970,28 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Logging') as logging, - JSON_EXTRACT(detail.Properties, '$.EncryptionConfigKeyArn') as encryption_config_key_arn, - JSON_EXTRACT(detail.Properties, '$.AccessConfig') as access_config, - JSON_EXTRACT(detail.Properties, '$.CertificateAuthorityData') as certificate_authority_data, JSON_EXTRACT(detail.Properties, '$.EncryptionConfig') as encryption_config, JSON_EXTRACT(detail.Properties, '$.KubernetesNetworkConfig') as kubernetes_network_config, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Logging') as logging, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, - JSON_EXTRACT(detail.Properties, '$.Version') as version, - JSON_EXTRACT(detail.Properties, '$.ClusterSecurityGroupId') as cluster_security_group_id, JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.ResourcesVpcConfig') as resources_vpc_config, JSON_EXTRACT(detail.Properties, '$.OutpostConfig') as outpost_config, + JSON_EXTRACT(detail.Properties, '$.AccessConfig') as access_config, + JSON_EXTRACT(detail.Properties, '$.UpgradePolicy') as upgrade_policy, + JSON_EXTRACT(detail.Properties, '$.RemoteNetworkConfig') as remote_network_config, + JSON_EXTRACT(detail.Properties, '$.ComputeConfig') as compute_config, + JSON_EXTRACT(detail.Properties, '$.StorageConfig') as storage_config, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Version') as version, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.ResourcesVpcConfig') as resources_vpc_config, - JSON_EXTRACT(detail.Properties, '$.OpenIdConnectIssuerUrl') as open_id_connect_issuer_url + JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(detail.Properties, '$.CertificateAuthorityData') as certificate_authority_data, + JSON_EXTRACT(detail.Properties, '$.ClusterSecurityGroupId') as cluster_security_group_id, + JSON_EXTRACT(detail.Properties, '$.EncryptionConfigKeyArn') as encryption_config_key_arn, + JSON_EXTRACT(detail.Properties, '$.OpenIdConnectIssuerUrl') as open_id_connect_issuer_url, + JSON_EXTRACT(detail.Properties, '$.BootstrapSelfManagedAddons') as bootstrap_self_managed_addons, + JSON_EXTRACT(detail.Properties, '$.ZonalShiftConfig') as zonal_shift_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2798,22 +3007,28 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Logging') as logging, - json_extract_path_text(detail.Properties, 'EncryptionConfigKeyArn') as encryption_config_key_arn, - json_extract_path_text(detail.Properties, 'AccessConfig') as access_config, - json_extract_path_text(detail.Properties, 'CertificateAuthorityData') as certificate_authority_data, json_extract_path_text(detail.Properties, 'EncryptionConfig') as encryption_config, json_extract_path_text(detail.Properties, 'KubernetesNetworkConfig') as kubernetes_network_config, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Logging') as logging, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, - json_extract_path_text(detail.Properties, 'Version') as version, - json_extract_path_text(detail.Properties, 'ClusterSecurityGroupId') as cluster_security_group_id, json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'ResourcesVpcConfig') as resources_vpc_config, json_extract_path_text(detail.Properties, 'OutpostConfig') as outpost_config, + json_extract_path_text(detail.Properties, 'AccessConfig') as access_config, + json_extract_path_text(detail.Properties, 'UpgradePolicy') as upgrade_policy, + json_extract_path_text(detail.Properties, 'RemoteNetworkConfig') as remote_network_config, + json_extract_path_text(detail.Properties, 'ComputeConfig') as compute_config, + json_extract_path_text(detail.Properties, 'StorageConfig') as storage_config, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Version') as version, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'ResourcesVpcConfig') as resources_vpc_config, - json_extract_path_text(detail.Properties, 'OpenIdConnectIssuerUrl') as open_id_connect_issuer_url + json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, + json_extract_path_text(detail.Properties, 'CertificateAuthorityData') as certificate_authority_data, + json_extract_path_text(detail.Properties, 'ClusterSecurityGroupId') as cluster_security_group_id, + json_extract_path_text(detail.Properties, 'EncryptionConfigKeyArn') as encryption_config_key_arn, + json_extract_path_text(detail.Properties, 'OpenIdConnectIssuerUrl') as open_id_connect_issuer_url, + json_extract_path_text(detail.Properties, 'BootstrapSelfManagedAddons') as bootstrap_self_managed_addons, + json_extract_path_text(detail.Properties, 'ZonalShiftConfig') as zonal_shift_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3334,6 +3549,7 @@ components: JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.Taints') as taints, JSON_EXTRACT(Properties, '$.UpdateConfig') as update_config, + JSON_EXTRACT(Properties, '$.NodeRepairConfig') as node_repair_config, JSON_EXTRACT(Properties, '$.Version') as version, JSON_EXTRACT(Properties, '$.Id') as id, JSON_EXTRACT(Properties, '$.Arn') as arn @@ -3362,6 +3578,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.Taints') as taints, JSON_EXTRACT(detail.Properties, '$.UpdateConfig') as update_config, + JSON_EXTRACT(detail.Properties, '$.NodeRepairConfig') as node_repair_config, JSON_EXTRACT(detail.Properties, '$.Version') as version, JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.Arn') as arn @@ -3395,6 +3612,7 @@ components: json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'Taints') as taints, json_extract_path_text(Properties, 'UpdateConfig') as update_config, + json_extract_path_text(Properties, 'NodeRepairConfig') as node_repair_config, json_extract_path_text(Properties, 'Version') as version, json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'Arn') as arn @@ -3423,6 +3641,7 @@ components: json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'Taints') as taints, json_extract_path_text(detail.Properties, 'UpdateConfig') as update_config, + json_extract_path_text(detail.Properties, 'NodeRepairConfig') as node_repair_config, json_extract_path_text(detail.Properties, 'Version') as version, json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'Arn') as arn @@ -3500,6 +3719,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Subnets') as subnets, JSON_EXTRACT(detail.Properties, '$.Taints') as taints, JSON_EXTRACT(detail.Properties, '$.UpdateConfig') as update_config, + JSON_EXTRACT(detail.Properties, '$.NodeRepairConfig') as node_repair_config, JSON_EXTRACT(detail.Properties, '$.Version') as version, JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.Arn') as arn @@ -3534,6 +3754,7 @@ components: json_extract_path_text(detail.Properties, 'Subnets') as subnets, json_extract_path_text(detail.Properties, 'Taints') as taints, json_extract_path_text(detail.Properties, 'UpdateConfig') as update_config, + json_extract_path_text(detail.Properties, 'NodeRepairConfig') as node_repair_config, json_extract_path_text(detail.Properties, 'Version') as version, json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'Arn') as arn diff --git a/providers/src/aws/v00.00.00000/services/elasticache.yaml b/providers/src/aws/v00.00.00000/services/elasticache.yaml index 34e4f1fc..6e39c2a2 100644 --- a/providers/src/aws/v00.00.00000/services/elasticache.yaml +++ b/providers/src/aws/v00.00.00000/services/elasticache.yaml @@ -445,6 +445,9 @@ components: EngineVersion: description: The engine version of the Global Datastore. type: string + Engine: + description: The engine of the Global Datastore. + type: string CacheParameterGroupName: description: Cache parameter group name to use for the new engine version. This parameter cannot be modified independently. type: string @@ -584,6 +587,8 @@ components: - ElastiCache:DescribeCacheParameterGroups - ElastiCache:AddTagsToResource - ElastiCache:ModifyCacheParameterGroup + - iam:CreateServiceLinkedRole + - iam:PutRolePolicy read: - ElastiCache:DescribeCacheParameterGroups - ElastiCache:DescribeCacheParameters @@ -735,8 +740,6 @@ components: - ServerlessCacheName x-create-only-properties: - ServerlessCacheName - - Engine - - MajorEngineVersion - KmsKeyId - SnapshotArnsToRestore - SubnetIds @@ -761,6 +764,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - elasticache:AddTagsToResource + - elasticache:RemoveTagsFromResource x-required-permissions: create: - elasticache:CreateServerlessCache @@ -862,10 +868,11 @@ components: description: The username of the user. type: string Engine: - description: Must be redis. + description: The target cache engine for the user. type: string enum: - redis + - valkey AccessString: description: Access permissions string used for this user account. type: string @@ -924,7 +931,6 @@ components: x-create-only-properties: - UserId - UserName - - Engine x-write-only-properties: - Passwords - NoPasswordRequired @@ -1071,6 +1077,9 @@ components: EngineVersion: description: The engine version of the Global Datastore. type: string + Engine: + description: The engine of the Global Datastore. + type: string CacheParameterGroupName: description: Cache parameter group name to use for the new engine version. This parameter cannot be modified independently. type: string @@ -1293,10 +1302,11 @@ components: description: The username of the user. type: string Engine: - description: Must be redis. + description: The target cache engine for the user. type: string enum: - redis + - valkey AccessString: description: Access permissions string used for this user account. type: string @@ -1470,6 +1480,7 @@ components: JSON_EXTRACT(Properties, '$.AutomaticFailoverEnabled') as automatic_failover_enabled, JSON_EXTRACT(Properties, '$.CacheNodeType') as cache_node_type, JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.Engine') as engine, JSON_EXTRACT(Properties, '$.CacheParameterGroupName') as cache_parameter_group_name, JSON_EXTRACT(Properties, '$.GlobalNodeGroupCount') as global_node_group_count, JSON_EXTRACT(Properties, '$.GlobalReplicationGroupDescription') as global_replication_group_description, @@ -1489,6 +1500,7 @@ components: JSON_EXTRACT(detail.Properties, '$.AutomaticFailoverEnabled') as automatic_failover_enabled, JSON_EXTRACT(detail.Properties, '$.CacheNodeType') as cache_node_type, JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(detail.Properties, '$.Engine') as engine, JSON_EXTRACT(detail.Properties, '$.CacheParameterGroupName') as cache_parameter_group_name, JSON_EXTRACT(detail.Properties, '$.GlobalNodeGroupCount') as global_node_group_count, JSON_EXTRACT(detail.Properties, '$.GlobalReplicationGroupDescription') as global_replication_group_description, @@ -1513,6 +1525,7 @@ components: json_extract_path_text(Properties, 'AutomaticFailoverEnabled') as automatic_failover_enabled, json_extract_path_text(Properties, 'CacheNodeType') as cache_node_type, json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'Engine') as engine, json_extract_path_text(Properties, 'CacheParameterGroupName') as cache_parameter_group_name, json_extract_path_text(Properties, 'GlobalNodeGroupCount') as global_node_group_count, json_extract_path_text(Properties, 'GlobalReplicationGroupDescription') as global_replication_group_description, @@ -1532,6 +1545,7 @@ components: json_extract_path_text(detail.Properties, 'AutomaticFailoverEnabled') as automatic_failover_enabled, json_extract_path_text(detail.Properties, 'CacheNodeType') as cache_node_type, json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, + json_extract_path_text(detail.Properties, 'Engine') as engine, json_extract_path_text(detail.Properties, 'CacheParameterGroupName') as cache_parameter_group_name, json_extract_path_text(detail.Properties, 'GlobalNodeGroupCount') as global_node_group_count, json_extract_path_text(detail.Properties, 'GlobalReplicationGroupDescription') as global_replication_group_description, diff --git a/providers/src/aws/v00.00.00000/services/elasticbeanstalk.yaml b/providers/src/aws/v00.00.00000/services/elasticbeanstalk.yaml index 686ac540..2465f5cc 100644 --- a/providers/src/aws/v00.00.00000/services/elasticbeanstalk.yaml +++ b/providers/src/aws/v00.00.00000/services/elasticbeanstalk.yaml @@ -763,6 +763,10 @@ components: x-required-properties: - ApplicationName x-tagging: + permissions: + - elasticbeanstalk:AddTags + - elasticbeanstalk:RemoveTags + - elasticbeanstalk:ListTagsForResource taggable: true tagOnCreate: true tagUpdatable: true @@ -776,16 +780,25 @@ components: create: - elasticbeanstalk:DescribeEnvironments - elasticbeanstalk:CreateEnvironment + - elasticbeanstalk:AddTags + - elasticbeanstalk:ListTagsForResource - iam:PassRole update: - elasticbeanstalk:DescribeEnvironments - elasticbeanstalk:UpdateEnvironment - - elasticbeanstalk:UpdateTagsForResource - elasticbeanstalk:AssociateEnvironmentOperationsRole - elasticbeanstalk:DisassociateEnvironmentOperationsRole + - elasticbeanstalk:AddTags + - elasticbeanstalk:ListTagsForResource + - elasticbeanstalk:RemoveTags + - s3:GetBucketLocation + - s3:GetBucketPolicy + - s3:ListBucket + - s3:PutBucketPolicy - iam:PassRole list: - elasticbeanstalk:DescribeEnvironments + - elasticbeanstalk:ListTagsForResource delete: - elasticbeanstalk:DescribeEnvironments - elasticbeanstalk:TerminateEnvironment diff --git a/providers/src/aws/v00.00.00000/services/elasticloadbalancingv2.yaml b/providers/src/aws/v00.00.00000/services/elasticloadbalancingv2.yaml index 5ec5ed8e..814bc363 100644 --- a/providers/src/aws/v00.00.00000/services/elasticloadbalancingv2.yaml +++ b/providers/src/aws/v00.00.00000/services/elasticloadbalancingv2.yaml @@ -399,6 +399,9 @@ components: TrustStoreArn: description: The Amazon Resource Name (ARN) of the trust store. type: string + AdvertiseTrustStoreCaNames: + description: '' + type: string FixedResponseConfig: type: object additionalProperties: false @@ -520,7 +523,7 @@ components: description: 'The hostname. This component is not percent-encoded. The hostname can contain #{host}.' Protocol: type: string - description: 'The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.' + description: 'The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You can''t redirect HTTPS to HTTP.' StatusCode: type: string description: The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302). @@ -548,6 +551,20 @@ components: type: integer description: The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). description: Information about the target group stickiness for a rule. + ListenerAttribute: + description: Information about a listener attribute. + additionalProperties: false + type: object + properties: + Value: + description: The value of the attribute. + type: string + Key: + description: |- + The name of the attribute. + The following attribute is supported by Network Load Balancers, and Gateway Load Balancers. + + ``tcp.idle_timeout.seconds`` - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds. + type: string ForwardConfig: type: object additionalProperties: false @@ -619,6 +636,11 @@ components: - UserInfoEndpoint - ClientId - AuthorizationEndpoint + anyOf: + - required: + - ClientSecret + - required: + - UseExistingClientSecret description: Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users. Certificate: description: Specifies an SSL server certificate to use as the default certificate for a secure listener. @@ -644,6 +666,14 @@ components: MutualAuthentication: description: The mutual authentication configuration information. $ref: '#/components/schemas/MutualAuthentication' + ListenerAttributes: + x-arrayType: AttributeList + uniqueItems: true + description: The listener attributes. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ListenerAttribute' AlpnPolicy: description: '[TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.' type: array @@ -667,7 +697,7 @@ components: items: $ref: '#/components/schemas/Action' Port: - description: The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer. + description: The port on which the load balancer is listening. You can't specify a port for a Gateway Load Balancer. type: integer Certificates: uniqueItems: true @@ -678,7 +708,7 @@ components: items: $ref: '#/components/schemas/Certificate' Protocol: - description: The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer. + description: The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer. type: string required: - LoadBalancerArn @@ -705,14 +735,17 @@ components: x-required-permissions: read: - elasticloadbalancing:DescribeListeners + - elasticloadbalancing:DescribeListenerAttributes create: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeListeners - cognito-idp:DescribeUserPoolClient + - elasticloadbalancing:ModifyListenerAttributes update: - elasticloadbalancing:ModifyListener - elasticloadbalancing:DescribeListeners - cognito-idp:DescribeUserPoolClient + - elasticloadbalancing:ModifyListenerAttributes list: - elasticloadbalancing:DescribeListeners delete: @@ -957,6 +990,15 @@ components: - elasticloadbalancing:ModifyRule - elasticloadbalancing:SetRulePriorities - elasticloadbalancing:DescribeRules + MinimumLoadBalancerCapacity: + type: object + additionalProperties: false + properties: + CapacityUnits: + type: integer + required: + - CapacityUnits + description: '' SubnetMapping: type: object additionalProperties: false @@ -973,6 +1015,9 @@ components: IPv6Address: type: string description: '[Network Load Balancers] The IPv6 address.' + SourceNatIpv6Prefix: + type: string + description: '[Network Load Balancers with UDP listeners] The IPv6 prefix to use for source NAT. Specify an IPv6 prefix (/80 netmask) from the subnet CIDR block or ``auto_assigned`` to use an IPv6 prefix selected at random from the subnet CIDR block.' required: - SubnetId description: Specifies a subnet for a load balancer. @@ -989,7 +1034,7 @@ components: The name of the attribute. The following attributes are supported by all load balancers: + ``deletion_protection.enabled`` - Indicates whether deletion protection is enabled. The value is ``true`` or ``false``. The default is ``false``. - + ``load_balancing.cross_zone.enabled`` - Indicates whether cross-zone load balancing is enabled. The possible values are ``true`` and ``false``. The default for Network Load Balancers and Gateway Load Balancers is ``false``. The default for Application Load Balancers is ``true``, and cannot be changed. + + ``load_balancing.cross_zone.enabled`` - Indicates whether cross-zone load balancing is enabled. The possible values are ``true`` and ``false``. The default for Network Load Balancers and Gateway Load Balancers is ``false``. The default for Application Load Balancers is ``true``, and can't be changed. The following attributes are supported by both Application Load Balancers and Network Load Balancers: + ``access_logs.s3.enabled`` - Indicates whether access logs are enabled. The value is ``true`` or ``false``. The default is ``false``. @@ -1018,6 +1063,7 @@ components: The following attributes are supported by only Network Load Balancers: + ``dns_record.client_routing_policy`` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are ``availability_zone_affinity`` with 100 percent zonal affinity, ``partial_availability_zone_affinity`` with 85 percent zonal affinity, and ``any_availability_zone`` with 0 percent zonal affinity. + + ``zonal_shift.config.enabled`` - Indicates whether zonal shift is enabled. The possible values are ``true`` and ``false``. The default is ``false``. description: Specifies an attribute for an Application Load Balancer, a Network Load Balancer, or a Gateway Load Balancer. Tag: type: object @@ -1035,7 +1081,14 @@ components: properties: IpAddressType: type: string - description: The IP address type. The possible values are ``ipv4`` (for IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses). You can’t specify ``dualstack`` for a load balancer with a UDP or TCP_UDP listener. + description: |- + The IP address type. Internal load balancers must use ``ipv4``. + [Application Load Balancers] The possible values are ``ipv4`` (IPv4 addresses), ``dualstack`` (IPv4 and IPv6 addresses), and ``dualstack-without-public-ipv4`` (public IPv6 addresses and private IPv4 and IPv6 addresses). + Application Load Balancer authentication supports IPv4 addresses only when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer can't complete the authentication process, resulting in HTTP 500 errors. + [Network Load Balancers and Gateway Load Balancers] The possible values are ``ipv4`` (IPv4 addresses) and ``dualstack`` (IPv4 and IPv6 addresses). + EnablePrefixForIpv6SourceNat: + type: string + description: '[Network Load Balancers with UDP listeners] Indicates whether to use an IPv6 prefix from each subnet for source NAT. The IP address type must be ``dualstack``. The default value is ``off``.' SecurityGroups: type: array description: '[Application Load Balancers and Network Load Balancers] The IDs of the security groups for the load balancer.' @@ -1051,13 +1104,17 @@ components: x-arrayType: AttributeList items: $ref: '#/components/schemas/LoadBalancerAttribute' + MinimumLoadBalancerCapacity: + type: object + description: '' + $ref: '#/components/schemas/MinimumLoadBalancerCapacity' Scheme: type: string description: |- The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet. The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer. The default is an Internet-facing load balancer. - You cannot specify a scheme for a Gateway Load Balancer. + You can't specify a scheme for a Gateway Load Balancer. DNSName: type: string description: '' @@ -1079,8 +1136,7 @@ components: [Application Load Balancers] You must specify subnets from at least two Availability Zones. [Application Load Balancers on Outposts] You must specify one Outpost subnet. [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones. - [Network Load Balancers] You can specify subnets from one or more Availability Zones. - [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. + [Network Load Balancers and Gateway Load Balancers] You can specify subnets from one or more Availability Zones. uniqueItems: true x-insertionOrder: false items: @@ -1105,11 +1161,11 @@ components: type: array description: |- The IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both. - [Application Load Balancers] You must specify subnets from at least two Availability Zones. You cannot specify Elastic IP addresses for your subnets. + [Application Load Balancers] You must specify subnets from at least two Availability Zones. You can't specify Elastic IP addresses for your subnets. [Application Load Balancers on Outposts] You must specify one Outpost subnet. [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones. [Network Load Balancers] You can specify subnets from one or more Availability Zones. You can specify one Elastic IP address per subnet if you need static IP addresses for your internet-facing load balancer. For internal load balancers, you can specify one private IP address per subnet from the IPv4 range of the subnet. For internet-facing load balancer, you can specify one IPv6 address per subnet. - [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You cannot specify Elastic IP addresses for your subnets. + [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You can't specify Elastic IP addresses for your subnets. uniqueItems: true x-insertionOrder: false items: @@ -1139,6 +1195,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - elasticloadbalancing:AddTags + - elasticloadbalancing:DescribeTags + - elasticloadbalancing:RemoveTags x-required-permissions: create: - elasticloadbalancing:CreateLoadBalancer @@ -1153,9 +1213,11 @@ components: read: - elasticloadbalancing:DescribeLoadBalancers - elasticloadbalancing:DescribeLoadBalancerAttributes + - elasticloadbalancing:DescribeCapacityReservation - elasticloadbalancing:DescribeTags update: - elasticloadbalancing:ModifyLoadBalancerAttributes + - elasticloadbalancing:ModifyCapacityReservation - elasticloadbalancing:SetSubnets - elasticloadbalancing:SetIpAddressType - elasticloadbalancing:SetSecurityGroups @@ -1309,6 +1371,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - elasticloadbalancing:AddTags + - elasticloadbalancing:DescribeTags + - elasticloadbalancing:RemoveTags x-required-permissions: create: - elasticloadbalancing:CreateTargetGroup @@ -1389,6 +1455,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - elasticloadbalancing:AddTags + - elasticloadbalancing:DescribeTags + - elasticloadbalancing:RemoveTags x-required-permissions: create: - elasticloadbalancing:CreateTrustStore @@ -1502,6 +1572,14 @@ components: MutualAuthentication: description: The mutual authentication configuration information. $ref: '#/components/schemas/MutualAuthentication' + ListenerAttributes: + x-arrayType: AttributeList + uniqueItems: true + description: The listener attributes. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ListenerAttribute' AlpnPolicy: description: '[TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.' type: array @@ -1525,7 +1603,7 @@ components: items: $ref: '#/components/schemas/Action' Port: - description: The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer. + description: The port on which the load balancer is listening. You can't specify a port for a Gateway Load Balancer. type: integer Certificates: uniqueItems: true @@ -1536,7 +1614,7 @@ components: items: $ref: '#/components/schemas/Certificate' Protocol: - description: The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer. + description: The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer. type: string x-stackQL-stringOnly: true x-title: CreateListenerRequest @@ -1606,7 +1684,14 @@ components: properties: IpAddressType: type: string - description: The IP address type. The possible values are ``ipv4`` (for IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses). You can’t specify ``dualstack`` for a load balancer with a UDP or TCP_UDP listener. + description: |- + The IP address type. Internal load balancers must use ``ipv4``. + [Application Load Balancers] The possible values are ``ipv4`` (IPv4 addresses), ``dualstack`` (IPv4 and IPv6 addresses), and ``dualstack-without-public-ipv4`` (public IPv6 addresses and private IPv4 and IPv6 addresses). + Application Load Balancer authentication supports IPv4 addresses only when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer can't complete the authentication process, resulting in HTTP 500 errors. + [Network Load Balancers and Gateway Load Balancers] The possible values are ``ipv4`` (IPv4 addresses) and ``dualstack`` (IPv4 and IPv6 addresses). + EnablePrefixForIpv6SourceNat: + type: string + description: '[Network Load Balancers with UDP listeners] Indicates whether to use an IPv6 prefix from each subnet for source NAT. The IP address type must be ``dualstack``. The default value is ``off``.' SecurityGroups: type: array description: '[Application Load Balancers and Network Load Balancers] The IDs of the security groups for the load balancer.' @@ -1622,13 +1707,17 @@ components: x-arrayType: AttributeList items: $ref: '#/components/schemas/LoadBalancerAttribute' + MinimumLoadBalancerCapacity: + type: object + description: '' + $ref: '#/components/schemas/MinimumLoadBalancerCapacity' Scheme: type: string description: |- The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet. The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer. The default is an Internet-facing load balancer. - You cannot specify a scheme for a Gateway Load Balancer. + You can't specify a scheme for a Gateway Load Balancer. DNSName: type: string description: '' @@ -1650,8 +1739,7 @@ components: [Application Load Balancers] You must specify subnets from at least two Availability Zones. [Application Load Balancers on Outposts] You must specify one Outpost subnet. [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones. - [Network Load Balancers] You can specify subnets from one or more Availability Zones. - [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. + [Network Load Balancers and Gateway Load Balancers] You can specify subnets from one or more Availability Zones. uniqueItems: true x-insertionOrder: false items: @@ -1676,11 +1764,11 @@ components: type: array description: |- The IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both. - [Application Load Balancers] You must specify subnets from at least two Availability Zones. You cannot specify Elastic IP addresses for your subnets. + [Application Load Balancers] You must specify subnets from at least two Availability Zones. You can't specify Elastic IP addresses for your subnets. [Application Load Balancers on Outposts] You must specify one Outpost subnet. [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones. [Network Load Balancers] You can specify subnets from one or more Availability Zones. You can specify one Elastic IP address per subnet if you need static IP addresses for your internet-facing load balancer. For internal load balancers, you can specify one private IP address per subnet from the IPv4 range of the subnet. For internet-facing load balancer, you can specify one IPv6 address per subnet. - [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You cannot specify Elastic IP addresses for your subnets. + [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You can't specify Elastic IP addresses for your subnets. uniqueItems: true x-insertionOrder: false items: @@ -1951,6 +2039,7 @@ components: data__Identifier, JSON_EXTRACT(Properties, '$.ListenerArn') as listener_arn, JSON_EXTRACT(Properties, '$.MutualAuthentication') as mutual_authentication, + JSON_EXTRACT(Properties, '$.ListenerAttributes') as listener_attributes, JSON_EXTRACT(Properties, '$.AlpnPolicy') as alpn_policy, JSON_EXTRACT(Properties, '$.SslPolicy') as ssl_policy, JSON_EXTRACT(Properties, '$.LoadBalancerArn') as load_balancer_arn, @@ -1968,6 +2057,7 @@ components: detail.region, JSON_EXTRACT(detail.Properties, '$.ListenerArn') as listener_arn, JSON_EXTRACT(detail.Properties, '$.MutualAuthentication') as mutual_authentication, + JSON_EXTRACT(detail.Properties, '$.ListenerAttributes') as listener_attributes, JSON_EXTRACT(detail.Properties, '$.AlpnPolicy') as alpn_policy, JSON_EXTRACT(detail.Properties, '$.SslPolicy') as ssl_policy, JSON_EXTRACT(detail.Properties, '$.LoadBalancerArn') as load_balancer_arn, @@ -1990,6 +2080,7 @@ components: data__Identifier, json_extract_path_text(Properties, 'ListenerArn') as listener_arn, json_extract_path_text(Properties, 'MutualAuthentication') as mutual_authentication, + json_extract_path_text(Properties, 'ListenerAttributes') as listener_attributes, json_extract_path_text(Properties, 'AlpnPolicy') as alpn_policy, json_extract_path_text(Properties, 'SslPolicy') as ssl_policy, json_extract_path_text(Properties, 'LoadBalancerArn') as load_balancer_arn, @@ -2007,6 +2098,7 @@ components: detail.region, json_extract_path_text(detail.Properties, 'ListenerArn') as listener_arn, json_extract_path_text(detail.Properties, 'MutualAuthentication') as mutual_authentication, + json_extract_path_text(detail.Properties, 'ListenerAttributes') as listener_attributes, json_extract_path_text(detail.Properties, 'AlpnPolicy') as alpn_policy, json_extract_path_text(detail.Properties, 'SslPolicy') as ssl_policy, json_extract_path_text(detail.Properties, 'LoadBalancerArn') as load_balancer_arn, @@ -2270,8 +2362,10 @@ components: region, data__Identifier, JSON_EXTRACT(Properties, '$.IpAddressType') as ip_address_type, + JSON_EXTRACT(Properties, '$.EnablePrefixForIpv6SourceNat') as enable_prefix_for_ipv6_source_nat, JSON_EXTRACT(Properties, '$.SecurityGroups') as security_groups, JSON_EXTRACT(Properties, '$.LoadBalancerAttributes') as load_balancer_attributes, + JSON_EXTRACT(Properties, '$.MinimumLoadBalancerCapacity') as minimum_load_balancer_capacity, JSON_EXTRACT(Properties, '$.Scheme') as scheme, JSON_EXTRACT(Properties, '$.DNSName') as dns_name, JSON_EXTRACT(Properties, '$.Name') as name, @@ -2293,8 +2387,10 @@ components: SELECT detail.region, JSON_EXTRACT(detail.Properties, '$.IpAddressType') as ip_address_type, + JSON_EXTRACT(detail.Properties, '$.EnablePrefixForIpv6SourceNat') as enable_prefix_for_ipv6_source_nat, JSON_EXTRACT(detail.Properties, '$.SecurityGroups') as security_groups, JSON_EXTRACT(detail.Properties, '$.LoadBalancerAttributes') as load_balancer_attributes, + JSON_EXTRACT(detail.Properties, '$.MinimumLoadBalancerCapacity') as minimum_load_balancer_capacity, JSON_EXTRACT(detail.Properties, '$.Scheme') as scheme, JSON_EXTRACT(detail.Properties, '$.DNSName') as dns_name, JSON_EXTRACT(detail.Properties, '$.Name') as name, @@ -2321,8 +2417,10 @@ components: region, data__Identifier, json_extract_path_text(Properties, 'IpAddressType') as ip_address_type, + json_extract_path_text(Properties, 'EnablePrefixForIpv6SourceNat') as enable_prefix_for_ipv6_source_nat, json_extract_path_text(Properties, 'SecurityGroups') as security_groups, json_extract_path_text(Properties, 'LoadBalancerAttributes') as load_balancer_attributes, + json_extract_path_text(Properties, 'MinimumLoadBalancerCapacity') as minimum_load_balancer_capacity, json_extract_path_text(Properties, 'Scheme') as scheme, json_extract_path_text(Properties, 'DNSName') as dns_name, json_extract_path_text(Properties, 'Name') as name, @@ -2344,8 +2442,10 @@ components: SELECT detail.region, json_extract_path_text(detail.Properties, 'IpAddressType') as ip_address_type, + json_extract_path_text(detail.Properties, 'EnablePrefixForIpv6SourceNat') as enable_prefix_for_ipv6_source_nat, json_extract_path_text(detail.Properties, 'SecurityGroups') as security_groups, json_extract_path_text(detail.Properties, 'LoadBalancerAttributes') as load_balancer_attributes, + json_extract_path_text(detail.Properties, 'MinimumLoadBalancerCapacity') as minimum_load_balancer_capacity, json_extract_path_text(detail.Properties, 'Scheme') as scheme, json_extract_path_text(detail.Properties, 'DNSName') as dns_name, json_extract_path_text(detail.Properties, 'Name') as name, @@ -2417,8 +2517,10 @@ components: JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.IpAddressType') as ip_address_type, + JSON_EXTRACT(detail.Properties, '$.EnablePrefixForIpv6SourceNat') as enable_prefix_for_ipv6_source_nat, JSON_EXTRACT(detail.Properties, '$.SecurityGroups') as security_groups, JSON_EXTRACT(detail.Properties, '$.LoadBalancerAttributes') as load_balancer_attributes, + JSON_EXTRACT(detail.Properties, '$.MinimumLoadBalancerCapacity') as minimum_load_balancer_capacity, JSON_EXTRACT(detail.Properties, '$.Scheme') as scheme, JSON_EXTRACT(detail.Properties, '$.DNSName') as dns_name, JSON_EXTRACT(detail.Properties, '$.Name') as name, @@ -2446,8 +2548,10 @@ components: json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'IpAddressType') as ip_address_type, + json_extract_path_text(detail.Properties, 'EnablePrefixForIpv6SourceNat') as enable_prefix_for_ipv6_source_nat, json_extract_path_text(detail.Properties, 'SecurityGroups') as security_groups, json_extract_path_text(detail.Properties, 'LoadBalancerAttributes') as load_balancer_attributes, + json_extract_path_text(detail.Properties, 'MinimumLoadBalancerCapacity') as minimum_load_balancer_capacity, json_extract_path_text(detail.Properties, 'Scheme') as scheme, json_extract_path_text(detail.Properties, 'DNSName') as dns_name, json_extract_path_text(detail.Properties, 'Name') as name, diff --git a/providers/src/aws/v00.00.00000/services/emr.yaml b/providers/src/aws/v00.00.00000/services/emr.yaml index e7478d85..5971f33a 100644 --- a/providers/src/aws/v00.00.00000/services/emr.yaml +++ b/providers/src/aws/v00.00.00000/services/emr.yaml @@ -424,7 +424,7 @@ components: pattern: ^(subnet-[a-f0-9]{13})|(subnet-[a-f0-9]{8})\Z Arn: type: string - pattern: ^arn:aws(-(cn|us-gov))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + pattern: ^arn:aws(-(cn|us-gov|iso-f|iso-e))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ Tags: type: array x-insertionOrder: false @@ -584,6 +584,11 @@ components: - VpcId - WorkspaceSecurityGroupId - DefaultS3Location + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false x-required-permissions: create: - elasticmapreduce:CreateStudio @@ -608,7 +613,7 @@ components: - elasticmapreduce:ListStudios IamPolicyArn: type: string - pattern: ^arn:aws(-(cn|us-gov))?:iam::([0-9]{12})?:policy\/[^.]+$ + pattern: ^arn:aws(-(cn|us-gov|iso-f|iso-e))?:iam::([0-9]{12})?:policy\/[^.]+$ StudioSessionMapping: type: object properties: @@ -652,6 +657,11 @@ components: - IdentityName - IdentityType - SessionPolicyArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false x-required-permissions: create: - elasticmapreduce:CreateStudioSessionMapping @@ -664,6 +674,23 @@ components: - sso:GetProfile - sso:ListProfiles - sso:AssociateProfile + - sso:CreateApplication + - sso:PutApplicationAuthenticationMethod + - sso:PutApplicationGrant + - sso:PutApplicationAccessScope + - sso:PutApplicationAssignmentConfiguration + - sso:DescribeApplication + - sso:DeleteApplication + - sso:DeleteApplicationAuthenticationMethod + - sso:DeleteApplicationAccessScope + - sso:DeleteApplicationGrant + - sso:ListInstances + - sso-directory:CreateUser + - sso-directory:CreateGroup + - sso:CreateApplicationAssignment + - sso:DescribeInstance + - sso:DeleteApplicationAssignment + - sso:ListApplicationAssignments read: - elasticmapreduce:GetStudioSessionMapping - sso-directory:SearchUsers @@ -725,6 +752,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - emrwal:TagResource + - emrwal:UntagResource + - emrwal:ListTagsForResource x-required-permissions: create: - emrwal:CreateWorkspace diff --git a/providers/src/aws/v00.00.00000/services/emrcontainers.yaml b/providers/src/aws/v00.00.00000/services/emrcontainers.yaml index 50e87775..07bbf22a 100644 --- a/providers/src/aws/v00.00.00000/services/emrcontainers.yaml +++ b/providers/src/aws/v00.00.00000/services/emrcontainers.yaml @@ -480,6 +480,15 @@ components: x-required-properties: - Name - ContainerProvider + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - emr-containers:TagResource + - emr-containers:UntagResource x-required-permissions: create: - emr-containers:CreateVirtualCluster @@ -489,6 +498,7 @@ components: - emr-containers:DescribeVirtualCluster delete: - emr-containers:DeleteVirtualCluster + - emr-containers:DescribeVirtualCluster list: - emr-containers:ListVirtualClusters update: diff --git a/providers/src/aws/v00.00.00000/services/emrserverless.yaml b/providers/src/aws/v00.00.00000/services/emrserverless.yaml index ab1ed550..bec303cf 100644 --- a/providers/src/aws/v00.00.00000/services/emrserverless.yaml +++ b/providers/src/aws/v00.00.00000/services/emrserverless.yaml @@ -402,6 +402,18 @@ components: pattern: ^([a-z0-9]+[a-z0-9-.]*)\/((?:[a-z0-9]+(?:[._-][a-z0-9]+)*\/)*[a-z0-9]+(?:[._-][a-z0-9]+)*)(?:\:([a-zA-Z0-9_][a-zA-Z0-9-._]{0,299})|@(sha256:[0-9a-f]{64}))$ description: The URI of an image in the Amazon ECR registry. This field is required when you create a new application. If you leave this field blank in an update, Amazon EMR will remove the image configuration. additionalProperties: false + InteractiveConfiguration: + additionalProperties: false + type: object + properties: + LivyEndpointEnabled: + description: Enables an Apache Livy endpoint that you can connect to and run interactive jobs + type: boolean + default: false + StudioEnabled: + description: Enabled you to connect an Application to Amazon EMR Studio to run interactive workloads in a notebook + type: boolean + default: false ConfigurationList: type: array description: Runtime configuration for batch and interactive JobRun. @@ -409,6 +421,17 @@ components: x-insertionOrder: false items: $ref: '#/components/schemas/ConfigurationObject' + SchedulerConfiguration: + type: object + description: The scheduler configuration for batch and streaming jobs running on this application. Supported with release labels emr-7.0.0 and above. + additionalProperties: false + properties: + QueueTimeoutMinutes: + description: The maximum duration in minutes for the job in QUEUED state. If scheduler configuration is enabled on your application, the default value is 360 minutes (6 hours). The valid range is from 15 to 720. + type: integer + MaxConcurrentRuns: + description: The maximum concurrent job runs on this application. If scheduler configuration is enabled on your application, the default value is 15. The valid range is 1 to 1000. + type: integer MonitoringConfiguration: type: object description: Monitoring configuration for batch and interactive JobRun. @@ -533,6 +556,9 @@ components: Disk: description: Per worker Disk resource. GB is the only supported unit and specifying GB is optional $ref: '#/components/schemas/DiskSize' + DiskType: + description: Per worker DiskType resource. Shuffle optimized and Standard are only supported types and specifying diskType is optional + $ref: '#/components/schemas/DiskType' required: - Cpu - Memory @@ -715,6 +741,10 @@ components: minLength: 1 maxLength: 15 pattern: ^[1-9][0-9]*(\s)?(GB|gb|gB|Gb)$ + DiskType: + description: Per worker DiskType resource. Shuffle optimized and Standard are only supported types and specifying diskType is optional + type: string + pattern: ^(SHUFFLE_OPTIMIZED|[Ss]huffle_[Oo]ptimized|STANDARD|[Ss]tandard)$ WorkerTypeSpecificationInput: type: object description: The specifications for a worker type. @@ -773,12 +803,15 @@ components: $ref: '#/components/schemas/MonitoringConfiguration' RuntimeConfiguration: $ref: '#/components/schemas/ConfigurationList' + InteractiveConfiguration: + $ref: '#/components/schemas/InteractiveConfiguration' NetworkConfiguration: description: Network Configuration for customer VPC connectivity. $ref: '#/components/schemas/NetworkConfiguration' Arn: description: The Amazon Resource Name (ARN) of the EMR Serverless Application. type: string + pattern: ^arn:(aws[a-zA-Z0-9-]*):emr-serverless:.+:(\d{12}):\/applications\/[0-9a-zA-Z]+$ ApplicationId: description: The ID of the EMR Serverless Application. type: string @@ -787,6 +820,9 @@ components: WorkerTypeSpecifications: description: The key-value pairs that specify worker type to WorkerTypeSpecificationInput. This parameter must contain all valid worker types for a Spark or Hive application. Valid worker types include Driver and Executor for Spark applications and HiveDriver and TezTask for Hive applications. You can either set image details in this parameter for each worker type, or in imageConfiguration for all worker types. $ref: '#/components/schemas/WorkerTypeSpecificationInputMap' + SchedulerConfiguration: + description: The scheduler configuration for batch and streaming jobs running on this application. Supported with release labels emr-7.0.0 and above. + $ref: '#/components/schemas/SchedulerConfiguration' required: - ReleaseLabel - Type @@ -810,6 +846,8 @@ components: - ImageConfiguration - MonitoringConfiguration - RuntimeConfiguration + - InteractiveConfiguration + - SchedulerConfiguration x-read-only-properties: - Arn - ApplicationId @@ -818,20 +856,35 @@ components: - Type x-tagging: taggable: true + tagOnCreate: true + tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - emr-serverless:TagResource + - emr-serverless:UntagResource + - kms:TagResource + - kms:UntagResource x-required-permissions: create: - - kms:Create* - - kms:Describe* - - kms:Enable* - - kms:List* - - kms:Put* - - kms:Update* - - kms:Revoke* - - kms:Disable* - - kms:Get* - - kms:Delete* + - kms:CreateKey + - kms:CreateAlias + - kms:DescribeKey + - kms:EnableKey + - kms:ListGrants + - kms:ListAliases + - kms:ListKeyPolicies + - kms:ListKeys + - kms:PutKeyPolicy + - kms:UpdateKeyDescription + - kms:UpdateAlias + - kms:UpdatePrimaryRegion + - kms:RevokeGrant + - kms:DisableKey + - kms:DisableKeyRotation + - kms:GetKeyPolicy + - kms:GetKeyRotationStatus + - kms:DeleteAlias - kms:ScheduleKeyDeletion - kms:CancelKeyDeletion - kms:GenerateDataKey @@ -857,16 +910,24 @@ components: - ecr:BatchGetImage - ecr:DescribeImages - ecr:GetDownloadUrlForLayer - - kms:Create* - - kms:Describe* - - kms:Enable* - - kms:List* - - kms:Put* - - kms:Update* - - kms:Revoke* - - kms:Disable* - - kms:Get* - - kms:Delete* + - kms:CreateKey + - kms:CreateAlias + - kms:DescribeKey + - kms:EnableKey + - kms:ListGrants + - kms:ListAliases + - kms:ListKeyPolicies + - kms:ListKeys + - kms:PutKeyPolicy + - kms:UpdateKeyDescription + - kms:UpdateAlias + - kms:UpdatePrimaryRegion + - kms:RevokeGrant + - kms:DisableKey + - kms:DisableKeyRotation + - kms:GetKeyPolicy + - kms:GetKeyRotationStatus + - kms:DeleteAlias - kms:ScheduleKeyDeletion - kms:CancelKeyDeletion - kms:GenerateDataKey @@ -933,12 +994,15 @@ components: $ref: '#/components/schemas/MonitoringConfiguration' RuntimeConfiguration: $ref: '#/components/schemas/ConfigurationList' + InteractiveConfiguration: + $ref: '#/components/schemas/InteractiveConfiguration' NetworkConfiguration: description: Network Configuration for customer VPC connectivity. $ref: '#/components/schemas/NetworkConfiguration' Arn: description: The Amazon Resource Name (ARN) of the EMR Serverless Application. type: string + pattern: ^arn:(aws[a-zA-Z0-9-]*):emr-serverless:.+:(\d{12}):\/applications\/[0-9a-zA-Z]+$ ApplicationId: description: The ID of the EMR Serverless Application. type: string @@ -947,6 +1011,9 @@ components: WorkerTypeSpecifications: description: The key-value pairs that specify worker type to WorkerTypeSpecificationInput. This parameter must contain all valid worker types for a Spark or Hive application. Valid worker types include Driver and Executor for Spark applications and HiveDriver and TezTask for Hive applications. You can either set image details in this parameter for each worker type, or in imageConfiguration for all worker types. $ref: '#/components/schemas/WorkerTypeSpecificationInputMap' + SchedulerConfiguration: + description: The scheduler configuration for batch and streaming jobs running on this application. Supported with release labels emr-7.0.0 and above. + $ref: '#/components/schemas/SchedulerConfiguration' x-stackQL-stringOnly: true x-title: CreateApplicationRequest type: object @@ -1034,10 +1101,12 @@ components: JSON_EXTRACT(Properties, '$.ImageConfiguration') as image_configuration, JSON_EXTRACT(Properties, '$.MonitoringConfiguration') as monitoring_configuration, JSON_EXTRACT(Properties, '$.RuntimeConfiguration') as runtime_configuration, + JSON_EXTRACT(Properties, '$.InteractiveConfiguration') as interactive_configuration, JSON_EXTRACT(Properties, '$.NetworkConfiguration') as network_configuration, JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, - JSON_EXTRACT(Properties, '$.WorkerTypeSpecifications') as worker_type_specifications + JSON_EXTRACT(Properties, '$.WorkerTypeSpecifications') as worker_type_specifications, + JSON_EXTRACT(Properties, '$.SchedulerConfiguration') as scheduler_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMRServerless::Application' AND data__Identifier = '' AND region = 'us-east-1' @@ -1058,10 +1127,12 @@ components: JSON_EXTRACT(detail.Properties, '$.ImageConfiguration') as image_configuration, JSON_EXTRACT(detail.Properties, '$.MonitoringConfiguration') as monitoring_configuration, JSON_EXTRACT(detail.Properties, '$.RuntimeConfiguration') as runtime_configuration, + JSON_EXTRACT(detail.Properties, '$.InteractiveConfiguration') as interactive_configuration, JSON_EXTRACT(detail.Properties, '$.NetworkConfiguration') as network_configuration, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, - JSON_EXTRACT(detail.Properties, '$.WorkerTypeSpecifications') as worker_type_specifications + JSON_EXTRACT(detail.Properties, '$.WorkerTypeSpecifications') as worker_type_specifications, + JSON_EXTRACT(detail.Properties, '$.SchedulerConfiguration') as scheduler_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1087,10 +1158,12 @@ components: json_extract_path_text(Properties, 'ImageConfiguration') as image_configuration, json_extract_path_text(Properties, 'MonitoringConfiguration') as monitoring_configuration, json_extract_path_text(Properties, 'RuntimeConfiguration') as runtime_configuration, + json_extract_path_text(Properties, 'InteractiveConfiguration') as interactive_configuration, json_extract_path_text(Properties, 'NetworkConfiguration') as network_configuration, json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'ApplicationId') as application_id, - json_extract_path_text(Properties, 'WorkerTypeSpecifications') as worker_type_specifications + json_extract_path_text(Properties, 'WorkerTypeSpecifications') as worker_type_specifications, + json_extract_path_text(Properties, 'SchedulerConfiguration') as scheduler_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EMRServerless::Application' AND data__Identifier = '' AND region = 'us-east-1' @@ -1111,10 +1184,12 @@ components: json_extract_path_text(detail.Properties, 'ImageConfiguration') as image_configuration, json_extract_path_text(detail.Properties, 'MonitoringConfiguration') as monitoring_configuration, json_extract_path_text(detail.Properties, 'RuntimeConfiguration') as runtime_configuration, + json_extract_path_text(detail.Properties, 'InteractiveConfiguration') as interactive_configuration, json_extract_path_text(detail.Properties, 'NetworkConfiguration') as network_configuration, json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, - json_extract_path_text(detail.Properties, 'WorkerTypeSpecifications') as worker_type_specifications + json_extract_path_text(detail.Properties, 'WorkerTypeSpecifications') as worker_type_specifications, + json_extract_path_text(detail.Properties, 'SchedulerConfiguration') as scheduler_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1184,10 +1259,12 @@ components: JSON_EXTRACT(detail.Properties, '$.ImageConfiguration') as image_configuration, JSON_EXTRACT(detail.Properties, '$.MonitoringConfiguration') as monitoring_configuration, JSON_EXTRACT(detail.Properties, '$.RuntimeConfiguration') as runtime_configuration, + JSON_EXTRACT(detail.Properties, '$.InteractiveConfiguration') as interactive_configuration, JSON_EXTRACT(detail.Properties, '$.NetworkConfiguration') as network_configuration, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, - JSON_EXTRACT(detail.Properties, '$.WorkerTypeSpecifications') as worker_type_specifications + JSON_EXTRACT(detail.Properties, '$.WorkerTypeSpecifications') as worker_type_specifications, + JSON_EXTRACT(detail.Properties, '$.SchedulerConfiguration') as scheduler_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1214,10 +1291,12 @@ components: json_extract_path_text(detail.Properties, 'ImageConfiguration') as image_configuration, json_extract_path_text(detail.Properties, 'MonitoringConfiguration') as monitoring_configuration, json_extract_path_text(detail.Properties, 'RuntimeConfiguration') as runtime_configuration, + json_extract_path_text(detail.Properties, 'InteractiveConfiguration') as interactive_configuration, json_extract_path_text(detail.Properties, 'NetworkConfiguration') as network_configuration, json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, - json_extract_path_text(detail.Properties, 'WorkerTypeSpecifications') as worker_type_specifications + json_extract_path_text(detail.Properties, 'WorkerTypeSpecifications') as worker_type_specifications, + json_extract_path_text(detail.Properties, 'SchedulerConfiguration') as scheduler_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/entityresolution.yaml b/providers/src/aws/v00.00.00000/services/entityresolution.yaml index 235fc861..04b6ef0d 100644 --- a/providers/src/aws/v00.00.00000/services/entityresolution.yaml +++ b/providers/src/aws/v00.00.00000/services/entityresolution.yaml @@ -385,77 +385,100 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: - EntityName: - type: string - pattern: ^[a-zA-Z_0-9-]*$ - minLength: 0 - maxLength: 255 + IdMappingWorkflowOutputSource: + additionalProperties: false + type: object + properties: + KMSArn: + $ref: '#/components/schemas/KMSArn' + OutputS3Path: + pattern: ^s3://([^/]+)/?(.*?([^/]+)/?)$ + description: The S3 path to which Entity Resolution will write the output table + type: string + required: + - OutputS3Path Description: type: string minLength: 0 maxLength: 255 - AttributeName: - type: string - pattern: ^[a-zA-Z_0-9- \t]*$ - minLength: 0 - maxLength: 255 - SchemaMappingArn: - description: The SchemaMapping arn associated with the Schema - type: string - pattern: ^arn:(aws|aws-us-gov|aws-cn):entityresolution:.*:[0-9]+:(schemamapping/.*)$ - KMSArn: - type: string - pattern: ^arn:(aws|aws-us-gov|aws-cn):kms:.*:[0-9]+:.*$ - IdMappingWorkflowArn: - description: The default IdMappingWorkflow arn - type: string - pattern: ^arn:(aws|aws-us-gov|aws-cn):entityresolution:.*:[0-9]+:(idmappingworkflow/.*)$ - CreatedAt: - description: The time of this SchemaMapping got created - type: string - UpdatedAt: - description: The time of this SchemaMapping got last updated at - type: string IdMappingWorkflowInputSource: + additionalProperties: false type: object properties: - InputSourceARN: - description: An Glue table ARN for the input source table or IdNamespace ARN - type: string - pattern: arn:(aws|aws-us-gov|aws-cn):.*:.*:[0-9]+:.*$ - SchemaArn: - type: string - $ref: '#/components/schemas/SchemaMappingArn' Type: type: string enum: - SOURCE - TARGET + InputSourceARN: + pattern: ^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idnamespace/[a-zA-Z_0-9-]{1,255})$|^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(matchingworkflow/[a-zA-Z_0-9-]{1,255})$|^arn:(aws|aws-us-gov|aws-cn):glue:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(table/[a-zA-Z_0-9-]{1,255}/[a-zA-Z_0-9-]{1,255})$ + description: An Glue table ARN for the input source table, MatchingWorkflow arn or IdNamespace ARN + type: string + SchemaArn: + type: string + $ref: '#/components/schemas/SchemaMappingArn' required: - InputSourceARN + EntityName: + type: string + pattern: ^[a-zA-Z_0-9-]*$ + minLength: 0 + maxLength: 255 + IdMappingTechniques: additionalProperties: false - IdMappingWorkflowOutputSource: type: object properties: - OutputS3Path: - description: The S3 path to which Entity Resolution will write the output table + RuleBasedProperties: + $ref: '#/components/schemas/IdMappingRuleBasedProperties' + ProviderProperties: + $ref: '#/components/schemas/ProviderProperties' + IdMappingType: type: string - pattern: ^s3://([^/]+)/?(.*?([^/]+)/?)$ - KMSArn: - $ref: '#/components/schemas/KMSArn' - required: - - OutputS3Path + enum: + - PROVIDER + - RULE_BASED + CreatedAt: + description: The time of this SchemaMapping got created + type: string + IdMappingWorkflowArn: + pattern: ^arn:(aws|aws-us-gov|aws-cn):entityresolution:.*:[0-9]+:(idmappingworkflow/.*)$ + description: The default IdMappingWorkflow arn + type: string + UpdatedAt: + description: The time of this SchemaMapping got last updated at + type: string + IdMappingRuleBasedProperties: additionalProperties: false - IdMappingTechniques: type: object properties: - IdMappingType: + AttributeMatchingModel: type: string enum: - - PROVIDER - ProviderProperties: - $ref: '#/components/schemas/ProviderProperties' - additionalProperties: false + - ONE_TO_ONE + - MANY_TO_MANY + RuleDefinitionType: + type: string + enum: + - SOURCE + - TARGET + Rules: + minItems: 1 + maxItems: 25 + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Rule' + RecordMatchingModel: + type: string + enum: + - ONE_SOURCE_TO_ONE_TARGET + - MANY_SOURCE_TO_ONE_TARGET + required: + - AttributeMatchingModel + - RecordMatchingModel + KMSArn: + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):kms:.*:[0-9]+:.*$ ProviderProperties: type: object properties: @@ -483,6 +506,34 @@ components: required: - IntermediateS3Path additionalProperties: false + SchemaMappingArn: + description: The SchemaMapping arn associated with the Schema + type: string + pattern: ^arn:(aws|aws-us-gov|aws-cn):entityresolution:.*:[0-9]+:(schemamapping/.*)$ + AttributeName: + type: string + pattern: ^[a-zA-Z_0-9- \t]*$ + minLength: 0 + maxLength: 255 + Rule: + type: object + properties: + RuleName: + type: string + pattern: ^[a-zA-Z_0-9- \t]*$ + minLength: 0 + maxLength: 255 + MatchingKeys: + type: array + x-insertionOrder: false + minItems: 1 + maxItems: 15 + items: + $ref: '#/components/schemas/AttributeName' + required: + - RuleName + - MatchingKeys + additionalProperties: false Tag: description: A key-value pair to associate with a resource type: object @@ -504,45 +555,45 @@ components: IdMappingWorkflow: type: object properties: - WorkflowName: - description: The name of the IdMappingWorkflow - $ref: '#/components/schemas/EntityName' Description: description: The description of the IdMappingWorkflow $ref: '#/components/schemas/Description' InputSourceConfig: - type: array - x-insertionOrder: false minItems: 1 maxItems: 20 + x-insertionOrder: false + type: array items: $ref: '#/components/schemas/IdMappingWorkflowInputSource' + IdMappingTechniques: + $ref: '#/components/schemas/IdMappingTechniques' + WorkflowName: + description: The name of the IdMappingWorkflow + $ref: '#/components/schemas/EntityName' + CreatedAt: + $ref: '#/components/schemas/CreatedAt' OutputSourceConfig: - type: array - x-insertionOrder: false minItems: 1 maxItems: 1 + x-insertionOrder: false + type: array items: $ref: '#/components/schemas/IdMappingWorkflowOutputSource' - IdMappingTechniques: - $ref: '#/components/schemas/IdMappingTechniques' + WorkflowArn: + $ref: '#/components/schemas/IdMappingWorkflowArn' + UpdatedAt: + $ref: '#/components/schemas/UpdatedAt' RoleArn: - type: string pattern: ^arn:(aws|aws-us-gov|aws-cn):iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + type: string Tags: - type: array - uniqueItems: true - x-insertionOrder: false minItems: 0 maxItems: 200 + uniqueItems: true + x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' - WorkflowArn: - $ref: '#/components/schemas/IdMappingWorkflowArn' - CreatedAt: - $ref: '#/components/schemas/CreatedAt' - UpdatedAt: - $ref: '#/components/schemas/UpdatedAt' required: - WorkflowName - InputSourceConfig @@ -555,6 +606,8 @@ components: - WorkflowName x-create-only-properties: - WorkflowName + x-write-only-properties: + - IdMappingTechniques/NormalizationVersion x-read-only-properties: - WorkflowArn - UpdatedAt @@ -565,12 +618,19 @@ components: - IdMappingTechniques - RoleArn x-tagging: + permissions: + - entityresolution:TagResource + - entityresolution:UntagResource + - entityresolution:ListTagsForResource taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: true tagProperty: /properties/Tags + cloudFormationSystemTags: true x-required-permissions: + read: + - entityresolution:GetIdMappingWorkflow + - entityresolution:ListTagsForResource create: - entityresolution:CreateIdMappingWorkflow - entityresolution:GetIdMappingWorkflow @@ -587,15 +647,12 @@ components: - iam:PassRole - kms:CreateGrant - kms:DescribeKey - read: - - entityresolution:GetIdMappingWorkflow - - entityresolution:ListTagsForResource + list: + - entityresolution:ListIdMappingWorkflows delete: - entityresolution:DeleteIdMappingWorkflow - entityresolution:GetIdMappingWorkflow - entityresolution:UntagResource - list: - - entityresolution:ListIdMappingWorkflows IdNamespaceInputSource: type: object properties: @@ -614,11 +671,50 @@ components: type: string enum: - PROVIDER + - RULE_BASED + RuleBasedProperties: + $ref: '#/components/schemas/NamespaceRuleBasedProperties' ProviderProperties: $ref: '#/components/schemas/NamespaceProviderProperties' required: - IdMappingType additionalProperties: false + NamespaceRuleBasedProperties: + type: object + properties: + Rules: + type: array + x-insertionOrder: false + minItems: 1 + maxItems: 25 + items: + $ref: '#/components/schemas/Rule' + RuleDefinitionTypes: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/RuleDefinitionType' + AttributeMatchingModel: + type: string + enum: + - ONE_TO_ONE + - MANY_TO_MANY + RecordMatchingModels: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/RecordMatchingModel' + additionalProperties: false + RecordMatchingModel: + type: string + enum: + - ONE_SOURCE_TO_ONE_TARGET + - MANY_SOURCE_TO_ONE_TARGET + RuleDefinitionType: + type: string + enum: + - SOURCE + - TARGET NamespaceProviderProperties: type: object properties: @@ -713,6 +809,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - entityresolution:TagResource + - entityresolution:UntagResource + - entityresolution:ListTagsForResource x-required-permissions: create: - entityresolution:CreateIdNamespace @@ -785,20 +885,32 @@ components: required: - Name additionalProperties: false + ResolutionType: + type: string + enum: + - RULE_MATCHING + - ML_MATCHING + - PROVIDER ResolutionTechniques: type: object properties: ResolutionType: - type: string - enum: - - RULE_MATCHING - - ML_MATCHING - - PROVIDER + $ref: '#/components/schemas/ResolutionType' RuleBasedProperties: $ref: '#/components/schemas/RuleBasedProperties' ProviderProperties: $ref: '#/components/schemas/ProviderProperties' additionalProperties: false + IncrementalRunConfig: + type: object + properties: + IncrementalRunType: + type: string + enum: + - IMMEDIATE + required: + - IncrementalRunType + additionalProperties: false RuleBasedProperties: type: object properties: @@ -814,29 +926,15 @@ components: enum: - ONE_TO_ONE - MANY_TO_MANY + MatchPurpose: + type: string + enum: + - IDENTIFIER_GENERATION + - INDEXING required: - AttributeMatchingModel - Rules additionalProperties: false - Rule: - type: object - properties: - RuleName: - type: string - pattern: ^[a-zA-Z_0-9- \t]*$ - minLength: 0 - maxLength: 255 - MatchingKeys: - type: array - x-insertionOrder: false - minItems: 1 - maxItems: 15 - items: - $ref: '#/components/schemas/AttributeName' - required: - - RuleName - - MatchingKeys - additionalProperties: false MatchingWorkflow: type: object properties: @@ -879,6 +977,8 @@ components: $ref: '#/components/schemas/CreatedAt' UpdatedAt: $ref: '#/components/schemas/UpdatedAt' + IncrementalRunConfig: + $ref: '#/components/schemas/IncrementalRunConfig' required: - WorkflowName - InputSourceConfig @@ -908,6 +1008,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - entityresolution:TagResource + - entityresolution:UntagResource + - entityresolution:ListTagsForResource x-required-permissions: create: - entityresolution:CreateMatchingWorkflow @@ -916,6 +1020,10 @@ components: - kms:CreateGrant - kms:DescribeKey - iam:PassRole + - events:PutRule + - events:DeleteRule + - events:PutTargets + - events:ListTargetsByRule read: - entityresolution:GetMatchingWorkflow - entityresolution:ListTagsForResource @@ -923,6 +1031,11 @@ components: - entityresolution:DeleteMatchingWorkflow - entityresolution:GetMatchingWorkflow - entityresolution:UntagResource + - events:PutRule + - events:DeleteRule + - events:PutTargets + - events:RemoveTargets + - events:ListTargetsByRule list: - entityresolution:ListMatchingWorkflows update: @@ -934,6 +1047,11 @@ components: - iam:PassRole - kms:CreateGrant - kms:DescribeKey + - events:PutRule + - events:DeleteRule + - events:PutTargets + - events:RemoveTargets + - events:ListTargetsByRule VeniceGlobalArn: description: Arn of the resource to which the policy statement is being attached. type: string @@ -1047,8 +1165,10 @@ components: items: $ref: '#/components/schemas/SchemaInputAttribute' minItems: 2 - maxItems: 25 + maxItems: 35 x-insertionOrder: false + Hashed: + type: boolean SchemaInputAttribute: type: object properties: @@ -1063,6 +1183,8 @@ components: $ref: '#/components/schemas/AttributeName' MatchKey: $ref: '#/components/schemas/AttributeName' + Hashed: + $ref: '#/components/schemas/Hashed' required: - FieldName - Type @@ -1122,6 +1244,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - entityresolution:TagResource + - entityresolution:UntagResource + - entityresolution:ListTagsForResource x-required-permissions: create: - entityresolution:CreateSchemaMapping @@ -1154,45 +1280,45 @@ components: DesiredState: type: object properties: - WorkflowName: - description: The name of the IdMappingWorkflow - $ref: '#/components/schemas/EntityName' Description: description: The description of the IdMappingWorkflow $ref: '#/components/schemas/Description' InputSourceConfig: - type: array - x-insertionOrder: false minItems: 1 maxItems: 20 + x-insertionOrder: false + type: array items: $ref: '#/components/schemas/IdMappingWorkflowInputSource' + IdMappingTechniques: + $ref: '#/components/schemas/IdMappingTechniques' + WorkflowName: + description: The name of the IdMappingWorkflow + $ref: '#/components/schemas/EntityName' + CreatedAt: + $ref: '#/components/schemas/CreatedAt' OutputSourceConfig: - type: array - x-insertionOrder: false minItems: 1 maxItems: 1 + x-insertionOrder: false + type: array items: $ref: '#/components/schemas/IdMappingWorkflowOutputSource' - IdMappingTechniques: - $ref: '#/components/schemas/IdMappingTechniques' + WorkflowArn: + $ref: '#/components/schemas/IdMappingWorkflowArn' + UpdatedAt: + $ref: '#/components/schemas/UpdatedAt' RoleArn: - type: string pattern: ^arn:(aws|aws-us-gov|aws-cn):iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + type: string Tags: - type: array - uniqueItems: true - x-insertionOrder: false minItems: 0 maxItems: 200 + uniqueItems: true + x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' - WorkflowArn: - $ref: '#/components/schemas/IdMappingWorkflowArn' - CreatedAt: - $ref: '#/components/schemas/CreatedAt' - UpdatedAt: - $ref: '#/components/schemas/UpdatedAt' x-stackQL-stringOnly: true x-title: CreateIdMappingWorkflowRequest type: object @@ -1314,6 +1440,8 @@ components: $ref: '#/components/schemas/CreatedAt' UpdatedAt: $ref: '#/components/schemas/UpdatedAt' + IncrementalRunConfig: + $ref: '#/components/schemas/IncrementalRunConfig' x-stackQL-stringOnly: true x-title: CreateMatchingWorkflowRequest type: object @@ -1460,16 +1588,16 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.WorkflowName') as workflow_name, JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.InputSourceConfig') as input_source_config, - JSON_EXTRACT(Properties, '$.OutputSourceConfig') as output_source_config, JSON_EXTRACT(Properties, '$.IdMappingTechniques') as id_mapping_techniques, - JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.WorkflowArn') as workflow_arn, + JSON_EXTRACT(Properties, '$.WorkflowName') as workflow_name, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + JSON_EXTRACT(Properties, '$.OutputSourceConfig') as output_source_config, + JSON_EXTRACT(Properties, '$.WorkflowArn') as workflow_arn, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::IdMappingWorkflow' AND data__Identifier = '' AND region = 'us-east-1' @@ -1478,16 +1606,16 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.WorkflowName') as workflow_name, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.InputSourceConfig') as input_source_config, - JSON_EXTRACT(detail.Properties, '$.OutputSourceConfig') as output_source_config, JSON_EXTRACT(detail.Properties, '$.IdMappingTechniques') as id_mapping_techniques, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.WorkflowArn') as workflow_arn, + JSON_EXTRACT(detail.Properties, '$.WorkflowName') as workflow_name, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + JSON_EXTRACT(detail.Properties, '$.OutputSourceConfig') as output_source_config, + JSON_EXTRACT(detail.Properties, '$.WorkflowArn') as workflow_arn, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1501,16 +1629,16 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'WorkflowName') as workflow_name, json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'InputSourceConfig') as input_source_config, - json_extract_path_text(Properties, 'OutputSourceConfig') as output_source_config, json_extract_path_text(Properties, 'IdMappingTechniques') as id_mapping_techniques, - json_extract_path_text(Properties, 'RoleArn') as role_arn, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'WorkflowArn') as workflow_arn, + json_extract_path_text(Properties, 'WorkflowName') as workflow_name, json_extract_path_text(Properties, 'CreatedAt') as created_at, - json_extract_path_text(Properties, 'UpdatedAt') as updated_at + json_extract_path_text(Properties, 'OutputSourceConfig') as output_source_config, + json_extract_path_text(Properties, 'WorkflowArn') as workflow_arn, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::IdMappingWorkflow' AND data__Identifier = '' AND region = 'us-east-1' @@ -1519,16 +1647,16 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'WorkflowName') as workflow_name, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'InputSourceConfig') as input_source_config, - json_extract_path_text(detail.Properties, 'OutputSourceConfig') as output_source_config, json_extract_path_text(detail.Properties, 'IdMappingTechniques') as id_mapping_techniques, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'WorkflowArn') as workflow_arn, + json_extract_path_text(detail.Properties, 'WorkflowName') as workflow_name, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + json_extract_path_text(detail.Properties, 'OutputSourceConfig') as output_source_config, + json_extract_path_text(detail.Properties, 'WorkflowArn') as workflow_arn, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1587,15 +1715,15 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.WorkflowName') as workflow_name, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.InputSourceConfig') as input_source_config, - JSON_EXTRACT(detail.Properties, '$.OutputSourceConfig') as output_source_config, JSON_EXTRACT(detail.Properties, '$.IdMappingTechniques') as id_mapping_techniques, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(detail.Properties, '$.WorkflowArn') as workflow_arn, + JSON_EXTRACT(detail.Properties, '$.WorkflowName') as workflow_name, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + JSON_EXTRACT(detail.Properties, '$.OutputSourceConfig') as output_source_config, + JSON_EXTRACT(detail.Properties, '$.WorkflowArn') as workflow_arn, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1611,15 +1739,15 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'WorkflowName') as workflow_name, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'InputSourceConfig') as input_source_config, - json_extract_path_text(detail.Properties, 'OutputSourceConfig') as output_source_config, json_extract_path_text(detail.Properties, 'IdMappingTechniques') as id_mapping_techniques, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, - json_extract_path_text(detail.Properties, 'WorkflowArn') as workflow_arn, + json_extract_path_text(detail.Properties, 'WorkflowName') as workflow_name, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + json_extract_path_text(detail.Properties, 'OutputSourceConfig') as output_source_config, + json_extract_path_text(detail.Properties, 'WorkflowArn') as workflow_arn, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1931,7 +2059,8 @@ components: JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.WorkflowArn') as workflow_arn, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(Properties, '$.IncrementalRunConfig') as incremental_run_config FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::MatchingWorkflow' AND data__Identifier = '' AND region = 'us-east-1' @@ -1949,7 +2078,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.WorkflowArn') as workflow_arn, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(detail.Properties, '$.IncrementalRunConfig') as incremental_run_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1972,7 +2102,8 @@ components: json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'WorkflowArn') as workflow_arn, json_extract_path_text(Properties, 'CreatedAt') as created_at, - json_extract_path_text(Properties, 'UpdatedAt') as updated_at + json_extract_path_text(Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(Properties, 'IncrementalRunConfig') as incremental_run_config FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::EntityResolution::MatchingWorkflow' AND data__Identifier = '' AND region = 'us-east-1' @@ -1990,7 +2121,8 @@ components: json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'WorkflowArn') as workflow_arn, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(detail.Properties, 'IncrementalRunConfig') as incremental_run_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2057,7 +2189,8 @@ components: JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(detail.Properties, '$.WorkflowArn') as workflow_arn, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, + JSON_EXTRACT(detail.Properties, '$.IncrementalRunConfig') as incremental_run_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2081,7 +2214,8 @@ components: json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, json_extract_path_text(detail.Properties, 'WorkflowArn') as workflow_arn, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, + json_extract_path_text(detail.Properties, 'IncrementalRunConfig') as incremental_run_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/events.yaml b/providers/src/aws/v00.00.00000/services/events.yaml index 3e0a899d..7d4d91c9 100644 --- a/providers/src/aws/v00.00.00000/services/events.yaml +++ b/providers/src/aws/v00.00.00000/services/events.yaml @@ -393,21 +393,25 @@ components: type: string minLength: 1 maxLength: 64 + pattern: '[\.\-_A-Za-z0-9]+' Description: type: string maxLength: 512 ConnectionArn: description: The arn of the connection. type: string + pattern: ^arn:aws([a-z]|\-)*:events:([a-z]|\d|\-)*:([0-9]{12})?:connection/[\.\-_A-Za-z0-9]+/[\-A-Za-z0-9]+$ Arn: description: The arn of the api destination. type: string + pattern: ^arn:aws([a-z]|\-)*:events:([a-z]|\d|\-)*:([0-9]{12})?:api-destination/[\.\-_A-Za-z0-9]+/[\-A-Za-z0-9]+$ InvocationRateLimitPerSecond: type: integer minimum: 1 InvocationEndpoint: description: Url endpoint to invoke. type: string + pattern: ^((%[0-9A-Fa-f]{2}|[-()_.!~*';/?:@\x26=+$,A-Za-z0-9])+)([).!';/?:,])?$ HttpMethod: type: string enum: @@ -437,6 +441,9 @@ components: - HttpMethod x-tagging: taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false x-required-permissions: create: - events:CreateApiDestination @@ -458,6 +465,7 @@ components: type: string minLength: 1 maxLength: 48 + pattern: '[\.\-_A-Za-z0-9]+' SourceArn: type: string Description: @@ -466,6 +474,7 @@ components: type: object Arn: type: string + pattern: ^arn:aws([a-z]|\-)*:events:([a-z]|\d|\-)*:([0-9]{12})?:.+\/.+$ RetentionDays: type: integer required: @@ -482,6 +491,11 @@ components: - Arn x-required-properties: - SourceArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false x-required-permissions: create: - events:DescribeArchive @@ -509,6 +523,8 @@ components: $ref: '#/components/schemas/OAuthParameters' InvocationHttpParameters: $ref: '#/components/schemas/ConnectionHttpParameters' + ConnectivityParameters: + $ref: '#/components/schemas/ConnectivityParameters' oneOf: - required: - BasicAuthParameters @@ -522,8 +538,10 @@ components: properties: Username: type: string + pattern: ^[ \t]*[^\x00-\x1F\x7F]+([ \t]+[^\x00-\x1F\x7F]+)*[ \t]*$ Password: type: string + pattern: ^[ \t]*[^\x00-\x1F\x7F]+([ \t]+[^\x00-\x1F\x7F]+)*[ \t]*$ required: - Username - Password @@ -537,6 +555,7 @@ components: type: string minLength: 1 maxLength: 2048 + pattern: ^((%[0-9A-Fa-f]{2}|[-()_.!~*';/?:@\x26=+$,A-Za-z0-9])+)([).!';/?:,])?$ HttpMethod: type: string enum: @@ -555,8 +574,10 @@ components: properties: ApiKeyName: type: string + pattern: ^[ \t]*[^\x00-\x1F\x7F]+([ \t]+[^\x00-\x1F\x7F]+)*[ \t]*$ ApiKeyValue: type: string + pattern: ^[ \t]*[^\x00-\x1F\x7F]+([ \t]+[^\x00-\x1F\x7F]+)*[ \t]*$ required: - ApiKeyName - ApiKeyValue @@ -566,8 +587,10 @@ components: properties: ClientID: type: string + pattern: ^[ \t]*[^\x00-\x1F\x7F]+([ \t]+[^\x00-\x1F\x7F]+)*[ \t]*$ ClientSecret: type: string + pattern: ^[ \t]*[^\x00-\x1F\x7F]+([ \t]+[^\x00-\x1F\x7F]+)*[ \t]*$ required: - ClientID - ClientSecret @@ -588,6 +611,29 @@ components: items: $ref: '#/components/schemas/Parameter' additionalProperties: false + ConnectivityParameters: + type: object + properties: + ResourceParameters: + $ref: '#/components/schemas/ResourceParameters' + required: + - ResourceParameters + additionalProperties: false + ResourceParameters: + type: object + properties: + ResourceConfigurationArn: + type: string + maxLength: 2048 + pattern: ^arn:[a-z0-9f\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}$ + ResourceAssociationArn: + type: string + minLength: 20 + maxLength: 2048 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetworkresourceassociation/snra-[0-9a-z]{17}$ + required: + - ResourceConfigurationArn + additionalProperties: false Parameter: type: object properties: @@ -610,12 +656,15 @@ components: type: string minLength: 1 maxLength: 64 + pattern: '[\.\-_A-Za-z0-9]+' Arn: description: The arn of the connection resource. type: string + pattern: ^arn:aws([a-z]|\-)*:events:([a-z]|\d|\-)*:([0-9]{12})?:connection\/[\.\-_A-Za-z0-9]+\/[\-A-Za-z0-9]+$ SecretArn: description: The arn of the secrets manager secret created in the customer account. type: string + pattern: ^arn:aws([a-z]|\-)*:secretsmanager:([a-z]|\d|\-)*:([0-9]{12})?:secret:([a-z]|\d|\-)*(!)*[\/_+=\.@\-A-Za-z0-9]+$ Description: description: Description of the connection. type: string @@ -628,6 +677,15 @@ components: - OAUTH_CLIENT_CREDENTIALS AuthParameters: $ref: '#/components/schemas/AuthParameters' + InvocationConnectivityParameters: + description: The private resource the HTTP request will be sent to. + type: object + properties: + ResourceParameters: + $ref: '#/components/schemas/ResourceParameters' + required: + - ResourceParameters + additionalProperties: false x-stackql-resource-name: connection description: Resource Type definition for AWS::Events::Connection. x-type-name: AWS::Events::Connection @@ -636,12 +694,23 @@ components: x-create-only-properties: - Name x-write-only-properties: - - AuthParameters + - AuthParameters/BasicAuthParameters/Password + - AuthParameters/ApiKeyAuthParameters/ApiKeyValue + - AuthParameters/OAuthParameters/ClientParameters/ClientSecret + - AuthParameters/OAuthParameters/OAuthHttpParameters/HeaderParameters + - AuthParameters/OAuthParameters/OAuthHttpParameters/QueryStringParameters + - AuthParameters/OAuthParameters/OAuthHttpParameters/BodyParameters + - AuthParameters/InvocationHttpParameters x-read-only-properties: - Arn - SecretArn + - AuthParameters/ConnectivityParameters/ResourceParameters/ResourceAssociationArn + - InvocationConnectivityParameters/ResourceParameters/ResourceAssociationArn x-tagging: taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false x-required-permissions: create: - events:CreateConnection @@ -899,6 +968,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - events:UntagResource + - events:TagResource + - events:ListTagsForResource x-required-permissions: create: - events:CreateEventBus @@ -1344,21 +1417,25 @@ components: type: string minLength: 1 maxLength: 64 + pattern: '[\.\-_A-Za-z0-9]+' Description: type: string maxLength: 512 ConnectionArn: description: The arn of the connection. type: string + pattern: ^arn:aws([a-z]|\-)*:events:([a-z]|\d|\-)*:([0-9]{12})?:connection/[\.\-_A-Za-z0-9]+/[\-A-Za-z0-9]+$ Arn: description: The arn of the api destination. type: string + pattern: ^arn:aws([a-z]|\-)*:events:([a-z]|\d|\-)*:([0-9]{12})?:api-destination/[\.\-_A-Za-z0-9]+/[\-A-Za-z0-9]+$ InvocationRateLimitPerSecond: type: integer minimum: 1 InvocationEndpoint: description: Url endpoint to invoke. type: string + pattern: ^((%[0-9A-Fa-f]{2}|[-()_.!~*';/?:@\x26=+$,A-Za-z0-9])+)([).!';/?:,])?$ HttpMethod: type: string enum: @@ -1390,6 +1467,7 @@ components: type: string minLength: 1 maxLength: 48 + pattern: '[\.\-_A-Za-z0-9]+' SourceArn: type: string Description: @@ -1398,6 +1476,7 @@ components: type: object Arn: type: string + pattern: ^arn:aws([a-z]|\-)*:events:([a-z]|\d|\-)*:([0-9]{12})?:.+\/.+$ RetentionDays: type: integer x-stackQL-stringOnly: true @@ -1422,12 +1501,15 @@ components: type: string minLength: 1 maxLength: 64 + pattern: '[\.\-_A-Za-z0-9]+' Arn: description: The arn of the connection resource. type: string + pattern: ^arn:aws([a-z]|\-)*:events:([a-z]|\d|\-)*:([0-9]{12})?:connection\/[\.\-_A-Za-z0-9]+\/[\-A-Za-z0-9]+$ SecretArn: description: The arn of the secrets manager secret created in the customer account. type: string + pattern: ^arn:aws([a-z]|\-)*:secretsmanager:([a-z]|\d|\-)*:([0-9]{12})?:secret:([a-z]|\d|\-)*(!)*[\/_+=\.@\-A-Za-z0-9]+$ Description: description: Description of the connection. type: string @@ -1440,6 +1522,15 @@ components: - OAUTH_CLIENT_CREDENTIALS AuthParameters: $ref: '#/components/schemas/AuthParameters' + InvocationConnectivityParameters: + description: The private resource the HTTP request will be sent to. + type: object + properties: + ResourceParameters: + $ref: '#/components/schemas/ResourceParameters' + required: + - ResourceParameters + additionalProperties: false x-stackQL-stringOnly: true x-title: CreateConnectionRequest type: object @@ -2000,7 +2091,8 @@ components: JSON_EXTRACT(Properties, '$.SecretArn') as secret_arn, JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.AuthorizationType') as authorization_type, - JSON_EXTRACT(Properties, '$.AuthParameters') as auth_parameters + JSON_EXTRACT(Properties, '$.AuthParameters') as auth_parameters, + JSON_EXTRACT(Properties, '$.InvocationConnectivityParameters') as invocation_connectivity_parameters FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::Connection' AND data__Identifier = '' AND region = 'us-east-1' @@ -2014,7 +2106,8 @@ components: JSON_EXTRACT(detail.Properties, '$.SecretArn') as secret_arn, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.AuthorizationType') as authorization_type, - JSON_EXTRACT(detail.Properties, '$.AuthParameters') as auth_parameters + JSON_EXTRACT(detail.Properties, '$.AuthParameters') as auth_parameters, + JSON_EXTRACT(detail.Properties, '$.InvocationConnectivityParameters') as invocation_connectivity_parameters FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2033,7 +2126,8 @@ components: json_extract_path_text(Properties, 'SecretArn') as secret_arn, json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'AuthorizationType') as authorization_type, - json_extract_path_text(Properties, 'AuthParameters') as auth_parameters + json_extract_path_text(Properties, 'AuthParameters') as auth_parameters, + json_extract_path_text(Properties, 'InvocationConnectivityParameters') as invocation_connectivity_parameters FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Events::Connection' AND data__Identifier = '' AND region = 'us-east-1' @@ -2047,7 +2141,8 @@ components: json_extract_path_text(detail.Properties, 'SecretArn') as secret_arn, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'AuthorizationType') as authorization_type, - json_extract_path_text(detail.Properties, 'AuthParameters') as auth_parameters + json_extract_path_text(detail.Properties, 'AuthParameters') as auth_parameters, + json_extract_path_text(detail.Properties, 'InvocationConnectivityParameters') as invocation_connectivity_parameters FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/fis.yaml b/providers/src/aws/v00.00.00000/services/fis.yaml index 794e3fa6..c6d7162e 100644 --- a/providers/src/aws/v00.00.00000/services/fis.yaml +++ b/providers/src/aws/v00.00.00000/services/fis.yaml @@ -408,6 +408,16 @@ components: $ref: '#/components/schemas/StopConditionValue' required: - Source + CloudWatchDashboard: + type: object + additionalProperties: false + properties: + DashboardIdentifier: + type: string + minLength: 1 + maxLength: 512 + required: + - DashboardIdentifier ExperimentTemplateStopConditionList: type: array description: One or more stop conditions. @@ -600,6 +610,44 @@ components: enum: - fail - skip + ExperimentTemplateExperimentReportConfiguration: + type: object + additionalProperties: false + required: + - Outputs + properties: + Outputs: + type: object + additionalProperties: false + properties: + ExperimentReportS3Configuration: + type: object + additionalProperties: false + properties: + BucketName: + type: string + minLength: 3 + maxLength: 63 + Prefix: + type: string + minLength: 1 + maxLength: 1024 + required: + - BucketName + required: + - ExperimentReportS3Configuration + DataSources: + type: object + additionalProperties: false + properties: + CloudWatchDashboards: + type: array + items: + $ref: '#/components/schemas/CloudWatchDashboard' + PreExperimentDuration: + type: string + PostExperimentDuration: + type: string RoleArn: type: string description: The Amazon Resource Name (ARN) of an IAM role that grants the AWS FIS service permission to perform service actions on your behalf. @@ -630,6 +678,8 @@ components: additionalProperties: false ExperimentOptions: $ref: '#/components/schemas/ExperimentTemplateExperimentOptions' + ExperimentReportConfiguration: + $ref: '#/components/schemas/ExperimentTemplateExperimentReportConfiguration' required: - Description - StopConditions @@ -657,6 +707,7 @@ components: tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: true + tagProperty: /properties/Tags permissions: - fis:TagResource - fis:UntagResource @@ -774,6 +825,8 @@ components: additionalProperties: false ExperimentOptions: $ref: '#/components/schemas/ExperimentTemplateExperimentOptions' + ExperimentReportConfiguration: + $ref: '#/components/schemas/ExperimentTemplateExperimentReportConfiguration' x-stackQL-stringOnly: true x-title: CreateExperimentTemplateRequest type: object @@ -882,7 +935,8 @@ components: JSON_EXTRACT(Properties, '$.LogConfiguration') as log_configuration, JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.ExperimentOptions') as experiment_options + JSON_EXTRACT(Properties, '$.ExperimentOptions') as experiment_options, + JSON_EXTRACT(Properties, '$.ExperimentReportConfiguration') as experiment_report_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FIS::ExperimentTemplate' AND data__Identifier = '' AND region = 'us-east-1' @@ -899,7 +953,8 @@ components: JSON_EXTRACT(detail.Properties, '$.LogConfiguration') as log_configuration, JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.ExperimentOptions') as experiment_options + JSON_EXTRACT(detail.Properties, '$.ExperimentOptions') as experiment_options, + JSON_EXTRACT(detail.Properties, '$.ExperimentReportConfiguration') as experiment_report_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -921,7 +976,8 @@ components: json_extract_path_text(Properties, 'LogConfiguration') as log_configuration, json_extract_path_text(Properties, 'RoleArn') as role_arn, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'ExperimentOptions') as experiment_options + json_extract_path_text(Properties, 'ExperimentOptions') as experiment_options, + json_extract_path_text(Properties, 'ExperimentReportConfiguration') as experiment_report_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::FIS::ExperimentTemplate' AND data__Identifier = '' AND region = 'us-east-1' @@ -938,7 +994,8 @@ components: json_extract_path_text(detail.Properties, 'LogConfiguration') as log_configuration, json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'ExperimentOptions') as experiment_options + json_extract_path_text(detail.Properties, 'ExperimentOptions') as experiment_options, + json_extract_path_text(detail.Properties, 'ExperimentReportConfiguration') as experiment_report_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1004,7 +1061,8 @@ components: JSON_EXTRACT(detail.Properties, '$.StopConditions') as stop_conditions, JSON_EXTRACT(detail.Properties, '$.LogConfiguration') as log_configuration, JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(detail.Properties, '$.ExperimentOptions') as experiment_options + JSON_EXTRACT(detail.Properties, '$.ExperimentOptions') as experiment_options, + JSON_EXTRACT(detail.Properties, '$.ExperimentReportConfiguration') as experiment_report_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1027,7 +1085,8 @@ components: json_extract_path_text(detail.Properties, 'StopConditions') as stop_conditions, json_extract_path_text(detail.Properties, 'LogConfiguration') as log_configuration, json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, - json_extract_path_text(detail.Properties, 'ExperimentOptions') as experiment_options + json_extract_path_text(detail.Properties, 'ExperimentOptions') as experiment_options, + json_extract_path_text(detail.Properties, 'ExperimentReportConfiguration') as experiment_report_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/fms.yaml b/providers/src/aws/v00.00.00000/services/fms.yaml index a4c312b5..1517b51a 100644 --- a/providers/src/aws/v00.00.00000/services/fms.yaml +++ b/providers/src/aws/v00.00.00000/services/fms.yaml @@ -566,7 +566,7 @@ components: Protocol: description: Protocol. type: string - pattern: ^(tcp|udp|icmp|([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))$ + pattern: ^(tcp|udp|icmp|-1|([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))$ RuleAction: description: Rule Action. type: string @@ -609,7 +609,7 @@ components: description: Firewall managed service data. type: string minLength: 1 - maxLength: 8192 + maxLength: 30000 PolicyType: description: Firewall policy type. type: string diff --git a/providers/src/aws/v00.00.00000/services/fsx.yaml b/providers/src/aws/v00.00.00000/services/fsx.yaml index 06cffca1..eab4e8e6 100644 --- a/providers/src/aws/v00.00.00000/services/fsx.yaml +++ b/providers/src/aws/v00.00.00000/services/fsx.yaml @@ -538,6 +538,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - fsx:TagResource + - fsx:UntagResource x-required-permissions: create: - fsx:CreateDataRepositoryAssociation diff --git a/providers/src/aws/v00.00.00000/services/gamelift.yaml b/providers/src/aws/v00.00.00000/services/gamelift.yaml index 5b156749..76c15447 100644 --- a/providers/src/aws/v00.00.00000/services/gamelift.yaml +++ b/providers/src/aws/v00.00.00000/services/gamelift.yaml @@ -394,7 +394,7 @@ components: FleetId: description: A unique identifier for a fleet that the alias points to. If you specify SIMPLE for the Type property, you must specify this property. type: string - pattern: ^fleet-\S+ + pattern: ^[a-z]*fleet-[a-zA-Z0-9\-]+ Type: description: Simple routing strategy. The alias resolves to one specific fleet. Use this type when routing to active fleets. type: string @@ -536,485 +536,102 @@ components: - gamelift:DeleteBuild list: - gamelift:ListBuilds - ContainerDefinition: - description: Details about a container that is used in a container fleet + ConnectionPortRange: + description: Defines the range of ports on the instance that allow inbound traffic to connect with containers in a fleet. type: object properties: - ContainerName: - description: A descriptive label for the container definition. Container definition names must be unique with a container group definition. - type: string - minLength: 1 - maxLength: 128 - pattern: ^[a-zA-Z0-9-]+$ - ImageUri: - description: Specifies the image URI of this container. - type: string - minLength: 1 - maxLength: 255 - pattern: ^[a-zA-Z0-9-_\.@\/:]+$ - ResolvedImageDigest: - description: The digest of the container image. - type: string - pattern: ^sha256:[a-fA-F0-9]{64}$ - MemoryLimits: - description: Specifies how much memory is available to the container. You must specify at least this parameter or the TotalMemoryLimit parameter of the ContainerGroupDefinition. - $ref: '#/components/schemas/MemoryLimits' - PortConfiguration: - description: Defines the ports on the container. - $ref: '#/components/schemas/PortConfiguration' - Cpu: - description: The maximum number of CPU units reserved for this container. The value is expressed as an integer amount of CPU units. 1 vCPU is equal to 1024 CPU units + FromPort: + description: A starting value for a range of allowed port numbers. type: integer minimum: 1 - maximum: 10240 - HealthCheck: - description: Specifies how the health of the containers will be checked. - $ref: '#/components/schemas/ContainerHealthCheck' - Command: - description: The command that's passed to the container. - type: array - uniqueItems: false - x-insertionOrder: true - minItems: 1 - maxItems: 20 - items: - type: string - minLength: 1 - maxLength: 255 - pattern: ^.*$ - Essential: - description: Specifies if the container is essential. If an essential container fails a health check, then all containers in the container group will be restarted. You must specify exactly 1 essential container in a container group. - type: boolean - EntryPoint: - description: The entry point that's passed to the container so that it will run as an executable. If there are multiple arguments, each argument is a string in the array. - type: array - uniqueItems: false - x-insertionOrder: true - minItems: 1 - maxItems: 20 - items: - type: string - minLength: 1 - maxLength: 1024 - WorkingDirectory: - description: The working directory to run commands inside the container in. - type: string - minLength: 1 - maxLength: 255 - pattern: ^.*$ - Environment: - description: The environment variables to pass to a container. - type: array - uniqueItems: true - x-insertionOrder: false - minItems: 1 - maxItems: 20 - items: - $ref: '#/components/schemas/ContainerEnvironment' - DependsOn: - description: A list of container dependencies that determines when this container starts up and shuts down. For container groups with multiple containers, dependencies let you define a startup/shutdown sequence across the containers. - type: array - uniqueItems: true - x-insertionOrder: true - minItems: 1 - maxItems: 10 - items: - $ref: '#/components/schemas/ContainerDependency' - required: - - ContainerName - - ImageUri - additionalProperties: false - MemoryLimits: - description: Specifies how much memory is available to the container. - type: object - properties: - SoftLimit: - description: The amount of memory that is reserved for the container. - type: integer - minimum: 4 - maximum: 1024000 - HardLimit: - description: The hard limit of memory to reserve for the container. + maximum: 60000 + ToPort: + description: An ending value for a range of allowed port numbers. Port numbers are end-inclusive. This value must be higher than FromPort. type: integer - minimum: 4 - maximum: 1024000 + minimum: 1 + maximum: 60000 additionalProperties: false - PortConfiguration: - description: Defines the ports on a container. - type: object - properties: - ContainerPortRanges: - description: Specifies one or more ranges of ports on a container. - type: array - uniqueItems: true - x-insertionOrder: false - minItems: 1 - maxItems: 100 - items: - $ref: '#/components/schemas/ContainerPortRange' required: - - ContainerPortRanges - additionalProperties: false - ContainerPortRange: - description: A set of one or more port numbers that can be opened on the container. + - FromPort + - ToPort + IpPermission: + description: >- + A range of IP addresses and port settings that allow inbound traffic to connect to server processes on an Amazon GameLift hosting resource. New game sessions that are started on the fleet are assigned an IP address/port number combination, which must fall into the fleet's allowed ranges. For fleets created with a custom game server, the ranges reflect the server's game session assignments. For Realtime Servers fleets, Amazon GameLift automatically opens two port ranges, one for TCP + messaging and one for UDP, for use by the Realtime servers. type: object properties: FromPort: - description: A starting value for the range of allowed port numbers. + description: A starting value for a range of allowed port numbers. type: integer minimum: 1 maximum: 60000 + IpRange: + description: 'A range of allowed IP addresses. This value must be expressed in CIDR notation. Example: "000.000.000.000/[subnet mask]" or optionally the shortened version "0.0.0.0/[subnet mask]".' + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$) Protocol: - description: Defines the protocol of these ports. + description: The network communication protocol used by the fleet. type: string enum: - TCP - UDP ToPort: - description: An ending value for the range of allowed port numbers. Port numbers are end-inclusive. This value must be equal to or greater than FromPort. + description: An ending value for a range of allowed port numbers. Port numbers are end-inclusive. This value must be higher than FromPort. type: integer minimum: 1 maximum: 60000 + additionalProperties: false required: - FromPort + - IpRange - Protocol - ToPort - additionalProperties: false - ContainerHealthCheck: - description: Specifies how the process manager checks the health of containers. + GameSessionCreationLimitPolicy: + description: |- + A policy that limits the number of game sessions a player can create on the same fleet. This optional policy gives game owners control over how players can consume available game server resources. A resource creation policy makes the following statement: "An individual player can create a maximum number of new game sessions within a specified time period". + + The policy is evaluated when a player tries to create a new game session. For example, assume you have a policy of 10 new game sessions and a time period of 60 minutes. On receiving a CreateGameSession request, Amazon GameLift checks that the player (identified by CreatorId) has created fewer than 10 game sessions in the past 60 minutes. type: object properties: - Command: - description: A string array representing the command that the container runs to determine if it is healthy. - type: array - uniqueItems: false - x-insertionOrder: true - minItems: 1 - maxItems: 20 - items: - type: string - minLength: 1 - maxLength: 255 - pattern: ^.*$ - Interval: - description: How often (in seconds) the health is checked. - type: integer - minimum: 60 - maximum: 300 - Timeout: - description: How many seconds the process manager allows the command to run before canceling it. - type: integer - minimum: 30 - maximum: 60 - Retries: - description: How many times the process manager will retry the command after a timeout. (The first run of the command does not count as a retry.) + NewGameSessionsPerCreator: + description: The maximum number of game sessions that an individual can create during the policy period. type: integer - minimum: 5 - maximum: 10 - StartPeriod: - description: The optional grace period (in seconds) to give a container time to boostrap before teh health check is declared failed. + minimum: 0 + PolicyPeriodInMinutes: + description: The time span used in evaluating the resource creation limit policy. type: integer minimum: 0 - maximum: 300 - required: - - Command - additionalProperties: false - ContainerEnvironment: - description: An environment variable to set inside a container, in the form of a key-value pair. - type: object - properties: - Name: - description: The environment variable name. - type: string - minLength: 1 - maxLength: 255 - pattern: ^.*$ - Value: - description: The environment variable value. - type: string - minLength: 1 - maxLength: 255 - pattern: ^.*$ - required: - - Name - - Value - additionalProperties: false - ContainerDependency: - description: A dependency that impacts a container's startup and shutdown. - type: object - properties: - ContainerName: - description: A descriptive label for the container definition. The container being defined depends on this container's condition. - type: string - minLength: 1 - maxLength: 128 - pattern: ^[a-zA-Z0-9-]+$ - Condition: - description: The type of dependency. - type: string - enum: - - START - - COMPLETE - - SUCCESS - - HEALTHY - required: - - ContainerName - - Condition additionalProperties: false - Tag: - description: A key-value pair to associate with a resource. + LogDestination: + description: Configures the service that provides logs. + type: string + enum: + - NONE + - CLOUDWATCH + - S3 + LogConfiguration: + description: A policy the location and provider of logs from the fleet. type: object properties: - Key: + LogDestination: + $ref: '#/components/schemas/LogDestination' + S3BucketName: + description: The name of the S3 bucket to pull logs from if S3 is the LogDestination type: string - description: The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length. minLength: 1 - maxLength: 128 - Value: - type: string - description: The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length. - minLength: 0 - maxLength: 256 - required: - - Key - - Value + maxLength: 1024 additionalProperties: false - ContainerGroupDefinition: + Location: type: object properties: - ContainerGroupDefinitionArn: - description: The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift container group resource and uniquely identifies it across all AWS Regions. - type: string - minLength: 1 - maxLength: 512 - pattern: ^arn:.*:containergroupdefinition/containergroupdefinition-[a-zA-Z0-9-]+$ - Name: - description: A descriptive label for the container group definition. - type: string - minLength: 1 - maxLength: 128 - pattern: ^[a-zA-Z0-9-]+$ - CreationTime: - description: A time stamp indicating when this data object was created. Format is a number expressed in Unix time as milliseconds (for example "1469498468.057"). + LocationName: type: string - SchedulingStrategy: - description: Specifies whether the container group includes replica or daemon containers. + minLength: 8 + maxLength: 64 + pattern: ^custom-[A-Za-z0-9\-]+ + LocationArn: type: string - enum: - - REPLICA - - DAEMON - TotalMemoryLimit: - description: The maximum amount of memory (in MiB) to allocate for this container group. - type: integer - minimum: 4 - maximum: 1024000 - TotalCpuLimit: - description: The maximum number of CPU units reserved for this container group. The value is expressed as an integer amount of CPU units. (1 vCPU is equal to 1024 CPU units.) - type: integer - minimum: 128 - maximum: 10240 - ContainerDefinitions: - description: A collection of container definitions that define the containers in this group. - type: array - uniqueItems: true - x-insertionOrder: false - minItems: 1 - maxItems: 10 - items: - $ref: '#/components/schemas/ContainerDefinition' - Tags: - description: An array of key-value pairs to apply to this resource. - type: array - uniqueItems: true - x-insertionOrder: false - minItems: 0 - maxItems: 200 - items: - $ref: '#/components/schemas/Tag' - OperatingSystem: - description: The operating system of the container group - type: string - enum: - - AMAZON_LINUX_2023 - required: - - Name - - TotalMemoryLimit - - TotalCpuLimit - - ContainerDefinitions - - OperatingSystem - x-stackql-resource-name: container_group_definition - description: The AWS::GameLift::ContainerGroupDefinition resource creates an Amazon GameLift container group definition. - x-type-name: AWS::GameLift::ContainerGroupDefinition - x-stackql-primary-identifier: - - Name - x-create-only-properties: - - Name - - SchedulingStrategy - - TotalMemoryLimit - - TotalCpuLimit - - ContainerDefinitions - - OperatingSystem - x-read-only-properties: - - ContainerGroupDefinitionArn - - CreationTime - - ContainerDefinitions/*/ResolvedImageDigest - x-required-properties: - - Name - - TotalMemoryLimit - - TotalCpuLimit - - ContainerDefinitions - - OperatingSystem - x-tagging: - taggable: true - cloudFormationSystemTags: false - tagOnCreate: true - tagUpdatable: true - tagProperty: /properties/Tags - x-required-permissions: - create: - - gamelift:CreateContainerGroupDefinition - - gamelift:DescribeContainerGroupDefinition - - gamelift:ListTagsForResource - - gamelift:TagResource - - ecr:BatchCheckLayerAvailability - - ecr:BatchGetImage - - ecr:GetDownloadUrlForLayer - - ecr:DescribeImages - read: - - gamelift:DescribeContainerGroupDefinition - - gamelift:ListTagsForResource - update: - - gamelift:ListTagsForResource - - gamelift:TagResource - - gamelift:UntagResource - delete: - - gamelift:DescribeContainerGroupDefinition - - gamelift:DeleteContainerGroupDefinition - list: - - gamelift:ListContainerGroupDefinitions - AnywhereConfiguration: - description: Configuration for Anywhere fleet. - properties: - Cost: - description: Cost of compute can be specified on Anywhere Fleets to prioritize placement across Queue destinations based on Cost. - type: string - pattern: ^\d{1,5}(?:\.\d{1,5})?$ - minLength: 1 - maxLength: 11 - additionalProperties: false - required: - - Cost - CertificateConfiguration: - description: Information about the use of a TLS/SSL certificate for a fleet. TLS certificate generation is enabled at the fleet level, with one certificate generated for the fleet. When this feature is enabled, the certificate can be retrieved using the GameLift Server SDK call GetInstanceCertificate. All instances in a fleet share the same certificate. - type: object - properties: - CertificateType: - type: string - enum: - - DISABLED - - GENERATED - additionalProperties: false - required: - - CertificateType - ConnectionPortRange: - description: Defines the range of ports on the instance that allow inbound traffic to connect with containers in a fleet. - type: object - properties: - FromPort: - description: A starting value for a range of allowed port numbers. - type: integer - minimum: 1 - maximum: 60000 - ToPort: - description: An ending value for a range of allowed port numbers. Port numbers are end-inclusive. This value must be higher than FromPort. - type: integer - minimum: 1 - maximum: 60000 - additionalProperties: false - required: - - FromPort - - ToPort - ContainerGroupsConfiguration: - description: Specifies container groups that this instance will hold. You must specify exactly one replica group. Optionally, you may specify exactly one daemon group. You can't change this property after you create the fleet. - type: object - properties: - ContainerGroupDefinitionNames: - description: The names of the container group definitions that will be created in an instance. You must specify exactly one REPLICA container group. You have the option to also specify one DAEMON container group. - type: array - x-insertionOrder: false - minItems: 1 - maxItems: 2 - items: - type: string - minLength: 1 - maxLength: 128 - pattern: ^[a-zA-Z0-9\-]+$ - ConnectionPortRange: - $ref: '#/components/schemas/ConnectionPortRange' - ContainerGroupsPerInstance: - $ref: '#/components/schemas/ContainerGroupsPerInstance' - additionalProperties: false - required: - - ContainerGroupDefinitionNames - - ConnectionPortRange - ContainerGroupsPerInstance: - description: The number of container groups per instance. - type: object - properties: - DesiredReplicaContainerGroupsPerInstance: - description: Use this parameter to override the number of replica container groups GameLift will launch per instance with a number that is lower than that calculated maximum. - type: integer - minimum: 1 - maximum: 5000 - MaxReplicaContainerGroupsPerInstance: - description: GameLift calculates the maximum number of replica container groups it can launch per instance based on instance properties such as CPU, memory, and connection ports. - type: integer - minimum: 1 - maximum: 5000 - additionalProperties: false - IpPermission: - description: >- - A range of IP addresses and port settings that allow inbound traffic to connect to server processes on an Amazon GameLift hosting resource. New game sessions that are started on the fleet are assigned an IP address/port number combination, which must fall into the fleet's allowed ranges. For fleets created with a custom game server, the ranges reflect the server's game session assignments. For Realtime Servers fleets, Amazon GameLift automatically opens two port ranges, one for TCP - messaging and one for UDP, for use by the Realtime servers. - type: object - properties: - FromPort: - description: A starting value for a range of allowed port numbers. - type: integer - minimum: 1 - maximum: 60000 - IpRange: - description: 'A range of allowed IP addresses. This value must be expressed in CIDR notation. Example: "000.000.000.000/[subnet mask]" or optionally the shortened version "0.0.0.0/[subnet mask]".' - type: string - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$) - Protocol: - description: The network communication protocol used by the fleet. - type: string - enum: - - TCP - - UDP - ToPort: - description: An ending value for a range of allowed port numbers. Port numbers are end-inclusive. This value must be higher than FromPort. - type: integer - minimum: 1 - maximum: 60000 - additionalProperties: false - required: - - FromPort - - IpRange - - Protocol - - ToPort - Location: - type: object - properties: - LocationName: - type: string - minLength: 8 - maxLength: 64 - pattern: ^custom-[A-Za-z0-9\-]+ - LocationArn: - type: string - pattern: ^arn:.*:location/custom-\S+ + pattern: ^arn:.*:location/custom-\S+ Tags: description: An array of key-value pairs to apply to this resource. type: array @@ -1040,6 +657,12 @@ components: taggable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + tagOnCreate: true + tagUpdatable: true + permissions: + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:UntagResource x-required-permissions: create: - gamelift:CreateLocation @@ -1076,20 +699,829 @@ components: minimum: 0 additionalProperties: false required: - - DesiredEC2Instances - - MinSize - - MaxSize - LocationConfiguration: - description: A remote location where a multi-location fleet can deploy EC2 instances for game hosting. + - DesiredEC2Instances + - MinSize + - MaxSize + LocationConfiguration: + description: A remote location where a multi-location fleet can deploy EC2 instances for game hosting. + type: object + properties: + Location: + $ref: '#/components/schemas/Location' + LocationCapacity: + $ref: '#/components/schemas/LocationCapacity' + additionalProperties: false + required: + - Location + ScalingPolicy: + description: Rule that controls how a fleet is scaled. Scaling policies are uniquely identified by the combination of name and fleet ID. + type: object + properties: + ComparisonOperator: + description: Comparison operator to use when measuring a metric against the threshold value. + type: string + enum: + - GreaterThanOrEqualToThreshold + - GreaterThanThreshold + - LessThanThreshold + - LessThanOrEqualToThreshold + EvaluationPeriods: + description: Length of time (in minutes) the metric must be at or beyond the threshold before a scaling event is triggered. + type: integer + minimum: 1 + Location: + $ref: '#/components/schemas/Location' + MetricName: + description: Name of the Amazon GameLift-defined metric that is used to trigger a scaling adjustment. + type: string + enum: + - ActivatingGameSessions + - ActiveGameSessions + - ActiveInstances + - AvailableGameSessions + - AvailablePlayerSessions + - CurrentPlayerSessions + - IdleInstances + - PercentAvailableGameSessions + - PercentIdleInstances + - QueueDepth + - WaitTime + - ConcurrentActivatableGameSessions + Name: + description: A descriptive label that is associated with a fleet's scaling policy. Policy names do not need to be unique. + type: string + minLength: 1 + maxLength: 1024 + PolicyType: + description: 'The type of scaling policy to create. For a target-based policy, set the parameter MetricName to ''PercentAvailableGameSessions'' and specify a TargetConfiguration. For a rule-based policy set the following parameters: MetricName, ComparisonOperator, Threshold, EvaluationPeriods, ScalingAdjustmentType, and ScalingAdjustment.' + type: string + enum: + - RuleBased + - TargetBased + ScalingAdjustment: + description: Amount of adjustment to make, based on the scaling adjustment type. + type: integer + ScalingAdjustmentType: + description: The type of adjustment to make to a fleet's instance count. + type: string + enum: + - ChangeInCapacity + - ExactCapacity + - PercentChangeInCapacity + Status: + description: Current status of the scaling policy. The scaling policy can be in force only when in an ACTIVE status. Scaling policies can be suspended for individual fleets. If the policy is suspended for a fleet, the policy status does not change. + type: string + enum: + - ACTIVE + - UPDATE_REQUESTED + - UPDATING + - DELETE_REQUESTED + - DELETING + - DELETED + - ERROR + TargetConfiguration: + description: An object that contains settings for a target-based scaling policy. + $ref: '#/components/schemas/TargetConfiguration' + Threshold: + description: Metric value used to trigger a scaling event. + type: number + UpdateStatus: + description: The current status of the fleet's scaling policies in a requested fleet location. The status PENDING_UPDATE indicates that an update was requested for the fleet but has not yet been completed for the location. + type: string + enum: + - PENDING_UPDATE + additionalProperties: false + required: + - MetricName + - Name + StoppedActions: + description: A list of fleet actions that have been suspended in the fleet location. + type: array + maxItems: 1 + items: + type: string + enum: + - AUTO_SCALING + x-insertionOrder: false + TargetConfiguration: + description: Settings for a target-based scaling policy. A target-based policy tracks a particular fleet metric specifies a target value for the metric. As player usage changes, the policy triggers Amazon GameLift to adjust capacity so that the metric returns to the target value. The target configuration specifies settings as needed for the target based policy, including the target value. + type: object + properties: + TargetValue: + description: Desired value to use with a target-based scaling policy. The value must be relevant for whatever metric the scaling policy is using. For example, in a policy using the metric PercentAvailableGameSessions, the target value should be the preferred size of the fleet's buffer (the percent of capacity that should be idle and ready for new game sessions). + type: number + additionalProperties: false + required: + - TargetValue + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + type: string + description: The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length. + minLength: 1 + maxLength: 128 + Value: + type: string + description: The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length. + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + DeploymentDetails: + description: Provides information about the last deployment ID and its status. + type: object + properties: + LatestDeploymentId: + description: The ID of the last deployment on the container fleet. This field will be empty if the container fleet does not have a ContainerGroupDefinition attached. + type: string + maxLength: 1024 + pattern: ^[a-zA-Z0-9\-]+$|^$ + required: [] + additionalProperties: false + DeploymentConfiguration: + description: Provides details about how to drain old tasks and replace them with new updated tasks. + type: object + properties: + ProtectionStrategy: + description: The protection strategy for deployment on the container fleet; defaults to WITH_PROTECTION. + type: string + enum: + - WITH_PROTECTION + - IGNORE_PROTECTION + MinimumHealthyPercentage: + description: The minimum percentage of healthy required; defaults to 75. + type: integer + minimum: 30 + maximum: 75 + ImpairmentStrategy: + description: The strategy to apply in case of impairment; defaults to MAINTAIN. + type: string + enum: + - MAINTAIN + - ROLLBACK + required: [] + additionalProperties: false + ContainerFleet: + type: object + properties: + FleetId: + description: Unique fleet ID + type: string + pattern: ^[a-z]*fleet-[a-zA-Z0-9\-]+ + minLength: 1 + maxLength: 128 + FleetRoleArn: + description: A unique identifier for an AWS IAM role that manages access to your AWS services. Create a role or look up a role's ARN from the IAM dashboard in the AWS Management Console. + type: string + pattern: ^arn:aws(-.*)?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + minLength: 1 + maxLength: 256 + Description: + description: A human-readable description of a fleet. + type: string + minLength: 1 + maxLength: 1024 + GameServerContainerGroupDefinitionName: + description: The name of the container group definition that will be created per game server. You must specify GAME_SERVER container group. You have the option to also specify one PER_INSTANCE container group. + type: string + minLength: 1 + maxLength: 512 + pattern: ^[a-zA-Z0-9\-]+$|^arn:.*:containergroupdefinition\/[a-zA-Z0-9\-]+(:[0-9]+)?$ + GameServerContainerGroupDefinitionArn: + description: The Amazon Resource Name (ARN) of the game server container group definition. This field will be empty if GameServerContainerGroupDefinitionName is not specified. + type: string + maxLength: 512 + pattern: ^arn:.*:containergroupdefinition\/[a-zA-Z0-9\-]+(:[0-9]+)?$|^$ + PerInstanceContainerGroupDefinitionName: + description: The name of the container group definition that will be created per instance. This field is optional if you specify GameServerContainerGroupDefinitionName. + type: string + minLength: 1 + maxLength: 512 + pattern: ^[a-zA-Z0-9\-]+$|^arn:.*:containergroupdefinition\/[a-zA-Z0-9\-]+(:[0-9]+)?$ + PerInstanceContainerGroupDefinitionArn: + description: The Amazon Resource Name (ARN) of the per instance container group definition. This field will be empty if PerInstanceContainerGroupDefinitionName is not specified. + type: string + maxLength: 512 + pattern: ^arn:.*:containergroupdefinition\/[a-zA-Z0-9\-]+(:[0-9]+)?$|^$ + InstanceConnectionPortRange: + $ref: '#/components/schemas/ConnectionPortRange' + InstanceInboundPermissions: + description: A range of IP addresses and port settings that allow inbound traffic to connect to server processes on an Amazon GameLift server. + type: array + maxItems: 50 + items: + $ref: '#/components/schemas/IpPermission' + x-insertionOrder: false + GameServerContainerGroupsPerInstance: + description: The number of desired game server container groups per instance, a number between 1-5000. + type: integer + minimum: 1 + maximum: 5000 + MaximumGameServerContainerGroupsPerInstance: + description: The maximum number of game server container groups per instance, a number between 1-5000. + type: integer + minimum: 1 + maximum: 5000 + CreationTime: + description: A time stamp indicating when this data object was created. Format is a number expressed in Unix time as milliseconds (for example "1469498468.057"). + type: string + Status: + description: The current status of the container fleet. + type: string + enum: + - PENDING + - CREATING + - CREATED + - ACTIVATING + - ACTIVE + - UPDATING + - DELETING + DeploymentDetails: + $ref: '#/components/schemas/DeploymentDetails' + DeploymentConfiguration: + $ref: '#/components/schemas/DeploymentConfiguration' + InstanceType: + description: The name of an EC2 instance type that is supported in Amazon GameLift. A fleet instance type determines the computing resources of each instance in the fleet, including CPU, memory, storage, and networking capacity. Amazon GameLift supports the following EC2 instance types. See Amazon EC2 Instance Types for detailed descriptions. + type: string + minLength: 1 + maxLength: 1024 + BillingType: + description: Indicates whether to use On-Demand instances or Spot instances for this fleet. If empty, the default is ON_DEMAND. Both categories of instances use identical hardware and configurations based on the instance type selected for this fleet. + type: string + enum: + - ON_DEMAND + - SPOT + Locations: + type: array + maxItems: 100 + items: + $ref: '#/components/schemas/LocationConfiguration' + x-insertionOrder: false + ScalingPolicies: + description: A list of rules that control how a fleet is scaled. + type: array + maxItems: 50 + items: + $ref: '#/components/schemas/ScalingPolicy' + x-insertionOrder: false + MetricGroups: + description: The name of an Amazon CloudWatch metric group. A metric group aggregates the metrics for all fleets in the group. Specify a string containing the metric group name. You can use an existing name or use a new name to create a new metric group. Currently, this parameter can have only one string. + type: array + maxItems: 1 + items: + type: string + x-insertionOrder: false + NewGameSessionProtectionPolicy: + description: A game session protection policy to apply to all game sessions hosted on instances in this fleet. When protected, active game sessions cannot be terminated during a scale-down event. If this parameter is not set, instances in this fleet default to no protection. You can change a fleet's protection policy to affect future game sessions on the fleet. You can also set protection for individual game sessions. + type: string + enum: + - FullProtection + - NoProtection + GameSessionCreationLimitPolicy: + description: A policy that limits the number of game sessions an individual player can create over a span of time for this fleet. + $ref: '#/components/schemas/GameSessionCreationLimitPolicy' + LogConfiguration: + $ref: '#/components/schemas/LogConfiguration' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + FleetArn: + description: The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift container fleet resource and uniquely identifies it across all AWS Regions. + type: string + minLength: 1 + maxLength: 512 + pattern: ^arn:.*:[a-z]*fleet\/[a-z]*fleet-[a-zA-Z0-9\-]+$ + required: + - FleetRoleArn + x-stackql-resource-name: container_fleet + description: The AWS::GameLift::ContainerFleet resource creates an Amazon GameLift (GameLift) container fleet to host game servers. + x-type-name: AWS::GameLift::ContainerFleet + x-stackql-primary-identifier: + - FleetId + x-create-only-properties: + - InstanceType + - BillingType + - Locations + x-write-only-properties: + - ScalingPolicies + - Locations + - DeploymentConfiguration + - GameServerContainerGroupsPerInstance + - GameServerContainerGroupDefinitionName + - PerInstanceContainerGroupDefinitionName + x-read-only-properties: + - CreationTime + - Status + - FleetId + - FleetArn + - DeploymentDetails + - GameServerContainerGroupDefinitionArn + - PerInstanceContainerGroupDefinitionArn + - MaximumGameServerContainerGroupsPerInstance + x-required-properties: + - FleetRoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:UntagResource + x-required-permissions: + create: + - gamelift:CreateContainerFleet + - gamelift:DescribeContainerFleet + - gamelift:DescribeFleetDeployment + - gamelift:DescribeFleetLocationAttributes + - gamelift:DescribeFleetLocationCapacity + - gamelift:DescribeScalingPolicies + - gamelift:ListTagsForResource + - gamelift:PutScalingPolicy + - gamelift:StopFleetActions + - gamelift:TagResource + - gamelift:UpdateFleetCapacity + - iam:PassRole + read: + - gamelift:DescribeContainerFleet + - gamelift:DescribeFleetLocationAttributes + - gamelift:DescribeFleetLocationCapacity + - gamelift:DescribeScalingPolicies + - gamelift:ListTagsForResource + delete: + - gamelift:DeleteContainerFleet + - gamelift:DescribeContainerFleet + list: + - gamelift:ListContainerFleets + update: + - gamelift:CreateFleetLocations + - gamelift:DeleteFleetLocations + - gamelift:DeleteScalingPolicy + - gamelift:DescribeContainerFleet + - gamelift:DescribeFleetDeployment + - gamelift:DescribeFleetLocationAttributes + - gamelift:DescribeFleetLocationCapacity + - gamelift:DescribeScalingPolicies + - gamelift:ListTagsForResource + - gamelift:PutScalingPolicy + - gamelift:StartFleetActions + - gamelift:StopFleetActions + - gamelift:TagResource + - gamelift:UntagResource + - gamelift:UpdateContainerFleet + - gamelift:UpdateFleetCapacity + - iam:PassRole + ContainerPortRange: + description: A set of one or more port numbers that can be opened on the container. + type: object + properties: + FromPort: + description: A starting value for the range of allowed port numbers. + type: integer + minimum: 1 + maximum: 60000 + Protocol: + description: Defines the protocol of these ports. + type: string + enum: + - TCP + - UDP + ToPort: + description: An ending value for the range of allowed port numbers. Port numbers are end-inclusive. This value must be equal to or greater than FromPort. + type: integer + minimum: 1 + maximum: 60000 + required: + - FromPort + - Protocol + - ToPort + additionalProperties: false + ContainerHealthCheck: + description: Specifies how the process manager checks the health of containers. + type: object + properties: + Command: + description: A string array representing the command that the container runs to determine if it is healthy. + type: array + uniqueItems: false + x-insertionOrder: true + minItems: 1 + maxItems: 20 + items: + type: string + minLength: 1 + maxLength: 255 + pattern: ^.*$ + Interval: + description: How often (in seconds) the health is checked. + type: integer + minimum: 60 + maximum: 300 + Timeout: + description: How many seconds the process manager allows the command to run before canceling it. + type: integer + minimum: 30 + maximum: 60 + Retries: + description: How many times the process manager will retry the command after a timeout. (The first run of the command does not count as a retry.) + type: integer + minimum: 5 + maximum: 10 + StartPeriod: + description: The optional grace period (in seconds) to give a container time to boostrap before teh health check is declared failed. + type: integer + minimum: 0 + maximum: 300 + required: + - Command + additionalProperties: false + PortConfiguration: + description: Defines the ports on a container. + type: object + properties: + ContainerPortRanges: + description: Specifies one or more ranges of ports on a container. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + maxItems: 100 + items: + $ref: '#/components/schemas/ContainerPortRange' + required: + - ContainerPortRanges + additionalProperties: false + ContainerEnvironment: + description: An environment variable to set inside a container, in the form of a key-value pair. + type: object + properties: + Name: + description: The environment variable name. + type: string + minLength: 1 + maxLength: 255 + pattern: ^.*$ + Value: + description: The environment variable value. + type: string + minLength: 1 + maxLength: 255 + pattern: ^.*$ + required: + - Name + - Value + additionalProperties: false + ContainerMountPoint: + description: Defines the mount point configuration within a container. + type: object + properties: + InstancePath: + description: The path on the host that will be mounted in the container. + type: string + minLength: 1 + maxLength: 1024 + pattern: ^\/[\s\S]*$ + ContainerPath: + description: The path inside the container where the mount is accessible. + type: string + minLength: 1 + maxLength: 1024 + pattern: ^(\/+[^\/]+\/*)+$ + AccessLevel: + description: The access permissions for the mounted path. + type: string + enum: + - READ_ONLY + - READ_AND_WRITE + required: + - InstancePath + additionalProperties: false + ContainerDependency: + description: A dependency that impacts a container's startup and shutdown. + type: object + properties: + ContainerName: + description: A descriptive label for the container definition. The container being defined depends on this container's condition. + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9-]+$ + Condition: + description: The type of dependency. + type: string + enum: + - START + - COMPLETE + - SUCCESS + - HEALTHY + required: + - ContainerName + - Condition + additionalProperties: false + GameServerContainerDefinition: + description: Specifies the information required to run game servers with this container group + type: object + properties: + ContainerName: + description: A descriptive label for the container definition. Container definition names must be unique with a container group definition. + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9-]+$ + DependsOn: + description: A list of container dependencies that determines when this container starts up and shuts down. For container groups with multiple containers, dependencies let you define a startup/shutdown sequence across the containers. + type: array + uniqueItems: true + x-insertionOrder: true + minItems: 1 + maxItems: 10 + items: + $ref: '#/components/schemas/ContainerDependency' + ServerSdkVersion: + description: The version of the server SDK used in this container group + type: string + maxLength: 128 + pattern: ^\d+\.\d+\.\d+$ + ImageUri: + description: Specifies the image URI of this container. + type: string + minLength: 1 + maxLength: 255 + pattern: ^[a-zA-Z0-9-_\.@\/:]+$ + ResolvedImageDigest: + description: The digest of the container image. + type: string + pattern: ^sha256:[a-fA-F0-9]{64}$ + EnvironmentOverride: + description: The environment variables to pass to a container. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + maxItems: 20 + items: + $ref: '#/components/schemas/ContainerEnvironment' + PortConfiguration: + description: Defines the ports on the container. + $ref: '#/components/schemas/PortConfiguration' + MountPoints: + description: A list of mount point configurations to be used in a container. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + maxItems: 10 + items: + $ref: '#/components/schemas/ContainerMountPoint' + required: + - ContainerName + - ImageUri + - ServerSdkVersion + additionalProperties: false + SupportContainerDefinition: + description: Supports the function of the main container group + type: object + properties: + ContainerName: + description: A descriptive label for the container definition. + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9-]+$ + Vcpu: + description: The number of virtual CPUs to give to the support group + type: number + minimum: 0.125 + maximum: 10 + DependsOn: + description: A list of container dependencies that determines when this container starts up and shuts down. For container groups with multiple containers, dependencies let you define a startup/shutdown sequence across the containers. + type: array + uniqueItems: true + x-insertionOrder: true + minItems: 1 + maxItems: 10 + items: + $ref: '#/components/schemas/ContainerDependency' + Essential: + description: Specifies if the container is essential. If an essential container fails a health check, then all containers in the container group will be restarted. You must specify exactly 1 essential container in a container group. + type: boolean + ImageUri: + description: Specifies the image URI of this container. + type: string + minLength: 1 + maxLength: 255 + pattern: ^[a-zA-Z0-9-_\.@\/:]+$ + ResolvedImageDigest: + description: The digest of the container image. + type: string + pattern: ^sha256:[a-fA-F0-9]{64}$ + MemoryHardLimitMebibytes: + description: The total memory limit of container groups following this definition in MiB + type: integer + minimum: 4 + maximum: 1024000 + EnvironmentOverride: + description: The environment variables to pass to a container. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + maxItems: 20 + items: + $ref: '#/components/schemas/ContainerEnvironment' + PortConfiguration: + description: Defines the ports on the container. + $ref: '#/components/schemas/PortConfiguration' + HealthCheck: + description: Specifies how the health of the containers will be checked. + $ref: '#/components/schemas/ContainerHealthCheck' + MountPoints: + description: A list of mount point configurations to be used in a container. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + maxItems: 10 + items: + $ref: '#/components/schemas/ContainerMountPoint' + required: + - ContainerName + - ImageUri + additionalProperties: false + ContainerGroupDefinition: + type: object + properties: + ContainerGroupDefinitionArn: + description: The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift container group resource and uniquely identifies it across all AWS Regions. + type: string + minLength: 1 + maxLength: 512 + pattern: ^arn:.*:containergroupdefinition\/[a-zA-Z0-9\-]+(:[0-9]+)?$ + CreationTime: + description: A time stamp indicating when this data object was created. Format is a number expressed in Unix time as milliseconds (for example "1469498468.057"). + type: string + OperatingSystem: + description: The operating system of the container group + type: string + enum: + - AMAZON_LINUX_2023 + Name: + description: A descriptive label for the container group definition. + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z0-9-]+$ + ContainerGroupType: + description: The scope of the container group + type: string + enum: + - GAME_SERVER + - PER_INSTANCE + TotalMemoryLimitMebibytes: + description: The total memory limit of container groups following this definition in MiB + type: integer + minimum: 4 + maximum: 1024000 + TotalVcpuLimit: + description: The total amount of virtual CPUs on the container group definition + type: number + minimum: 0.125 + maximum: 10 + GameServerContainerDefinition: + $ref: '#/components/schemas/GameServerContainerDefinition' + SupportContainerDefinitions: + description: A collection of support container definitions that define the containers in this group. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 1 + maxItems: 10 + items: + $ref: '#/components/schemas/SupportContainerDefinition' + VersionNumber: + description: The version of this ContainerGroupDefinition + type: integer + minimum: 0 + SourceVersionNumber: + description: A specific ContainerGroupDefinition version to be updated + type: integer + minimum: 0 + VersionDescription: + description: The description of this version + type: string + minLength: 1 + maxLength: 1024 + Status: + description: A string indicating ContainerGroupDefinition status. + type: string + enum: + - READY + - COPYING + - FAILED + StatusReason: + description: A string indicating the reason for ContainerGroupDefinition status. + type: string + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - OperatingSystem + - TotalMemoryLimitMebibytes + - TotalVcpuLimit + x-stackql-resource-name: container_group_definition + description: The AWS::GameLift::ContainerGroupDefinition resource creates an Amazon GameLift container group definition. + x-type-name: AWS::GameLift::ContainerGroupDefinition + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - ContainerGroupType + x-read-only-properties: + - ContainerGroupDefinitionArn + - CreationTime + - VersionNumber + - Status + - StatusReason + x-required-properties: + - Name + - OperatingSystem + - TotalMemoryLimitMebibytes + - TotalVcpuLimit + x-tagging: + taggable: true + cloudFormationSystemTags: false + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + permissions: + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:UntagResource + x-required-permissions: + create: + - gamelift:CreateContainerGroupDefinition + - gamelift:DescribeContainerGroupDefinition + - gamelift:ListTagsForResource + - gamelift:TagResource + - ecr:BatchCheckLayerAvailability + - ecr:BatchGetImage + - ecr:GetDownloadUrlForLayer + - ecr:DescribeImages + read: + - gamelift:DescribeContainerGroupDefinition + - gamelift:ListTagsForResource + update: + - gamelift:UpdateContainerGroupDefinition + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:UntagResource + delete: + - gamelift:DescribeContainerGroupDefinition + - gamelift:DeleteContainerGroupDefinition + list: + - gamelift:ListContainerGroupDefinitions + AnywhereConfiguration: + description: Configuration for Anywhere fleet. + properties: + Cost: + description: Cost of compute can be specified on Anywhere Fleets to prioritize placement across Queue destinations based on Cost. + type: string + pattern: ^\d{1,5}(?:\.\d{1,5})?$ + minLength: 1 + maxLength: 11 + additionalProperties: false + required: + - Cost + CertificateConfiguration: + description: Information about the use of a TLS/SSL certificate for a fleet. TLS certificate generation is enabled at the fleet level, with one certificate generated for the fleet. When this feature is enabled, the certificate can be retrieved using the GameLift Server SDK call GetInstanceCertificate. All instances in a fleet share the same certificate. type: object properties: - Location: - $ref: '#/components/schemas/Location' - LocationCapacity: - $ref: '#/components/schemas/LocationCapacity' + CertificateType: + type: string + enum: + - DISABLED + - GENERATED additionalProperties: false required: - - Location + - CertificateType ResourceCreationLimitPolicy: description: |- A policy that limits the number of game sessions a player can create on the same fleet. This optional policy gives game owners control over how players can consume available game server resources. A resource creation policy makes the following statement: "An individual player can create a maximum number of new game sessions within a specified time period". @@ -1136,87 +1568,6 @@ components: $ref: '#/components/schemas/ServerProcess' x-insertionOrder: false additionalProperties: false - ScalingPolicy: - description: Rule that controls how a fleet is scaled. Scaling policies are uniquely identified by the combination of name and fleet ID. - type: object - properties: - ComparisonOperator: - description: Comparison operator to use when measuring a metric against the threshold value. - type: string - enum: - - GreaterThanOrEqualToThreshold - - GreaterThanThreshold - - LessThanThreshold - - LessThanOrEqualToThreshold - EvaluationPeriods: - description: Length of time (in minutes) the metric must be at or beyond the threshold before a scaling event is triggered. - type: integer - minimum: 1 - Location: - $ref: '#/components/schemas/Location' - MetricName: - description: Name of the Amazon GameLift-defined metric that is used to trigger a scaling adjustment. - type: string - enum: - - ActivatingGameSessions - - ActiveGameSessions - - ActiveInstances - - AvailableGameSessions - - AvailablePlayerSessions - - CurrentPlayerSessions - - IdleInstances - - PercentAvailableGameSessions - - PercentIdleInstances - - QueueDepth - - WaitTime - - ConcurrentActivatableGameSessions - Name: - description: A descriptive label that is associated with a fleet's scaling policy. Policy names do not need to be unique. - type: string - minLength: 1 - maxLength: 1024 - PolicyType: - description: 'The type of scaling policy to create. For a target-based policy, set the parameter MetricName to ''PercentAvailableGameSessions'' and specify a TargetConfiguration. For a rule-based policy set the following parameters: MetricName, ComparisonOperator, Threshold, EvaluationPeriods, ScalingAdjustmentType, and ScalingAdjustment.' - type: string - enum: - - RuleBased - - TargetBased - ScalingAdjustment: - description: Amount of adjustment to make, based on the scaling adjustment type. - type: integer - ScalingAdjustmentType: - description: The type of adjustment to make to a fleet's instance count. - type: string - enum: - - ChangeInCapacity - - ExactCapacity - - PercentChangeInCapacity - Status: - description: Current status of the scaling policy. The scaling policy can be in force only when in an ACTIVE status. Scaling policies can be suspended for individual fleets. If the policy is suspended for a fleet, the policy status does not change. - type: string - enum: - - ACTIVE - - UPDATE_REQUESTED - - UPDATING - - DELETE_REQUESTED - - DELETING - - DELETED - - ERROR - TargetConfiguration: - description: An object that contains settings for a target-based scaling policy. - $ref: '#/components/schemas/TargetConfiguration' - Threshold: - description: Metric value used to trigger a scaling event. - type: number - UpdateStatus: - description: The current status of the fleet's scaling policies in a requested fleet location. The status PENDING_UPDATE indicates that an update was requested for the fleet but has not yet been completed for the location. - type: string - enum: - - PENDING_UPDATE - additionalProperties: false - required: - - MetricName - - Name ServerProcess: description: A set of instructions for launching server processes on each instance in a fleet. Each instruction set identifies the location of the server executable, optional launch parameters, and the number of server processes with this configuration to maintain concurrently on the instance. Server process configurations make up a fleet's RuntimeConfiguration. type: object @@ -1245,16 +1596,6 @@ components: required: - ConcurrentExecutions - LaunchPath - TargetConfiguration: - description: Settings for a target-based scaling policy. A target-based policy tracks a particular fleet metric specifies a target value for the metric. As player usage changes, the policy triggers Amazon GameLift to adjust capacity so that the metric returns to the target value. The target configuration specifies settings as needed for the target based policy, including the target value. - type: object - properties: - TargetValue: - description: Desired value to use with a target-based scaling policy. The value must be relevant for whatever metric the scaling policy is using. For example, in a policy using the metric PercentAvailableGameSessions, the target value should be the preferred size of the fleet's buffer (the percent of capacity that should be idle and ready for new game sessions). - type: number - additionalProperties: false - required: - - TargetValue Fleet: type: object properties: @@ -1283,9 +1624,6 @@ components: enum: - EC2 - ANYWHERE - - CONTAINER - ContainerGroupsConfiguration: - $ref: '#/components/schemas/ContainerGroupsConfiguration' Description: description: A human-readable description of a fleet. type: string @@ -1418,7 +1756,6 @@ components: - ApplyCapacity - BuildId - CertificateConfiguration - - ContainerGroupsConfiguration - EC2InstanceType - FleetType - InstanceRoleARN @@ -1433,7 +1770,6 @@ components: x-write-only-properties: - ApplyCapacity x-read-only-properties: - - ContainerGroupsConfiguration/ContainerGroupsPerInstance/MaxReplicaContainerGroupsPerInstance - FleetId x-required-properties: - Name @@ -2082,6 +2418,12 @@ components: taggable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + tagOnCreate: true + tagUpdatable: true + permissions: + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:UntagResource x-required-permissions: create: - gamelift:CreateMatchmakingConfiguration @@ -2152,6 +2494,12 @@ components: taggable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + tagOnCreate: true + tagUpdatable: true + permissions: + - gamelift:ListTagsForResource + - gamelift:TagResource + - gamelift:UntagResource x-required-permissions: create: - gamelift:CreateMatchmakingRuleSet @@ -2352,7 +2700,189 @@ components: description: A server SDK version you used when integrating your game server build with Amazon GameLift. By default Amazon GameLift sets this value to 4.0.2. type: string x-stackQL-stringOnly: true - x-title: CreateBuildRequest + x-title: CreateBuildRequest + type: object + required: [] + CreateLocationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + LocationName: + type: string + minLength: 8 + maxLength: 64 + pattern: ^custom-[A-Za-z0-9\-]+ + LocationArn: + type: string + pattern: ^arn:.*:location/custom-\S+ + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateLocationRequest + type: object + required: [] + CreateContainerFleetRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + FleetId: + description: Unique fleet ID + type: string + pattern: ^[a-z]*fleet-[a-zA-Z0-9\-]+ + minLength: 1 + maxLength: 128 + FleetRoleArn: + description: A unique identifier for an AWS IAM role that manages access to your AWS services. Create a role or look up a role's ARN from the IAM dashboard in the AWS Management Console. + type: string + pattern: ^arn:aws(-.*)?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + minLength: 1 + maxLength: 256 + Description: + description: A human-readable description of a fleet. + type: string + minLength: 1 + maxLength: 1024 + GameServerContainerGroupDefinitionName: + description: The name of the container group definition that will be created per game server. You must specify GAME_SERVER container group. You have the option to also specify one PER_INSTANCE container group. + type: string + minLength: 1 + maxLength: 512 + pattern: ^[a-zA-Z0-9\-]+$|^arn:.*:containergroupdefinition\/[a-zA-Z0-9\-]+(:[0-9]+)?$ + GameServerContainerGroupDefinitionArn: + description: The Amazon Resource Name (ARN) of the game server container group definition. This field will be empty if GameServerContainerGroupDefinitionName is not specified. + type: string + maxLength: 512 + pattern: ^arn:.*:containergroupdefinition\/[a-zA-Z0-9\-]+(:[0-9]+)?$|^$ + PerInstanceContainerGroupDefinitionName: + description: The name of the container group definition that will be created per instance. This field is optional if you specify GameServerContainerGroupDefinitionName. + type: string + minLength: 1 + maxLength: 512 + pattern: ^[a-zA-Z0-9\-]+$|^arn:.*:containergroupdefinition\/[a-zA-Z0-9\-]+(:[0-9]+)?$ + PerInstanceContainerGroupDefinitionArn: + description: The Amazon Resource Name (ARN) of the per instance container group definition. This field will be empty if PerInstanceContainerGroupDefinitionName is not specified. + type: string + maxLength: 512 + pattern: ^arn:.*:containergroupdefinition\/[a-zA-Z0-9\-]+(:[0-9]+)?$|^$ + InstanceConnectionPortRange: + $ref: '#/components/schemas/ConnectionPortRange' + InstanceInboundPermissions: + description: A range of IP addresses and port settings that allow inbound traffic to connect to server processes on an Amazon GameLift server. + type: array + maxItems: 50 + items: + $ref: '#/components/schemas/IpPermission' + x-insertionOrder: false + GameServerContainerGroupsPerInstance: + description: The number of desired game server container groups per instance, a number between 1-5000. + type: integer + minimum: 1 + maximum: 5000 + MaximumGameServerContainerGroupsPerInstance: + description: The maximum number of game server container groups per instance, a number between 1-5000. + type: integer + minimum: 1 + maximum: 5000 + CreationTime: + description: A time stamp indicating when this data object was created. Format is a number expressed in Unix time as milliseconds (for example "1469498468.057"). + type: string + Status: + description: The current status of the container fleet. + type: string + enum: + - PENDING + - CREATING + - CREATED + - ACTIVATING + - ACTIVE + - UPDATING + - DELETING + DeploymentDetails: + $ref: '#/components/schemas/DeploymentDetails' + DeploymentConfiguration: + $ref: '#/components/schemas/DeploymentConfiguration' + InstanceType: + description: The name of an EC2 instance type that is supported in Amazon GameLift. A fleet instance type determines the computing resources of each instance in the fleet, including CPU, memory, storage, and networking capacity. Amazon GameLift supports the following EC2 instance types. See Amazon EC2 Instance Types for detailed descriptions. + type: string + minLength: 1 + maxLength: 1024 + BillingType: + description: Indicates whether to use On-Demand instances or Spot instances for this fleet. If empty, the default is ON_DEMAND. Both categories of instances use identical hardware and configurations based on the instance type selected for this fleet. + type: string + enum: + - ON_DEMAND + - SPOT + Locations: + type: array + maxItems: 100 + items: + $ref: '#/components/schemas/LocationConfiguration' + x-insertionOrder: false + ScalingPolicies: + description: A list of rules that control how a fleet is scaled. + type: array + maxItems: 50 + items: + $ref: '#/components/schemas/ScalingPolicy' + x-insertionOrder: false + MetricGroups: + description: The name of an Amazon CloudWatch metric group. A metric group aggregates the metrics for all fleets in the group. Specify a string containing the metric group name. You can use an existing name or use a new name to create a new metric group. Currently, this parameter can have only one string. + type: array + maxItems: 1 + items: + type: string + x-insertionOrder: false + NewGameSessionProtectionPolicy: + description: A game session protection policy to apply to all game sessions hosted on instances in this fleet. When protected, active game sessions cannot be terminated during a scale-down event. If this parameter is not set, instances in this fleet default to no protection. You can change a fleet's protection policy to affect future game sessions on the fleet. You can also set protection for individual game sessions. + type: string + enum: + - FullProtection + - NoProtection + GameSessionCreationLimitPolicy: + description: A policy that limits the number of game sessions an individual player can create over a span of time for this fleet. + $ref: '#/components/schemas/GameSessionCreationLimitPolicy' + LogConfiguration: + $ref: '#/components/schemas/LogConfiguration' + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 200 + items: + $ref: '#/components/schemas/Tag' + FleetArn: + description: The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift container fleet resource and uniquely identifies it across all AWS Regions. + type: string + minLength: 1 + maxLength: 512 + pattern: ^arn:.*:[a-z]*fleet\/[a-z]*fleet-[a-zA-Z0-9\-]+$ + x-stackQL-stringOnly: true + x-title: CreateContainerFleetRequest type: object required: [] CreateContainerGroupDefinitionRequest: @@ -2373,90 +2903,82 @@ components: type: string minLength: 1 maxLength: 512 - pattern: ^arn:.*:containergroupdefinition/containergroupdefinition-[a-zA-Z0-9-]+$ + pattern: ^arn:.*:containergroupdefinition\/[a-zA-Z0-9\-]+(:[0-9]+)?$ + CreationTime: + description: A time stamp indicating when this data object was created. Format is a number expressed in Unix time as milliseconds (for example "1469498468.057"). + type: string + OperatingSystem: + description: The operating system of the container group + type: string + enum: + - AMAZON_LINUX_2023 Name: description: A descriptive label for the container group definition. type: string minLength: 1 maxLength: 128 pattern: ^[a-zA-Z0-9-]+$ - CreationTime: - description: A time stamp indicating when this data object was created. Format is a number expressed in Unix time as milliseconds (for example "1469498468.057"). - type: string - SchedulingStrategy: - description: Specifies whether the container group includes replica or daemon containers. + ContainerGroupType: + description: The scope of the container group type: string enum: - - REPLICA - - DAEMON - TotalMemoryLimit: - description: The maximum amount of memory (in MiB) to allocate for this container group. + - GAME_SERVER + - PER_INSTANCE + TotalMemoryLimitMebibytes: + description: The total memory limit of container groups following this definition in MiB type: integer minimum: 4 maximum: 1024000 - TotalCpuLimit: - description: The maximum number of CPU units reserved for this container group. The value is expressed as an integer amount of CPU units. (1 vCPU is equal to 1024 CPU units.) - type: integer - minimum: 128 - maximum: 10240 - ContainerDefinitions: - description: A collection of container definitions that define the containers in this group. + TotalVcpuLimit: + description: The total amount of virtual CPUs on the container group definition + type: number + minimum: 0.125 + maximum: 10 + GameServerContainerDefinition: + $ref: '#/components/schemas/GameServerContainerDefinition' + SupportContainerDefinitions: + description: A collection of support container definitions that define the containers in this group. type: array uniqueItems: true x-insertionOrder: false minItems: 1 maxItems: 10 items: - $ref: '#/components/schemas/ContainerDefinition' - Tags: - description: An array of key-value pairs to apply to this resource. - type: array - uniqueItems: true - x-insertionOrder: false - minItems: 0 - maxItems: 200 - items: - $ref: '#/components/schemas/Tag' - OperatingSystem: - description: The operating system of the container group + $ref: '#/components/schemas/SupportContainerDefinition' + VersionNumber: + description: The version of this ContainerGroupDefinition + type: integer + minimum: 0 + SourceVersionNumber: + description: A specific ContainerGroupDefinition version to be updated + type: integer + minimum: 0 + VersionDescription: + description: The description of this version type: string - enum: - - AMAZON_LINUX_2023 - x-stackQL-stringOnly: true - x-title: CreateContainerGroupDefinitionRequest - type: object - required: [] - CreateLocationRequest: - properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - LocationName: + minLength: 1 + maxLength: 1024 + Status: + description: A string indicating ContainerGroupDefinition status. type: string - minLength: 8 - maxLength: 64 - pattern: ^custom-[A-Za-z0-9\-]+ - LocationArn: + enum: + - READY + - COPYING + - FAILED + StatusReason: + description: A string indicating the reason for ContainerGroupDefinition status. type: string - pattern: ^arn:.*:location/custom-\S+ Tags: description: An array of key-value pairs to apply to this resource. type: array uniqueItems: true x-insertionOrder: false + minItems: 0 maxItems: 200 items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true - x-title: CreateLocationRequest + x-title: CreateContainerGroupDefinitionRequest type: object required: [] CreateFleetRequest: @@ -2497,9 +3019,6 @@ components: enum: - EC2 - ANYWHERE - - CONTAINER - ContainerGroupsConfiguration: - $ref: '#/components/schemas/ContainerGroupsConfiguration' Description: description: A human-readable description of a fleet. type: string @@ -3279,13 +3798,202 @@ components: json_extract_path_text(Properties, 'BuildId') as build_id FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Build' AND region = 'us-east-1' - container_group_definitions: - name: container_group_definitions - id: aws.gamelift.container_group_definitions - x-cfn-schema-name: ContainerGroupDefinition - x-cfn-type-name: AWS::GameLift::ContainerGroupDefinition + locations: + name: locations + id: aws.gamelift.locations + x-cfn-schema-name: Location + x-cfn-type-name: AWS::GameLift::Location + x-identifiers: + - LocationName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Location&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::GameLift::Location" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::GameLift::Location" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::GameLift::Location" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/locations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/locations/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/locations/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LocationName') as location_name, + JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Location' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.LocationName') as location_name, + JSON_EXTRACT(detail.Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::GameLift::Location' + AND detail.data__TypeName = 'AWS::GameLift::Location' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LocationName') as location_name, + json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Location' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'LocationName') as location_name, + json_extract_path_text(detail.Properties, 'LocationArn') as location_arn, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::GameLift::Location' + AND detail.data__TypeName = 'AWS::GameLift::Location' + AND listing.region = 'us-east-1' + locations_list_only: + name: locations_list_only + id: aws.gamelift.locations_list_only + x-cfn-schema-name: Location + x-cfn-type-name: AWS::GameLift::Location + x-identifiers: + - LocationName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LocationName') as location_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Location' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LocationName') as location_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Location' + AND region = 'us-east-1' + location_tags: + name: location_tags + id: aws.gamelift.location_tags + x-cfn-schema-name: Location + x-cfn-type-name: AWS::GameLift::Location + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.LocationName') as location_name, + JSON_EXTRACT(detail.Properties, '$.LocationArn') as location_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::GameLift::Location' + AND detail.data__TypeName = 'AWS::GameLift::Location' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'LocationName') as location_name, + json_extract_path_text(detail.Properties, 'LocationArn') as location_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::GameLift::Location' + AND detail.data__TypeName = 'AWS::GameLift::Location' + AND listing.region = 'us-east-1' + container_fleets: + name: container_fleets + id: aws.gamelift.container_fleets + x-cfn-schema-name: ContainerFleet + x-cfn-type-name: AWS::GameLift::ContainerFleet x-identifiers: - - Name + - FleetId x-type: cloud_control methods: create_resource: @@ -3293,12 +4001,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ContainerGroupDefinition&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ContainerFleet&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::GameLift::ContainerGroupDefinition" + "TypeName": "AWS::GameLift::ContainerFleet" } response: mediaType: application/json @@ -3310,7 +4018,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::GameLift::ContainerGroupDefinition" + "TypeName": "AWS::GameLift::ContainerFleet" } response: mediaType: application/json @@ -3322,18 +4030,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::GameLift::ContainerGroupDefinition" + "TypeName": "AWS::GameLift::ContainerFleet" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/container_group_definitions/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/container_fleets/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/container_group_definitions/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/container_fleets/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/container_group_definitions/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/container_fleets/methods/update_resource' config: views: select: @@ -3342,38 +4050,70 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.ContainerGroupDefinitionArn') as container_group_definition_arn, - JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.FleetId') as fleet_id, + JSON_EXTRACT(Properties, '$.FleetRoleArn') as fleet_role_arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.GameServerContainerGroupDefinitionName') as game_server_container_group_definition_name, + JSON_EXTRACT(Properties, '$.GameServerContainerGroupDefinitionArn') as game_server_container_group_definition_arn, + JSON_EXTRACT(Properties, '$.PerInstanceContainerGroupDefinitionName') as per_instance_container_group_definition_name, + JSON_EXTRACT(Properties, '$.PerInstanceContainerGroupDefinitionArn') as per_instance_container_group_definition_arn, + JSON_EXTRACT(Properties, '$.InstanceConnectionPortRange') as instance_connection_port_range, + JSON_EXTRACT(Properties, '$.InstanceInboundPermissions') as instance_inbound_permissions, + JSON_EXTRACT(Properties, '$.GameServerContainerGroupsPerInstance') as game_server_container_groups_per_instance, + JSON_EXTRACT(Properties, '$.MaximumGameServerContainerGroupsPerInstance') as maximum_game_server_container_groups_per_instance, JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, - JSON_EXTRACT(Properties, '$.SchedulingStrategy') as scheduling_strategy, - JSON_EXTRACT(Properties, '$.TotalMemoryLimit') as total_memory_limit, - JSON_EXTRACT(Properties, '$.TotalCpuLimit') as total_cpu_limit, - JSON_EXTRACT(Properties, '$.ContainerDefinitions') as container_definitions, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.DeploymentDetails') as deployment_details, + JSON_EXTRACT(Properties, '$.DeploymentConfiguration') as deployment_configuration, + JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(Properties, '$.BillingType') as billing_type, + JSON_EXTRACT(Properties, '$.Locations') as locations, + JSON_EXTRACT(Properties, '$.ScalingPolicies') as scaling_policies, + JSON_EXTRACT(Properties, '$.MetricGroups') as metric_groups, + JSON_EXTRACT(Properties, '$.NewGameSessionProtectionPolicy') as new_game_session_protection_policy, + JSON_EXTRACT(Properties, '$.GameSessionCreationLimitPolicy') as game_session_creation_limit_policy, + JSON_EXTRACT(Properties, '$.LogConfiguration') as log_configuration, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.OperatingSystem') as operating_system - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.FleetArn') as fleet_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::ContainerFleet' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.ContainerGroupDefinitionArn') as container_group_definition_arn, - JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.FleetId') as fleet_id, + JSON_EXTRACT(detail.Properties, '$.FleetRoleArn') as fleet_role_arn, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.GameServerContainerGroupDefinitionName') as game_server_container_group_definition_name, + JSON_EXTRACT(detail.Properties, '$.GameServerContainerGroupDefinitionArn') as game_server_container_group_definition_arn, + JSON_EXTRACT(detail.Properties, '$.PerInstanceContainerGroupDefinitionName') as per_instance_container_group_definition_name, + JSON_EXTRACT(detail.Properties, '$.PerInstanceContainerGroupDefinitionArn') as per_instance_container_group_definition_arn, + JSON_EXTRACT(detail.Properties, '$.InstanceConnectionPortRange') as instance_connection_port_range, + JSON_EXTRACT(detail.Properties, '$.InstanceInboundPermissions') as instance_inbound_permissions, + JSON_EXTRACT(detail.Properties, '$.GameServerContainerGroupsPerInstance') as game_server_container_groups_per_instance, + JSON_EXTRACT(detail.Properties, '$.MaximumGameServerContainerGroupsPerInstance') as maximum_game_server_container_groups_per_instance, JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time, - JSON_EXTRACT(detail.Properties, '$.SchedulingStrategy') as scheduling_strategy, - JSON_EXTRACT(detail.Properties, '$.TotalMemoryLimit') as total_memory_limit, - JSON_EXTRACT(detail.Properties, '$.TotalCpuLimit') as total_cpu_limit, - JSON_EXTRACT(detail.Properties, '$.ContainerDefinitions') as container_definitions, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.DeploymentDetails') as deployment_details, + JSON_EXTRACT(detail.Properties, '$.DeploymentConfiguration') as deployment_configuration, + JSON_EXTRACT(detail.Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(detail.Properties, '$.BillingType') as billing_type, + JSON_EXTRACT(detail.Properties, '$.Locations') as locations, + JSON_EXTRACT(detail.Properties, '$.ScalingPolicies') as scaling_policies, + JSON_EXTRACT(detail.Properties, '$.MetricGroups') as metric_groups, + JSON_EXTRACT(detail.Properties, '$.NewGameSessionProtectionPolicy') as new_game_session_protection_policy, + JSON_EXTRACT(detail.Properties, '$.GameSessionCreationLimitPolicy') as game_session_creation_limit_policy, + JSON_EXTRACT(detail.Properties, '$.LogConfiguration') as log_configuration, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.OperatingSystem') as operating_system + JSON_EXTRACT(detail.Properties, '$.FleetArn') as fleet_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' - AND detail.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' + WHERE listing.data__TypeName = 'AWS::GameLift::ContainerFleet' + AND detail.data__TypeName = 'AWS::GameLift::ContainerFleet' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -3381,46 +4121,78 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'ContainerGroupDefinitionArn') as container_group_definition_arn, - json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'FleetId') as fleet_id, + json_extract_path_text(Properties, 'FleetRoleArn') as fleet_role_arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'GameServerContainerGroupDefinitionName') as game_server_container_group_definition_name, + json_extract_path_text(Properties, 'GameServerContainerGroupDefinitionArn') as game_server_container_group_definition_arn, + json_extract_path_text(Properties, 'PerInstanceContainerGroupDefinitionName') as per_instance_container_group_definition_name, + json_extract_path_text(Properties, 'PerInstanceContainerGroupDefinitionArn') as per_instance_container_group_definition_arn, + json_extract_path_text(Properties, 'InstanceConnectionPortRange') as instance_connection_port_range, + json_extract_path_text(Properties, 'InstanceInboundPermissions') as instance_inbound_permissions, + json_extract_path_text(Properties, 'GameServerContainerGroupsPerInstance') as game_server_container_groups_per_instance, + json_extract_path_text(Properties, 'MaximumGameServerContainerGroupsPerInstance') as maximum_game_server_container_groups_per_instance, json_extract_path_text(Properties, 'CreationTime') as creation_time, - json_extract_path_text(Properties, 'SchedulingStrategy') as scheduling_strategy, - json_extract_path_text(Properties, 'TotalMemoryLimit') as total_memory_limit, - json_extract_path_text(Properties, 'TotalCpuLimit') as total_cpu_limit, - json_extract_path_text(Properties, 'ContainerDefinitions') as container_definitions, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'DeploymentDetails') as deployment_details, + json_extract_path_text(Properties, 'DeploymentConfiguration') as deployment_configuration, + json_extract_path_text(Properties, 'InstanceType') as instance_type, + json_extract_path_text(Properties, 'BillingType') as billing_type, + json_extract_path_text(Properties, 'Locations') as locations, + json_extract_path_text(Properties, 'ScalingPolicies') as scaling_policies, + json_extract_path_text(Properties, 'MetricGroups') as metric_groups, + json_extract_path_text(Properties, 'NewGameSessionProtectionPolicy') as new_game_session_protection_policy, + json_extract_path_text(Properties, 'GameSessionCreationLimitPolicy') as game_session_creation_limit_policy, + json_extract_path_text(Properties, 'LogConfiguration') as log_configuration, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'OperatingSystem') as operating_system - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' - AND data__Identifier = '' + json_extract_path_text(Properties, 'FleetArn') as fleet_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::ContainerFleet' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'ContainerGroupDefinitionArn') as container_group_definition_arn, - json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'FleetId') as fleet_id, + json_extract_path_text(detail.Properties, 'FleetRoleArn') as fleet_role_arn, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'GameServerContainerGroupDefinitionName') as game_server_container_group_definition_name, + json_extract_path_text(detail.Properties, 'GameServerContainerGroupDefinitionArn') as game_server_container_group_definition_arn, + json_extract_path_text(detail.Properties, 'PerInstanceContainerGroupDefinitionName') as per_instance_container_group_definition_name, + json_extract_path_text(detail.Properties, 'PerInstanceContainerGroupDefinitionArn') as per_instance_container_group_definition_arn, + json_extract_path_text(detail.Properties, 'InstanceConnectionPortRange') as instance_connection_port_range, + json_extract_path_text(detail.Properties, 'InstanceInboundPermissions') as instance_inbound_permissions, + json_extract_path_text(detail.Properties, 'GameServerContainerGroupsPerInstance') as game_server_container_groups_per_instance, + json_extract_path_text(detail.Properties, 'MaximumGameServerContainerGroupsPerInstance') as maximum_game_server_container_groups_per_instance, json_extract_path_text(detail.Properties, 'CreationTime') as creation_time, - json_extract_path_text(detail.Properties, 'SchedulingStrategy') as scheduling_strategy, - json_extract_path_text(detail.Properties, 'TotalMemoryLimit') as total_memory_limit, - json_extract_path_text(detail.Properties, 'TotalCpuLimit') as total_cpu_limit, - json_extract_path_text(detail.Properties, 'ContainerDefinitions') as container_definitions, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'DeploymentDetails') as deployment_details, + json_extract_path_text(detail.Properties, 'DeploymentConfiguration') as deployment_configuration, + json_extract_path_text(detail.Properties, 'InstanceType') as instance_type, + json_extract_path_text(detail.Properties, 'BillingType') as billing_type, + json_extract_path_text(detail.Properties, 'Locations') as locations, + json_extract_path_text(detail.Properties, 'ScalingPolicies') as scaling_policies, + json_extract_path_text(detail.Properties, 'MetricGroups') as metric_groups, + json_extract_path_text(detail.Properties, 'NewGameSessionProtectionPolicy') as new_game_session_protection_policy, + json_extract_path_text(detail.Properties, 'GameSessionCreationLimitPolicy') as game_session_creation_limit_policy, + json_extract_path_text(detail.Properties, 'LogConfiguration') as log_configuration, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'OperatingSystem') as operating_system + json_extract_path_text(detail.Properties, 'FleetArn') as fleet_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' - AND detail.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' + WHERE listing.data__TypeName = 'AWS::GameLift::ContainerFleet' + AND detail.data__TypeName = 'AWS::GameLift::ContainerFleet' AND listing.region = 'us-east-1' - container_group_definitions_list_only: - name: container_group_definitions_list_only - id: aws.gamelift.container_group_definitions_list_only - x-cfn-schema-name: ContainerGroupDefinition - x-cfn-type-name: AWS::GameLift::ContainerGroupDefinition + container_fleets_list_only: + name: container_fleets_list_only + id: aws.gamelift.container_fleets_list_only + x-cfn-schema-name: ContainerFleet + x-cfn-type-name: AWS::GameLift::ContainerFleet x-identifiers: - - Name + - FleetId x-type: cloud_control_view methods: {} sqlVerbs: @@ -3434,22 +4206,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.Name') as name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' + JSON_EXTRACT(Properties, '$.FleetId') as fleet_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::ContainerFleet' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'Name') as name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' + json_extract_path_text(Properties, 'FleetId') as fleet_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::ContainerFleet' AND region = 'us-east-1' - container_group_definition_tags: - name: container_group_definition_tags - id: aws.gamelift.container_group_definition_tags - x-cfn-schema-name: ContainerGroupDefinition - x-cfn-type-name: AWS::GameLift::ContainerGroupDefinition + container_fleet_tags: + name: container_fleet_tags + id: aws.gamelift.container_fleet_tags + x-cfn-schema-name: ContainerFleet + x-cfn-type-name: AWS::GameLift::ContainerFleet x-type: cloud_control_view methods: {} sqlVerbs: @@ -3465,21 +4237,37 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.ContainerGroupDefinitionArn') as container_group_definition_arn, - JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.FleetId') as fleet_id, + JSON_EXTRACT(detail.Properties, '$.FleetRoleArn') as fleet_role_arn, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.GameServerContainerGroupDefinitionName') as game_server_container_group_definition_name, + JSON_EXTRACT(detail.Properties, '$.GameServerContainerGroupDefinitionArn') as game_server_container_group_definition_arn, + JSON_EXTRACT(detail.Properties, '$.PerInstanceContainerGroupDefinitionName') as per_instance_container_group_definition_name, + JSON_EXTRACT(detail.Properties, '$.PerInstanceContainerGroupDefinitionArn') as per_instance_container_group_definition_arn, + JSON_EXTRACT(detail.Properties, '$.InstanceConnectionPortRange') as instance_connection_port_range, + JSON_EXTRACT(detail.Properties, '$.InstanceInboundPermissions') as instance_inbound_permissions, + JSON_EXTRACT(detail.Properties, '$.GameServerContainerGroupsPerInstance') as game_server_container_groups_per_instance, + JSON_EXTRACT(detail.Properties, '$.MaximumGameServerContainerGroupsPerInstance') as maximum_game_server_container_groups_per_instance, JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time, - JSON_EXTRACT(detail.Properties, '$.SchedulingStrategy') as scheduling_strategy, - JSON_EXTRACT(detail.Properties, '$.TotalMemoryLimit') as total_memory_limit, - JSON_EXTRACT(detail.Properties, '$.TotalCpuLimit') as total_cpu_limit, - JSON_EXTRACT(detail.Properties, '$.ContainerDefinitions') as container_definitions, - JSON_EXTRACT(detail.Properties, '$.OperatingSystem') as operating_system + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.DeploymentDetails') as deployment_details, + JSON_EXTRACT(detail.Properties, '$.DeploymentConfiguration') as deployment_configuration, + JSON_EXTRACT(detail.Properties, '$.InstanceType') as instance_type, + JSON_EXTRACT(detail.Properties, '$.BillingType') as billing_type, + JSON_EXTRACT(detail.Properties, '$.Locations') as locations, + JSON_EXTRACT(detail.Properties, '$.ScalingPolicies') as scaling_policies, + JSON_EXTRACT(detail.Properties, '$.MetricGroups') as metric_groups, + JSON_EXTRACT(detail.Properties, '$.NewGameSessionProtectionPolicy') as new_game_session_protection_policy, + JSON_EXTRACT(detail.Properties, '$.GameSessionCreationLimitPolicy') as game_session_creation_limit_policy, + JSON_EXTRACT(detail.Properties, '$.LogConfiguration') as log_configuration, + JSON_EXTRACT(detail.Properties, '$.FleetArn') as fleet_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' - AND detail.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' + WHERE listing.data__TypeName = 'AWS::GameLift::ContainerFleet' + AND detail.data__TypeName = 'AWS::GameLift::ContainerFleet' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -3488,29 +4276,45 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'ContainerGroupDefinitionArn') as container_group_definition_arn, - json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'FleetId') as fleet_id, + json_extract_path_text(detail.Properties, 'FleetRoleArn') as fleet_role_arn, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'GameServerContainerGroupDefinitionName') as game_server_container_group_definition_name, + json_extract_path_text(detail.Properties, 'GameServerContainerGroupDefinitionArn') as game_server_container_group_definition_arn, + json_extract_path_text(detail.Properties, 'PerInstanceContainerGroupDefinitionName') as per_instance_container_group_definition_name, + json_extract_path_text(detail.Properties, 'PerInstanceContainerGroupDefinitionArn') as per_instance_container_group_definition_arn, + json_extract_path_text(detail.Properties, 'InstanceConnectionPortRange') as instance_connection_port_range, + json_extract_path_text(detail.Properties, 'InstanceInboundPermissions') as instance_inbound_permissions, + json_extract_path_text(detail.Properties, 'GameServerContainerGroupsPerInstance') as game_server_container_groups_per_instance, + json_extract_path_text(detail.Properties, 'MaximumGameServerContainerGroupsPerInstance') as maximum_game_server_container_groups_per_instance, json_extract_path_text(detail.Properties, 'CreationTime') as creation_time, - json_extract_path_text(detail.Properties, 'SchedulingStrategy') as scheduling_strategy, - json_extract_path_text(detail.Properties, 'TotalMemoryLimit') as total_memory_limit, - json_extract_path_text(detail.Properties, 'TotalCpuLimit') as total_cpu_limit, - json_extract_path_text(detail.Properties, 'ContainerDefinitions') as container_definitions, - json_extract_path_text(detail.Properties, 'OperatingSystem') as operating_system + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'DeploymentDetails') as deployment_details, + json_extract_path_text(detail.Properties, 'DeploymentConfiguration') as deployment_configuration, + json_extract_path_text(detail.Properties, 'InstanceType') as instance_type, + json_extract_path_text(detail.Properties, 'BillingType') as billing_type, + json_extract_path_text(detail.Properties, 'Locations') as locations, + json_extract_path_text(detail.Properties, 'ScalingPolicies') as scaling_policies, + json_extract_path_text(detail.Properties, 'MetricGroups') as metric_groups, + json_extract_path_text(detail.Properties, 'NewGameSessionProtectionPolicy') as new_game_session_protection_policy, + json_extract_path_text(detail.Properties, 'GameSessionCreationLimitPolicy') as game_session_creation_limit_policy, + json_extract_path_text(detail.Properties, 'LogConfiguration') as log_configuration, + json_extract_path_text(detail.Properties, 'FleetArn') as fleet_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' - AND detail.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' + WHERE listing.data__TypeName = 'AWS::GameLift::ContainerFleet' + AND detail.data__TypeName = 'AWS::GameLift::ContainerFleet' AND listing.region = 'us-east-1' - locations: - name: locations - id: aws.gamelift.locations - x-cfn-schema-name: Location - x-cfn-type-name: AWS::GameLift::Location + container_group_definitions: + name: container_group_definitions + id: aws.gamelift.container_group_definitions + x-cfn-schema-name: ContainerGroupDefinition + x-cfn-type-name: AWS::GameLift::ContainerGroupDefinition x-identifiers: - - LocationName + - Name x-type: cloud_control methods: create_resource: @@ -3518,12 +4322,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Location&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ContainerGroupDefinition&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::GameLift::Location" + "TypeName": "AWS::GameLift::ContainerGroupDefinition" } response: mediaType: application/json @@ -3535,7 +4339,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::GameLift::Location" + "TypeName": "AWS::GameLift::ContainerGroupDefinition" } response: mediaType: application/json @@ -3547,18 +4351,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::GameLift::Location" + "TypeName": "AWS::GameLift::ContainerGroupDefinition" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/locations/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/container_group_definitions/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/locations/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/container_group_definitions/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/locations/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/container_group_definitions/methods/update_resource' config: views: select: @@ -3567,26 +4371,50 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.LocationName') as location_name, - JSON_EXTRACT(Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(Properties, '$.ContainerGroupDefinitionArn') as container_group_definition_arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.OperatingSystem') as operating_system, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ContainerGroupType') as container_group_type, + JSON_EXTRACT(Properties, '$.TotalMemoryLimitMebibytes') as total_memory_limit_mebibytes, + JSON_EXTRACT(Properties, '$.TotalVcpuLimit') as total_vcpu_limit, + JSON_EXTRACT(Properties, '$.GameServerContainerDefinition') as game_server_container_definition, + JSON_EXTRACT(Properties, '$.SupportContainerDefinitions') as support_container_definitions, + JSON_EXTRACT(Properties, '$.VersionNumber') as version_number, + JSON_EXTRACT(Properties, '$.SourceVersionNumber') as source_version_number, + JSON_EXTRACT(Properties, '$.VersionDescription') as version_description, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusReason') as status_reason, JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Location' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.LocationName') as location_name, - JSON_EXTRACT(detail.Properties, '$.LocationArn') as location_arn, + JSON_EXTRACT(detail.Properties, '$.ContainerGroupDefinitionArn') as container_group_definition_arn, + JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(detail.Properties, '$.OperatingSystem') as operating_system, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ContainerGroupType') as container_group_type, + JSON_EXTRACT(detail.Properties, '$.TotalMemoryLimitMebibytes') as total_memory_limit_mebibytes, + JSON_EXTRACT(detail.Properties, '$.TotalVcpuLimit') as total_vcpu_limit, + JSON_EXTRACT(detail.Properties, '$.GameServerContainerDefinition') as game_server_container_definition, + JSON_EXTRACT(detail.Properties, '$.SupportContainerDefinitions') as support_container_definitions, + JSON_EXTRACT(detail.Properties, '$.VersionNumber') as version_number, + JSON_EXTRACT(detail.Properties, '$.SourceVersionNumber') as source_version_number, + JSON_EXTRACT(detail.Properties, '$.VersionDescription') as version_description, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.StatusReason') as status_reason, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::GameLift::Location' - AND detail.data__TypeName = 'AWS::GameLift::Location' + WHERE listing.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' + AND detail.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -3594,34 +4422,58 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'LocationName') as location_name, - json_extract_path_text(Properties, 'LocationArn') as location_arn, + json_extract_path_text(Properties, 'ContainerGroupDefinitionArn') as container_group_definition_arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'OperatingSystem') as operating_system, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ContainerGroupType') as container_group_type, + json_extract_path_text(Properties, 'TotalMemoryLimitMebibytes') as total_memory_limit_mebibytes, + json_extract_path_text(Properties, 'TotalVcpuLimit') as total_vcpu_limit, + json_extract_path_text(Properties, 'GameServerContainerDefinition') as game_server_container_definition, + json_extract_path_text(Properties, 'SupportContainerDefinitions') as support_container_definitions, + json_extract_path_text(Properties, 'VersionNumber') as version_number, + json_extract_path_text(Properties, 'SourceVersionNumber') as source_version_number, + json_extract_path_text(Properties, 'VersionDescription') as version_description, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusReason') as status_reason, json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::Location' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'LocationName') as location_name, - json_extract_path_text(detail.Properties, 'LocationArn') as location_arn, + json_extract_path_text(detail.Properties, 'ContainerGroupDefinitionArn') as container_group_definition_arn, + json_extract_path_text(detail.Properties, 'CreationTime') as creation_time, + json_extract_path_text(detail.Properties, 'OperatingSystem') as operating_system, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ContainerGroupType') as container_group_type, + json_extract_path_text(detail.Properties, 'TotalMemoryLimitMebibytes') as total_memory_limit_mebibytes, + json_extract_path_text(detail.Properties, 'TotalVcpuLimit') as total_vcpu_limit, + json_extract_path_text(detail.Properties, 'GameServerContainerDefinition') as game_server_container_definition, + json_extract_path_text(detail.Properties, 'SupportContainerDefinitions') as support_container_definitions, + json_extract_path_text(detail.Properties, 'VersionNumber') as version_number, + json_extract_path_text(detail.Properties, 'SourceVersionNumber') as source_version_number, + json_extract_path_text(detail.Properties, 'VersionDescription') as version_description, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'StatusReason') as status_reason, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::GameLift::Location' - AND detail.data__TypeName = 'AWS::GameLift::Location' + WHERE listing.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' + AND detail.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' AND listing.region = 'us-east-1' - locations_list_only: - name: locations_list_only - id: aws.gamelift.locations_list_only - x-cfn-schema-name: Location - x-cfn-type-name: AWS::GameLift::Location + container_group_definitions_list_only: + name: container_group_definitions_list_only + id: aws.gamelift.container_group_definitions_list_only + x-cfn-schema-name: ContainerGroupDefinition + x-cfn-type-name: AWS::GameLift::ContainerGroupDefinition x-identifiers: - - LocationName + - Name x-type: cloud_control_view methods: {} sqlVerbs: @@ -3635,22 +4487,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.LocationName') as location_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Location' + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'LocationName') as location_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::Location' + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' AND region = 'us-east-1' - location_tags: - name: location_tags - id: aws.gamelift.location_tags - x-cfn-schema-name: Location - x-cfn-type-name: AWS::GameLift::Location + container_group_definition_tags: + name: container_group_definition_tags + id: aws.gamelift.container_group_definition_tags + x-cfn-schema-name: ContainerGroupDefinition + x-cfn-type-name: AWS::GameLift::ContainerGroupDefinition x-type: cloud_control_view methods: {} sqlVerbs: @@ -3666,15 +4518,27 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.LocationName') as location_name, - JSON_EXTRACT(detail.Properties, '$.LocationArn') as location_arn + JSON_EXTRACT(detail.Properties, '$.ContainerGroupDefinitionArn') as container_group_definition_arn, + JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(detail.Properties, '$.OperatingSystem') as operating_system, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ContainerGroupType') as container_group_type, + JSON_EXTRACT(detail.Properties, '$.TotalMemoryLimitMebibytes') as total_memory_limit_mebibytes, + JSON_EXTRACT(detail.Properties, '$.TotalVcpuLimit') as total_vcpu_limit, + JSON_EXTRACT(detail.Properties, '$.GameServerContainerDefinition') as game_server_container_definition, + JSON_EXTRACT(detail.Properties, '$.SupportContainerDefinitions') as support_container_definitions, + JSON_EXTRACT(detail.Properties, '$.VersionNumber') as version_number, + JSON_EXTRACT(detail.Properties, '$.SourceVersionNumber') as source_version_number, + JSON_EXTRACT(detail.Properties, '$.VersionDescription') as version_description, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.StatusReason') as status_reason FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::GameLift::Location' - AND detail.data__TypeName = 'AWS::GameLift::Location' + WHERE listing.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' + AND detail.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -3683,15 +4547,27 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'LocationName') as location_name, - json_extract_path_text(detail.Properties, 'LocationArn') as location_arn + json_extract_path_text(detail.Properties, 'ContainerGroupDefinitionArn') as container_group_definition_arn, + json_extract_path_text(detail.Properties, 'CreationTime') as creation_time, + json_extract_path_text(detail.Properties, 'OperatingSystem') as operating_system, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ContainerGroupType') as container_group_type, + json_extract_path_text(detail.Properties, 'TotalMemoryLimitMebibytes') as total_memory_limit_mebibytes, + json_extract_path_text(detail.Properties, 'TotalVcpuLimit') as total_vcpu_limit, + json_extract_path_text(detail.Properties, 'GameServerContainerDefinition') as game_server_container_definition, + json_extract_path_text(detail.Properties, 'SupportContainerDefinitions') as support_container_definitions, + json_extract_path_text(detail.Properties, 'VersionNumber') as version_number, + json_extract_path_text(detail.Properties, 'SourceVersionNumber') as source_version_number, + json_extract_path_text(detail.Properties, 'VersionDescription') as version_description, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'StatusReason') as status_reason FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::GameLift::Location' - AND detail.data__TypeName = 'AWS::GameLift::Location' + WHERE listing.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' + AND detail.data__TypeName = 'AWS::GameLift::ContainerGroupDefinition' AND listing.region = 'us-east-1' fleets: name: fleets @@ -3761,7 +4637,6 @@ components: JSON_EXTRACT(Properties, '$.ApplyCapacity') as apply_capacity, JSON_EXTRACT(Properties, '$.CertificateConfiguration') as certificate_configuration, JSON_EXTRACT(Properties, '$.ComputeType') as compute_type, - JSON_EXTRACT(Properties, '$.ContainerGroupsConfiguration') as container_groups_configuration, JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.DesiredEC2Instances') as desired_ec2_instances, JSON_EXTRACT(Properties, '$.EC2InboundPermissions') as e_c2_inbound_permissions, @@ -3798,7 +4673,6 @@ components: JSON_EXTRACT(detail.Properties, '$.ApplyCapacity') as apply_capacity, JSON_EXTRACT(detail.Properties, '$.CertificateConfiguration') as certificate_configuration, JSON_EXTRACT(detail.Properties, '$.ComputeType') as compute_type, - JSON_EXTRACT(detail.Properties, '$.ContainerGroupsConfiguration') as container_groups_configuration, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.DesiredEC2Instances') as desired_ec2_instances, JSON_EXTRACT(detail.Properties, '$.EC2InboundPermissions') as e_c2_inbound_permissions, @@ -3840,7 +4714,6 @@ components: json_extract_path_text(Properties, 'ApplyCapacity') as apply_capacity, json_extract_path_text(Properties, 'CertificateConfiguration') as certificate_configuration, json_extract_path_text(Properties, 'ComputeType') as compute_type, - json_extract_path_text(Properties, 'ContainerGroupsConfiguration') as container_groups_configuration, json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'DesiredEC2Instances') as desired_ec2_instances, json_extract_path_text(Properties, 'EC2InboundPermissions') as e_c2_inbound_permissions, @@ -3877,7 +4750,6 @@ components: json_extract_path_text(detail.Properties, 'ApplyCapacity') as apply_capacity, json_extract_path_text(detail.Properties, 'CertificateConfiguration') as certificate_configuration, json_extract_path_text(detail.Properties, 'ComputeType') as compute_type, - json_extract_path_text(detail.Properties, 'ContainerGroupsConfiguration') as container_groups_configuration, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'DesiredEC2Instances') as desired_ec2_instances, json_extract_path_text(detail.Properties, 'EC2InboundPermissions') as e_c2_inbound_permissions, @@ -5351,7 +6223,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=CreateResource&Version=2021-09-30&__ContainerGroupDefinition&__detailTransformed=true: + /?Action=CreateResource&Version=2021-09-30&__Location&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5361,7 +6233,7 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateContainerGroupDefinition + operationId: CreateLocation parameters: - description: Action Header in: header @@ -5384,7 +6256,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateContainerGroupDefinitionRequest' + $ref: '#/components/schemas/CreateLocationRequest' required: true responses: '200': @@ -5393,7 +6265,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=CreateResource&Version=2021-09-30&__Location&__detailTransformed=true: + /?Action=CreateResource&Version=2021-09-30&__ContainerFleet&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5403,7 +6275,7 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateLocation + operationId: CreateContainerFleet parameters: - description: Action Header in: header @@ -5426,7 +6298,49 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateLocationRequest' + $ref: '#/components/schemas/CreateContainerFleetRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__ContainerGroupDefinition&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateContainerGroupDefinition + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateContainerGroupDefinitionRequest' required: true responses: '200': diff --git a/providers/src/aws/v00.00.00000/services/globalaccelerator.yaml b/providers/src/aws/v00.00.00000/services/globalaccelerator.yaml index 2d88a526..1729b556 100644 --- a/providers/src/aws/v00.00.00000/services/globalaccelerator.yaml +++ b/providers/src/aws/v00.00.00000/services/globalaccelerator.yaml @@ -506,10 +506,10 @@ components: properties: EndpointId: type: string + Cidr: + type: string Region: type: string - required: - - EndpointId additionalProperties: false CrossAccountAttachment: type: object diff --git a/providers/src/aws/v00.00.00000/services/glue.yaml b/providers/src/aws/v00.00.00000/services/glue.yaml index 30de163f..d7e62dc9 100644 --- a/providers/src/aws/v00.00.00000/services/glue.yaml +++ b/providers/src/aws/v00.00.00000/services/glue.yaml @@ -385,6 +385,639 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + S3Target: + type: object + description: Specifies a data store in Amazon Simple Storage Service (Amazon S3). + additionalProperties: false + properties: + ConnectionName: + type: string + description: The name of a connection which allows a job or crawler to access data in Amazon S3 within an Amazon Virtual Private Cloud environment (Amazon VPC). + Path: + type: string + description: The path to the Amazon S3 target. + SampleSize: + type: integer + description: Sets the number of files in each leaf folder to be crawled when crawling sample files in a dataset. If not set, all the files are crawled. A valid value is an integer between 1 and 249. + Exclusions: + type: array + description: A list of glob patterns used to exclude from the crawl. + uniqueItems: false + items: + type: string + DlqEventQueueArn: + type: string + description: A valid Amazon dead-letter SQS ARN. For example, arn:aws:sqs:region:account:deadLetterQueue. + EventQueueArn: + type: string + description: A valid Amazon SQS ARN. For example, arn:aws:sqs:region:account:sqs. + LakeFormationConfiguration: + type: object + description: Specifies AWS Lake Formation configuration settings for the crawler + additionalProperties: false + properties: + UseLakeFormationCredentials: + type: boolean + description: Specifies whether to use AWS Lake Formation credentials for the crawler instead of the IAM role credentials. + AccountId: + type: string + description: Required for cross account crawls. For same account crawls as the target data, this can be left as null. + SchemaChangePolicy: + type: object + description: >- + The policy that specifies update and delete behaviors for the crawler. The policy tells the crawler what to do in the event that it detects a change in a table that already exists in the customer's database at the time of the crawl. The SchemaChangePolicy does not affect whether or how new tables and partitions are added. New tables and partitions are always created regardless of the SchemaChangePolicy on a crawler. The SchemaChangePolicy consists of two components, UpdateBehavior and + DeleteBehavior. + additionalProperties: false + properties: + UpdateBehavior: + type: string + description: The update behavior when the crawler finds a changed schema. A value of LOG specifies that if a table or a partition already exists, and a change is detected, do not update it, only log that a change was detected. Add new tables and new partitions (including on existing tables). A value of UPDATE_IN_DATABASE specifies that if a table or partition already exists, and a change is detected, update it. Add new tables and partitions. + DeleteBehavior: + type: string + description: >- + The deletion behavior when the crawler finds a deleted object. A value of LOG specifies that if a table or partition is found to no longer exist, do not delete it, only log that it was found to no longer exist. A value of DELETE_FROM_DATABASE specifies that if a table or partition is found to have been removed, delete it from the database. A value of DEPRECATE_IN_DATABASE specifies that if a table has been found to no longer exist, to add a property to the table that says + 'DEPRECATED' and includes a timestamp with the time of deprecation. + IcebergTarget: + type: object + description: Specifies Apache Iceberg data store targets. + additionalProperties: false + properties: + ConnectionName: + type: string + description: The name of the connection to use to connect to the Iceberg target. + Paths: + type: array + description: One or more Amazon S3 paths that contains Iceberg metadata folders as s3://bucket/prefix . + uniqueItems: false + items: + type: string + Exclusions: + type: array + description: A list of global patterns used to exclude from the crawl. + uniqueItems: false + items: + type: string + MaximumTraversalDepth: + type: integer + description: The maximum depth of Amazon S3 paths that the crawler can traverse to discover the Iceberg metadata folder in your Amazon S3 path. Used to limit the crawler run time. + Schedule: + type: object + description: A scheduling object using a cron statement to schedule an event. + additionalProperties: false + properties: + ScheduleExpression: + type: string + description: A cron expression used to specify the schedule. For more information, see Time-Based Schedules for Jobs and Crawlers. For example, to run something every day at 12:15 UTC, specify cron(15 12 * * ? *). + RecrawlPolicy: + type: object + description: When crawling an Amazon S3 data source after the first crawl is complete, specifies whether to crawl the entire dataset again or to crawl only folders that were added since the last crawler run. For more information, see Incremental Crawls in AWS Glue in the developer guide. + additionalProperties: false + properties: + RecrawlBehavior: + type: string + description: Specifies whether to crawl the entire dataset again or to crawl only folders that were added since the last crawler run. A value of CRAWL_EVERYTHING specifies crawling the entire dataset again. A value of CRAWL_NEW_FOLDERS_ONLY specifies crawling only folders that were added since the last crawler run. A value of CRAWL_EVENT_MODE specifies crawling only the changes identified by Amazon S3 events. + MongoDBTarget: + type: object + description: Specifies an Amazon DocumentDB or MongoDB data store to crawl. + additionalProperties: false + properties: + ConnectionName: + type: string + description: The name of the connection to use to connect to the Amazon DocumentDB or MongoDB target. + Path: + type: string + description: The path of the Amazon DocumentDB or MongoDB target (database/collection). + DeltaTarget: + type: object + description: Specifies a Delta data store to crawl one or more Delta tables. + additionalProperties: false + properties: + ConnectionName: + type: string + description: The name of the connection to use to connect to the Delta table target. + CreateNativeDeltaTable: + type: boolean + description: Specifies whether the crawler will create native tables, to allow integration with query engines that support querying of the Delta transaction log directly. + WriteManifest: + type: boolean + description: Specifies whether to write the manifest files to the Delta table path. + DeltaTables: + type: array + description: '' + uniqueItems: false + items: + type: string + description: A list of the Amazon S3 paths to the Delta tables. + JdbcTarget: + type: object + description: Specifies a JDBC data store to crawl. + additionalProperties: false + properties: + ConnectionName: + type: string + description: The name of the connection to use to connect to the JDBC target. + Path: + type: string + description: The path of the JDBC target. + Exclusions: + type: array + description: A list of glob patterns used to exclude from the crawl. For more information, see Catalog Tables with a Crawler. + uniqueItems: false + items: + type: string + EnableAdditionalMetadata: + type: array + description: |- + Specify a value of RAWTYPES or COMMENTS to enable additional metadata in table responses. RAWTYPES provides the native-level datatype. COMMENTS provides comments associated with a column or table in the database. + + If you do not need additional metadata, keep the field empty. + uniqueItems: false + items: + type: string + Targets: + type: object + description: Specifies data stores to crawl. + additionalProperties: false + properties: + S3Targets: + type: array + description: Specifies Amazon Simple Storage Service (Amazon S3) targets. + uniqueItems: false + items: + $ref: '#/components/schemas/S3Target' + CatalogTargets: + type: array + description: Specifies AWS Glue Data Catalog targets. + uniqueItems: false + items: + $ref: '#/components/schemas/CatalogTarget' + DeltaTargets: + type: array + description: Specifies an array of Delta data store targets. + uniqueItems: false + items: + $ref: '#/components/schemas/DeltaTarget' + MongoDBTargets: + type: array + description: A list of Mongo DB targets. + uniqueItems: false + items: + $ref: '#/components/schemas/MongoDBTarget' + JdbcTargets: + type: array + description: Specifies JDBC targets. + uniqueItems: false + items: + $ref: '#/components/schemas/JdbcTarget' + DynamoDBTargets: + type: array + description: Specifies Amazon DynamoDB targets. + uniqueItems: false + items: + $ref: '#/components/schemas/DynamoDBTarget' + IcebergTargets: + type: array + description: Specifies Apache Iceberg data store targets. + uniqueItems: false + items: + $ref: '#/components/schemas/IcebergTarget' + DynamoDBTarget: + type: object + description: Specifies an Amazon DynamoDB table to crawl. + additionalProperties: false + properties: + Path: + type: string + description: The name of the DynamoDB table to crawl. + CatalogTarget: + type: object + description: Specifies an AWS Glue Data Catalog target. + additionalProperties: false + properties: + ConnectionName: + type: string + description: The name of the connection for an Amazon S3-backed Data Catalog table to be a target of the crawl when using a Catalog connection type paired with a NETWORK Connection type. + DatabaseName: + type: string + description: The name of the database to be synchronized. + DlqEventQueueArn: + type: string + description: A valid Amazon dead-letter SQS ARN. For example, arn:aws:sqs:region:account:deadLetterQueue. + Tables: + type: array + description: A list of the tables to be synchronized. + uniqueItems: false + items: + type: string + EventQueueArn: + type: string + description: A valid Amazon SQS ARN. For example, arn:aws:sqs:region:account:sqs. + Crawler: + type: object + properties: + Classifiers: + type: array + description: A list of UTF-8 strings that specify the names of custom classifiers that are associated with the crawler. + uniqueItems: false + items: + type: string + Description: + type: string + description: A description of the crawler. + SchemaChangePolicy: + $ref: '#/components/schemas/SchemaChangePolicy' + Configuration: + type: string + description: Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. + RecrawlPolicy: + $ref: '#/components/schemas/RecrawlPolicy' + DatabaseName: + type: string + description: The name of the database in which the crawler's output is stored. + Targets: + $ref: '#/components/schemas/Targets' + CrawlerSecurityConfiguration: + type: string + description: The name of the SecurityConfiguration structure to be used by this crawler. + Name: + type: string + description: The name of the crawler. + Role: + type: string + description: The Amazon Resource Name (ARN) of an IAM role that's used to access customer resources, such as Amazon Simple Storage Service (Amazon S3) data. + LakeFormationConfiguration: + $ref: '#/components/schemas/LakeFormationConfiguration' + Schedule: + $ref: '#/components/schemas/Schedule' + TablePrefix: + type: string + description: The prefix added to the names of tables that are created. + Tags: + type: object + description: The tags to use with this crawler. + required: + - Role + - Targets + x-stackql-resource-name: crawler + description: Resource Type definition for AWS::Glue::Crawler + x-type-name: AWS::Glue::Crawler + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-required-properties: + - Role + - Targets + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - glue:CreateCrawler + - glue:GetCrawler + - glue:TagResource + - iam:PassRole + read: + - glue:GetCrawler + - glue:GetTags + - iam:PassRole + update: + - glue:UpdateCrawler + - glue:UntagResource + - glue:TagResource + - iam:PassRole + delete: + - glue:DeleteCrawler + - glue:GetCrawler + - glue:StopCrawler + - iam:PassRole + list: + - glue:ListCrawlers + - iam:PassRole + DatabaseIdentifier: + type: object + description: A structure that describes a target database for resource linking. + additionalProperties: false + properties: + DatabaseName: + type: string + description: The name of the catalog database. + Region: + type: string + description: Region of the target database. + CatalogId: + type: string + description: The ID of the Data Catalog in which the database resides. + PrincipalPrivileges: + type: object + description: The permissions granted to a principal. + additionalProperties: false + properties: + Permissions: + type: array + description: The permissions that are granted to the principal. + uniqueItems: false + x-insertionOrder: false + items: + type: string + Principal: + $ref: '#/components/schemas/DataLakePrincipal' + description: The principal who is granted permissions. + DataLakePrincipal: + type: object + description: The AWS Lake Formation principal. + additionalProperties: false + properties: + DataLakePrincipalIdentifier: + type: string + description: An identifier for the AWS Lake Formation principal. + FederatedDatabase: + type: object + description: A FederatedDatabase structure that references an entity outside the AWS Glue Data Catalog. + additionalProperties: false + properties: + ConnectionName: + type: string + description: The name of the connection to the external metastore. + Identifier: + type: string + description: A unique identifier for the federated database. + DatabaseInput: + type: object + description: The structure used to create or update a database. + additionalProperties: false + properties: + LocationUri: + type: string + description: The location of the database (for example, an HDFS path). + CreateTableDefaultPermissions: + type: array + description: Creates a set of default permissions on the table for principals. Used by AWS Lake Formation. Not used in the normal course of AWS Glue operations. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/PrincipalPrivileges' + description: The permissions granted to a principal. + Description: + type: string + description: A description of the database. + Parameters: + type: object + description: These key-value pairs define parameters and properties of the database. + TargetDatabase: + $ref: '#/components/schemas/DatabaseIdentifier' + description: A DatabaseIdentifier structure that describes a target database for resource linking. + FederatedDatabase: + $ref: '#/components/schemas/FederatedDatabase' + description: A FederatedDatabase structure that references an entity outside the AWS Glue Data Catalog. + Name: + type: string + description: The name of the database. For hive compatibility, this is folded to lowercase when it is stored. + Database: + type: object + properties: + CatalogId: + type: string + description: The AWS account ID for the account in which to create the catalog object. + DatabaseInput: + $ref: '#/components/schemas/DatabaseInput' + description: The metadata for the database. + DatabaseName: + type: string + description: The name of the database. For hive compatibility, this is folded to lowercase when it is store. + required: + - DatabaseInput + - CatalogId + x-stackql-resource-name: database + description: Resource Type definition for AWS::Glue::Database + x-type-name: AWS::Glue::Database + x-stackql-primary-identifier: + - DatabaseName + x-create-only-properties: + - DatabaseName + x-required-properties: + - DatabaseInput + - CatalogId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - glue:CreateDatabase + - glue:GetDatabase + - glue:PassConnection + - glue:CreateConnection + - lakeformation:ListResources + - lakeformation:DescribeResource + - lakeformation:DescribeLakeFormationIdentityCenterConfiguration + read: + - glue:GetDatabase + - glue:GetConnection + - lakeformation:ListResources + - lakeformation:DescribeResource + - lakeformation:DescribeLakeFormationIdentityCenterConfiguration + update: + - glue:UpdateDatabase + - glue:UpdateConnection + - lakeformation:ListResources + - lakeformation:DescribeResource + - lakeformation:DescribeLakeFormationIdentityCenterConfiguration + delete: + - glue:DeleteDatabase + - glue:GetDatabase + - glue:DeleteConnection + - glue:GetConnection + - lakeformation:ListResources + - lakeformation:DescribeResource + - lakeformation:DescribeLakeFormationIdentityCenterConfiguration + list: + - glue:GetDatabases + - lakeformation:ListResources + - lakeformation:DescribeResource + - lakeformation:DescribeLakeFormationIdentityCenterConfiguration + DefaultArguments: + type: object + additionalProperties: false + properties: + Key: + type: string + Value: + type: string + NonOverridableArguments: + type: object + additionalProperties: false + properties: + Key: + type: string + Value: + type: string + JobCommand: + type: object + properties: + Name: + description: The name of the job command + type: string + PythonVersion: + description: The Python version being used to execute a Python shell job. + type: string + Runtime: + description: Runtime is used to specify the versions of Ray, Python and additional libraries available in your environment + type: string + ScriptLocation: + description: Specifies the Amazon Simple Storage Service (Amazon S3) path to a script that executes a job + type: string + additionalProperties: false + ConnectionsList: + type: object + properties: + Connections: + description: A list of connections used by the job. + type: array + uniqueItems: false + items: + type: string + additionalProperties: false + ExecutionProperty: + type: object + properties: + MaxConcurrentRuns: + description: The maximum number of concurrent runs allowed for the job. + type: number + additionalProperties: false + NotificationProperty: + type: object + description: Specifies configuration properties of a job run notification. + additionalProperties: false + properties: + NotifyDelayAfter: + type: integer + description: After a job run starts, the number of minutes to wait before sending a job run delay notification + Job: + type: object + properties: + Connections: + $ref: '#/components/schemas/ConnectionsList' + description: Specifies the connections used by a job + MaxRetries: + type: number + description: The maximum number of times to retry this job after a JobRun fails + Description: + type: string + description: A description of the job. + Timeout: + type: integer + description: The maximum time that a job run can consume resources before it is terminated and enters TIMEOUT status. + AllocatedCapacity: + type: number + description: The number of capacity units that are allocated to this job. + Name: + type: string + description: The name you assign to the job definition + Role: + type: string + description: The name or Amazon Resource Name (ARN) of the IAM role associated with this job. + DefaultArguments: + type: object + description: The default arguments for this job, specified as name-value pairs. + NotificationProperty: + $ref: '#/components/schemas/NotificationProperty' + description: Specifies configuration properties of a notification. + WorkerType: + type: string + description: TThe type of predefined worker that is allocated when a job runs. + enum: + - Standard + - G.1X + - G.2X + - G.025X + - G.4X + - G.8X + - Z.2X + ExecutionClass: + type: string + description: Indicates whether the job is run with a standard or flexible execution class. + LogUri: + type: string + description: This field is reserved for future use. + Command: + $ref: '#/components/schemas/JobCommand' + description: The code that executes a job. + GlueVersion: + type: string + description: Glue version determines the versions of Apache Spark and Python that AWS Glue supports. + ExecutionProperty: + $ref: '#/components/schemas/ExecutionProperty' + description: The maximum number of concurrent runs that are allowed for this job. + SecurityConfiguration: + type: string + description: The name of the SecurityConfiguration structure to be used with this job. + NumberOfWorkers: + type: integer + description: The number of workers of a defined workerType that are allocated when a job runs. + Tags: + type: object + description: The tags to use with this job. + MaxCapacity: + type: number + description: The number of AWS Glue data processing units (DPUs) that can be allocated when this job runs. + NonOverridableArguments: + type: object + description: Non-overridable arguments for this job, specified as name-value pairs. + MaintenanceWindow: + type: string + description: Property description not available. + JobMode: + type: string + description: Property description not available. + JobRunQueuingEnabled: + type: boolean + description: Property description not available. + required: + - Role + - Command + x-stackql-resource-name: job + description: Resource Type definition for AWS::Glue::Job + x-type-name: AWS::Glue::Job + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-required-properties: + - Role + - Command + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:GetRole + - iam:PassRole + - glue:CreateJob + - glue:GetJob + - glue:TagResource + read: + - glue:GetJob + - glue:GetTags + delete: + - glue:DeleteJob + - glue:GetJob + - glue:UntagResource + update: + - iam:GetRole + - iam:PassRole + - glue:UpdateJob + - glue:UntagResource + - glue:TagResource + list: + - glue:ListJobs Tag: type: object properties: @@ -522,73 +1155,1314 @@ components: - glue:removeSchemaVersionMetadata list: - glue:querySchemaVersionMetadata - CreateSchemaVersionRequest: + Condition: + type: object + description: Defines a condition under which a trigger fires. + additionalProperties: false properties: - ClientToken: + JobName: type: string - RoleArn: + description: The name of the job whose JobRuns this condition applies to, and on which this trigger waits. + CrawlerName: type: string - TypeName: + description: The name of the crawler to which this condition applies. + State: type: string - TypeVersionId: + description: The condition state. Currently, the values supported are SUCCEEDED, STOPPED, TIMEOUT, and FAILED. + CrawlState: type: string - DesiredState: + description: The state of the crawler to which this condition applies. + LogicalOperator: + type: string + description: A logical operator. + Action: + type: object + description: The actions initiated by this trigger. + additionalProperties: false + properties: + NotificationProperty: + $ref: '#/components/schemas/NotificationProperty' + description: Specifies configuration properties of a job run notification. + CrawlerName: + type: string + description: The name of the crawler to be used with this action. + Timeout: + type: integer + description: The JobRun timeout in minutes. This is the maximum time that a job run can consume resources before it is terminated and enters TIMEOUT status. The default is 2,880 minutes (48 hours). This overrides the timeout value set in the parent job. + JobName: + type: string + description: The name of a job to be executed. + Arguments: type: object - properties: - Schema: - $ref: '#/components/schemas/Schema' - SchemaDefinition: - type: string - description: Complete definition of the schema in plain-text. - minLength: 1 - maxLength: 170000 - VersionId: - type: string - description: Represents the version ID associated with the schema version. - pattern: '[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}' - x-stackQL-stringOnly: true - x-title: CreateSchemaVersionRequest + description: The job arguments used when this trigger fires. For this job run, they replace the default arguments set in the job definition itself. + SecurityConfiguration: + type: string + description: The name of the SecurityConfiguration structure to be used with this action. + EventBatchingCondition: type: object - required: [] - CreateSchemaVersionMetadataRequest: + description: Batch condition that must be met (specified number of events received or batch time window expired) before EventBridge event trigger fires. + additionalProperties: false properties: - ClientToken: + BatchSize: + type: integer + description: Number of events that must be received from Amazon EventBridge before EventBridge event trigger fires. + BatchWindow: + type: integer + description: Window of time in seconds after which EventBridge event trigger fires. Window starts when first event is received. + required: + - BatchSize + Predicate: + type: object + description: The predicate of this trigger, which defines when it will fire. + additionalProperties: false + properties: + Logical: type: string - RoleArn: + description: An optional field if only one condition is listed. If multiple conditions are listed, then this field is required. + Conditions: + type: array + description: A list of the conditions that determine when the trigger will fire. + uniqueItems: false + items: + $ref: '#/components/schemas/Condition' + Trigger: + type: object + properties: + Type: type: string - TypeName: + description: The type of trigger that this is. + StartOnCreation: + type: boolean + description: Set to true to start SCHEDULED and CONDITIONAL triggers when created. True is not supported for ON_DEMAND triggers. + Description: type: string - TypeVersionId: + description: A description of this trigger. + Actions: + type: array + description: The actions initiated by this trigger. + uniqueItems: false + items: + $ref: '#/components/schemas/Action' + EventBatchingCondition: + $ref: '#/components/schemas/EventBatchingCondition' + description: Batch condition that must be met (specified number of events received or batch time window expired) before EventBridge event trigger fires. + WorkflowName: type: string - DesiredState: + description: The name of the workflow associated with the trigger. + Schedule: + type: string + description: A cron expression used to specify the schedule. + Tags: type: object - properties: - SchemaVersionId: - type: string - description: Represents the version ID associated with the schema version. - pattern: '[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}' - Key: - type: string - description: Metadata key - minLength: 1 - maxLength: 128 - Value: - type: string - description: Metadata value - minLength: 1 - maxLength: 256 - x-stackQL-stringOnly: true - x-title: CreateSchemaVersionMetadataRequest - type: object - required: [] - securitySchemes: - hmac: - type: apiKey - name: Authorization - in: header - description: Amazon Signature authorization v4 - x-amazon-apigateway-authtype: awsSigv4 + description: The tags to use with this trigger. + Name: + type: string + description: The name of the trigger. + Predicate: + $ref: '#/components/schemas/Predicate' + description: The predicate of this trigger, which defines when it will fire. + required: + - Type + - Actions + x-stackql-resource-name: trigger + description: Resource Type definition for AWS::Glue::Trigger + x-type-name: AWS::Glue::Trigger + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - WorkflowName + - Type + x-write-only-properties: + - StartOnCreation + x-required-properties: + - Type + - Actions + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - glue:CreateTrigger + - glue:GetTrigger + - glue:TagResource + read: + - glue:GetTrigger + - glue:GetTags + update: + - glue:UpdateTrigger + - glue:UntagResource + - glue:TagResource + delete: + - glue:DeleteTrigger + - glue:GetTrigger + list: + - glue:ListTriggers + ProfileConfiguration: + properties: + JobConfiguration: + x-patternProperties: + ^.+$: + $ref: '#/components/schemas/ConfigurationObject' + additionalProperties: false + SessionConfiguration: + x-patternProperties: + ^.+$: + $ref: '#/components/schemas/ConfigurationObject' + additionalProperties: false + anyOf: + - required: + - JobConfiguration + - required: + - SessionConfiguration + additionalProperties: false + ConfigurationObject: + properties: + DefaultValue: + type: string + AllowedValues: + type: array + items: + type: string + x-insertionOrder: false + MinValue: + type: string + MaxValue: + type: string + anyOf: + - required: + - DefaultValue + - oneOf: + - required: + - AllowedValues + - required: + - MinValue + - MaxValue + additionalProperties: false + UsageProfile: + type: object + properties: + Name: + description: The name of the UsageProfile. + type: string + maxLength: 128 + minLength: 5 + Description: + description: The description of the UsageProfile. + type: string + maxLength: 512 + minLength: 1 + pattern: '[a-zA-Z0-9\-\:\_]{1,64}' + Configuration: + description: 'UsageProfile configuration for supported service ex: (Jobs, Sessions).' + $ref: '#/components/schemas/ProfileConfiguration' + minItems: 1 + Tags: + description: The tags to be applied to this UsageProfiles. + type: array + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + uniqueItems: true + x-insertionOrder: false + CreatedOn: + description: Creation time. + type: string + maxLength: 128 + minLength: 1 + required: + - Name + x-stackql-resource-name: usage_profile + description: This creates a Resource of UsageProfile type. + x-type-name: AWS::Glue::UsageProfile + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + x-read-only-properties: + - CreatedOn + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - glue:TagResource + - glue:UntagResource + - glue:GetTags + x-required-permissions: + create: + - glue:CreateUsageProfile + - glue:GetUsageProfile + - glue:GetTags + - glue:TagResource + read: + - glue:GetUsageProfile + - glue:GetTags + update: + - glue:UpdateUsageProfile + - glue:GetUsageProfile + - glue:TagResource + - glue:UntagResource + - glue:GetTags + delete: + - glue:DeleteUsageProfile + - glue:GetUsageProfile + list: + - glue:ListUsageProfiles + CreateCrawlerRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Classifiers: + type: array + description: A list of UTF-8 strings that specify the names of custom classifiers that are associated with the crawler. + uniqueItems: false + items: + type: string + Description: + type: string + description: A description of the crawler. + SchemaChangePolicy: + $ref: '#/components/schemas/SchemaChangePolicy' + Configuration: + type: string + description: Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. + RecrawlPolicy: + $ref: '#/components/schemas/RecrawlPolicy' + DatabaseName: + type: string + description: The name of the database in which the crawler's output is stored. + Targets: + $ref: '#/components/schemas/Targets' + CrawlerSecurityConfiguration: + type: string + description: The name of the SecurityConfiguration structure to be used by this crawler. + Name: + type: string + description: The name of the crawler. + Role: + type: string + description: The Amazon Resource Name (ARN) of an IAM role that's used to access customer resources, such as Amazon Simple Storage Service (Amazon S3) data. + LakeFormationConfiguration: + $ref: '#/components/schemas/LakeFormationConfiguration' + Schedule: + $ref: '#/components/schemas/Schedule' + TablePrefix: + type: string + description: The prefix added to the names of tables that are created. + Tags: + type: object + description: The tags to use with this crawler. + x-stackQL-stringOnly: true + x-title: CreateCrawlerRequest + type: object + required: [] + CreateDatabaseRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + CatalogId: + type: string + description: The AWS account ID for the account in which to create the catalog object. + DatabaseInput: + $ref: '#/components/schemas/DatabaseInput' + description: The metadata for the database. + DatabaseName: + type: string + description: The name of the database. For hive compatibility, this is folded to lowercase when it is store. + x-stackQL-stringOnly: true + x-title: CreateDatabaseRequest + type: object + required: [] + CreateJobRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Connections: + $ref: '#/components/schemas/ConnectionsList' + description: Specifies the connections used by a job + MaxRetries: + type: number + description: The maximum number of times to retry this job after a JobRun fails + Description: + type: string + description: A description of the job. + Timeout: + type: integer + description: The maximum time that a job run can consume resources before it is terminated and enters TIMEOUT status. + AllocatedCapacity: + type: number + description: The number of capacity units that are allocated to this job. + Name: + type: string + description: The name you assign to the job definition + Role: + type: string + description: The name or Amazon Resource Name (ARN) of the IAM role associated with this job. + DefaultArguments: + type: object + description: The default arguments for this job, specified as name-value pairs. + NotificationProperty: + $ref: '#/components/schemas/NotificationProperty' + description: Specifies configuration properties of a notification. + WorkerType: + type: string + description: TThe type of predefined worker that is allocated when a job runs. + enum: + - Standard + - G.1X + - G.2X + - G.025X + - G.4X + - G.8X + - Z.2X + ExecutionClass: + type: string + description: Indicates whether the job is run with a standard or flexible execution class. + LogUri: + type: string + description: This field is reserved for future use. + Command: + $ref: '#/components/schemas/JobCommand' + description: The code that executes a job. + GlueVersion: + type: string + description: Glue version determines the versions of Apache Spark and Python that AWS Glue supports. + ExecutionProperty: + $ref: '#/components/schemas/ExecutionProperty' + description: The maximum number of concurrent runs that are allowed for this job. + SecurityConfiguration: + type: string + description: The name of the SecurityConfiguration structure to be used with this job. + NumberOfWorkers: + type: integer + description: The number of workers of a defined workerType that are allocated when a job runs. + Tags: + type: object + description: The tags to use with this job. + MaxCapacity: + type: number + description: The number of AWS Glue data processing units (DPUs) that can be allocated when this job runs. + NonOverridableArguments: + type: object + description: Non-overridable arguments for this job, specified as name-value pairs. + MaintenanceWindow: + type: string + description: Property description not available. + JobMode: + type: string + description: Property description not available. + JobRunQueuingEnabled: + type: boolean + description: Property description not available. + x-stackQL-stringOnly: true + x-title: CreateJobRequest + type: object + required: [] + CreateSchemaVersionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Schema: + $ref: '#/components/schemas/Schema' + SchemaDefinition: + type: string + description: Complete definition of the schema in plain-text. + minLength: 1 + maxLength: 170000 + VersionId: + type: string + description: Represents the version ID associated with the schema version. + pattern: '[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}' + x-stackQL-stringOnly: true + x-title: CreateSchemaVersionRequest + type: object + required: [] + CreateSchemaVersionMetadataRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + SchemaVersionId: + type: string + description: Represents the version ID associated with the schema version. + pattern: '[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}' + Key: + type: string + description: Metadata key + minLength: 1 + maxLength: 128 + Value: + type: string + description: Metadata value + minLength: 1 + maxLength: 256 + x-stackQL-stringOnly: true + x-title: CreateSchemaVersionMetadataRequest + type: object + required: [] + CreateTriggerRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Type: + type: string + description: The type of trigger that this is. + StartOnCreation: + type: boolean + description: Set to true to start SCHEDULED and CONDITIONAL triggers when created. True is not supported for ON_DEMAND triggers. + Description: + type: string + description: A description of this trigger. + Actions: + type: array + description: The actions initiated by this trigger. + uniqueItems: false + items: + $ref: '#/components/schemas/Action' + EventBatchingCondition: + $ref: '#/components/schemas/EventBatchingCondition' + description: Batch condition that must be met (specified number of events received or batch time window expired) before EventBridge event trigger fires. + WorkflowName: + type: string + description: The name of the workflow associated with the trigger. + Schedule: + type: string + description: A cron expression used to specify the schedule. + Tags: + type: object + description: The tags to use with this trigger. + Name: + type: string + description: The name of the trigger. + Predicate: + $ref: '#/components/schemas/Predicate' + description: The predicate of this trigger, which defines when it will fire. + x-stackQL-stringOnly: true + x-title: CreateTriggerRequest + type: object + required: [] + CreateUsageProfileRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Name: + description: The name of the UsageProfile. + type: string + maxLength: 128 + minLength: 5 + Description: + description: The description of the UsageProfile. + type: string + maxLength: 512 + minLength: 1 + pattern: '[a-zA-Z0-9\-\:\_]{1,64}' + Configuration: + description: 'UsageProfile configuration for supported service ex: (Jobs, Sessions).' + $ref: '#/components/schemas/ProfileConfiguration' + minItems: 1 + Tags: + description: The tags to be applied to this UsageProfiles. + type: array + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + uniqueItems: true + x-insertionOrder: false + CreatedOn: + description: Creation time. + type: string + maxLength: 128 + minLength: 1 + x-stackQL-stringOnly: true + x-title: CreateUsageProfileRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: + crawlers: + name: crawlers + id: aws.glue.crawlers + x-cfn-schema-name: Crawler + x-cfn-type-name: AWS::Glue::Crawler + x-identifiers: + - Name + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Crawler&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::Crawler" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::Crawler" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::Crawler" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/crawlers/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/crawlers/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/crawlers/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Classifiers') as classifiers, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.SchemaChangePolicy') as schema_change_policy, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.RecrawlPolicy') as recrawl_policy, + JSON_EXTRACT(Properties, '$.DatabaseName') as database_name, + JSON_EXTRACT(Properties, '$.Targets') as targets, + JSON_EXTRACT(Properties, '$.CrawlerSecurityConfiguration') as crawler_security_configuration, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Role') as role, + JSON_EXTRACT(Properties, '$.LakeFormationConfiguration') as lake_formation_configuration, + JSON_EXTRACT(Properties, '$.Schedule') as schedule, + JSON_EXTRACT(Properties, '$.TablePrefix') as table_prefix, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::Crawler' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Classifiers') as classifiers, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.SchemaChangePolicy') as schema_change_policy, + JSON_EXTRACT(detail.Properties, '$.Configuration') as configuration, + JSON_EXTRACT(detail.Properties, '$.RecrawlPolicy') as recrawl_policy, + JSON_EXTRACT(detail.Properties, '$.DatabaseName') as database_name, + JSON_EXTRACT(detail.Properties, '$.Targets') as targets, + JSON_EXTRACT(detail.Properties, '$.CrawlerSecurityConfiguration') as crawler_security_configuration, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Role') as role, + JSON_EXTRACT(detail.Properties, '$.LakeFormationConfiguration') as lake_formation_configuration, + JSON_EXTRACT(detail.Properties, '$.Schedule') as schedule, + JSON_EXTRACT(detail.Properties, '$.TablePrefix') as table_prefix, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Glue::Crawler' + AND detail.data__TypeName = 'AWS::Glue::Crawler' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Classifiers') as classifiers, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'SchemaChangePolicy') as schema_change_policy, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'RecrawlPolicy') as recrawl_policy, + json_extract_path_text(Properties, 'DatabaseName') as database_name, + json_extract_path_text(Properties, 'Targets') as targets, + json_extract_path_text(Properties, 'CrawlerSecurityConfiguration') as crawler_security_configuration, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Role') as role, + json_extract_path_text(Properties, 'LakeFormationConfiguration') as lake_formation_configuration, + json_extract_path_text(Properties, 'Schedule') as schedule, + json_extract_path_text(Properties, 'TablePrefix') as table_prefix, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::Crawler' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Classifiers') as classifiers, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'SchemaChangePolicy') as schema_change_policy, + json_extract_path_text(detail.Properties, 'Configuration') as configuration, + json_extract_path_text(detail.Properties, 'RecrawlPolicy') as recrawl_policy, + json_extract_path_text(detail.Properties, 'DatabaseName') as database_name, + json_extract_path_text(detail.Properties, 'Targets') as targets, + json_extract_path_text(detail.Properties, 'CrawlerSecurityConfiguration') as crawler_security_configuration, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Role') as role, + json_extract_path_text(detail.Properties, 'LakeFormationConfiguration') as lake_formation_configuration, + json_extract_path_text(detail.Properties, 'Schedule') as schedule, + json_extract_path_text(detail.Properties, 'TablePrefix') as table_prefix, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Glue::Crawler' + AND detail.data__TypeName = 'AWS::Glue::Crawler' + AND listing.region = 'us-east-1' + crawlers_list_only: + name: crawlers_list_only + id: aws.glue.crawlers_list_only + x-cfn-schema-name: Crawler + x-cfn-type-name: AWS::Glue::Crawler + x-identifiers: + - Name + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::Crawler' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::Crawler' + AND region = 'us-east-1' + crawler_tags: + name: crawler_tags + id: aws.glue.crawler_tags + x-cfn-schema-name: Crawler + x-cfn-type-name: AWS::Glue::Crawler + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Classifiers') as classifiers, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.SchemaChangePolicy') as schema_change_policy, + JSON_EXTRACT(detail.Properties, '$.Configuration') as configuration, + JSON_EXTRACT(detail.Properties, '$.RecrawlPolicy') as recrawl_policy, + JSON_EXTRACT(detail.Properties, '$.DatabaseName') as database_name, + JSON_EXTRACT(detail.Properties, '$.Targets') as targets, + JSON_EXTRACT(detail.Properties, '$.CrawlerSecurityConfiguration') as crawler_security_configuration, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Role') as role, + JSON_EXTRACT(detail.Properties, '$.LakeFormationConfiguration') as lake_formation_configuration, + JSON_EXTRACT(detail.Properties, '$.Schedule') as schedule, + JSON_EXTRACT(detail.Properties, '$.TablePrefix') as table_prefix + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Glue::Crawler' + AND detail.data__TypeName = 'AWS::Glue::Crawler' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Classifiers') as classifiers, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'SchemaChangePolicy') as schema_change_policy, + json_extract_path_text(detail.Properties, 'Configuration') as configuration, + json_extract_path_text(detail.Properties, 'RecrawlPolicy') as recrawl_policy, + json_extract_path_text(detail.Properties, 'DatabaseName') as database_name, + json_extract_path_text(detail.Properties, 'Targets') as targets, + json_extract_path_text(detail.Properties, 'CrawlerSecurityConfiguration') as crawler_security_configuration, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Role') as role, + json_extract_path_text(detail.Properties, 'LakeFormationConfiguration') as lake_formation_configuration, + json_extract_path_text(detail.Properties, 'Schedule') as schedule, + json_extract_path_text(detail.Properties, 'TablePrefix') as table_prefix + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Glue::Crawler' + AND detail.data__TypeName = 'AWS::Glue::Crawler' + AND listing.region = 'us-east-1' + databases: + name: databases + id: aws.glue.databases + x-cfn-schema-name: Database + x-cfn-type-name: AWS::Glue::Database + x-identifiers: + - DatabaseName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Database&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::Database" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::Database" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::Database" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/databases/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/databases/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/databases/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CatalogId') as catalog_id, + JSON_EXTRACT(Properties, '$.DatabaseInput') as database_input, + JSON_EXTRACT(Properties, '$.DatabaseName') as database_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::Database' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.CatalogId') as catalog_id, + JSON_EXTRACT(detail.Properties, '$.DatabaseInput') as database_input, + JSON_EXTRACT(detail.Properties, '$.DatabaseName') as database_name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Glue::Database' + AND detail.data__TypeName = 'AWS::Glue::Database' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CatalogId') as catalog_id, + json_extract_path_text(Properties, 'DatabaseInput') as database_input, + json_extract_path_text(Properties, 'DatabaseName') as database_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::Database' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'CatalogId') as catalog_id, + json_extract_path_text(detail.Properties, 'DatabaseInput') as database_input, + json_extract_path_text(detail.Properties, 'DatabaseName') as database_name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Glue::Database' + AND detail.data__TypeName = 'AWS::Glue::Database' + AND listing.region = 'us-east-1' + databases_list_only: + name: databases_list_only + id: aws.glue.databases_list_only + x-cfn-schema-name: Database + x-cfn-type-name: AWS::Glue::Database + x-identifiers: + - DatabaseName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DatabaseName') as database_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::Database' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DatabaseName') as database_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::Database' + AND region = 'us-east-1' + jobs: + name: jobs + id: aws.glue.jobs + x-cfn-schema-name: Job + x-cfn-type-name: AWS::Glue::Job + x-identifiers: + - Name + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Job&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::Job" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::Job" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::Job" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/jobs/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/jobs/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/jobs/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Connections') as connections, + JSON_EXTRACT(Properties, '$.MaxRetries') as max_retries, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Timeout') as timeout, + JSON_EXTRACT(Properties, '$.AllocatedCapacity') as allocated_capacity, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Role') as role, + JSON_EXTRACT(Properties, '$.DefaultArguments') as default_arguments, + JSON_EXTRACT(Properties, '$.NotificationProperty') as notification_property, + JSON_EXTRACT(Properties, '$.WorkerType') as worker_type, + JSON_EXTRACT(Properties, '$.ExecutionClass') as execution_class, + JSON_EXTRACT(Properties, '$.LogUri') as log_uri, + JSON_EXTRACT(Properties, '$.Command') as command, + JSON_EXTRACT(Properties, '$.GlueVersion') as glue_version, + JSON_EXTRACT(Properties, '$.ExecutionProperty') as execution_property, + JSON_EXTRACT(Properties, '$.SecurityConfiguration') as security_configuration, + JSON_EXTRACT(Properties, '$.NumberOfWorkers') as number_of_workers, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.MaxCapacity') as max_capacity, + JSON_EXTRACT(Properties, '$.NonOverridableArguments') as non_overridable_arguments, + JSON_EXTRACT(Properties, '$.MaintenanceWindow') as maintenance_window, + JSON_EXTRACT(Properties, '$.JobMode') as job_mode, + JSON_EXTRACT(Properties, '$.JobRunQueuingEnabled') as job_run_queuing_enabled + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::Job' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Connections') as connections, + JSON_EXTRACT(detail.Properties, '$.MaxRetries') as max_retries, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Timeout') as timeout, + JSON_EXTRACT(detail.Properties, '$.AllocatedCapacity') as allocated_capacity, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Role') as role, + JSON_EXTRACT(detail.Properties, '$.DefaultArguments') as default_arguments, + JSON_EXTRACT(detail.Properties, '$.NotificationProperty') as notification_property, + JSON_EXTRACT(detail.Properties, '$.WorkerType') as worker_type, + JSON_EXTRACT(detail.Properties, '$.ExecutionClass') as execution_class, + JSON_EXTRACT(detail.Properties, '$.LogUri') as log_uri, + JSON_EXTRACT(detail.Properties, '$.Command') as command, + JSON_EXTRACT(detail.Properties, '$.GlueVersion') as glue_version, + JSON_EXTRACT(detail.Properties, '$.ExecutionProperty') as execution_property, + JSON_EXTRACT(detail.Properties, '$.SecurityConfiguration') as security_configuration, + JSON_EXTRACT(detail.Properties, '$.NumberOfWorkers') as number_of_workers, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.MaxCapacity') as max_capacity, + JSON_EXTRACT(detail.Properties, '$.NonOverridableArguments') as non_overridable_arguments, + JSON_EXTRACT(detail.Properties, '$.MaintenanceWindow') as maintenance_window, + JSON_EXTRACT(detail.Properties, '$.JobMode') as job_mode, + JSON_EXTRACT(detail.Properties, '$.JobRunQueuingEnabled') as job_run_queuing_enabled + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Glue::Job' + AND detail.data__TypeName = 'AWS::Glue::Job' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Connections') as connections, + json_extract_path_text(Properties, 'MaxRetries') as max_retries, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Timeout') as timeout, + json_extract_path_text(Properties, 'AllocatedCapacity') as allocated_capacity, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Role') as role, + json_extract_path_text(Properties, 'DefaultArguments') as default_arguments, + json_extract_path_text(Properties, 'NotificationProperty') as notification_property, + json_extract_path_text(Properties, 'WorkerType') as worker_type, + json_extract_path_text(Properties, 'ExecutionClass') as execution_class, + json_extract_path_text(Properties, 'LogUri') as log_uri, + json_extract_path_text(Properties, 'Command') as command, + json_extract_path_text(Properties, 'GlueVersion') as glue_version, + json_extract_path_text(Properties, 'ExecutionProperty') as execution_property, + json_extract_path_text(Properties, 'SecurityConfiguration') as security_configuration, + json_extract_path_text(Properties, 'NumberOfWorkers') as number_of_workers, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'MaxCapacity') as max_capacity, + json_extract_path_text(Properties, 'NonOverridableArguments') as non_overridable_arguments, + json_extract_path_text(Properties, 'MaintenanceWindow') as maintenance_window, + json_extract_path_text(Properties, 'JobMode') as job_mode, + json_extract_path_text(Properties, 'JobRunQueuingEnabled') as job_run_queuing_enabled + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::Job' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Connections') as connections, + json_extract_path_text(detail.Properties, 'MaxRetries') as max_retries, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Timeout') as timeout, + json_extract_path_text(detail.Properties, 'AllocatedCapacity') as allocated_capacity, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Role') as role, + json_extract_path_text(detail.Properties, 'DefaultArguments') as default_arguments, + json_extract_path_text(detail.Properties, 'NotificationProperty') as notification_property, + json_extract_path_text(detail.Properties, 'WorkerType') as worker_type, + json_extract_path_text(detail.Properties, 'ExecutionClass') as execution_class, + json_extract_path_text(detail.Properties, 'LogUri') as log_uri, + json_extract_path_text(detail.Properties, 'Command') as command, + json_extract_path_text(detail.Properties, 'GlueVersion') as glue_version, + json_extract_path_text(detail.Properties, 'ExecutionProperty') as execution_property, + json_extract_path_text(detail.Properties, 'SecurityConfiguration') as security_configuration, + json_extract_path_text(detail.Properties, 'NumberOfWorkers') as number_of_workers, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'MaxCapacity') as max_capacity, + json_extract_path_text(detail.Properties, 'NonOverridableArguments') as non_overridable_arguments, + json_extract_path_text(detail.Properties, 'MaintenanceWindow') as maintenance_window, + json_extract_path_text(detail.Properties, 'JobMode') as job_mode, + json_extract_path_text(detail.Properties, 'JobRunQueuingEnabled') as job_run_queuing_enabled + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Glue::Job' + AND detail.data__TypeName = 'AWS::Glue::Job' + AND listing.region = 'us-east-1' + jobs_list_only: + name: jobs_list_only + id: aws.glue.jobs_list_only + x-cfn-schema-name: Job + x-cfn-type-name: AWS::Glue::Job + x-identifiers: + - Name + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::Job' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::Job' + AND region = 'us-east-1' + job_tags: + name: job_tags + id: aws.glue.job_tags + x-cfn-schema-name: Job + x-cfn-type-name: AWS::Glue::Job + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Connections') as connections, + JSON_EXTRACT(detail.Properties, '$.MaxRetries') as max_retries, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Timeout') as timeout, + JSON_EXTRACT(detail.Properties, '$.AllocatedCapacity') as allocated_capacity, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Role') as role, + JSON_EXTRACT(detail.Properties, '$.DefaultArguments') as default_arguments, + JSON_EXTRACT(detail.Properties, '$.NotificationProperty') as notification_property, + JSON_EXTRACT(detail.Properties, '$.WorkerType') as worker_type, + JSON_EXTRACT(detail.Properties, '$.ExecutionClass') as execution_class, + JSON_EXTRACT(detail.Properties, '$.LogUri') as log_uri, + JSON_EXTRACT(detail.Properties, '$.Command') as command, + JSON_EXTRACT(detail.Properties, '$.GlueVersion') as glue_version, + JSON_EXTRACT(detail.Properties, '$.ExecutionProperty') as execution_property, + JSON_EXTRACT(detail.Properties, '$.SecurityConfiguration') as security_configuration, + JSON_EXTRACT(detail.Properties, '$.NumberOfWorkers') as number_of_workers, + JSON_EXTRACT(detail.Properties, '$.MaxCapacity') as max_capacity, + JSON_EXTRACT(detail.Properties, '$.NonOverridableArguments') as non_overridable_arguments, + JSON_EXTRACT(detail.Properties, '$.MaintenanceWindow') as maintenance_window, + JSON_EXTRACT(detail.Properties, '$.JobMode') as job_mode, + JSON_EXTRACT(detail.Properties, '$.JobRunQueuingEnabled') as job_run_queuing_enabled + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Glue::Job' + AND detail.data__TypeName = 'AWS::Glue::Job' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Connections') as connections, + json_extract_path_text(detail.Properties, 'MaxRetries') as max_retries, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Timeout') as timeout, + json_extract_path_text(detail.Properties, 'AllocatedCapacity') as allocated_capacity, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Role') as role, + json_extract_path_text(detail.Properties, 'DefaultArguments') as default_arguments, + json_extract_path_text(detail.Properties, 'NotificationProperty') as notification_property, + json_extract_path_text(detail.Properties, 'WorkerType') as worker_type, + json_extract_path_text(detail.Properties, 'ExecutionClass') as execution_class, + json_extract_path_text(detail.Properties, 'LogUri') as log_uri, + json_extract_path_text(detail.Properties, 'Command') as command, + json_extract_path_text(detail.Properties, 'GlueVersion') as glue_version, + json_extract_path_text(detail.Properties, 'ExecutionProperty') as execution_property, + json_extract_path_text(detail.Properties, 'SecurityConfiguration') as security_configuration, + json_extract_path_text(detail.Properties, 'NumberOfWorkers') as number_of_workers, + json_extract_path_text(detail.Properties, 'MaxCapacity') as max_capacity, + json_extract_path_text(detail.Properties, 'NonOverridableArguments') as non_overridable_arguments, + json_extract_path_text(detail.Properties, 'MaintenanceWindow') as maintenance_window, + json_extract_path_text(detail.Properties, 'JobMode') as job_mode, + json_extract_path_text(detail.Properties, 'JobRunQueuingEnabled') as job_run_queuing_enabled + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Glue::Job' + AND detail.data__TypeName = 'AWS::Glue::Job' + AND listing.region = 'us-east-1' schema_versions: name: schema_versions id: aws.glue.schema_versions @@ -758,10 +2632,389 @@ components: openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/schema_version_metadata/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/schema_version_metadata/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/schema_version_metadata/methods/delete_resource' + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SchemaVersionId') as schema_version_id, + JSON_EXTRACT(Properties, '$.Key') as key, + JSON_EXTRACT(Properties, '$.Value') as value + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.SchemaVersionId') as schema_version_id, + JSON_EXTRACT(detail.Properties, '$.Key') as key, + JSON_EXTRACT(detail.Properties, '$.Value') as value + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + AND detail.data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SchemaVersionId') as schema_version_id, + json_extract_path_text(Properties, 'Key') as key, + json_extract_path_text(Properties, 'Value') as value + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'SchemaVersionId') as schema_version_id, + json_extract_path_text(detail.Properties, 'Key') as key, + json_extract_path_text(detail.Properties, 'Value') as value + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + AND detail.data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + AND listing.region = 'us-east-1' + schema_version_metadata_list_only: + name: schema_version_metadata_list_only + id: aws.glue.schema_version_metadata_list_only + x-cfn-schema-name: SchemaVersionMetadata + x-cfn-type-name: AWS::Glue::SchemaVersionMetadata + x-identifiers: + - SchemaVersionId + - Key + - Value + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.SchemaVersionId') as schema_version_id, + JSON_EXTRACT(Properties, '$.Key') as key, + JSON_EXTRACT(Properties, '$.Value') as value + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'SchemaVersionId') as schema_version_id, + json_extract_path_text(Properties, 'Key') as key, + json_extract_path_text(Properties, 'Value') as value + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + AND region = 'us-east-1' + triggers: + name: triggers + id: aws.glue.triggers + x-cfn-schema-name: Trigger + x-cfn-type-name: AWS::Glue::Trigger + x-identifiers: + - Name + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Trigger&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::Trigger" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::Trigger" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::Trigger" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/triggers/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/triggers/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/triggers/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.StartOnCreation') as start_on_creation, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Actions') as actions, + JSON_EXTRACT(Properties, '$.EventBatchingCondition') as event_batching_condition, + JSON_EXTRACT(Properties, '$.WorkflowName') as workflow_name, + JSON_EXTRACT(Properties, '$.Schedule') as schedule, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Predicate') as predicate + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::Trigger' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.StartOnCreation') as start_on_creation, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Actions') as actions, + JSON_EXTRACT(detail.Properties, '$.EventBatchingCondition') as event_batching_condition, + JSON_EXTRACT(detail.Properties, '$.WorkflowName') as workflow_name, + JSON_EXTRACT(detail.Properties, '$.Schedule') as schedule, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Predicate') as predicate + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Glue::Trigger' + AND detail.data__TypeName = 'AWS::Glue::Trigger' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'StartOnCreation') as start_on_creation, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Actions') as actions, + json_extract_path_text(Properties, 'EventBatchingCondition') as event_batching_condition, + json_extract_path_text(Properties, 'WorkflowName') as workflow_name, + json_extract_path_text(Properties, 'Schedule') as schedule, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Predicate') as predicate + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::Trigger' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'StartOnCreation') as start_on_creation, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Actions') as actions, + json_extract_path_text(detail.Properties, 'EventBatchingCondition') as event_batching_condition, + json_extract_path_text(detail.Properties, 'WorkflowName') as workflow_name, + json_extract_path_text(detail.Properties, 'Schedule') as schedule, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Predicate') as predicate + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Glue::Trigger' + AND detail.data__TypeName = 'AWS::Glue::Trigger' + AND listing.region = 'us-east-1' + triggers_list_only: + name: triggers_list_only + id: aws.glue.triggers_list_only + x-cfn-schema-name: Trigger + x-cfn-type-name: AWS::Glue::Trigger + x-identifiers: + - Name + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::Trigger' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::Trigger' + AND region = 'us-east-1' + trigger_tags: + name: trigger_tags + id: aws.glue.trigger_tags + x-cfn-schema-name: Trigger + x-cfn-type-name: AWS::Glue::Trigger + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.StartOnCreation') as start_on_creation, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Actions') as actions, + JSON_EXTRACT(detail.Properties, '$.EventBatchingCondition') as event_batching_condition, + JSON_EXTRACT(detail.Properties, '$.WorkflowName') as workflow_name, + JSON_EXTRACT(detail.Properties, '$.Schedule') as schedule, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Predicate') as predicate + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Glue::Trigger' + AND detail.data__TypeName = 'AWS::Glue::Trigger' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'StartOnCreation') as start_on_creation, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Actions') as actions, + json_extract_path_text(detail.Properties, 'EventBatchingCondition') as event_batching_condition, + json_extract_path_text(detail.Properties, 'WorkflowName') as workflow_name, + json_extract_path_text(detail.Properties, 'Schedule') as schedule, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Predicate') as predicate + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Glue::Trigger' + AND detail.data__TypeName = 'AWS::Glue::Trigger' + AND listing.region = 'us-east-1' + usage_profiles: + name: usage_profiles + id: aws.glue.usage_profiles + x-cfn-schema-name: UsageProfile + x-cfn-type-name: AWS::Glue::UsageProfile + x-identifiers: + - Name + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__UsageProfile&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::UsageProfile" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::UsageProfile" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Glue::UsageProfile" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/usage_profiles/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/schema_version_metadata/methods/delete_resource' - update: [] + - $ref: '#/components/x-stackQL-resources/usage_profiles/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/usage_profiles/methods/update_resource' config: views: select: @@ -770,26 +3023,30 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.SchemaVersionId') as schema_version_id, - JSON_EXTRACT(Properties, '$.Key') as key, - JSON_EXTRACT(Properties, '$.Value') as value - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::SchemaVersionMetadata' - AND data__Identifier = '||' + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreatedOn') as created_on + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::UsageProfile' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.SchemaVersionId') as schema_version_id, - JSON_EXTRACT(detail.Properties, '$.Key') as key, - JSON_EXTRACT(detail.Properties, '$.Value') as value + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Configuration') as configuration, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.CreatedOn') as created_on FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Glue::SchemaVersionMetadata' - AND detail.data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + WHERE listing.data__TypeName = 'AWS::Glue::UsageProfile' + AND detail.data__TypeName = 'AWS::Glue::UsageProfile' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -797,36 +3054,38 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'SchemaVersionId') as schema_version_id, - json_extract_path_text(Properties, 'Key') as key, - json_extract_path_text(Properties, 'Value') as value - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::SchemaVersionMetadata' - AND data__Identifier = '||' + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreatedOn') as created_on + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Glue::UsageProfile' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'SchemaVersionId') as schema_version_id, - json_extract_path_text(detail.Properties, 'Key') as key, - json_extract_path_text(detail.Properties, 'Value') as value + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Configuration') as configuration, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'CreatedOn') as created_on FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Glue::SchemaVersionMetadata' - AND detail.data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + WHERE listing.data__TypeName = 'AWS::Glue::UsageProfile' + AND detail.data__TypeName = 'AWS::Glue::UsageProfile' AND listing.region = 'us-east-1' - schema_version_metadata_list_only: - name: schema_version_metadata_list_only - id: aws.glue.schema_version_metadata_list_only - x-cfn-schema-name: SchemaVersionMetadata - x-cfn-type-name: AWS::Glue::SchemaVersionMetadata + usage_profiles_list_only: + name: usage_profiles_list_only + id: aws.glue.usage_profiles_list_only + x-cfn-schema-name: UsageProfile + x-cfn-type-name: AWS::Glue::UsageProfile x-identifiers: - - SchemaVersionId - - Key - - Value + - Name x-type: cloud_control_view methods: {} sqlVerbs: @@ -840,21 +3099,68 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.SchemaVersionId') as schema_version_id, - JSON_EXTRACT(Properties, '$.Key') as key, - JSON_EXTRACT(Properties, '$.Value') as value - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::UsageProfile' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'SchemaVersionId') as schema_version_id, - json_extract_path_text(Properties, 'Key') as key, - json_extract_path_text(Properties, 'Value') as value - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::SchemaVersionMetadata' + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Glue::UsageProfile' AND region = 'us-east-1' + usage_profile_tags: + name: usage_profile_tags + id: aws.glue.usage_profile_tags + x-cfn-schema-name: UsageProfile + x-cfn-type-name: AWS::Glue::UsageProfile + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Configuration') as configuration, + JSON_EXTRACT(detail.Properties, '$.CreatedOn') as created_on + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Glue::UsageProfile' + AND detail.data__TypeName = 'AWS::Glue::UsageProfile' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Configuration') as configuration, + json_extract_path_text(detail.Properties, 'CreatedOn') as created_on + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Glue::UsageProfile' + AND detail.data__TypeName = 'AWS::Glue::UsageProfile' + AND listing.region = 'us-east-1' paths: /?Action=CreateResource&Version=2021-09-30: parameters: @@ -998,6 +3304,132 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' description: Success + /?Action=CreateResource&Version=2021-09-30&__Crawler&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateCrawler + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateCrawlerRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Database&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDatabase + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDatabaseRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Job&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateJob + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateJobRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__SchemaVersion&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -1082,6 +3514,90 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Trigger&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateTrigger + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateTriggerRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__UsageProfile&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateUsageProfile + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateUsageProfileRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params diff --git a/providers/src/aws/v00.00.00000/services/groundstation.yaml b/providers/src/aws/v00.00.00000/services/groundstation.yaml index 199e9743..15db920f 100644 --- a/providers/src/aws/v00.00.00000/services/groundstation.yaml +++ b/providers/src/aws/v00.00.00000/services/groundstation.yaml @@ -603,6 +603,16 @@ components: x-required-properties: - Name - ConfigData + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - groundstation:TagResource + - groundstation:UntagResource + - groundstation:ListTagsForResource x-required-permissions: create: - groundstation:CreateConfig @@ -778,6 +788,16 @@ components: - Arn x-required-properties: - EndpointDetails + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - groundstation:TagResource + - groundstation:UntagResource + - groundstation:ListTagsForResource x-required-permissions: create: - groundstation:CreateDataflowEndpointGroup @@ -787,6 +807,10 @@ components: - ec2:describeAddresses - ec2:describeNetworkInterfaces - iam:createServiceLinkedRole + update: + - groundstation:ListTagsForResource + - groundstation:TagResource + - groundstation:UntagResource read: - groundstation:GetDataflowEndpointGroup - groundstation:ListTagsForResource @@ -880,6 +904,16 @@ components: - MinimumViableContactDurationSeconds - DataflowEdges - TrackingConfigArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - groundstation:TagResource + - groundstation:UntagResource + - groundstation:ListTagsForResource x-required-permissions: create: - groundstation:CreateMissionProfile @@ -1272,6 +1306,18 @@ components: response: mediaType: application/json openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::GroundStation::DataflowEndpointGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' delete_resource: operation: $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' @@ -1289,7 +1335,8 @@ components: - $ref: '#/components/x-stackQL-resources/dataflow_endpoint_groups/methods/create_resource' delete: - $ref: '#/components/x-stackQL-resources/dataflow_endpoint_groups/methods/delete_resource' - update: [] + update: + - $ref: '#/components/x-stackQL-resources/dataflow_endpoint_groups/methods/update_resource' config: views: select: diff --git a/providers/src/aws/v00.00.00000/services/guardduty.yaml b/providers/src/aws/v00.00.00000/services/guardduty.yaml index c0180ea7..36215648 100644 --- a/providers/src/aws/v00.00.00000/services/guardduty.yaml +++ b/providers/src/aws/v00.00.00000/services/guardduty.yaml @@ -460,6 +460,7 @@ components: - DISABLED AdditionalConfiguration: type: array + x-insertionOrder: false items: $ref: '#/components/schemas/CFNFeatureAdditionalConfiguration' required: @@ -488,12 +489,14 @@ components: $ref: '#/components/schemas/CFNDataSourceConfigurations' Features: type: array + x-insertionOrder: false items: $ref: '#/components/schemas/CFNFeatureConfiguration' Id: type: string Tags: type: array + x-insertionOrder: false items: $ref: '#/components/schemas/TagItem' required: @@ -510,8 +513,9 @@ components: x-tagging: taggable: true tagOnCreate: true - tagUpdatable: false + tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/Tags x-required-permissions: create: - guardduty:CreateDetector @@ -521,6 +525,7 @@ components: - iam:GetRole read: - guardduty:GetDetector + - guardduty:ListTagsForResource delete: - guardduty:ListDetectors - guardduty:DeleteDetector @@ -531,6 +536,8 @@ components: - guardduty:ListDetectors - iam:CreateServiceLinkedRole - iam:GetRole + - guardduty:TagResource + - guardduty:UntagResource list: - guardduty:ListDetectors Condition: @@ -610,9 +617,12 @@ components: maxLength: 64 Tags: type: array + x-insertionOrder: false items: $ref: '#/components/schemas/TagItem' required: + - DetectorId + - Name - FindingCriteria x-stackql-resource-name: filter description: Resource Type definition for AWS::GuardDuty::Filter @@ -624,12 +634,19 @@ components: - DetectorId - Name x-required-properties: + - DetectorId + - Name - FindingCriteria x-tagging: taggable: true tagOnCreate: true - tagUpdatable: false + tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - guardduty:TagResource + - guardduty:UntagResource + - guardduty:ListTagsForResource x-required-permissions: create: - guardduty:CreateFilter @@ -637,6 +654,7 @@ components: - guardduty:TagResource read: - guardduty:GetFilter + - guardduty:ListTagsForResource delete: - guardduty:ListDetectors - guardduty:ListFilters @@ -646,6 +664,8 @@ components: - guardduty:UpdateFilter - guardduty:GetFilter - guardduty:ListFilters + - guardduty:TagResource + - guardduty:UntagResource list: - guardduty:ListFilters IPSet: @@ -671,6 +691,7 @@ components: maxLength: 300 Tags: type: array + x-insertionOrder: false items: $ref: '#/components/schemas/TagItem' required: @@ -695,8 +716,13 @@ components: x-tagging: taggable: true tagOnCreate: true - tagUpdatable: false + tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - guardduty:TagResource + - guardduty:UntagResource + - guardduty:ListTagsForResource x-required-permissions: create: - guardduty:CreateIPSet @@ -717,8 +743,133 @@ components: - guardduty:GetIPSet - guardduty:ListIPSets - iam:PutRolePolicy + - guardduty:TagResource + - guardduty:UntagResource list: - guardduty:ListIPSets + CFNProtectedResource: + type: object + additionalProperties: false + properties: + S3Bucket: + type: object + description: Information about the protected S3 bucket resource. + additionalProperties: false + properties: + BucketName: + type: string + description: Name of the S3 bucket. + ObjectPrefixes: + type: array + description: Information about the specified object prefixes. The S3 object will be scanned only if it belongs to any of the specified object prefixes. + items: + type: string + required: + - S3Bucket + CFNActions: + type: object + additionalProperties: false + properties: + Tagging: + $ref: '#/components/schemas/CFNTagging' + description: Contains information about tagging status of the Malware Protection plan resource. + CFNTagging: + type: object + additionalProperties: false + properties: + Status: + type: string + description: Indicates whether or not you chose GuardDuty to add a predefined tag to the scanned S3 object. + CFNStatusReasons: + type: object + additionalProperties: false + properties: + Code: + type: string + description: The status code of the Malware Protection plan. + Message: + type: string + description: Issue message that specifies the reason. + MalwareProtectionPlan: + type: object + properties: + MalwareProtectionPlanId: + type: string + description: A unique identifier associated with Malware Protection plan resource. + Arn: + type: string + description: Amazon Resource Name (ARN) of the protected resource. + Role: + type: string + description: IAM role that includes the permissions required to scan and (optionally) add tags to the associated protected resource. + ProtectedResource: + $ref: '#/components/schemas/CFNProtectedResource' + description: Information about the protected resource. Presently, S3Bucket is the only supported protected resource. + Actions: + $ref: '#/components/schemas/CFNActions' + description: Specifies the action that is to be applied to the Malware Protection plan resource. + CreatedAt: + type: string + description: The timestamp when the Malware Protection plan resource was created. + Status: + type: string + description: Status of the Malware Protection plan resource. + StatusReasons: + type: array + items: + $ref: '#/components/schemas/CFNStatusReasons' + description: Status details associated with the Malware Protection plan resource status. + Tags: + type: array + description: The tags to be added to the created Malware Protection plan resource. Each tag consists of a key and an optional value, both of which you need to specify. + items: + $ref: '#/components/schemas/TagItem' + required: + - Role + - ProtectedResource + x-stackql-resource-name: malware_protection_plan + description: Resource Type definition for AWS::GuardDuty::MalwareProtectionPlan + x-type-name: AWS::GuardDuty::MalwareProtectionPlan + x-stackql-primary-identifier: + - MalwareProtectionPlanId + x-read-only-properties: + - MalwareProtectionPlanId + - Arn + - CreatedAt + - Status + - StatusReasons + x-required-properties: + - Role + - ProtectedResource + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - guardduty:TagResource + - guardduty:UntagResource + - guardduty:ListTagsForResource + x-required-permissions: + create: + - guardduty:CreateMalwareProtectionPlan + - guardduty:GetMalwareProtectionPlan + - guardduty:TagResource + - iam:PassRole + read: + - guardduty:GetMalwareProtectionPlan + delete: + - guardduty:DeleteMalwareProtectionPlan + - guardduty:GetMalwareProtectionPlan + update: + - guardduty:UpdateMalwareProtectionPlan + - guardduty:GetMalwareProtectionPlan + - guardduty:TagResource + - guardduty:UntagResource + - iam:PassRole + list: + - guardduty:ListMalwareProtectionPlans Master: type: object properties: @@ -865,8 +1016,13 @@ components: x-tagging: taggable: true tagOnCreate: true - tagUpdatable: false + tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - guardduty:TagResource + - guardduty:UntagResource + - guardduty:ListTagsForResource x-required-permissions: create: - guardduty:CreateThreatIntelSet @@ -886,6 +1042,8 @@ components: - guardduty:GetThreatIntelSet - guardduty:ListThreatIntelSets - iam:PutRolePolicy + - guardduty:TagResource + - guardduty:UntagResource list: - guardduty:ListThreatIntelSets CreateDetectorRequest: @@ -909,12 +1067,14 @@ components: $ref: '#/components/schemas/CFNDataSourceConfigurations' Features: type: array + x-insertionOrder: false items: $ref: '#/components/schemas/CFNFeatureConfiguration' Id: type: string Tags: type: array + x-insertionOrder: false items: $ref: '#/components/schemas/TagItem' x-stackQL-stringOnly: true @@ -954,6 +1114,7 @@ components: maxLength: 64 Tags: type: array + x-insertionOrder: false items: $ref: '#/components/schemas/TagItem' x-stackQL-stringOnly: true @@ -993,12 +1154,61 @@ components: maxLength: 300 Tags: type: array + x-insertionOrder: false items: $ref: '#/components/schemas/TagItem' x-stackQL-stringOnly: true x-title: CreateIPSetRequest type: object required: [] + CreateMalwareProtectionPlanRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + MalwareProtectionPlanId: + type: string + description: A unique identifier associated with Malware Protection plan resource. + Arn: + type: string + description: Amazon Resource Name (ARN) of the protected resource. + Role: + type: string + description: IAM role that includes the permissions required to scan and (optionally) add tags to the associated protected resource. + ProtectedResource: + $ref: '#/components/schemas/CFNProtectedResource' + description: Information about the protected resource. Presently, S3Bucket is the only supported protected resource. + Actions: + $ref: '#/components/schemas/CFNActions' + description: Specifies the action that is to be applied to the Malware Protection plan resource. + CreatedAt: + type: string + description: The timestamp when the Malware Protection plan resource was created. + Status: + type: string + description: Status of the Malware Protection plan resource. + StatusReasons: + type: array + items: + $ref: '#/components/schemas/CFNStatusReasons' + description: Status details associated with the Malware Protection plan resource status. + Tags: + type: array + description: The tags to be added to the created Malware Protection plan resource. Each tag consists of a key and an optional value, both of which you need to specify. + items: + $ref: '#/components/schemas/TagItem' + x-stackQL-stringOnly: true + x-title: CreateMalwareProtectionPlanRequest + type: object + required: [] CreateMasterRequest: properties: ClientToken: @@ -1742,6 +1952,231 @@ components: WHERE listing.data__TypeName = 'AWS::GuardDuty::IPSet' AND detail.data__TypeName = 'AWS::GuardDuty::IPSet' AND listing.region = 'us-east-1' + malware_protection_plans: + name: malware_protection_plans + id: aws.guardduty.malware_protection_plans + x-cfn-schema-name: MalwareProtectionPlan + x-cfn-type-name: AWS::GuardDuty::MalwareProtectionPlan + x-identifiers: + - MalwareProtectionPlanId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__MalwareProtectionPlan&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::GuardDuty::MalwareProtectionPlan" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::GuardDuty::MalwareProtectionPlan" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::GuardDuty::MalwareProtectionPlan" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/malware_protection_plans/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/malware_protection_plans/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/malware_protection_plans/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MalwareProtectionPlanId') as malware_protection_plan_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Role') as role, + JSON_EXTRACT(Properties, '$.ProtectedResource') as protected_resource, + JSON_EXTRACT(Properties, '$.Actions') as actions, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusReasons') as status_reasons, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::MalwareProtectionPlan' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.MalwareProtectionPlanId') as malware_protection_plan_id, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Role') as role, + JSON_EXTRACT(detail.Properties, '$.ProtectedResource') as protected_resource, + JSON_EXTRACT(detail.Properties, '$.Actions') as actions, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.StatusReasons') as status_reasons, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::GuardDuty::MalwareProtectionPlan' + AND detail.data__TypeName = 'AWS::GuardDuty::MalwareProtectionPlan' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MalwareProtectionPlanId') as malware_protection_plan_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Role') as role, + json_extract_path_text(Properties, 'ProtectedResource') as protected_resource, + json_extract_path_text(Properties, 'Actions') as actions, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusReasons') as status_reasons, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::GuardDuty::MalwareProtectionPlan' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'MalwareProtectionPlanId') as malware_protection_plan_id, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Role') as role, + json_extract_path_text(detail.Properties, 'ProtectedResource') as protected_resource, + json_extract_path_text(detail.Properties, 'Actions') as actions, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'StatusReasons') as status_reasons, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::GuardDuty::MalwareProtectionPlan' + AND detail.data__TypeName = 'AWS::GuardDuty::MalwareProtectionPlan' + AND listing.region = 'us-east-1' + malware_protection_plans_list_only: + name: malware_protection_plans_list_only + id: aws.guardduty.malware_protection_plans_list_only + x-cfn-schema-name: MalwareProtectionPlan + x-cfn-type-name: AWS::GuardDuty::MalwareProtectionPlan + x-identifiers: + - MalwareProtectionPlanId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.MalwareProtectionPlanId') as malware_protection_plan_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::MalwareProtectionPlan' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'MalwareProtectionPlanId') as malware_protection_plan_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::GuardDuty::MalwareProtectionPlan' + AND region = 'us-east-1' + malware_protection_plan_tags: + name: malware_protection_plan_tags + id: aws.guardduty.malware_protection_plan_tags + x-cfn-schema-name: MalwareProtectionPlan + x-cfn-type-name: AWS::GuardDuty::MalwareProtectionPlan + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.MalwareProtectionPlanId') as malware_protection_plan_id, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Role') as role, + JSON_EXTRACT(detail.Properties, '$.ProtectedResource') as protected_resource, + JSON_EXTRACT(detail.Properties, '$.Actions') as actions, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.StatusReasons') as status_reasons + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::GuardDuty::MalwareProtectionPlan' + AND detail.data__TypeName = 'AWS::GuardDuty::MalwareProtectionPlan' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'MalwareProtectionPlanId') as malware_protection_plan_id, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Role') as role, + json_extract_path_text(detail.Properties, 'ProtectedResource') as protected_resource, + json_extract_path_text(detail.Properties, 'Actions') as actions, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'StatusReasons') as status_reasons + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::GuardDuty::MalwareProtectionPlan' + AND detail.data__TypeName = 'AWS::GuardDuty::MalwareProtectionPlan' + AND listing.region = 'us-east-1' masters: name: masters id: aws.guardduty.masters @@ -2519,6 +2954,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__MalwareProtectionPlan&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateMalwareProtectionPlan + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateMalwareProtectionPlanRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Master&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/healthlake.yaml b/providers/src/aws/v00.00.00000/services/healthlake.yaml index 964fbf14..a39ee6d3 100644 --- a/providers/src/aws/v00.00.00000/services/healthlake.yaml +++ b/providers/src/aws/v00.00.00000/services/healthlake.yaml @@ -450,6 +450,9 @@ components: $ref: '#/components/schemas/KmsEncryptionConfig' required: - KmsEncryptionConfig + default: + KmsEncryptionConfig: + CmkType: AWS_OWNED_KMS_KEY additionalProperties: false KmsEncryptionConfig: description: The customer-managed-key (CMK) used when creating a Data Store. If a customer owned key is not specified, an AWS owned key will be used for encryption. @@ -494,6 +497,9 @@ components: pattern: arn:aws[-a-z]*:lambda:[a-z]{2}-[a-z]+-\d{1}:\d{12}:function:[a-zA-Z0-9\-_\.]+(:(\$LATEST|[a-zA-Z0-9\-_]+))? required: - AuthorizationStrategy + default: + AuthorizationStrategy: AWS_AUTH + FineGrainedAuthorizationEnabled: false additionalProperties: false Tag: description: A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings. @@ -563,7 +569,16 @@ components: - DatastoreStatus x-required-properties: - DatastoreTypeVersion - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - healthlake:UntagResource + - healthlake:TagResource + - healthlake:ListTagsForResource x-required-permissions: create: - healthlake:CreateFHIRDatastore diff --git a/providers/src/aws/v00.00.00000/services/iam.yaml b/providers/src/aws/v00.00.00000/services/iam.yaml index df40dc78..ae5d0150 100644 --- a/providers/src/aws/v00.00.00000/services/iam.yaml +++ b/providers/src/aws/v00.00.00000/services/iam.yaml @@ -385,6 +385,86 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + AccessKey: + description: >- +

Contains information about an Amazon Web Services access key.

This data type is used as a response element in the CreateAccessKey and ListAccessKeys operations.

The SecretAccessKey value is returned only in response to CreateAccessKey. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.

+ + properties: + AccessKeyId: + allOf: + - $ref: '#/components/schemas/accessKeyIdType' + - description: The ID for this access key. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date when the access key was created. + SecretAccessKey: + allOf: + - $ref: '#/components/schemas/accessKeySecretType' + - description: The secret key used to sign requests. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: 'The status of the access key. Active means that the key is valid for API calls, while Inactive means it is not. ' + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the IAM user that the access key is associated with. + required: + - UserName + - AccessKeyId + - Status + - SecretAccessKey + type: object + AccessKeyLastUsed: + description:

Contains information about the last time an Amazon Web Services access key was used since IAM began tracking this information on April 22, 2015.

This data type is used as a response element in the GetAccessKeyLastUsed operation.

+ properties: + LastUsedDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description:

The date and time, in ISO 8601 date-time format, when the access key was most recently used. This field is null in the following situations:

  • The user does not have an access key.

  • An access key exists but has not been used since IAM began tracking this information.

  • There is no sign-in data associated with the user.

+ Region: + allOf: + - $ref: '#/components/schemas/stringType' + - description: >- +

The Amazon Web Services Region where this access key was most recently used. The value for this field is "N/A" in the following situations:

  • The user does not have an access key.

  • An access key exists but has not been used since IAM began tracking this information.

  • There is no sign-in data associated with the user.

For more information about Amazon Web Services Regions, see Regions and endpoints in the Amazon Web Services General Reference.

+ ServiceName: + allOf: + - $ref: '#/components/schemas/stringType' + - description:

The name of the Amazon Web Services service with which this access key was most recently used. The value of this field is "N/A" in the following situations:

  • The user does not have an access key.

  • An access key exists but has not been used since IAM started tracking this information.

  • There is no sign-in data associated with the user.

+ required: + - LastUsedDate + - ServiceName + - Region + type: object + AccessKeyMetadata: + description:

Contains information about an Amazon Web Services access key, without its secret key.

This data type is used as a response element in the ListAccessKeys operation.

+ properties: + AccessKeyId: + allOf: + - $ref: '#/components/schemas/accessKeyIdType' + - description: The ID for this access key. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date when the access key was created. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status of the access key. Active means that the key is valid for API calls; Inactive means it is not. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the IAM user that the key is associated with. + type: object + ArnListType: + items: + allOf: + - $ref: '#/components/schemas/arnType' + - xml: + name: member + type: array AttachGroupPolicyRequest: properties: GroupName: @@ -430,7 +510,103 @@ components: - PolicyArn title: AttachUserPolicyRequest type: object + AttachedPermissionsBoundary: + description:

Contains information about an attached permissions boundary.

An attached permissions boundary is a managed policy that has been attached to a user or role to set the permissions boundary.

For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.

+ properties: + PermissionsBoundaryArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: ' The ARN of the policy used to set the permissions boundary for the user or role.' + PermissionsBoundaryType: + allOf: + - $ref: '#/components/schemas/PermissionsBoundaryAttachmentType' + - description: ' The permissions boundary usage type that indicates what type of IAM resource is used as the permissions boundary for an entity. This data type can only have a value of Policy.' + type: object + AttachedPolicy: + description: >- +

Contains information about an attached policy.

An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies, ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails operations.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

+ properties: + PolicyArn: + $ref: '#/components/schemas/arnType' + PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The friendly name of the attached policy. + type: object ConcurrentModificationException: {} + ContextKeyNameType: + maxLength: 256 + minLength: 5 + type: string + ContextKeyNamesResultListType: + items: + allOf: + - $ref: '#/components/schemas/ContextKeyNameType' + - xml: + name: member + type: array + CreateAccessKeyRequest: + properties: + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the IAM user that the new key will belong to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + title: CreateAccessKeyRequest + type: object + CreateAccessKeyResponse: + description: 'Contains the response to a successful CreateAccessKey request. ' + example: + AccessKey: + AccessKeyId: AKIAIOSFODNN7EXAMPLE + CreateDate: '2015-03-09T18:39:23.411Z' + SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY + Status: Active + UserName: Bob + properties: + AccessKey: + allOf: + - $ref: '#/components/schemas/AccessKey' + - description: A structure with details about the access key. + required: + - AccessKey + type: object + CreateLoginProfileRequest: + properties: + Password: + allOf: + - $ref: '#/components/schemas/passwordType' + - description: >- +

The new password for the user.

The regex pattern that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Any of + these characters are valid in a password. However, many tools, such as the Amazon Web Services Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.

+ PasswordResetRequired: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether the user is required to set a new password on next sign-in. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user to create a password for. The user must already exist.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + - Password + title: CreateLoginProfileRequest + type: object + CreateLoginProfileResponse: + description: 'Contains the response to a successful CreateLoginProfile request. ' + example: + LoginProfile: + CreateDate: '2015-03-10T20:55:40.274Z' + PasswordResetRequired: true + UserName: Bob + properties: + LoginProfile: + allOf: + - $ref: '#/components/schemas/LoginProfile' + - description: A structure containing the user name and password create date. + required: + - LoginProfile + type: object CreatePolicyRequest: properties: Description: @@ -472,6 +648,127 @@ components: - $ref: '#/components/schemas/Policy' - description: A structure containing details about the new policy. type: object + CreatePolicyVersionRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description: >- +

The JSON policy document that you want to use as the content for this new version of the policy.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To + view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ SetAsDefault: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: >- +

Specifies whether to set this version as the policy's default version.

When this parameter is true, the new policy version becomes the operative version. That is, it becomes the version that is in effect for the IAM users, groups, and roles that the policy is attached to.

For more information about managed policy versions, see Versioning for managed policies + in the IAM User Guide.

+ required: + - PolicyArn + - PolicyDocument + title: CreatePolicyVersionRequest + type: object + CreatePolicyVersionResponse: + description: 'Contains the response to a successful CreatePolicyVersion request. ' + properties: + PolicyVersion: + allOf: + - $ref: '#/components/schemas/PolicyVersion' + - description: A structure containing details about the new policy version. + type: object + CreateServiceLinkedRoleRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + RoleName: + description: The name of the role. + type: string + CustomSuffix: + description: A string that you provide, which is combined with the service-provided prefix to form the complete role name. + type: string + Description: + description: The description of the role. + type: string + AWSServiceName: + description: The service principal for the AWS service to which this role is attached. + type: string + x-stackQL-stringOnly: true + x-title: CreateServiceLinkedRoleRequest + type: object + required: [] + CreateServiceLinkedRoleResponse: + properties: + Role: + allOf: + - $ref: '#/components/schemas/Role' + - description: A Role object that contains details about the newly created role. + type: object + CreateServiceSpecificCredentialRequest: + properties: + ServiceName: + allOf: + - $ref: '#/components/schemas/serviceName' + - description: The name of the Amazon Web Services service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: >- +

The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: + _+=,.@-

+ required: + - UserName + - ServiceName + title: CreateServiceSpecificCredentialRequest + type: object + CreateServiceSpecificCredentialResponse: + properties: + ServiceSpecificCredential: + allOf: + - $ref: '#/components/schemas/ServiceSpecificCredential' + - description:

A structure that contains information about the newly created service-specific credential.

This is the only time that the password for this credential set is available. It cannot be recovered later. Instead, you must reset the password with ResetServiceSpecificCredential.

 + type: object + DeactivateMFADeviceRequest: + properties: + SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-

' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user whose MFA device you want to deactivate.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + - SerialNumber + title: DeactivateMFADeviceRequest + type: object + DeleteAccessKeyRequest: + properties: + AccessKeyId: + allOf: + - $ref: '#/components/schemas/accessKeyIdType' + - description:

The access key ID for the access key ID and secret access key you want to delete.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user whose access key pair you want to delete.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - AccessKeyId + title: DeleteAccessKeyRequest + type: object DeleteConflictException: {} DeleteGroupPolicyRequest: properties: @@ -488,6 +785,16 @@ components: - PolicyName title: DeleteGroupPolicyRequest type: object + DeleteLoginProfileRequest: + properties: + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the user whose password you want to delete.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + title: DeleteLoginProfileRequest + type: object DeletePolicyRequest: properties: PolicyArn: @@ -498,6 +805,23 @@ components: - PolicyArn title: DeletePolicyRequest type: object + DeletePolicyVersionRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ VersionId: + allOf: + - $ref: '#/components/schemas/policyVersionIdType' + - description: >- +

The policy version to delete.

This parameter allows (through its regex pattern) a string of characters that consists of the lowercase letter 'v' followed by one or two digits, and optionally followed by a period '.' and a string of letters and digits.

For more information about managed policy versions, see Versioning for managed + policies in the IAM User Guide.

+ required: + - PolicyArn + - VersionId + title: DeletePolicyVersionRequest + type: object DeleteRolePolicyRequest: properties: PolicyName: @@ -513,6 +837,68 @@ components: - PolicyName title: DeleteRolePolicyRequest type: object + DeleteSSHPublicKeyRequest: + properties: + SSHPublicKeyId: + allOf: + - $ref: '#/components/schemas/publicKeyIdType' + - description:

The unique identifier for the SSH public key.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user associated with the SSH public key.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + - SSHPublicKeyId + title: DeleteSSHPublicKeyRequest + type: object + DeleteServiceLinkedRoleRequest: + properties: + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: The name of the service-linked role to be deleted. + required: + - RoleName + title: DeleteServiceLinkedRoleRequest + type: object + DeleteServiceLinkedRoleResponse: + properties: + DeletionTaskId: + allOf: + - $ref: '#/components/schemas/DeletionTaskIdType' + - description: The deletion task identifier that you can use to check the status of the deletion. This identifier is returned in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>. + required: + - DeletionTaskId + type: object + DeleteServiceSpecificCredentialRequest: + properties: + ServiceSpecificCredentialId: + allOf: + - $ref: '#/components/schemas/serviceSpecificCredentialId' + - description:

The unique identifier of the service-specific credential. You can get this value by calling ListServiceSpecificCredentials.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - ServiceSpecificCredentialId + title: DeleteServiceSpecificCredentialRequest + type: object + DeleteSigningCertificateRequest: + properties: + CertificateId: + allOf: + - $ref: '#/components/schemas/certificateIdType' + - description:

The ID of the signing certificate to delete.

The format of this parameter, as described by its regex pattern, is a string of characters that can be upper- or lower-cased letters or digits.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user the signing certificate belongs to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - CertificateId + title: DeleteSigningCertificateRequest + type: object DeleteUserPolicyRequest: properties: PolicyName: @@ -528,6 +914,29 @@ components: - PolicyName title: DeleteUserPolicyRequest type: object + DeletionTaskFailureReasonType: + description:

The reason that the service-linked role deletion failed.

This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.

+ properties: + Reason: + allOf: + - $ref: '#/components/schemas/ReasonType' + - description: A short description of the reason that the service-linked role deletion failed. + RoleUsageList: + allOf: + - $ref: '#/components/schemas/RoleUsageListType' + - description: A list of objects that contains details about the service-linked role deletion failure, if that information is returned by the service. If the service-linked role has active sessions or if any resources that were used by the role have not been deleted from the linked service, the role can't be deleted. This parameter includes a list of the resources that are associated with the role and the Region in which the resources are being used. + type: object + DeletionTaskIdType: + maxLength: 1000 + minLength: 1 + type: string + DeletionTaskStatusType: + enum: + - SUCCEEDED + - IN_PROGRESS + - FAILED + - NOT_STARTED + type: string DetachGroupPolicyRequest: properties: GroupName: @@ -573,42 +982,326 @@ components: - PolicyArn title: DetachUserPolicyRequest type: object - EntityAlreadyExistsException: {} - GetGroupPolicyRequest: + DuplicateCertificateException: {} + DuplicateSSHPublicKeyException: {} + EnableMFADeviceRequest: properties: - GroupName: + AuthenticationCode1: allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name of the group the policy is associated with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' - PolicyName: + - $ref: '#/components/schemas/authenticationCodeType' + - description: >- +

An authentication code emitted by the device.

The format for this parameter is a string of six digits.

Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, + you can resync the device.

 + AuthenticationCode2: allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name of the policy document to get.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + - $ref: '#/components/schemas/authenticationCodeType' + - description: >- +

A subsequent authentication code emitted by the device.

The format for this parameter is a string of six digits.

Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this + happens, you can resync the device.

 + SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-

' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the IAM user for whom you want to enable the MFA device.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' required: - - GroupName - - PolicyName - title: GetGroupPolicyRequest + - UserName + - SerialNumber + - AuthenticationCode1 + - AuthenticationCode2 + title: EnableMFADeviceRequest type: object - GetGroupPolicyResponse: - description: 'Contains the response to a successful GetGroupPolicy request. ' + EntityAlreadyExistsException: {} + EntityDetails: + description:

An object that contains details about when the IAM entities (users or roles) were last used in an attempt to access the specified Amazon Web Services service.

This data type is a response element in the GetServiceLastAccessedDetailsWithEntities operation.

properties: - GroupName: - allOf: - - $ref: '#/components/schemas/groupNameType' - - description: The group the policy is associated with. - PolicyDocument: + EntityInfo: allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The policy document.

IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

- PolicyName: + - $ref: '#/components/schemas/EntityInfo' + - description: "The\_EntityInfo object that contains details about the entity (user or role)." + LastAuthenticated: allOf: - - $ref: '#/components/schemas/policyNameType' - - description: The name of the policy. + - $ref: '#/components/schemas/dateType' + - description: "

The date and time, in\_ISO 8601 date-time format, when the authenticated entity last attempted to access Amazon Web Services. Amazon Web Services does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

" + required: + - EntityInfo + type: object + EntityInfo: + description:

Contains details about the specified entity (user or role).

This data type is an element of the EntityDetails object.

+ properties: + Arn: + $ref: '#/components/schemas/arnType' + Id: + allOf: + - $ref: '#/components/schemas/idType' + - description: The identifier of the entity (user or role). + Name: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the entity (user or role). + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: 'The path to the entity (user or role). For more information about paths, see IAM identifiers in the IAM User Guide. ' + Type: + allOf: + - $ref: '#/components/schemas/policyOwnerEntityType' + - description: The type of entity (user or role). + required: + - Arn + - Name + - Type + - Id + type: object + EntityTemporarilyUnmodifiableException: {} + EntityType: + enum: + - User + - Role + - Group + - LocalManagedPolicy + - AWSManagedPolicy + type: string + ErrorDetails: + description:

Contains information about the reason that the operation failed.

This data type is used as a response element in the GetOrganizationsAccessReport, GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities operations.

+ properties: + Code: + allOf: + - $ref: '#/components/schemas/stringType' + - description: The error code associated with the operation failure. + Message: + allOf: + - $ref: '#/components/schemas/stringType' + - description: Detailed information about the reason that the operation failed. + required: + - Message + - Code + type: object + GetAccessKeyLastUsedRequest: + properties: + AccessKeyId: + allOf: + - $ref: '#/components/schemas/accessKeyIdType' + - description:

The identifier of an access key.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ required: + - AccessKeyId + title: GetAccessKeyLastUsedRequest + type: object + GetAccessKeyLastUsedResponse: + description: Contains the response to a successful GetAccessKeyLastUsed request. It is also returned as a member of the AccessKeyMetaData structure returned by the ListAccessKeys action. + properties: + AccessKeyLastUsed: + allOf: + - $ref: '#/components/schemas/AccessKeyLastUsed' + - description: Contains information about the last time the access key was used. + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description:

The name of the IAM user that owns this access key.

+ type: object + GetAccountAuthorizationDetailsRequest: + properties: + Filter: + allOf: + - $ref: '#/components/schemas/entityListType' + - description:

A list of entity types used to filter the results. Only the entities that match the types you specify are included in the output. Use the value LocalManagedPolicy to include customer managed policies.

The format for this parameter is a comma-separated (if more than one) list of strings. Each string value in the list must be one of the valid values listed below.

+ Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ title: GetAccountAuthorizationDetailsRequest + type: object + GetAccountAuthorizationDetailsResponse: + description: 'Contains the response to a successful GetAccountAuthorizationDetails request. ' + properties: + GroupDetailList: + allOf: + - $ref: '#/components/schemas/groupDetailListType' + - description: A list containing information about IAM groups. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + Policies: + allOf: + - $ref: '#/components/schemas/ManagedPolicyDetailListType' + - description: A list containing information about managed policies. + RoleDetailList: + allOf: + - $ref: '#/components/schemas/roleDetailListType' + - description: A list containing information about IAM roles. + UserDetailList: + allOf: + - $ref: '#/components/schemas/userDetailListType' + - description: A list containing information about IAM users. + type: object + GetAccountPasswordPolicyResponse: + description: 'Contains the response to a successful GetAccountPasswordPolicy request. ' + example: + PasswordPolicy: + AllowUsersToChangePassword: false + ExpirePasswords: false + HardExpiry: false + MaxPasswordAge: 90 + MinimumPasswordLength: 8 + PasswordReusePrevention: 12 + RequireLowercaseCharacters: false + RequireNumbers: true + RequireSymbols: true + RequireUppercaseCharacters: false + properties: + PasswordPolicy: + allOf: + - $ref: '#/components/schemas/PasswordPolicy' + - description: A structure that contains details about the account's password policy. + required: + - PasswordPolicy + type: object + GetAccountSummaryResponse: + description: 'Contains the response to a successful GetAccountSummary request. ' + example: + SummaryMap: + AccessKeysPerUserQuota: 2 + AccountAccessKeysPresent: 1 + AccountMFAEnabled: 0 + AccountSigningCertificatesPresent: 0 + AttachedPoliciesPerGroupQuota: 10 + AttachedPoliciesPerRoleQuota: 10 + AttachedPoliciesPerUserQuota: 10 + GlobalEndpointTokenVersion: 2 + GroupPolicySizeQuota: 5120 + Groups: 15 + GroupsPerUserQuota: 10 + GroupsQuota: 100 + MFADevices: 6 + MFADevicesInUse: 3 + Policies: 8 + PoliciesQuota: 1000 + PolicySizeQuota: 5120 + PolicyVersionsInUse: 22 + PolicyVersionsInUseQuota: 10000 + ServerCertificates: 1 + ServerCertificatesQuota: 20 + SigningCertificatesPerUserQuota: 2 + UserPolicySizeQuota: 2048 + Users: 27 + UsersQuota: 5000 + VersionsPerPolicyQuota: 5 + properties: + SummaryMap: + allOf: + - $ref: '#/components/schemas/summaryMapType' + - description: A set of key–value pairs containing information about IAM entity usage and IAM quotas. + type: object + GetContextKeysForCustomPolicyRequest: + properties: + PolicyInputList: + allOf: + - $ref: '#/components/schemas/SimulationPolicyListType' + - description: >- +

A list of policies for which you want the list of context keys referenced in those policies. Each document is specified as a string containing the complete, valid JSON text of an IAM policy.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ required: + - PolicyInputList + title: GetContextKeysForCustomPolicyRequest + type: object + GetContextKeysForPolicyResponse: + description: 'Contains the response to a successful GetContextKeysForPrincipalPolicy or GetContextKeysForCustomPolicy request. ' + properties: + ContextKeyNames: + allOf: + - $ref: '#/components/schemas/ContextKeyNamesResultListType' + - description: The list of context keys that are referenced in the input policies. + type: object + GetContextKeysForPrincipalPolicyRequest: + properties: + PolicyInputList: + allOf: + - $ref: '#/components/schemas/SimulationPolicyListType' + - description: >- +

An optional list of additional policies for which you want the list of context keys that are referenced.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and + Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ PolicySourceArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: >- +

The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies that are attached to the user. The list also includes all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must + be URL encoded to be included as a part of a real HTML request.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ required: + - PolicySourceArn + title: GetContextKeysForPrincipalPolicyRequest + type: object + GetGroupPolicyRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name of the group the policy is associated with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name of the policy document to get.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - GroupName + - PolicyName + title: GetGroupPolicyRequest + type: object + GetGroupPolicyResponse: + description: 'Contains the response to a successful GetGroupPolicy request. ' + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: The group the policy is associated with. + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description:

The policy document.

IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The name of the policy. required: - GroupName - PolicyName - PolicyDocument type: object + GetLoginProfileRequest: + properties: + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the user whose login profile you want to retrieve.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + title: GetLoginProfileRequest + type: object + GetLoginProfileResponse: + description: 'Contains the response to a successful GetLoginProfile request. ' + example: + LoginProfile: + CreateDate: '2012-09-21T23:03:39Z' + UserName: Anika + properties: + LoginProfile: + allOf: + - $ref: '#/components/schemas/LoginProfile' + - description: A structure containing the user name and the profile creation date for the user. + required: + - LoginProfile + type: object GetPolicyRequest: properties: PolicyArn: @@ -627,6 +1320,29 @@ components: - $ref: '#/components/schemas/Policy' - description: A structure containing details about the policy. type: object + GetPolicyVersionRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the managed policy that you want information about.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ VersionId: + allOf: + - $ref: '#/components/schemas/policyVersionIdType' + - description:

Identifies the policy version to retrieve.

This parameter allows (through its regex pattern) a string of characters that consists of the lowercase letter 'v' followed by one or two digits, and optionally followed by a period '.' and a string of letters and digits.

+ required: + - PolicyArn + - VersionId + title: GetPolicyVersionRequest + type: object + GetPolicyVersionResponse: + description: 'Contains the response to a successful GetPolicyVersion request. ' + properties: + PolicyVersion: + allOf: + - $ref: '#/components/schemas/PolicyVersion' + - description: A structure containing details about the policy version. + type: object GetRolePolicyRequest: properties: PolicyName: @@ -662,49 +1378,60 @@ components: - PolicyName - PolicyDocument type: object - GetUserPolicyRequest: + GetSSHPublicKeyRequest: properties: - PolicyName: + Encoding: allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name of the policy document to get.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + - $ref: '#/components/schemas/encodingType' + - description: Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM. + SSHPublicKeyId: + allOf: + - $ref: '#/components/schemas/publicKeyIdType' + - description:

The unique identifier for the SSH public key.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

UserName: allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user who the policy is associated with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user associated with the SSH public key.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' required: - UserName - - PolicyName - title: GetUserPolicyRequest + - SSHPublicKeyId + - Encoding + title: GetSSHPublicKeyRequest type: object - GetUserPolicyResponse: - description: 'Contains the response to a successful GetUserPolicy request. ' + GetSSHPublicKeyResponse: + description: Contains the response to a successful GetSSHPublicKey request. properties: - PolicyDocument: + SSHPublicKey: allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description:

The policy document.

IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

- PolicyName: + - $ref: '#/components/schemas/SSHPublicKey' + - description: A structure containing details about the SSH public key. + type: object + GetServerCertificateRequest: + properties: + ServerCertificateName: allOf: - - $ref: '#/components/schemas/policyNameType' - - description: The name of the policy. - UserName: + - $ref: '#/components/schemas/serverCertificateNameType' + - description: '

The name of the server certificate you want to retrieve information about.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - ServerCertificateName + title: GetServerCertificateRequest + type: object + GetServerCertificateResponse: + description: 'Contains the response to a successful GetServerCertificate request. ' + properties: + ServerCertificate: allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: The user the policy is associated with. + - $ref: '#/components/schemas/ServerCertificate' + - description: A structure containing details about the server certificate. required: - - UserName - - PolicyName - - PolicyDocument + - ServerCertificate type: object - InvalidInputException: {} - LimitExceededException: {} - ListGroupPoliciesRequest: + GetServiceLastAccessedDetailsWithEntitiesRequest: properties: - GroupName: + JobId: allOf: - - $ref: '#/components/schemas/groupNameType' - - description: '

The name of the group to list policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + - $ref: '#/components/schemas/jobIDType' + - description: The ID of the request generated by the GenerateServiceLastAccessedDetails operation. Marker: allOf: - $ref: '#/components/schemas/markerType' @@ -715,85 +1442,316 @@ components: - description: >-

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ ServiceNamespace: + allOf: + - $ref: '#/components/schemas/serviceNamespaceType' + - description: "

The service namespace for an Amazon Web Services service. Provide the service namespace to learn when the IAM entity last attempted to access the specified service.

To learn the service namespace for a service, see Actions, resources, and condition keys for Amazon Web Services services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services General Reference.

" required: - - GroupName - title: ListGroupPoliciesRequest + - JobId + - ServiceNamespace + title: GetServiceLastAccessedDetailsWithEntitiesRequest type: object - ListGroupPoliciesResponse: - description: 'Contains the response to a successful ListGroupPolicies request. ' + GetServiceLastAccessedDetailsWithEntitiesResponse: example: - PolicyNames: - - AdminRoot - - KeyPolicy + EntityDetailsList: + - EntityInfo: + Arn: arn:aws:iam::123456789012:user/AWSExampleUser01 + Id: AIDAEX2EXAMPLEB6IGCDC + Name: AWSExampleUser01 + Path: / + Type: USER + LastAuthenticated: '2018-10-24T19:10:00Z' + - EntityInfo: + Arn: arn:aws:iam::123456789012:role/AWSExampleRole01 + Id: AROAEAEXAMPLEIANXSIU4 + Name: AWSExampleRole01 + Path: / + Type: ROLE + IsTruncated: false + JobCompletionDate: '2018-10-24T19:47:35.241Z' + JobCreationDate: '2018-10-24T19:47:31.466Z' + JobStatus: COMPLETED properties: + EntityDetailsList: + allOf: + - $ref: '#/components/schemas/entityDetailsListType' + - description: "An\_EntityDetailsList object that contains details about when an IAM entity (user or role) used group or policy permissions in an attempt to access the specified Amazon Web Services service." + Error: + allOf: + - $ref: '#/components/schemas/ErrorDetails' + - description: An object that contains details about the reason the operation failed. IsTruncated: allOf: - $ref: '#/components/schemas/booleanType' - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + JobCompletionDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "

The date and time, in\_ISO 8601 date-time format, when the generated report job was completed or failed.

This field is null if the job is still in progress, as indicated by a job status value of IN_PROGRESS.

" + JobCreationDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "The date and time, in\_ISO 8601 date-time format, when the report job was created." + JobStatus: + allOf: + - $ref: '#/components/schemas/jobStatusType' + - description: The status of the job. Marker: allOf: - $ref: '#/components/schemas/responseMarkerType' - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. - PolicyNames: - allOf: - - $ref: '#/components/schemas/policyNameListType' - - description: '

A list of policy names.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' required: - - PolicyNames + - JobStatus + - JobCreationDate + - JobCompletionDate + - EntityDetailsList type: object - ListPoliciesRequest: + GetServiceLinkedRoleDeletionStatusRequest: properties: - Marker: - allOf: - - $ref: '#/components/schemas/markerType' - - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. - MaxItems: - allOf: - - $ref: '#/components/schemas/maxItemsType' - - description: >- -

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns - true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

- OnlyAttached: + DeletionTaskId: allOf: - - $ref: '#/components/schemas/booleanType' - - description:

A flag to filter the results to only the attached policies.

When OnlyAttached is true, the returned list contains only the policies that are attached to an IAM user, group, or role. When OnlyAttached is false, or when the parameter is not included, all policies are returned.

- PathPrefix: - allOf: - - $ref: '#/components/schemas/policyPathType' - - description: >- - The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character - (\u007F), including most punctuation characters, digits, and upper and lowercased letters. - PolicyUsageFilter: + - $ref: '#/components/schemas/DeletionTaskIdType' + - description: The deletion task identifier. This identifier is returned by the DeleteServiceLinkedRole operation in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>. + required: + - DeletionTaskId + title: GetServiceLinkedRoleDeletionStatusRequest + type: object + GetServiceLinkedRoleDeletionStatusResponse: + properties: + Reason: allOf: - - $ref: '#/components/schemas/PolicyUsageType' - - description: "

The policy usage method to use for filtering the results.

To list only permissions policies, set\_PolicyUsageFilter\_to\_PermissionsPolicy. To list only the policies used to set permissions boundaries, set\_the value to\_PermissionsBoundary.

This parameter is optional. If it is not included, all policies are returned.

" - Scope: + - $ref: '#/components/schemas/DeletionTaskFailureReasonType' + - description: An object that contains details about the reason the deletion failed. + Status: allOf: - - $ref: '#/components/schemas/policyScopeType' - - description:

The scope to use for filtering the results.

To list only Amazon Web Services managed policies, set Scope to AWS. To list only the customer managed policies in your Amazon Web Services account, set Scope to Local.

This parameter is optional. If it is not included, or if it is set to All, all policies are returned.

- title: ListPoliciesRequest + - $ref: '#/components/schemas/DeletionTaskStatusType' + - description: The status of the deletion. + required: + - Status type: object - ListPoliciesResponse: - description: 'Contains the response to a successful ListPolicies request. ' + GetUserPolicyRequest: properties: - IsTruncated: - allOf: - - $ref: '#/components/schemas/booleanType' - - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. - Marker: + PolicyName: allOf: - - $ref: '#/components/schemas/responseMarkerType' - - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. - Policies: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name of the policy document to get.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + UserName: allOf: - - $ref: '#/components/schemas/policyListType' - - description: A list of policies. + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user who the policy is associated with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + - PolicyName + title: GetUserPolicyRequest type: object - ListRolePoliciesRequest: + GetUserPolicyResponse: + description: 'Contains the response to a successful GetUserPolicy request. ' properties: - Marker: + PolicyDocument: allOf: - - $ref: '#/components/schemas/markerType' + - $ref: '#/components/schemas/policyDocumentType' + - description:

The policy document.

IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The name of the policy. + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: The user the policy is associated with. + required: + - UserName + - PolicyName + - PolicyDocument + type: object + Group: + type: object + properties: + Arn: + description: '' + type: string + GroupName: + description: |- + The name of the group to create. Do not include the path in this value. + The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the group name. + If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). + Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. + type: string + ManagedPolicyArns: + description: |- + The Amazon Resource Name (ARN) of the IAM policy you want to attach. + For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Path: + description: |- + The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + type: string + Policies: + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group). + The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail. + For information about limits on the number of inline policies that you can embed in a group, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Policy' + x-stackql-resource-name: group + description: |- + Creates a new group. + For information about the number of groups you can create, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. + x-type-name: AWS::IAM::Group + x-stackql-primary-identifier: + - GroupName + x-create-only-properties: + - GroupName + x-read-only-properties: + - Arn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:CreateGroup + - iam:PutGroupPolicy + - iam:AttachGroupPolicy + - iam:GetGroupPolicy + - iam:GetGroup + read: + - iam:GetGroup + - iam:ListGroupPolicies + - iam:GetGroupPolicy + - iam:ListAttachedGroupPolicies + update: + - iam:GetGroup + - iam:UpdateGroup + - iam:DetachGroupPolicy + - iam:AttachGroupPolicy + - iam:DeleteGroupPolicy + - iam:PutGroupPolicy + - iam:GetGroupPolicy + delete: + - iam:GetGroup + - iam:DeleteGroup + - iam:ListAttachedGroupPolicies + - iam:ListGroupPolicies + - iam:DetachGroupPolicy + - iam:DeleteGroupPolicy + - iam:GetGroupPolicy + list: + - iam:ListGroups + GroupDetail: + description:

Contains information about an IAM group, including all of the group's policies.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

+ properties: + Arn: + $ref: '#/components/schemas/arnType' + AttachedManagedPolicies: + allOf: + - $ref: '#/components/schemas/attachedPoliciesListType' + - description: A list of the managed policies attached to the group. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO 8601 date-time format, when the group was created. + GroupId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the group. For more information about IDs, see IAM identifiers in the IAM User Guide. + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: The friendly name that identifies the group. + GroupPolicyList: + allOf: + - $ref: '#/components/schemas/policyDetailListType' + - description: A list of the inline policies embedded in the group. + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: The path to the group. For more information about paths, see IAM identifiers in the IAM User Guide. + type: object + InstanceProfile: + type: object + properties: + Path: + type: string + description: |- + The path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + Roles: + type: array + description: The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions. + uniqueItems: true + x-insertionOrder: false + items: + type: string + InstanceProfileName: + type: string + description: |- + The name of the instance profile to create. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + Arn: + type: string + description: '' + required: + - Roles + x-stackql-resource-name: instance_profile + description: |- + Creates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html). + For information about the number of instance profiles you can create, see [object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *User Guide*. + x-type-name: AWS::IAM::InstanceProfile + x-stackql-primary-identifier: + - InstanceProfileName + x-create-only-properties: + - InstanceProfileName + - Path + x-read-only-properties: + - Arn + x-required-properties: + - Roles + x-tagging: + taggable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:CreateInstanceProfile + - iam:PassRole + - iam:AddRoleToInstanceProfile + - iam:GetInstanceProfile + read: + - iam:GetInstanceProfile + update: + - iam:PassRole + - iam:RemoveRoleFromInstanceProfile + - iam:AddRoleToInstanceProfile + - iam:GetInstanceProfile + delete: + - iam:GetInstanceProfile + - iam:RemoveRoleFromInstanceProfile + - iam:DeleteInstanceProfile + list: + - iam:ListInstanceProfiles + InvalidAuthenticationCodeException: {} + InvalidCertificateException: {} + InvalidInputException: {} + InvalidPublicKeyException: {} + LimitExceededException: {} + ListAccessKeysRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. MaxItems: allOf: @@ -801,17 +1759,29 @@ components: - description: >-

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

- RoleName: + UserName: allOf: - - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the role to list policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' - required: - - RoleName - title: ListRolePoliciesRequest + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + title: ListAccessKeysRequest type: object - ListRolePoliciesResponse: - description: 'Contains the response to a successful ListRolePolicies request. ' + ListAccessKeysResponse: + description: 'Contains the response to a successful ListAccessKeys request. ' + example: + AccessKeyMetadata: + - AccessKeyId: AKIA111111111EXAMPLE + CreateDate: '2016-12-01T22:19:58Z' + Status: Active + UserName: Alice + - AccessKeyId: AKIA222222222EXAMPLE + CreateDate: '2016-12-01T22:20:01Z' + Status: Active + UserName: Alice properties: + AccessKeyMetadata: + allOf: + - $ref: '#/components/schemas/accessKeyMetadataListType' + - description: A list of objects containing metadata about the access keys. IsTruncated: allOf: - $ref: '#/components/schemas/booleanType' @@ -820,14 +1790,10 @@ components: allOf: - $ref: '#/components/schemas/responseMarkerType' - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. - PolicyNames: - allOf: - - $ref: '#/components/schemas/policyNameListType' - - description: A list of policy names. required: - - PolicyNames + - AccessKeyMetadata type: object - ListUserPoliciesRequest: + ListAccountAliasesRequest: properties: Marker: allOf: @@ -839,17 +1805,18 @@ components: - description: >-

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

- UserName: - allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user to list policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' - required: - - UserName - title: ListUserPoliciesRequest + title: ListAccountAliasesRequest type: object - ListUserPoliciesResponse: - description: 'Contains the response to a successful ListUserPolicies request. ' + ListAccountAliasesResponse: + description: 'Contains the response to a successful ListAccountAliases request. ' + example: + AccountAliases: + - exmaple-corporation properties: + AccountAliases: + allOf: + - $ref: '#/components/schemas/accountAliasListType' + - description: A list of aliases associated with the account. Amazon Web Services supports only one alias per account. IsTruncated: allOf: - $ref: '#/components/schemas/booleanType' @@ -858,2381 +1825,4150 @@ components: allOf: - $ref: '#/components/schemas/responseMarkerType' - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. - PolicyNames: - allOf: - - $ref: '#/components/schemas/policyNameListType' - - description: A list of policy names. required: - - PolicyNames - type: object - MalformedPolicyDocumentException: {} - NoSuchEntityException: {} - Policy: - description: |- - Contains information about an attached policy. - An attached policy is a managed policy that has been attached to a user, group, or role. - For more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*. + - AccountAliases type: object - additionalProperties: false - properties: - PolicyDocument: - description: The entire contents of the policy that defines permissions. For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). - type: object - PolicyName: - description: The friendly name (not ARN) identifying the policy. - type: string - required: - - PolicyName - - PolicyDocument - PolicyNotAttachableException: {} - PolicyUsageType: - description:

The policy usage type that indicates whether the policy is used as a permissions policy or as the permissions boundary for an entity.

For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.

- enum: - - PermissionsPolicy - - PermissionsBoundary - type: string - PutGroupPolicyRequest: + ListAttachedGroupPoliciesRequest: properties: GroupName: allOf: - $ref: '#/components/schemas/groupNameType' - - description: '

The name of the group to associate the policy with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.

' - PolicyDocument: + - description: '

The name (friendly name, not ARN) of the group to list attached policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + Marker: allOf: - - $ref: '#/components/schemas/policyDocumentType' - - description: >- -

The policy document.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to = IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

- PolicyName: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name of the policy document.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/policyPathType' + - description: >- +

The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.

This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL + character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

required: - GroupName - - PolicyName - - PolicyDocument - title: PutGroupPolicyRequest + title: ListAttachedGroupPoliciesRequest type: object - PutRolePolicyRequest: + ListAttachedGroupPoliciesResponse: + description: 'Contains the response to a successful ListAttachedGroupPolicies request. ' properties: - PolicyDocument: + AttachedPolicies: allOf: - - $ref: '#/components/schemas/policyDocumentType' + - $ref: '#/components/schemas/attachedPoliciesListType' + - description: A list of the attached policies. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + type: object + ListAttachedRolePoliciesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' - description: >- -

The policy document.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

- PolicyName: +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ PathPrefix: allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name of the policy document.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + - $ref: '#/components/schemas/policyPathType' + - description: >- +

The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.

This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL + character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

RoleName: allOf: - $ref: '#/components/schemas/roleNameType' - - description: '

The name of the role to associate the policy with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + - description: '

The name (friendly name, not ARN) of the role to list attached policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' required: - RoleName - - PolicyName - - PolicyDocument - title: PutRolePolicyRequest + title: ListAttachedRolePoliciesRequest type: object - PutUserPolicyRequest: + ListAttachedRolePoliciesResponse: + description: 'Contains the response to a successful ListAttachedRolePolicies request. ' properties: - PolicyDocument: + AttachedPolicies: allOf: - - $ref: '#/components/schemas/policyDocumentType' + - $ref: '#/components/schemas/attachedPoliciesListType' + - description: A list of the attached policies. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + type: object + ListAttachedUserPoliciesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' - description: >- -

The policy document.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character - ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

- PolicyName: +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ PathPrefix: allOf: - - $ref: '#/components/schemas/policyNameType' - - description: '

The name of the policy document.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + - $ref: '#/components/schemas/policyPathType' + - description: >- +

The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.

This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL + character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

UserName: allOf: - - $ref: '#/components/schemas/existingUserNameType' - - description: '

The name of the user to associate the policy with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + - $ref: '#/components/schemas/userNameType' + - description: '

The name (friendly name, not ARN) of the user to list attached policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' required: - UserName - - PolicyName - - PolicyDocument - title: PutUserPolicyRequest - type: object - ServiceFailureException: {} - Tag: - description: A key-value pair to associate with a resource. + title: ListAttachedUserPoliciesRequest type: object - additionalProperties: false + ListAttachedUserPoliciesResponse: + description: 'Contains the response to a successful ListAttachedUserPolicies request. ' properties: - Value: - description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' - type: string - minLength: 1 - maxLength: 256 - Key: - description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' - type: string - minLength: 1 - maxLength: 128 - required: - - Value - - Key - TagPolicyRequest: + AttachedPolicies: + allOf: + - $ref: '#/components/schemas/attachedPoliciesListType' + - description: A list of the attached policies. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + type: object + ListEntitiesForPolicyRequest: properties: + EntityFilter: + allOf: + - $ref: '#/components/schemas/EntityType' + - description:

The entity type to use for filtering the results.

For example, when EntityFilter is Role, only the roles that are attached to the specified policy are returned. This parameter is optional. If it is not included, all attached entities (users, groups, and roles) are returned. The argument for this parameter must be one of the valid values listed below.

+ Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/pathType' + - description: >- +

The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities.

This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL + character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

PolicyArn: allOf: - $ref: '#/components/schemas/arnType' - - description: '

The ARN of the IAM customer managed policy to which you want to add tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' - Tags: + - description:

The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ PolicyUsageFilter: allOf: - - $ref: '#/components/schemas/tagListType' - - description: The list of tags that you want to attach to the IAM customer managed policy. Each tag consists of a key name and an associated value. + - $ref: '#/components/schemas/PolicyUsageType' + - description: "

The policy usage method to use for filtering the results.

To list only permissions policies, set\_PolicyUsageFilter\_to\_PermissionsPolicy. To list only the policies used to set permissions boundaries, set\_the value to\_PermissionsBoundary.

This parameter is optional. If it is not included, all policies are returned.

" required: - PolicyArn - - Tags - title: TagPolicyRequest + title: ListEntitiesForPolicyRequest type: object - UnmodifiableEntityException: {} - UntagPolicyRequest: + ListEntitiesForPolicyResponse: + description: 'Contains the response to a successful ListEntitiesForPolicy request. ' properties: - PolicyArn: + IsTruncated: allOf: - - $ref: '#/components/schemas/arnType' - - description: '

The ARN of the IAM customer managed policy from which you want to remove tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' - TagKeys: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: allOf: - - $ref: '#/components/schemas/tagKeyListType' - - description: A list of key names as a simple array of strings. The tags with matching keys are removed from the specified policy. + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + PolicyGroups: + allOf: + - $ref: '#/components/schemas/PolicyGroupListType' + - description: A list of IAM groups that the policy is attached to. + PolicyRoles: + allOf: + - $ref: '#/components/schemas/PolicyRoleListType' + - description: A list of IAM roles that the policy is attached to. + PolicyUsers: + allOf: + - $ref: '#/components/schemas/PolicyUserListType' + - description: A list of IAM users that the policy is attached to. + type: object + ListGroupPoliciesRequest: + properties: + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name of the group to list policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

required: - - PolicyArn - - TagKeys - title: UntagPolicyRequest + - GroupName + title: ListGroupPoliciesRequest type: object - arnType: - description:

The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

- maxLength: 2048 - minLength: 20 - type: string - attachmentCountType: - type: integer - booleanType: - type: boolean - dateType: - format: date-time - type: string - existingUserNameType: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - groupNameType: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - idType: - maxLength: 128 - minLength: 16 - pattern: '[\w]+' - type: string - markerType: - maxLength: 320 - minLength: 1 - pattern: '[\u0020-\u00FF]+' - type: string - maxItemsType: - maximum: 1000 - minimum: 1 - type: integer - policyDescriptionType: - maxLength: 1000 - type: string - policyDocumentType: - maxLength: 131072 - minLength: 1 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - policyListType: - items: - allOf: - - $ref: '#/components/schemas/Policy' - - xml: - name: member - type: array - policyNameListType: - description:

Contains a list of policy names.

This data type is used as a response element in the ListPolicies operation.

- items: - allOf: - - $ref: '#/components/schemas/policyNameType' - - xml: - name: member - type: array - policyNameType: - maxLength: 128 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - policyPathType: - maxLength: 512 - minLength: 1 - pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ - type: string - policyScopeType: - enum: - - All - - AWS - - Local - type: string - policyVersionIdType: - pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)? - type: string - responseMarkerType: - type: string - roleNameType: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - tagKeyListType: - items: - allOf: - - $ref: '#/components/schemas/tagKeyType' - - xml: - name: member - maxItems: 50 - type: array - tagKeyType: - maxLength: 128 - minLength: 1 - pattern: '[\p{L}\p{Z}\p{N}_.:/=+\-@]+' - type: string - tagListType: - items: - allOf: - - $ref: '#/components/schemas/Tag' - - xml: - name: member - maxItems: 50 - type: array - tagValueType: - maxLength: 256 - minLength: 0 - pattern: '[\p{L}\p{Z}\p{N}_.:/=+\-@]*' - type: string - userNameType: - maxLength: 64 - minLength: 1 - pattern: '[\w+=,.@-]+' - type: string - Group: + ListGroupPoliciesResponse: + description: 'Contains the response to a successful ListGroupPolicies request. ' + example: + PolicyNames: + - AdminRoot + - KeyPolicy + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + PolicyNames: + allOf: + - $ref: '#/components/schemas/policyNameListType' + - description: '

A list of policy names.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - PolicyNames type: object + ListGroupsForUserRequest: properties: - Arn: - description: '' - type: string - GroupName: - description: |- - The name of the group to create. Do not include the path in this value. - The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the group name. - If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. - If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). - Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. - type: string - ManagedPolicyArns: - description: |- - The Amazon Resource Name (ARN) of the IAM policy you want to attach. - For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. - type: array - uniqueItems: true - x-insertionOrder: false - items: - type: string - Path: - description: |- - The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. - This parameter is optional. If it is not included, it defaults to a slash (/). - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. - type: string - Policies: - description: |- - Adds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group). - The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail. - For information about limits on the number of inline policies that you can embed in a group, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Policy' - x-stackql-resource-name: group - description: |- - Creates a new group. - For information about the number of groups you can create, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. - x-type-name: AWS::IAM::Group - x-stackql-primary-identifier: - - GroupName - x-create-only-properties: - - GroupName - x-read-only-properties: - - Arn - x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false - cloudFormationSystemTags: false - x-required-permissions: - create: - - iam:CreateGroup - - iam:PutGroupPolicy - - iam:AttachGroupPolicy - - iam:GetGroupPolicy - - iam:GetGroup - read: - - iam:GetGroup - - iam:ListGroupPolicies - - iam:GetGroupPolicy - - iam:ListAttachedGroupPolicies - update: - - iam:GetGroup - - iam:UpdateGroup - - iam:DetachGroupPolicy - - iam:AttachGroupPolicy - - iam:DeleteGroupPolicy - - iam:PutGroupPolicy - - iam:GetGroupPolicy - delete: - - iam:GetGroup - - iam:DeleteGroup - - iam:ListAttachedGroupPolicies - - iam:ListGroupPolicies - - iam:DetachGroupPolicy - - iam:DeleteGroupPolicy - - iam:GetGroupPolicy - list: - - iam:ListGroups - GroupPolicy: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user to list groups for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + title: ListGroupsForUserRequest type: object + ListGroupsForUserResponse: + description: 'Contains the response to a successful ListGroupsForUser request. ' + example: + Groups: + - Arn: arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/engineering/Test + CreateDate: '2016-11-30T14:10:01.156Z' + GroupId: AGP2111111111EXAMPLE + GroupName: Test + Path: /division_abc/subdivision_xyz/product_1234/engineering/ + - Arn: arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/Managers + CreateDate: '2016-06-12T20:14:52.032Z' + GroupId: AGPI222222222SEXAMPLE + GroupName: Managers + Path: /division_abc/subdivision_xyz/product_1234/ properties: - PolicyDocument: - description: |- - The policy document. - You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. - The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: - + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range - + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) - + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) - type: object - PolicyName: - description: |- - The name of the policy document. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - type: string - GroupName: - description: |- - The name of the group to associate the policy with. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. - type: string + Groups: + allOf: + - $ref: '#/components/schemas/groupListType' + - description: A list of groups. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. required: - - PolicyName - - GroupName - x-stackql-resource-name: group_policy - description: |- - Adds or updates an inline policy document that is embedded in the specified IAM group. - A group can also have managed policies attached to it. To attach a managed policy to a group, use [AWS::IAM::Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. - For information about the maximum number of inline policies that you can embed in a group, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. - x-type-name: AWS::IAM::GroupPolicy - x-stackql-primary-identifier: - - PolicyName - - GroupName - x-create-only-properties: - - PolicyName - - GroupName - x-required-properties: - - PolicyName - - GroupName - x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false - cloudFormationSystemTags: false - x-required-permissions: - create: - - iam:PutGroupPolicy - - iam:GetGroupPolicy - read: - - iam:GetGroupPolicy - update: - - iam:PutGroupPolicy - - iam:GetGroupPolicy - delete: - - iam:DeleteGroupPolicy - - iam:GetGroupPolicy - InstanceProfile: + - Groups type: object + ListInstanceProfilesForRoleRequest: properties: - Path: - type: string - description: |- - The path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. - This parameter is optional. If it is not included, it defaults to a slash (/). - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. - Roles: - type: array - description: The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions. - uniqueItems: true - x-insertionOrder: false - items: - type: string - InstanceProfileName: - type: string - description: |- - The name of the instance profile to create. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - Arn: - type: string - description: '' + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the role to list instance profiles for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' required: - - Roles - x-stackql-resource-name: instance_profile - description: |- - Creates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html). - For information about the number of instance profiles you can create, see [object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *User Guide*. - x-type-name: AWS::IAM::InstanceProfile - x-stackql-primary-identifier: - - InstanceProfileName - x-create-only-properties: - - InstanceProfileName - - Path - x-read-only-properties: - - Arn - x-required-properties: - - Roles - x-required-permissions: - create: - - iam:CreateInstanceProfile - - iam:PassRole - - iam:AddRoleToInstanceProfile - - iam:GetInstanceProfile - read: - - iam:GetInstanceProfile - update: - - iam:PassRole - - iam:RemoveRoleFromInstanceProfile - - iam:AddRoleToInstanceProfile - - iam:GetInstanceProfile - delete: - - iam:GetInstanceProfile - - iam:RemoveRoleFromInstanceProfile - - iam:DeleteInstanceProfile - list: - - iam:ListInstanceProfiles - ManagedPolicy: + - RoleName + title: ListInstanceProfilesForRoleRequest type: object + ListInstanceProfilesForRoleResponse: + description: 'Contains the response to a successful ListInstanceProfilesForRole request. ' properties: - Description: - type: string - description: |- - A friendly description of the policy. - Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." - The policy description is immutable. After a value is assigned, it cannot be changed. - Groups: - x-insertionOrder: false - type: array - description: |- - The name (friendly name, not ARN) of the group to attach the policy to. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - uniqueItems: true - items: - type: string - ManagedPolicyName: - type: string - description: |- - The friendly name of the policy. - If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. - If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). - Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. - Path: - type: string - default: / - description: |- - The path for the policy. - For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. - This parameter is optional. If it is not included, it defaults to a slash (/). - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. - You cannot use an asterisk (*) in the path name. - PolicyDocument: - type: object - description: |- - The JSON policy document that you want to use as the content for the new policy. - You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. - The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). - To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide*. - The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: - + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range - + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) - + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) - Roles: - x-insertionOrder: false - type: array - description: |- - The name (friendly name, not ARN) of the role to attach the policy to. - This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy``) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service``) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that CFN deletes the ``AWS::ECS::Service`` resource before deleting its role's policy. - uniqueItems: true - items: - type: string - Users: - x-insertionOrder: false - type: array - description: |- - The name (friendly name, not ARN) of the IAM user to attach the policy to. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - uniqueItems: true - items: - type: string - PolicyArn: - type: string - description: '' - AttachmentCount: - type: integer - description: '' - CreateDate: - type: string - description: '' - UpdateDate: - type: string - description: '' - DefaultVersionId: - type: string - description: '' - IsAttachable: - type: boolean - description: '' - PermissionsBoundaryUsageCount: - type: integer - description: '' - PolicyId: - type: string - description: '' + InstanceProfiles: + allOf: + - $ref: '#/components/schemas/instanceProfileListType' + - description: A list of instance profiles. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. required: - - PolicyDocument - x-stackql-resource-name: managed_policy - description: |- - Creates a new managed policy for your AWS-account. - This operation creates a policy version with a version identifier of ``v1`` and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide*. - As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide*. - For more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. - x-type-name: AWS::IAM::ManagedPolicy - x-stackql-primary-identifier: - - PolicyArn - x-create-only-properties: - - ManagedPolicyName - - Description - - Path - x-read-only-properties: - - PolicyArn - - AttachmentCount - - CreateDate - - DefaultVersionId - - IsAttachable - - PermissionsBoundaryUsageCount - - PolicyId - - UpdateDate - x-required-properties: - - PolicyDocument - x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false - cloudFormationSystemTags: false - x-required-permissions: - create: - - iam:CreatePolicy - - iam:AttachGroupPolicy - - iam:AttachUserPolicy - - iam:AttachRolePolicy - read: - - iam:GetPolicy - - iam:ListEntitiesForPolicy - - iam:GetPolicyVersion - update: - - iam:DetachRolePolicy - - iam:GetPolicy - - iam:ListPolicyVersions - - iam:DetachGroupPolicy - - iam:DetachUserPolicy - - iam:CreatePolicyVersion - - iam:DeletePolicyVersion - - iam:AttachGroupPolicy - - iam:AttachUserPolicy - - iam:AttachRolePolicy - delete: - - iam:DetachRolePolicy - - iam:GetPolicy - - iam:ListPolicyVersions - - iam:DetachGroupPolicy - - iam:DetachUserPolicy - - iam:DeletePolicyVersion - - iam:DeletePolicy - - iam:ListEntitiesForPolicy - list: - - iam:ListPolicies - OIDCProvider: + - InstanceProfiles type: object + ListMFADeviceTagsRequest: properties: - ClientIdList: - type: array - x-insertionOrder: false - items: - minLength: 1 - maxLength: 255 - type: string - Url: - minLength: 1 - maxLength: 255 - type: string - ThumbprintList: - type: array - x-insertionOrder: false - items: - minLength: 40 - maxLength: 40 - pattern: '[0-9A-Fa-f]{40}' - type: string - maxItems: 5 - Arn: - description: Amazon Resource Name (ARN) of the OIDC provider - minLength: 20 - maxLength: 2048 - type: string + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

The unique identifier for the IAM virtual MFA device whose tags you want to see. For virtual MFA devices, the serial number is the same as the ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - SerialNumber + title: ListMFADeviceTagsRequest + type: object + ListMFADeviceTagsResponse: + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. Tags: - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that are currently attached to the virtual MFA device. Each tag consists of a key name and an associated value. If no tags are attached to the specified resource, the response contains an empty list. required: - - ThumbprintList - x-stackql-resource-name: oidc_provider - description: Resource Type definition for AWS::IAM::OIDCProvider - x-type-name: AWS::IAM::OIDCProvider - x-stackql-primary-identifier: - - Arn - x-create-only-properties: - - Url - x-read-only-properties: - - Arn - x-required-properties: - - ThumbprintList - x-tagging: - taggable: true - tagOnCreate: true - tagUpdatable: true - cloudFormationSystemTags: false - x-required-permissions: - create: - - iam:CreateOpenIDConnectProvider - - iam:TagOpenIDConnectProvider - - iam:GetOpenIDConnectProvider - read: - - iam:GetOpenIDConnectProvider - update: - - iam:UpdateOpenIDConnectProviderThumbprint - - iam:RemoveClientIDFromOpenIDConnectProvider - - iam:AddClientIDToOpenIDConnectProvider - - iam:GetOpenIDConnectProvider - - iam:TagOpenIDConnectProvider - - iam:UntagOpenIDConnectProvider - - iam:ListOpenIDConnectProviderTags - delete: - - iam:DeleteOpenIDConnectProvider - list: - - iam:ListOpenIDConnectProvider - - iam:GetOpenIDConnectProvider - Role: + - Tags type: object + ListMFADevicesRequest: properties: - Arn: - description: '' - type: string - AssumeRolePolicyDocument: - description: >- - The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements - Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*. - type: object - Description: - description: A description of the role that you provide. - type: string - ManagedPolicyArns: - description: |- - A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. - For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. - type: array - uniqueItems: true - x-insertionOrder: false - items: - type: string - MaxSessionDuration: - description: |- - The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours. - Anyone who assumes the role from the CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*. - type: integer - Path: - description: |- - The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. - This parameter is optional. If it is not included, it defaults to a slash (/). - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. - default: / - type: string - PermissionsBoundary: - description: |- - The ARN of the policy used to set the permissions boundary for the role. - For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*. - type: string - Policies: - description: |- - Adds or updates an inline policy document that is embedded in the specified IAM role. - When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html). - A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*. - For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. - If an external policy (such as ``AWS::IAM::Policy`` or - type: array - x-insertionOrder: false - uniqueItems: false - items: - $ref: '#/components/schemas/Policy' - RoleId: - description: '' - type: string - RoleName: - description: |- - A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*. - This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1". - If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name. - If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/Use - type: string - Tags: - description: A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - required: - - AssumeRolePolicyDocument - x-stackql-resource-name: role - description: |- - Creates a new role for your AWS-account. - For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *IAM User Guide*. For information about quotas for role names and the number of roles you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. - x-type-name: AWS::IAM::Role - x-stackql-primary-identifier: - - RoleName - x-create-only-properties: - - Path - - RoleName - x-read-only-properties: - - Arn - - RoleId - x-required-properties: - - AssumeRolePolicyDocument - x-tagging: - taggable: true - tagOnCreate: true - tagUpdatable: true - cloudFormationSystemTags: false - tagProperty: /properties/Tags - x-required-permissions: - create: - - iam:CreateRole - - iam:PutRolePolicy - - iam:AttachRolePolicy - - iam:GetRolePolicy - - iam:TagRole - - iam:UntagRole - - iam:GetRole - read: - - iam:GetRole - - iam:ListAttachedRolePolicies - - iam:ListRolePolicies - - iam:GetRolePolicy - update: - - iam:UpdateRole - - iam:UpdateRoleDescription - - iam:UpdateAssumeRolePolicy - - iam:DetachRolePolicy - - iam:AttachRolePolicy - - iam:DeleteRolePermissionsBoundary - - iam:PutRolePermissionsBoundary - - iam:DeleteRolePolicy - - iam:PutRolePolicy - - iam:TagRole - - iam:UntagRole - delete: - - iam:DeleteRole - - iam:DetachRolePolicy - - iam:DeleteRolePolicy - - iam:GetRole - - iam:ListAttachedRolePolicies - - iam:ListRolePolicies - - iam:TagRole - - iam:UntagRole - list: - - iam:ListRoles - RolePolicy: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user whose MFA devices you want to list.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + title: ListMFADevicesRequest type: object + ListMFADevicesResponse: + description: 'Contains the response to a successful ListMFADevices request. ' properties: - PolicyDocument: - description: |- - The policy document. - You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. - The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: - + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range - + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) - + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) - type: object - PolicyName: - description: |- - The name of the policy document. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - type: string - RoleName: - description: |- - The name of the role to associate the policy with. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - type: string + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + MFADevices: + allOf: + - $ref: '#/components/schemas/mfaDeviceListType' + - description: A list of MFA devices. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. required: - - PolicyName - - RoleName - x-stackql-resource-name: role_policy - description: |- - Adds or updates an inline policy document that is embedded in the specified IAM role. - When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). You can update a role's trust policy using [UpdateAssumeRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). For information about roles, see [roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) in the *IAM User Guide*. - A role can also have a managed policy attached to it. To attach a managed policy to a role, use [AWS::IAM::Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. - For information about the maximum number of inline policies that you can embed with a role, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. - x-type-name: AWS::IAM::RolePolicy - x-stackql-primary-identifier: - - PolicyName - - RoleName - x-create-only-properties: - - PolicyName - - RoleName - x-required-properties: - - PolicyName - - RoleName - x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false - cloudFormationSystemTags: false - x-required-permissions: - create: - - iam:PutRolePolicy - - iam:GetRolePolicy - read: - - iam:GetRolePolicy - update: - - iam:PutRolePolicy - - iam:GetRolePolicy - delete: - - iam:DeleteRolePolicy - - iam:GetRolePolicy - SAMLProvider: + - MFADevices type: object + ListPoliciesRequest: properties: - Name: - minLength: 1 - maxLength: 128 - pattern: '[\w._-]+' - type: string - SamlMetadataDocument: - minLength: 1000 - maxLength: 10000000 - type: string - Arn: - description: Amazon Resource Name (ARN) of the SAML provider - minLength: 1 - maxLength: 1600 - type: string - Tags: - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - required: - - SamlMetadataDocument - x-stackql-resource-name: saml_provider - description: Resource Type definition for AWS::IAM::SAMLProvider - x-type-name: AWS::IAM::SAMLProvider - x-stackql-primary-identifier: - - Arn - x-create-only-properties: - - Name - x-read-only-properties: - - Arn - x-required-properties: - - SamlMetadataDocument - x-tagging: - taggable: true - tagOnCreate: true - tagUpdatable: true - cloudFormationSystemTags: false - x-required-permissions: - create: - - iam:CreateSAMLProvider - - iam:GetSAMLProvider - - iam:TagSAMLProvider - read: - - iam:GetSAMLProvider - update: - - iam:UpdateSAMLProvider - - iam:GetSAMLProvider - - iam:TagSAMLProvider - - iam:ListSAMLProviderTags - - iam:UntagSAMLProvider - delete: - - iam:DeleteSAMLProvider - list: - - iam:ListSAMLProviders - - iam:GetSAMLProvider - ServerCertificate: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ OnlyAttached: + allOf: + - $ref: '#/components/schemas/booleanType' + - description:

A flag to filter the results to only the attached policies.

When OnlyAttached is true, the returned list contains only the policies that are attached to an IAM user, group, or role. When OnlyAttached is false, or when the parameter is not included, all policies are returned.

+ PathPrefix: + allOf: + - $ref: '#/components/schemas/policyPathType' + - description: >- + The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased letters. + PolicyUsageFilter: + allOf: + - $ref: '#/components/schemas/PolicyUsageType' + - description: "

The policy usage method to use for filtering the results.

To list only permissions policies, set\_PolicyUsageFilter\_to\_PermissionsPolicy. To list only the policies used to set permissions boundaries, set\_the value to\_PermissionsBoundary.

This parameter is optional. If it is not included, all policies are returned.

" + Scope: + allOf: + - $ref: '#/components/schemas/policyScopeType' + - description:

The scope to use for filtering the results.

To list only Amazon Web Services managed policies, set Scope to AWS. To list only the customer managed policies in your Amazon Web Services account, set Scope to Local.

This parameter is optional. If it is not included, or if it is set to All, all policies are returned.

+ title: ListPoliciesRequest type: object + ListPoliciesResponse: + description: 'Contains the response to a successful ListPolicies request. ' properties: - CertificateBody: - minLength: 1 - maxLength: 16384 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - CertificateChain: - minLength: 1 - maxLength: 2097152 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - ServerCertificateName: - minLength: 1 - maxLength: 128 - pattern: '[\w+=,.@-]+' - type: string - Path: - minLength: 1 - maxLength: 512 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) - type: string - PrivateKey: - minLength: 1 - maxLength: 16384 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - Arn: - description: Amazon Resource Name (ARN) of the server certificate - minLength: 1 - maxLength: 1600 - type: string - Tags: - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - x-stackql-resource-name: server_certificate - description: Resource Type definition for AWS::IAM::ServerCertificate - x-type-name: AWS::IAM::ServerCertificate - x-stackql-primary-identifier: - - ServerCertificateName - x-create-only-properties: - - ServerCertificateName - - PrivateKey - - CertificateBody - - CertificateChain - x-write-only-properties: - - PrivateKey - - CertificateBody - - CertificateChain - x-read-only-properties: - - Arn - x-tagging: - taggable: true - tagOnCreate: true - tagUpdatable: true - cloudFormationSystemTags: false - x-required-permissions: - create: - - iam:UploadServerCertificate - - iam:TagServerCertificate - - iam:GetServerCertificate - read: - - iam:GetServerCertificate - update: - - iam:TagServerCertificate - - iam:UntagServerCertificate - - iam:ListServerCertificateTags - - iam:GetServerCertificate - delete: - - iam:DeleteServerCertificate - list: - - iam:ListServerCertificates - - iam:GetServerCertificate - ServiceLinkedRole: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + Policies: + allOf: + - $ref: '#/components/schemas/policyListType' + - description: A list of policies. type: object + ListPolicyTagsRequest: properties: - RoleName: - description: The name of the role. - type: string - CustomSuffix: - description: A string that you provide, which is combined with the service-provided prefix to form the complete role name. - type: string - Description: - description: The description of the role. - type: string - AWSServiceName: - description: The service principal for the AWS service to which this role is attached. - type: string - required: [] - x-stackql-resource-name: service_linked_role - description: Resource Type definition for AWS::IAM::ServiceLinkedRole - x-type-name: AWS::IAM::ServiceLinkedRole - x-stackql-primary-identifier: - - RoleName - x-create-only-properties: - - CustomSuffix - - AWSServiceName - x-write-only-properties: - - CustomSuffix - - AWSServiceName - x-read-only-properties: - - RoleName - x-required-properties: [] - x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false - cloudFormationSystemTags: false - x-required-permissions: - create: - - iam:CreateServiceLinkedRole - - iam:GetRole - read: - - iam:GetRole - update: - - iam:UpdateRole - - iam:GetRole - delete: - - iam:DeleteServiceLinkedRole - - iam:GetServiceLinkedRoleDeletionStatus - - iam:GetRole - LoginProfile: - description: Creates a password for the specified user, giving the user the ability to access AWS services through the console. For more information about managing passwords, see [Managing Passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*. + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: '

The ARN of the IAM customer managed policy whose tags you want to see.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - PolicyArn + title: ListPolicyTagsRequest type: object - additionalProperties: false + ListPolicyTagsResponse: properties: - PasswordResetRequired: - description: Specifies whether the user is required to set a new password on next sign-in. - type: boolean - Password: - description: The user's password. - type: string + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that are currently attached to the IAM customer managed policy. Each tag consists of a key name and an associated value. If no tags are attached to the specified resource, the response contains an empty list. required: - - Password - User: + - Tags type: object + ListPolicyVersionsRequest: properties: - Path: - description: |- - The path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. - This parameter is optional. If it is not included, it defaults to a slash (/). - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. - type: string - ManagedPolicyArns: - description: |- - A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user. - For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. - type: array - uniqueItems: true - x-insertionOrder: false - items: - type: string - Policies: - description: |- - Adds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user). - The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail. - For information about limits on the number of inline policies that you can embed in a user, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Policy' - UserName: - description: |- - The name of the user to create. Do not include the path in this value. - This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john". - If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name. - If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). - Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. - type: string - Groups: - description: A list of group names to which you want to add the user. - type: array - uniqueItems: false - x-insertionOrder: false - items: - type: string - Arn: - description: '' - type: string - LoginProfile: - description: |- - Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the console. - You can use the CLI, the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the console. - For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*. - $ref: '#/components/schemas/LoginProfile' - Tags: - description: |- - A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. - If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - PermissionsBoundary: - description: |- - The ARN of the managed policy that is used to set the permissions boundary for the user. - A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*. - For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide*. - type: string - x-stackql-resource-name: user - description: |- - Creates a new IAM user for your AWS-account. - For information about quotas for the number of IAM users you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. - x-type-name: AWS::IAM::User - x-stackql-primary-identifier: - - UserName - x-create-only-properties: - - UserName - x-write-only-properties: - - LoginProfile/Password - x-read-only-properties: - - Arn - x-tagging: - taggable: true - tagOnCreate: true - tagUpdatable: true - cloudFormationSystemTags: false - tagProperty: /properties/Tags - x-required-permissions: - create: - - iam:CreateLoginProfile - - iam:AddUserToGroup - - iam:PutUserPolicy - - iam:AttachUserPolicy - - iam:CreateUser - - iam:GetUser - - iam:TagUser - read: - - iam:GetUserPolicy - - iam:ListGroupsForUser - - iam:ListAttachedUserPolicies - - iam:ListUserPolicies - - iam:GetUser - - iam:GetLoginProfile - update: - - iam:UpdateLoginProfile - - iam:UpdateUser - - iam:PutUserPermissionsBoundary - - iam:AttachUserPolicy - - iam:DeleteUserPolicy - - iam:DeleteUserPermissionsBoundary - - iam:TagUser - - iam:UntagUser - - iam:CreateLoginProfile - - iam:RemoveUserFromGroup - - iam:AddUserToGroup - - iam:PutUserPolicy - - iam:DetachUserPolicy - - iam:GetLoginProfile - - iam:DeleteLoginProfile - - iam:GetUser - - iam:ListUserTags - delete: - - iam:DeleteAccessKey - - iam:RemoveUserFromGroup - - iam:DeleteUserPolicy - - iam:DeleteUser - - iam:DetachUserPolicy - - iam:DeleteLoginProfile - - iam:ListAccessKeys - - iam:GetUserPolicy - - iam:ListGroupsForUser - - iam:ListAttachedUserPolicies - - iam:ListUserPolicies - - iam:GetUser - - iam:GetLoginProfile - list: - - iam:listUsers - UserPolicy: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description:

The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ required: + - PolicyArn + title: ListPolicyVersionsRequest type: object + ListPolicyVersionsResponse: + description: 'Contains the response to a successful ListPolicyVersions request. ' properties: - PolicyDocument: - description: |- - The policy document. - You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. - The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: - + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range - + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) - + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) - type: object - PolicyName: - description: |- - The name of the policy document. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - type: string - UserName: - description: |- - The name of the user to associate the policy with. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - type: string + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + Versions: + allOf: + - $ref: '#/components/schemas/policyDocumentVersionListType' + - description:

A list of policy versions.

For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.

+ type: object + ListRolePoliciesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the role to list policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' required: - - PolicyName - - UserName - x-stackql-resource-name: user_policy - description: |- - Adds or updates an inline policy document that is embedded in the specified IAM user. - An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use [AWS::IAM::User](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. - For information about the maximum number of inline policies that you can embed in a user, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. - x-type-name: AWS::IAM::UserPolicy - x-stackql-primary-identifier: - - PolicyName - - UserName - x-create-only-properties: - - PolicyName - - UserName - x-required-properties: - - PolicyName - - UserName - x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false - cloudFormationSystemTags: false - x-required-permissions: - create: - - iam:PutUserPolicy - - iam:GetUserPolicy - read: - - iam:GetUserPolicy - update: - - iam:PutUserPolicy - - iam:GetUserPolicy - delete: - - iam:DeleteUserPolicy - - iam:GetUserPolicy - VirtualMFADevice: + - RoleName + title: ListRolePoliciesRequest type: object + ListRolePoliciesResponse: + description: 'Contains the response to a successful ListRolePolicies request. ' properties: - VirtualMfaDeviceName: - minLength: 1 - maxLength: 226 - pattern: '[\w+=,.@-]+' - type: string - Path: - minLength: 1 - maxLength: 512 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) - type: string - SerialNumber: - minLength: 9 - maxLength: 256 - pattern: '[\w+=/:,.@-]+' - type: string - Users: - type: array - uniqueItems: false - items: - type: string - Tags: - type: array - uniqueItems: false - items: - $ref: '#/components/schemas/Tag' + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + PolicyNames: + allOf: + - $ref: '#/components/schemas/policyNameListType' + - description: A list of policy names. required: - - Users - x-stackql-resource-name: virtualmfa_device - description: Resource Type definition for AWS::IAM::VirtualMFADevice - x-type-name: AWS::IAM::VirtualMFADevice - x-stackql-primary-identifier: - - SerialNumber - x-create-only-properties: - - VirtualMfaDeviceName - - Base32StringSeed - - Path - x-read-only-properties: - - SerialNumber - x-required-properties: - - Users - x-required-permissions: - create: - - iam:CreateVirtualMFADevice - - iam:EnableMFADevice - - iam:ListVirtualMFADevices - read: - - iam:ListVirtualMFADevices - update: - - iam:TagMFADevice - - iam:UntagMFADevice - delete: - - iam:DeleteVirtualMFADevice - - iam:DeactivateMFADevice - list: - - iam:ListVirtualMFADevices - CreateGroupRequest: + - PolicyNames + type: object + ListSSHPublicKeysRequest: properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - Arn: - description: '' - type: string - GroupName: - description: |- - The name of the group to create. Do not include the path in this value. - The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the group name. - If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. - If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). - Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. - type: string - ManagedPolicyArns: - description: |- - The Amazon Resource Name (ARN) of the IAM policy you want to attach. - For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. - type: array - uniqueItems: true - x-insertionOrder: false - items: - type: string - Path: - description: |- - The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. - This parameter is optional. If it is not included, it defaults to a slash (/). - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. - type: string - Policies: - description: |- - Adds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group). - The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail. - For information about limits on the number of inline policies that you can embed in a group, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Policy' - x-stackQL-stringOnly: true - x-title: CreateGroupRequest + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the Amazon Web Services access key used to sign the request.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + title: ListSSHPublicKeysRequest type: object - required: [] - CreateGroupPolicyRequest: + ListSSHPublicKeysResponse: + description: Contains the response to a successful ListSSHPublicKeys request. properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - PolicyDocument: - description: |- - The policy document. - You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. - The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: - + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range - + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) - + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) - type: object - PolicyName: - description: |- - The name of the policy document. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - type: string - GroupName: - description: |- - The name of the group to associate the policy with. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. - type: string - x-stackQL-stringOnly: true - x-title: CreateGroupPolicyRequest + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + SSHPublicKeys: + allOf: + - $ref: '#/components/schemas/SSHPublicKeyListType' + - description: A list of the SSH public keys assigned to IAM user. type: object - required: [] - CreateInstanceProfileRequest: + ListServiceSpecificCredentialsRequest: properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - Path: - type: string - description: |- - The path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. - This parameter is optional. If it is not included, it defaults to a slash (/). - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. - Roles: - type: array - description: The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions. - uniqueItems: true - x-insertionOrder: false - items: - type: string - InstanceProfileName: - type: string - description: |- - The name of the instance profile to create. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - Arn: - type: string - description: '' - x-stackQL-stringOnly: true - x-title: CreateInstanceProfileRequest + ServiceName: + allOf: + - $ref: '#/components/schemas/serviceName' + - description: Filters the returned results to only those for the specified Amazon Web Services service. If not specified, then Amazon Web Services returns service-specific credentials for all services. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the user whose service-specific credentials you want information about. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + title: ListServiceSpecificCredentialsRequest type: object - required: [] - CreateManagedPolicyRequest: + ListServiceSpecificCredentialsResponse: properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: + ServiceSpecificCredentials: + allOf: + - $ref: '#/components/schemas/ServiceSpecificCredentialsListType' + - description: A list of structures that each contain details about a service-specific credential. + type: object + ListSigningCertificatesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the IAM user whose signing certificates you want to examine.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + title: ListSigningCertificatesRequest + type: object + ListSigningCertificatesResponse: + description: 'Contains the response to a successful ListSigningCertificates request. ' + example: + Certificates: + - CertificateBody: '-----BEGIN CERTIFICATE----------END CERTIFICATE-----' + CertificateId: TA7SMP42TDN5Z26OBPJE7EXAMPLE + Status: Active + UploadDate: '2013-06-06T21:40:08Z' + UserName: Bob + properties: + Certificates: + allOf: + - $ref: '#/components/schemas/certificateListType' + - description: A list of the user's signing certificate information. + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + required: + - Certificates + type: object + ListUserPoliciesRequest: + properties: + Marker: + allOf: + - $ref: '#/components/schemas/markerType' + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + MaxItems: + allOf: + - $ref: '#/components/schemas/maxItemsType' + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns + true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user to list policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + title: ListUserPoliciesRequest + type: object + ListUserPoliciesResponse: + description: 'Contains the response to a successful ListUserPolicies request. ' + properties: + IsTruncated: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results. + Marker: + allOf: + - $ref: '#/components/schemas/responseMarkerType' + - description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. + PolicyNames: + allOf: + - $ref: '#/components/schemas/policyNameListType' + - description: A list of policy names. + required: + - PolicyNames + type: object + LoginProfile: + description: Creates a password for the specified user, giving the user the ability to access AWS services through the console. For more information about managing passwords, see [Managing Passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*. + type: object + additionalProperties: false + properties: + PasswordResetRequired: + description: Specifies whether the user is required to set a new password on next sign-in. + type: boolean + Password: + description: The user's password. type: string - DesiredState: - type: object - properties: - Description: - type: string - description: |- - A friendly description of the policy. - Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." - The policy description is immutable. After a value is assigned, it cannot be changed. - Groups: - x-insertionOrder: false - type: array - description: |- - The name (friendly name, not ARN) of the group to attach the policy to. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - uniqueItems: true - items: - type: string - ManagedPolicyName: - type: string - description: |- - The friendly name of the policy. - If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. - If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). - Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. - Path: - type: string - default: / - description: |- - The path for the policy. - For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. - This parameter is optional. If it is not included, it defaults to a slash (/). - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. - You cannot use an asterisk (*) in the path name. - PolicyDocument: - type: object - description: |- - The JSON policy document that you want to use as the content for the new policy. - You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. - The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). - To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide*. - The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: - + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range - + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) - + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) - Roles: - x-insertionOrder: false - type: array - description: |- - The name (friendly name, not ARN) of the role to attach the policy to. - This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy``) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service``) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that CFN deletes the ``AWS::ECS::Service`` resource before deleting its role's policy. - uniqueItems: true - items: - type: string - Users: - x-insertionOrder: false - type: array - description: |- - The name (friendly name, not ARN) of the IAM user to attach the policy to. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - uniqueItems: true - items: - type: string - PolicyArn: - type: string - description: '' - AttachmentCount: - type: integer - description: '' - CreateDate: - type: string - description: '' - UpdateDate: - type: string - description: '' - DefaultVersionId: - type: string - description: '' - IsAttachable: - type: boolean - description: '' - PermissionsBoundaryUsageCount: - type: integer - description: '' - PolicyId: - type: string - description: '' - x-stackQL-stringOnly: true - x-title: CreateManagedPolicyRequest + required: + - Password + MFADevice: + description:

Contains information about an MFA device.

This data type is used as a response element in the ListMFADevices operation.

+ properties: + EnableDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date when the MFA device was enabled for the user. + SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The user with whom the MFA device is associated. + required: + - UserName + - SerialNumber + - EnableDate type: object - required: [] - CreateOIDCProviderRequest: + MalformedCertificateException: {} + MalformedPolicyDocumentException: {} + ManagedPolicyDetail: + description: >- +

Contains information about a managed policy, including the policy's ARN, versions, and the number of principal entities (users, groups, and roles) that the policy is attached to.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

For more information about managed policies, see Managed policies and inline policies in the IAM + User Guide.

properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - ClientIdList: - type: array - x-insertionOrder: false - items: - minLength: 1 - maxLength: 255 - type: string - Url: - minLength: 1 - maxLength: 255 - type: string - ThumbprintList: - type: array - x-insertionOrder: false - items: - minLength: 40 - maxLength: 40 - pattern: '[0-9A-Fa-f]{40}' - type: string - maxItems: 5 - Arn: - description: Amazon Resource Name (ARN) of the OIDC provider - minLength: 20 - maxLength: 2048 - type: string - Tags: - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - x-stackQL-stringOnly: true - x-title: CreateOIDCProviderRequest + Arn: + $ref: '#/components/schemas/arnType' + AttachmentCount: + allOf: + - $ref: '#/components/schemas/attachmentCountType' + - description: The number of principal entities (users, groups, and roles) that the policy is attached to. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO 8601 date-time format, when the policy was created. + DefaultVersionId: + allOf: + - $ref: '#/components/schemas/policyVersionIdType' + - description:

The identifier for the version of the policy that is set as the default (operative) version.

For more information about policy versions, see Versioning for managed policies in the IAM User Guide.

+ Description: + allOf: + - $ref: '#/components/schemas/policyDescriptionType' + - description: A friendly description of the policy. + IsAttachable: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether the policy can be attached to an IAM user, group, or role. + Path: + allOf: + - $ref: '#/components/schemas/policyPathType' + - description:

The path to the policy.

For more information about paths, see IAM identifiers in the IAM User Guide.

+ PermissionsBoundaryUsageCount: + allOf: + - $ref: '#/components/schemas/attachmentCountType' + - description:

The number of entities (users and roles) for which the policy is used as the permissions boundary.

For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.

+ PolicyId: + allOf: + - $ref: '#/components/schemas/idType' + - description:

The stable and unique string identifying the policy.

For more information about IDs, see IAM identifiers in the IAM User Guide.

+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The friendly name (not ARN) identifying the policy. + PolicyVersionList: + allOf: + - $ref: '#/components/schemas/policyDocumentVersionListType' + - description: A list containing information about the versions of the policy. + UpdateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description:

The date and time, in ISO 8601 date-time format, when the policy was last updated.

When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.

type: object - required: [] - CreateRoleRequest: + ManagedPolicyDetailListType: + items: + allOf: + - $ref: '#/components/schemas/ManagedPolicyDetail' + - xml: + name: member + type: array + NoSuchEntityException: {} + PasswordPolicy: + description:

Contains information about the account password policy.

This data type is used as a response element in the GetAccountPasswordPolicy operation.

properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: + AllowUsersToChangePassword: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether IAM users are allowed to change their own password. Gives IAM users permissions to iam:ChangePassword for only their user and to the iam:GetAccountPasswordPolicy action. This option does not attach a permissions policy to each user, rather the permissions are applied at the account-level for all users by IAM. + ExpirePasswords: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Indicates whether passwords in the account expire. Returns true if MaxPasswordAge contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present. + HardExpiry: + allOf: + - $ref: '#/components/schemas/booleanObjectType' + - description: Specifies whether IAM users are prevented from setting a new password via the Amazon Web Services Management Console after their password has expired. The IAM user cannot access the console until an administrator resets the password. IAM users with iam:ChangePassword permission and active access keys can reset their own expired console password using the CLI or API. + MaxPasswordAge: + allOf: + - $ref: '#/components/schemas/maxPasswordAgeType' + - description: The number of days that an IAM user password is valid. + MinimumPasswordLength: + allOf: + - $ref: '#/components/schemas/minimumPasswordLengthType' + - description: Minimum length to require for IAM user passwords. + PasswordReusePrevention: + allOf: + - $ref: '#/components/schemas/passwordReusePreventionType' + - description: Specifies the number of previous passwords that IAM users are prevented from reusing. + RequireLowercaseCharacters: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether IAM user passwords must contain at least one lowercase character (a to z). + RequireNumbers: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether IAM user passwords must contain at least one numeric character (0 to 9). + RequireSymbols: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: '

Specifies whether IAM user passwords must contain at least one of the following symbols:

! @ # $ % ^ & * ( ) _ + - = [ ] { } | ''

' + RequireUppercaseCharacters: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether IAM user passwords must contain at least one uppercase character (A to Z). + type: object + PasswordPolicyViolationException: {} + PermissionsBoundaryAttachmentType: + enum: + - PermissionsBoundaryPolicy + type: string + Policy: + description: |- + Contains information about an attached policy. + An attached policy is a managed policy that has been attached to a user, group, or role. + For more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*. + type: object + additionalProperties: false + properties: + PolicyDocument: + description: The entire contents of the policy that defines permissions. For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). type: object - properties: - Arn: - description: '' - type: string - AssumeRolePolicyDocument: - description: >- - The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements - Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*. - type: object - Description: - description: A description of the role that you provide. - type: string - ManagedPolicyArns: - description: |- - A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. - For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. - type: array - uniqueItems: true - x-insertionOrder: false - items: - type: string - MaxSessionDuration: - description: |- - The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours. - Anyone who assumes the role from the CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*. - type: integer - Path: - description: |- - The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. - This parameter is optional. If it is not included, it defaults to a slash (/). - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. - default: / - type: string - PermissionsBoundary: - description: |- - The ARN of the policy used to set the permissions boundary for the role. - For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*. - type: string - Policies: - description: |- - Adds or updates an inline policy document that is embedded in the specified IAM role. - When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html). - A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*. - For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. - If an external policy (such as ``AWS::IAM::Policy`` or - type: array - x-insertionOrder: false - uniqueItems: false - items: - $ref: '#/components/schemas/Policy' - RoleId: - description: '' - type: string - RoleName: - description: |- - A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*. - This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1". - If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name. - If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/Use - type: string - Tags: - description: A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - x-stackQL-stringOnly: true - x-title: CreateRoleRequest + PolicyName: + description: The friendly name (not ARN) identifying the policy. + type: string + required: + - PolicyName + - PolicyDocument + PolicyDetail: + description:

Contains information about an IAM policy, including the policy document.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

+ properties: + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description: The policy document. + PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: The name of the policy. type: object - required: [] - CreateRolePolicyRequest: + PolicyGroup: + description:

Contains information about a group that a managed policy is attached to.

This data type is used as a response element in the ListEntitiesForPolicy operation.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - PolicyDocument: - description: |- - The policy document. - You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. - The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: - + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range - + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) - + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) - type: object - PolicyName: - description: |- - The name of the policy document. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - type: string - RoleName: - description: |- - The name of the role to associate the policy with. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - type: string - x-stackQL-stringOnly: true - x-title: CreateRolePolicyRequest + GroupId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the group. For more information about IDs, see IAM identifiers in the IAM User Guide. + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: The name (friendly name, not ARN) identifying the group. type: object - required: [] - CreateSAMLProviderRequest: + PolicyGroupListType: + items: + allOf: + - $ref: '#/components/schemas/PolicyGroup' + - xml: + name: member + type: array + PolicyNotAttachableException: {} + PolicyRole: + description:

Contains information about a role that a managed policy is attached to.

This data type is used as a response element in the ListEntitiesForPolicy operation.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - Name: - minLength: 1 - maxLength: 128 - pattern: '[\w._-]+' - type: string - SamlMetadataDocument: - minLength: 1000 - maxLength: 10000000 - type: string - Arn: - description: Amazon Resource Name (ARN) of the SAML provider - minLength: 1 - maxLength: 1600 - type: string - Tags: - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - x-stackQL-stringOnly: true - x-title: CreateSAMLProviderRequest + RoleId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide. + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: The name (friendly name, not ARN) identifying the role. type: object - required: [] - CreateServerCertificateRequest: + PolicyRoleListType: + items: + allOf: + - $ref: '#/components/schemas/PolicyRole' + - xml: + name: member + type: array + PolicyUsageType: + description:

The policy usage type that indicates whether the policy is used as a permissions policy or as the permissions boundary for an entity.

For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.

+ enum: + - PermissionsPolicy + - PermissionsBoundary + type: string + PolicyUser: + description:

Contains information about a user that a managed policy is attached to.

This data type is used as a response element in the ListEntitiesForPolicy operation.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - CertificateBody: - minLength: 1 - maxLength: 16384 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - CertificateChain: - minLength: 1 - maxLength: 2097152 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - ServerCertificateName: - minLength: 1 - maxLength: 128 - pattern: '[\w+=,.@-]+' - type: string - Path: - minLength: 1 - maxLength: 512 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) - type: string - PrivateKey: - minLength: 1 - maxLength: 16384 - pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' - type: string - Arn: - description: Amazon Resource Name (ARN) of the server certificate - minLength: 1 - maxLength: 1600 - type: string - Tags: - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - x-stackQL-stringOnly: true - x-title: CreateServerCertificateRequest + UserId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name (friendly name, not ARN) identifying the user. type: object - required: [] - CreateServiceLinkedRoleRequest: + PolicyUserListType: + items: + allOf: + - $ref: '#/components/schemas/PolicyUser' + - xml: + name: member + type: array + PolicyVersion: + description:

Contains information about a version of a managed policy.

This data type is used as a response element in the CreatePolicyVersion, GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails operations.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - RoleName: - description: The name of the role. - type: string - CustomSuffix: - description: A string that you provide, which is combined with the service-provided prefix to form the complete role name. - type: string - Description: - description: The description of the role. - type: string - AWSServiceName: - description: The service principal for the AWS service to which this role is attached. - type: string - x-stackQL-stringOnly: true - x-title: CreateServiceLinkedRoleRequest + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO 8601 date-time format, when the policy version was created. + Document: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description: >- +

The policy document.

The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.

The policy document returned in this structure is URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to + plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

+ IsDefaultVersion: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: Specifies whether the policy version is set as the policy's default version. + VersionId: + allOf: + - $ref: '#/components/schemas/policyVersionIdType' + - description:

The identifier for the policy version.

Policy version identifiers always begin with v (always lowercase). When a policy is created, the first policy version is v1.

type: object - required: [] - CreateUserRequest: + PutGroupPolicyRequest: properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - Path: - description: |- - The path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. - This parameter is optional. If it is not included, it defaults to a slash (/). - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. - type: string - ManagedPolicyArns: - description: |- - A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user. - For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. - type: array - uniqueItems: true - x-insertionOrder: false - items: - type: string - Policies: - description: |- - Adds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user). - The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail. - For information about limits on the number of inline policies that you can embed in a user, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Policy' - UserName: - description: |- - The name of the user to create. Do not include the path in this value. - This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john". - If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name. - If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). - Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. - type: string - Groups: - description: A list of group names to which you want to add the user. - type: array - uniqueItems: false - x-insertionOrder: false - items: - type: string - Arn: - description: '' - type: string - LoginProfile: - description: |- - Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the console. - You can use the CLI, the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the console. - For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*. - $ref: '#/components/schemas/LoginProfile' - Tags: - description: |- - A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. - If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - PermissionsBoundary: - description: |- - The ARN of the managed policy that is used to set the permissions boundary for the user. - A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*. - For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide*. - type: string - x-stackQL-stringOnly: true - x-title: CreateUserRequest + GroupName: + allOf: + - $ref: '#/components/schemas/groupNameType' + - description: '

The name of the group to associate the policy with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.

' + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description: >- +

The policy document.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to = IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name of the policy document.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - GroupName + - PolicyName + - PolicyDocument + title: PutGroupPolicyRequest type: object - required: [] - CreateUserPolicyRequest: + PutRolePolicyRequest: properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - PolicyDocument: - description: |- - The policy document. - You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. - The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: - + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range - + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) - + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) - type: object - PolicyName: - description: |- - The name of the policy document. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - type: string - UserName: - description: |- - The name of the user to associate the policy with. - This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- - type: string - x-stackQL-stringOnly: true - x-title: CreateUserPolicyRequest + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description: >- +

The policy document.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name of the policy document.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: '

The name of the role to associate the policy with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - RoleName + - PolicyName + - PolicyDocument + title: PutRolePolicyRequest type: object - required: [] - CreateVirtualMFADeviceRequest: + PutUserPolicyRequest: properties: - ClientToken: + PolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description: >- +

The policy document.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character + ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ PolicyName: + allOf: + - $ref: '#/components/schemas/policyNameType' + - description: '

The name of the policy document.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user to associate the policy with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + - PolicyName + - PolicyDocument + title: PutUserPolicyRequest + type: object + ReasonType: + maxLength: 1000 + type: string + RegionNameType: + maxLength: 100 + minLength: 1 + type: string + ResetServiceSpecificCredentialRequest: + properties: + ServiceSpecificCredentialId: + allOf: + - $ref: '#/components/schemas/serviceSpecificCredentialId' + - description:

The unique identifier of the service-specific credential.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - ServiceSpecificCredentialId + title: ResetServiceSpecificCredentialRequest + type: object + ResetServiceSpecificCredentialResponse: + properties: + ServiceSpecificCredential: + allOf: + - $ref: '#/components/schemas/ServiceSpecificCredential' + - description:

A structure with details about the updated service-specific credential, including the new password.

This is the only time that you can access the password. You cannot recover the password later, but you can reset it again.

 + type: object + ResyncMFADeviceRequest: + properties: + AuthenticationCode1: + allOf: + - $ref: '#/components/schemas/authenticationCodeType' + - description:

An authentication code emitted by the device.

The format for this parameter is a sequence of six digits.

+ AuthenticationCode2: + allOf: + - $ref: '#/components/schemas/authenticationCodeType' + - description:

A subsequent authentication code emitted by the device.

The format for this parameter is a sequence of six digits.

+ SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

Serial number that uniquely identifies the MFA device.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user whose MFA device you want to resynchronize.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + - SerialNumber + - AuthenticationCode1 + - AuthenticationCode2 + title: ResyncMFADeviceRequest + type: object + Role: + type: object + properties: + Arn: + description: '' type: string - RoleArn: + AssumeRolePolicyDocument: + description: >- + The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements + Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*. + type: object + Description: + description: A description of the role that you provide. type: string - TypeName: + ManagedPolicyArns: + description: |- + A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. + For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + MaxSessionDuration: + description: |- + The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours. + Anyone who assumes the role from the CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*. + type: integer + Path: + description: |- + The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + default: / type: string - TypeVersionId: + PermissionsBoundary: + description: |- + The ARN of the policy used to set the permissions boundary for the role. + For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*. type: string - DesiredState: - type: object - properties: - VirtualMfaDeviceName: - minLength: 1 - maxLength: 226 - pattern: '[\w+=,.@-]+' - type: string - Path: - minLength: 1 - maxLength: 512 - pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) - type: string - SerialNumber: - minLength: 9 - maxLength: 256 - pattern: '[\w+=/:,.@-]+' - type: string - Users: - type: array - uniqueItems: false - items: - type: string - Tags: - type: array - uniqueItems: false - items: - $ref: '#/components/schemas/Tag' - x-stackQL-stringOnly: true - x-title: CreateVirtualMFADeviceRequest - type: object - required: [] - securitySchemes: - hmac: - type: apiKey - name: Authorization - in: header - description: Amazon Signature authorization v4 - x-amazon-apigateway-authtype: awsSigv4 - x-stackQL-resources: - user_policies: - id: aws.iam.user_policies - x-cfn-schema-name: UserPolicy - x-example-where-clause: WHERE region = 'us-east-1' /* always 'us-east-1' for iam */ AND UserName = '' AND PolicyName = '' - x-type: cloud_control - methods: - attach: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=AttachUserPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - openAPIDocKey: '200' - delete: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=DeleteUserPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - openAPIDocKey: '200' - detach: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=DetachUserPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - openAPIDocKey: '200' - get: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=GetUserPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - mediaType: text/xml - objectKey: /*/GetUserPolicyResult - openAPIDocKey: '200' - list: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=ListUserPolicies&Version=2010-05-08&__nativeEndpoint=true/get' - response: - mediaType: text/xml - objectKey: /*/ListUserPoliciesResult/PolicyNames/member - openAPIDocKey: '200' - put: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=PutUserPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - openAPIDocKey: '200' - create_resource: - config: - requestBodyTranslate: - algorithm: naive_DesiredState - operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__UserPolicy&__detailTransformed=true/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::IAM::UserPolicy" - } - response: - mediaType: application/json - openAPIDocKey: '200' - update_resource: - operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::IAM::UserPolicy" - } - response: - mediaType: application/json - openAPIDocKey: '200' - delete_resource: - operation: - $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::IAM::UserPolicy" - } - response: - mediaType: application/json - openAPIDocKey: '200' - name: user_policies - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/user_policies/methods/delete_resource' - insert: - - $ref: '#/components/x-stackQL-resources/user_policies/methods/create_resource' - select: - - $ref: '#/components/x-stackQL-resources/user_policies/methods/get' - - $ref: '#/components/x-stackQL-resources/user_policies/methods/list' + Policies: + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM role. + When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html). + A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*. + For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. + If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy``) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service``) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that CFN deletes the ``AWS::ECS::Service`` resource before deleting its role's policy. + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Policy' + RoleId: + description: '' + type: string + RoleName: + description: |- + A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*. + This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1". + If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name. + If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). + Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. + type: string + Tags: + description: A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - AssumeRolePolicyDocument + x-stackql-resource-name: role + description: |- + Creates a new role for your AWS-account. + For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *IAM User Guide*. For information about quotas for role names and the number of roles you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. + x-type-name: AWS::IAM::Role + x-stackql-primary-identifier: + - RoleName + x-create-only-properties: + - Path + - RoleName + x-read-only-properties: + - Arn + - RoleId + x-required-properties: + - AssumeRolePolicyDocument + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:CreateRole + - iam:PutRolePolicy + - iam:AttachRolePolicy + - iam:GetRolePolicy + - iam:TagRole + - iam:UntagRole + - iam:GetRole + read: + - iam:GetRole + - iam:ListAttachedRolePolicies + - iam:ListRolePolicies + - iam:GetRolePolicy update: - - $ref: '#/components/x-stackQL-resources/user_policies/methods/update_resource' - title: user_policies - x-cfn-type-name: AWS::IAM::UserPolicy - x-identifiers: - - PolicyName - - UserName - config: - views: - select: - predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, - JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, - JSON_EXTRACT(Properties, '$.UserName') as user_name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::UserPolicy' - AND data__Identifier = '|' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - json_extract_path_text(Properties, 'PolicyDocument') as policy_document, - json_extract_path_text(Properties, 'PolicyName') as policy_name, - json_extract_path_text(Properties, 'UserName') as user_name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::UserPolicy' - AND data__Identifier = '|' - AND region = 'us-east-1' - group_policies: - id: aws.iam.group_policies - x-cfn-schema-name: GroupPolicy - x-example-where-clause: WHERE region = 'us-east-1' /* always 'us-east-1' for iam */ AND GroupName = '' AND PolicyName = '' - x-type: cloud_control - methods: - attach: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=AttachGroupPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - openAPIDocKey: '200' + - iam:UpdateRole + - iam:UpdateRoleDescription + - iam:UpdateAssumeRolePolicy + - iam:DetachRolePolicy + - iam:AttachRolePolicy + - iam:DeleteRolePermissionsBoundary + - iam:PutRolePermissionsBoundary + - iam:DeleteRolePolicy + - iam:PutRolePolicy + - iam:TagRole + - iam:UntagRole delete: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=DeleteGroupPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - openAPIDocKey: '200' - detach: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=DetachGroupPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - openAPIDocKey: '200' - get: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=GetGroupPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - mediaType: text/xml - objectKey: /*/GetGroupPolicyResult - openAPIDocKey: '200' + - iam:DeleteRole + - iam:DetachRolePolicy + - iam:DeleteRolePolicy + - iam:GetRole + - iam:ListAttachedRolePolicies + - iam:ListRolePolicies + - iam:TagRole + - iam:UntagRole list: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=ListGroupPolicies&Version=2010-05-08&__nativeEndpoint=true/get' - response: - mediaType: text/xml - objectKey: /*/ListGroupPoliciesResult/PolicyNames/member - openAPIDocKey: '200' - put: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=PutGroupPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - openAPIDocKey: '200' - create_resource: - config: - requestBodyTranslate: - algorithm: naive_DesiredState - operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__GroupPolicy&__detailTransformed=true/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::IAM::GroupPolicy" - } - response: - mediaType: application/json - openAPIDocKey: '200' - update_resource: - operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::IAM::GroupPolicy" - } - response: - mediaType: application/json - openAPIDocKey: '200' - delete_resource: - operation: - $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::IAM::GroupPolicy" - } - response: - mediaType: application/json - openAPIDocKey: '200' - name: group_policies - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/group_policies/methods/delete_resource' - insert: - - $ref: '#/components/x-stackQL-resources/group_policies/methods/create_resource' - select: - - $ref: '#/components/x-stackQL-resources/group_policies/methods/get' - - $ref: '#/components/x-stackQL-resources/group_policies/methods/list' - update: - - $ref: '#/components/x-stackQL-resources/group_policies/methods/update_resource' - title: group_policies - x-cfn-type-name: AWS::IAM::GroupPolicy - x-identifiers: - - PolicyName - - GroupName - config: - views: - select: - predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, - JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, - JSON_EXTRACT(Properties, '$.GroupName') as group_name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::GroupPolicy' - AND data__Identifier = '|' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - json_extract_path_text(Properties, 'PolicyDocument') as policy_document, - json_extract_path_text(Properties, 'PolicyName') as policy_name, - json_extract_path_text(Properties, 'GroupName') as group_name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::GroupPolicy' - AND data__Identifier = '|' - AND region = 'us-east-1' - policies: - id: aws.iam.policies - x-cfn-schema-name: GetPolicyResponse - x-example-where-clause: WHERE region = 'us-east-1' /* always 'us-east-1' for iam */ AND PolicyArn = '' - x-type: native - methods: + - iam:ListRoles + RoleDetail: + description:

Contains information about an IAM role, including all of the role's policies.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

+ properties: + Arn: + $ref: '#/components/schemas/arnType' + AssumeRolePolicyDocument: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - description: The trust policy that grants permission to assume the role. + AttachedManagedPolicies: + allOf: + - $ref: '#/components/schemas/attachedPoliciesListType' + - description: A list of managed policies attached to the role. These policies are the role's access (permissions) policies. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO 8601 date-time format, when the role was created. + InstanceProfileList: + allOf: + - $ref: '#/components/schemas/instanceProfileListType' + - description: A list of instance profiles that contain this role. + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: The path to the role. For more information about paths, see IAM identifiers in the IAM User Guide. + PermissionsBoundary: + allOf: + - $ref: '#/components/schemas/AttachedPermissionsBoundary' + - description:

The ARN of the policy used to set the permissions boundary for the role.

For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.

+ RoleId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide. + RoleLastUsed: + allOf: + - $ref: '#/components/schemas/RoleLastUsed' + - description: >- + Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide. + RoleName: + allOf: + - $ref: '#/components/schemas/roleNameType' + - description: The friendly name that identifies the role. + RolePolicyList: + allOf: + - $ref: '#/components/schemas/policyDetailListType' + - description: A list of inline policies embedded in the role. These policies are the role's access (permissions) policies. + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are attached to the role. For more information about tagging, see Tagging IAM resources in the IAM User Guide. + type: object + RoleLastUsed: + description: >- +

Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide.

This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails operations.

+ properties: + LastUsedDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: "

The date and time, in\_ISO 8601 date-time format that the role was last used.

This field is null if the role has not been used within the IAM tracking period. For more information about the tracking period, see Regions where data is tracked in the IAM User Guide.

" + Region: + allOf: + - $ref: '#/components/schemas/stringType' + - description: The name of the Amazon Web Services Region in which the role was last used. + type: object + RoleUsageListType: + items: + allOf: + - $ref: '#/components/schemas/RoleUsageType' + - xml: + name: member + type: array + RoleUsageType: + description:

An object that contains details about how a service-linked role is used, if that information is returned by the service.

This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.

+ properties: + Region: + allOf: + - $ref: '#/components/schemas/RegionNameType' + - description: The name of the Region where the service-linked role is being used. + Resources: + allOf: + - $ref: '#/components/schemas/ArnListType' + - description: The name of the resource that is using the service-linked role. + type: object + SSHPublicKey: + description:

Contains information about an SSH public key.

This data type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey operations.

+ properties: + Fingerprint: + allOf: + - $ref: '#/components/schemas/publicKeyFingerprintType' + - description: The MD5 message digest of the SSH public key. + SSHPublicKeyBody: + allOf: + - $ref: '#/components/schemas/publicKeyMaterialType' + - description: The SSH public key. + SSHPublicKeyId: + allOf: + - $ref: '#/components/schemas/publicKeyIdType' + - description: The unique identifier for the SSH public key. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used. + UploadDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the IAM user associated with the SSH public key. + required: + - UserName + - SSHPublicKeyId + - Fingerprint + - SSHPublicKeyBody + - Status + type: object + SSHPublicKeyListType: + items: + allOf: + - $ref: '#/components/schemas/SSHPublicKeyMetadata' + - xml: + name: member + type: array + SSHPublicKeyMetadata: + description:

Contains information about an SSH public key, without the key's body or fingerprint.

This data type is used as a response element in the ListSSHPublicKeys operation.

+ properties: + SSHPublicKeyId: + allOf: + - $ref: '#/components/schemas/publicKeyIdType' + - description: The unique identifier for the SSH public key. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used. + UploadDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the IAM user associated with the SSH public key. + required: + - UserName + - SSHPublicKeyId + - Status + - UploadDate + type: object + ServerCertificate: + type: object + properties: + CertificateBody: + minLength: 1 + maxLength: 16384 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + CertificateChain: + minLength: 1 + maxLength: 2097152 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + ServerCertificateName: + minLength: 1 + maxLength: 128 + pattern: '[\w+=,.@-]+' + type: string + Path: + minLength: 1 + maxLength: 512 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + PrivateKey: + minLength: 1 + maxLength: 16384 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + Arn: + description: Amazon Resource Name (ARN) of the server certificate + minLength: 1 + maxLength: 1600 + type: string + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: server_certificate + description: Resource Type definition for AWS::IAM::ServerCertificate + x-type-name: AWS::IAM::ServerCertificate + x-stackql-primary-identifier: + - ServerCertificateName + x-create-only-properties: + - ServerCertificateName + - PrivateKey + - CertificateBody + - CertificateChain + x-write-only-properties: + - PrivateKey + - CertificateBody + - CertificateChain + x-read-only-properties: + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - iam:TagServerCertificate + - iam:UntagServerCertificate + - iam:ListServerCertificateTags + x-required-permissions: create: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=CreatePolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - mediaType: text/xml - openAPIDocKey: '200' + - iam:UploadServerCertificate + - iam:TagServerCertificate + - iam:GetServerCertificate + read: + - iam:GetServerCertificate + update: + - iam:TagServerCertificate + - iam:UntagServerCertificate + - iam:ListServerCertificateTags + - iam:GetServerCertificate delete: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=DeletePolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - openAPIDocKey: '200' - get: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=GetPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - mediaType: text/xml - objectKey: /*/GetPolicyResult - openAPIDocKey: '200' + - iam:DeleteServerCertificate list: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=ListPolicies&Version=2010-05-08&__nativeEndpoint=true/get' - response: - mediaType: text/xml - objectKey: /*/ListPoliciesResult/Policies/member - openAPIDocKey: '200' - tag: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=TagPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - openAPIDocKey: '200' - untag: - serviceName: iam - operation: - $ref: '#/paths/~1?Action=UntagPolicy&Version=2010-05-08&__nativeEndpoint=true/get' - response: - openAPIDocKey: '200' - name: policies - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/policies/methods/delete' - insert: - - $ref: '#/components/x-stackQL-resources/policies/methods/create' - select: - - $ref: '#/components/x-stackQL-resources/policies/methods/get' - - $ref: '#/components/x-stackQL-resources/policies/methods/list' - update: [] - title: policies - role_policies: - id: aws.iam.role_policies - x-cfn-schema-name: RolePolicy - x-example-where-clause: WHERE region = 'us-east-1' /* always 'us-east-1' for iam */ AND RoleName = '' AND PolicyName = '' - x-type: cloud_control - methods: - attach: - serviceName: iam + - iam:ListServerCertificates + - iam:GetServerCertificate + ServerCertificateMetadata: + description:

Contains information about a server certificate without its certificate body, certificate chain, and private key.

This data type is used as a response element in the UploadServerCertificate and ListServerCertificates operations.

+ properties: + Arn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: ' The Amazon Resource Name (ARN) specifying the server certificate. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide. ' + Expiration: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date on which the certificate is set to expire. + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: ' The path to the server certificate. For more information about paths, see IAM identifiers in the IAM User Guide. ' + ServerCertificateId: + allOf: + - $ref: '#/components/schemas/idType' + - description: ' The stable and unique string identifying the server certificate. For more information about IDs, see IAM identifiers in the IAM User Guide. ' + ServerCertificateName: + allOf: + - $ref: '#/components/schemas/serverCertificateNameType' + - description: The name that identifies the server certificate. + UploadDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date when the server certificate was uploaded. + required: + - Path + - ServerCertificateName + - ServerCertificateId + - Arn + type: object + ServiceFailureException: {} + ServiceNotSupportedException: {} + ServiceSpecificCredential: + description: Contains the details of a service-specific credential. + properties: + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO 8601 date-time format, when the service-specific credential were created. + ServiceName: + allOf: + - $ref: '#/components/schemas/serviceName' + - description: The name of the service associated with the service-specific credential. + ServicePassword: + allOf: + - $ref: '#/components/schemas/servicePassword' + - description: The generated password for the service-specific credential. + ServiceSpecificCredentialId: + allOf: + - $ref: '#/components/schemas/serviceSpecificCredentialId' + - description: The unique identifier for the service-specific credential. + ServiceUserName: + allOf: + - $ref: '#/components/schemas/serviceUserName' + - description: The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the Amazon Web Services account, as in jane-at-123456789012, for example. This value cannot be configured by the user. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status of the service-specific credential. Active means that the key is valid for API calls, while Inactive means it is not. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the IAM user associated with the service-specific credential. + required: + - CreateDate + - ServiceName + - ServiceUserName + - ServicePassword + - ServiceSpecificCredentialId + - UserName + - Status + type: object + ServiceSpecificCredentialMetadata: + description: Contains additional details about a service-specific credential. + properties: + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO 8601 date-time format, when the service-specific credential were created. + ServiceName: + allOf: + - $ref: '#/components/schemas/serviceName' + - description: The name of the service associated with the service-specific credential. + ServiceSpecificCredentialId: + allOf: + - $ref: '#/components/schemas/serviceSpecificCredentialId' + - description: The unique identifier for the service-specific credential. + ServiceUserName: + allOf: + - $ref: '#/components/schemas/serviceUserName' + - description: The generated user name for the service-specific credential. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status of the service-specific credential. Active means that the key is valid for API calls, while Inactive means it is not. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the IAM user associated with the service-specific credential. + required: + - UserName + - Status + - ServiceUserName + - CreateDate + - ServiceSpecificCredentialId + - ServiceName + type: object + ServiceSpecificCredentialsListType: + items: + allOf: + - $ref: '#/components/schemas/ServiceSpecificCredentialMetadata' + - xml: + name: member + type: array + SigningCertificate: + description:

Contains information about an X.509 signing certificate.

This data type is used as a response element in the UploadSigningCertificate and ListSigningCertificates operations.

+ properties: + CertificateBody: + allOf: + - $ref: '#/components/schemas/certificateBodyType' + - description: The contents of the signing certificate. + CertificateId: + allOf: + - $ref: '#/components/schemas/certificateIdType' + - description: The ID for the signing certificate. + Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status of the signing certificate. Active means that the key is valid for API calls, while Inactive means it is not. + UploadDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date when the signing certificate was uploaded. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The name of the user the signing certificate is associated with. + required: + - UserName + - CertificateId + - CertificateBody + - Status + type: object + SimulationPolicyListType: + items: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - xml: + name: member + type: array + Tag: + description: A key-value pair to associate with a resource. + type: object + additionalProperties: false + properties: + Value: + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + minLength: 1 + maxLength: 256 + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + minLength: 1 + maxLength: 128 + required: + - Value + - Key + TagMFADeviceRequest: + properties: + SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

The unique identifier for the IAM virtual MFA device to which you want to add tags. For virtual MFA devices, the serial number is the same as the ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that you want to attach to the IAM virtual MFA device. Each tag consists of a key name and an associated value. + required: + - SerialNumber + - Tags + title: TagMFADeviceRequest + type: object + TagPolicyRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: '

The ARN of the IAM customer managed policy to which you want to add tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: The list of tags that you want to attach to the IAM customer managed policy. Each tag consists of a key name and an associated value. + required: + - PolicyArn + - Tags + title: TagPolicyRequest + type: object + UnmodifiableEntityException: {} + UnrecognizedPublicKeyEncodingException: {} + UntagMFADeviceRequest: + properties: + SerialNumber: + allOf: + - $ref: '#/components/schemas/serialNumberType' + - description: '

The unique identifier for the IAM virtual MFA device from which you want to remove tags. For virtual MFA devices, the serial number is the same as the ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + TagKeys: + allOf: + - $ref: '#/components/schemas/tagKeyListType' + - description: A list of key names as a simple array of strings. The tags with matching keys are removed from the specified instance profile. + required: + - SerialNumber + - TagKeys + title: UntagMFADeviceRequest + type: object + UntagPolicyRequest: + properties: + PolicyArn: + allOf: + - $ref: '#/components/schemas/arnType' + - description: '

The ARN of the IAM customer managed policy from which you want to remove tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + TagKeys: + allOf: + - $ref: '#/components/schemas/tagKeyListType' + - description: A list of key names as a simple array of strings. The tags with matching keys are removed from the specified policy. + required: + - PolicyArn + - TagKeys + title: UntagPolicyRequest + type: object + UpdateAccessKeyRequest: + properties: + AccessKeyId: + allOf: + - $ref: '#/components/schemas/accessKeyIdType' + - description:

The access key ID of the secret access key you want to update.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: ' The status you want to assign to the secret access key. Active means that the key can be used for programmatic calls to Amazon Web Services, while Inactive means that the key cannot be used.' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user whose key you want to update.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - AccessKeyId + - Status + title: UpdateAccessKeyRequest + type: object + UpdateAccountPasswordPolicyRequest: + properties: + AllowUsersToChangePassword: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: >- +

Allows all IAM users in your account to use the Amazon Web Services Management Console to change their own passwords. For more information, see Permitting IAM users to change their own passwords in the IAM User Guide.

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that + IAM users in the account do not automatically have permissions to change their own password.

+ HardExpiry: + allOf: + - $ref: '#/components/schemas/booleanObjectType' + - description: >- +

Prevents IAM users who are accessing the account via the Amazon Web Services Management Console from setting a new console password after their password has expired. The IAM user cannot access the console until an administrator resets the password.

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users can change their passwords after they expire and continue to sign in as the + user.

In the Amazon Web Services Management Console, the custom password policy option Allow users to change their own password gives IAM users permissions to iam:ChangePassword for only their user and to the iam:GetAccountPasswordPolicy action. This option does not attach a permissions policy to each user, rather the permissions are applied at the account-level for all users by IAM. IAM users with iam:ChangePassword + permission and active access keys can reset their own expired console password using the CLI or API.

 + MaxPasswordAge: + allOf: + - $ref: '#/components/schemas/maxPasswordAgeType' + - description:

The number of days that an IAM user password is valid.

If you do not specify a value for this parameter, then the operation uses the default value of 0. The result is that IAM user passwords never expire.

+ MinimumPasswordLength: + allOf: + - $ref: '#/components/schemas/minimumPasswordLengthType' + - description:

The minimum number of characters allowed in an IAM user password.

If you do not specify a value for this parameter, then the operation uses the default value of 6.

+ PasswordReusePrevention: + allOf: + - $ref: '#/components/schemas/passwordReusePreventionType' + - description:

Specifies the number of previous passwords that IAM users are prevented from reusing.

If you do not specify a value for this parameter, then the operation uses the default value of 0. The result is that IAM users are not prevented from reusing previous passwords.

+ RequireLowercaseCharacters: + allOf: + - $ref: '#/components/schemas/booleanType' + - description:

Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z).

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one lowercase character.

+ RequireNumbers: + allOf: + - $ref: '#/components/schemas/booleanType' + - description:

Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one numeric character.

+ RequireSymbols: + allOf: + - $ref: '#/components/schemas/booleanType' + - description: '

Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters:

! @ # $ % ^ & * ( ) _ + - = [ ] { } | ''

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one symbol character.

' + RequireUppercaseCharacters: + allOf: + - $ref: '#/components/schemas/booleanType' + - description:

Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one uppercase character.

+ title: UpdateAccountPasswordPolicyRequest + type: object + UpdateLoginProfileRequest: + properties: + Password: + allOf: + - $ref: '#/components/schemas/passwordType' + - description: >- +

The new password for the specified IAM user.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through + \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

However, the format can be further restricted by the account administrator by setting a password policy on the Amazon Web Services account. For more information, see UpdateAccountPasswordPolicy.

+ PasswordResetRequired: + allOf: + - $ref: '#/components/schemas/booleanObjectType' + - description: Allows this new password to be used only once by requiring the specified IAM user to set a new password on next sign-in. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the user whose password you want to update.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + title: UpdateLoginProfileRequest + type: object + UpdateSSHPublicKeyRequest: + properties: + SSHPublicKeyId: + allOf: + - $ref: '#/components/schemas/publicKeyIdType' + - description:

The unique identifier for the SSH public key.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status to assign to the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user associated with the SSH public key.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + - SSHPublicKeyId + - Status + title: UpdateSSHPublicKeyRequest + type: object + UpdateServiceSpecificCredentialRequest: + properties: + ServiceSpecificCredentialId: + allOf: + - $ref: '#/components/schemas/serviceSpecificCredentialId' + - description:

The unique identifier of the service-specific credential.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: The status to be assigned to the service-specific credential. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user associated with the service-specific credential. If you do not specify this value, then the operation assumes the user whose credentials are used to call the operation.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - ServiceSpecificCredentialId + - Status + title: UpdateServiceSpecificCredentialRequest + type: object + UpdateSigningCertificateRequest: + properties: + CertificateId: + allOf: + - $ref: '#/components/schemas/certificateIdType' + - description:

The ID of the signing certificate you want to update.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ Status: + allOf: + - $ref: '#/components/schemas/statusType' + - description: ' The status you want to assign to the certificate. Active means that the certificate can be used for programmatic calls to Amazon Web Services Inactive means that the certificate cannot be used.' + UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the IAM user the signing certificate belongs to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - CertificateId + - Status + title: UpdateSigningCertificateRequest + type: object + UploadSSHPublicKeyRequest: + properties: + SSHPublicKeyBody: + allOf: + - $ref: '#/components/schemas/publicKeyMaterialType' + - description: >- +

The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. The minimum bit-length of the public key is 2048 bits. For example, you can generate a 2048-bit key, and the resulting PEM file is 1679 bytes long.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: '

The name of the IAM user to associate the SSH public key with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - UserName + - SSHPublicKeyBody + title: UploadSSHPublicKeyRequest + type: object + UploadSSHPublicKeyResponse: + description: Contains the response to a successful UploadSSHPublicKey request. + properties: + SSHPublicKey: + allOf: + - $ref: '#/components/schemas/SSHPublicKey' + - description: Contains information about the SSH public key. + type: object + UploadSigningCertificateRequest: + properties: + CertificateBody: + allOf: + - $ref: '#/components/schemas/certificateBodyType' + - description: >- +

The contents of the signing certificate.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ UserName: + allOf: + - $ref: '#/components/schemas/existingUserNameType' + - description: '

The name of the user the signing certificate is for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + required: + - CertificateBody + title: UploadSigningCertificateRequest + type: object + UploadSigningCertificateResponse: + description: 'Contains the response to a successful UploadSigningCertificate request. ' + example: + Certificate: + CertificateBody: '-----BEGIN CERTIFICATE----------END CERTIFICATE-----' + CertificateId: ID123456789012345EXAMPLE + Status: Active + UploadDate: '2015-06-06T21:40:08.121Z' + UserName: Bob + properties: + Certificate: + allOf: + - $ref: '#/components/schemas/SigningCertificate' + - description: Information about the certificate. + required: + - Certificate + type: object + UserDetail: + description:

Contains information about an IAM user, including all the user's policies and all the IAM groups the user is in.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

+ properties: + Arn: + $ref: '#/components/schemas/arnType' + AttachedManagedPolicies: + allOf: + - $ref: '#/components/schemas/attachedPoliciesListType' + - description: A list of the managed policies attached to the user. + CreateDate: + allOf: + - $ref: '#/components/schemas/dateType' + - description: The date and time, in ISO 8601 date-time format, when the user was created. + GroupList: + allOf: + - $ref: '#/components/schemas/groupNameListType' + - description: A list of IAM groups that the user is in. + Path: + allOf: + - $ref: '#/components/schemas/pathType' + - description: The path to the user. For more information about paths, see IAM identifiers in the IAM User Guide. + PermissionsBoundary: + allOf: + - $ref: '#/components/schemas/AttachedPermissionsBoundary' + - description:

The ARN of the policy used to set the permissions boundary for the user.

For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.

+ Tags: + allOf: + - $ref: '#/components/schemas/tagListType' + - description: A list of tags that are associated with the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide. + UserId: + allOf: + - $ref: '#/components/schemas/idType' + - description: The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide. + UserName: + allOf: + - $ref: '#/components/schemas/userNameType' + - description: The friendly name identifying the user. + UserPolicyList: + allOf: + - $ref: '#/components/schemas/policyDetailListType' + - description: A list of the inline policies embedded in the user. + type: object + accessKeyIdType: + maxLength: 128 + minLength: 16 + pattern: '[\w]+' + type: string + accessKeyMetadataListType: + description:

Contains a list of access key metadata.

This data type is used as a response element in the ListAccessKeys operation.

+ items: + allOf: + - $ref: '#/components/schemas/AccessKeyMetadata' + - xml: + name: member + type: array + accessKeySecretType: + format: password + type: string + accountAliasListType: + items: + allOf: + - $ref: '#/components/schemas/accountAliasType' + - xml: + name: member + type: array + accountAliasType: + maxLength: 63 + minLength: 3 + pattern: ^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$ + type: string + arnType: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ maxLength: 2048 + minLength: 20 + type: string + attachedPoliciesListType: + items: + allOf: + - $ref: '#/components/schemas/AttachedPolicy' + - xml: + name: member + type: array + attachmentCountType: + type: integer + authenticationCodeType: + maxLength: 6 + minLength: 6 + pattern: '[\d]+' + type: string + booleanObjectType: + type: boolean + booleanType: + type: boolean + certificateBodyType: + maxLength: 16384 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + certificateChainType: + maxLength: 2097152 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + certificateIdType: + maxLength: 128 + minLength: 24 + pattern: '[\w]+' + type: string + certificateListType: + description:

Contains a list of signing certificates.

This data type is used as a response element in the ListSigningCertificates operation.

+ items: + allOf: + - $ref: '#/components/schemas/SigningCertificate' + - xml: + name: member + type: array + customSuffixType: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + dateType: + format: date-time + type: string + encodingType: + enum: + - SSH + - PEM + type: string + entityDetailsListType: + items: + allOf: + - $ref: '#/components/schemas/EntityDetails' + - xml: + name: member + type: array + entityListType: + items: + allOf: + - $ref: '#/components/schemas/EntityType' + - xml: + name: member + type: array + existingUserNameType: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + groupDetailListType: + items: + allOf: + - $ref: '#/components/schemas/GroupDetail' + - xml: + name: member + type: array + groupListType: + description:

Contains a list of IAM groups.

This data type is used as a response element in the ListGroups operation.

+ items: + allOf: + - $ref: '#/components/schemas/Group' + - xml: + name: member + type: array + groupNameListType: + items: + allOf: + - $ref: '#/components/schemas/groupNameType' + - xml: + name: member + type: array + groupNameType: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + idType: + maxLength: 128 + minLength: 16 + pattern: '[\w]+' + type: string + instanceProfileListType: + description: Contains a list of instance profiles. + items: + allOf: + - $ref: '#/components/schemas/InstanceProfile' + - xml: + name: member + type: array + instanceProfileNameType: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + jobIDType: + maxLength: 36 + minLength: 36 + type: string + jobStatusType: + enum: + - IN_PROGRESS + - COMPLETED + - FAILED + type: string + markerType: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + maxItemsType: + maximum: 1000 + minimum: 1 + type: integer + maxPasswordAgeType: + maximum: 1095 + minimum: 1 + type: integer + mfaDeviceListType: + description:

Contains a list of MFA devices.

This data type is used as a response element in the ListMFADevices and ListVirtualMFADevices operations.

+ items: + allOf: + - $ref: '#/components/schemas/MFADevice' + - xml: + name: member + type: array + minimumPasswordLengthType: + maximum: 128 + minimum: 6 + type: integer + passwordReusePreventionType: + maximum: 24 + minimum: 1 + type: integer + passwordType: + format: password + maxLength: 128 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + pathType: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + policyDescriptionType: + maxLength: 1000 + type: string + policyDetailListType: + items: + allOf: + - $ref: '#/components/schemas/PolicyDetail' + - xml: + name: member + type: array + policyDocumentType: + maxLength: 131072 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + policyDocumentVersionListType: + items: + allOf: + - $ref: '#/components/schemas/PolicyVersion' + - xml: + name: member + type: array + policyListType: + items: + allOf: + - $ref: '#/components/schemas/Policy' + - xml: + name: member + type: array + policyNameListType: + description:

Contains a list of policy names.

This data type is used as a response element in the ListPolicies operation.

+ items: + allOf: + - $ref: '#/components/schemas/policyNameType' + - xml: + name: member + type: array + policyNameType: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + policyOwnerEntityType: + enum: + - USER + - ROLE + - GROUP + type: string + policyPathType: + maxLength: 512 + minLength: 1 + pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ + type: string + policyScopeType: + enum: + - All + - AWS + - Local + type: string + policyVersionIdType: + pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)? + type: string + publicKeyFingerprintType: + maxLength: 48 + minLength: 48 + pattern: '[:\w]+' + type: string + publicKeyIdType: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + publicKeyMaterialType: + maxLength: 16384 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + responseMarkerType: + type: string + roleDescriptionType: + maxLength: 1000 + pattern: '[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]*' + type: string + roleDetailListType: + items: + allOf: + - $ref: '#/components/schemas/RoleDetail' + - xml: + name: member + type: array + roleListType: + description:

Contains a list of IAM roles.

This data type is used as a response element in the ListRoles operation.

+ items: + allOf: + - $ref: '#/components/schemas/Role' + - xml: + name: member + type: array + roleMaxSessionDurationType: + maximum: 43200 + minimum: 3600 + type: integer + roleNameType: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + serialNumberType: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + serverCertificateNameType: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + serviceName: + type: string + serviceNamespaceType: + maxLength: 64 + minLength: 1 + pattern: '[\w-]*' + type: string + servicePassword: + format: password + type: string + serviceSpecificCredentialId: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + serviceUserName: + maxLength: 200 + minLength: 17 + pattern: '[\w+=,.@-]+' + type: string + statusType: + enum: + - Active + - Inactive + type: string + stringType: + type: string + summaryValueType: + type: integer + summaryMapType: + additionalProperties: + $ref: '#/components/schemas/summaryValueType' + type: object + tagKeyListType: + items: + allOf: + - $ref: '#/components/schemas/tagKeyType' + - xml: + name: member + maxItems: 50 + type: array + tagKeyType: + maxLength: 128 + minLength: 1 + pattern: '[\p{L}\p{Z}\p{N}_.:/=+\-@]+' + type: string + tagListType: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + tagValueType: + maxLength: 256 + minLength: 0 + pattern: '[\p{L}\p{Z}\p{N}_.:/=+\-@]*' + type: string + userDetailListType: + items: + allOf: + - $ref: '#/components/schemas/UserDetail' + - xml: + name: member + type: array + userNameType: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + GroupPolicy: + type: object + properties: + PolicyDocument: + description: |- + The policy document. + You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. + The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range + + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) + + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) + type: object + PolicyName: + description: |- + The name of the policy document. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + type: string + GroupName: + description: |- + The name of the group to associate the policy with. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. + type: string + required: + - PolicyName + - GroupName + x-stackql-resource-name: group_policy + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM group. + A group can also have managed policies attached to it. To attach a managed policy to a group, use [AWS::IAM::Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. + For information about the maximum number of inline policies that you can embed in a group, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. + x-type-name: AWS::IAM::GroupPolicy + x-stackql-primary-identifier: + - PolicyName + - GroupName + x-create-only-properties: + - PolicyName + - GroupName + x-required-properties: + - PolicyName + - GroupName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:PutGroupPolicy + - iam:GetGroupPolicy + read: + - iam:GetGroupPolicy + update: + - iam:PutGroupPolicy + - iam:GetGroupPolicy + delete: + - iam:DeleteGroupPolicy + - iam:GetGroupPolicy + ManagedPolicy: + type: object + properties: + Description: + type: string + description: |- + A friendly description of the policy. + Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." + The policy description is immutable. After a value is assigned, it cannot be changed. + Groups: + x-insertionOrder: false + type: array + description: |- + The name (friendly name, not ARN) of the group to attach the policy to. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + uniqueItems: true + items: + type: string + ManagedPolicyName: + type: string + description: |- + The friendly name of the policy. + If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). + Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. + Path: + type: string + default: / + description: |- + The path for the policy. + For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + You cannot use an asterisk (*) in the path name. + PolicyDocument: + type: object + description: |- + The JSON policy document that you want to use as the content for the new policy. + You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. + The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide*. + The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range + + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) + + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) + Roles: + x-insertionOrder: false + type: array + description: |- + The name (friendly name, not ARN) of the role to attach the policy to. + This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy``) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service``) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that CFN deletes the ``AWS::ECS::Service`` resource before deleting its role's policy. + uniqueItems: true + items: + type: string + Users: + x-insertionOrder: false + type: array + description: |- + The name (friendly name, not ARN) of the IAM user to attach the policy to. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + uniqueItems: true + items: + type: string + PolicyArn: + type: string + description: '' + AttachmentCount: + type: integer + description: '' + CreateDate: + type: string + description: '' + UpdateDate: + type: string + description: '' + DefaultVersionId: + type: string + description: '' + IsAttachable: + type: boolean + description: '' + PermissionsBoundaryUsageCount: + type: integer + description: '' + PolicyId: + type: string + description: '' + required: + - PolicyDocument + x-stackql-resource-name: managed_policy + description: |- + Creates a new managed policy for your AWS-account. + This operation creates a policy version with a version identifier of ``v1`` and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide*. + As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide*. + For more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. + x-type-name: AWS::IAM::ManagedPolicy + x-stackql-primary-identifier: + - PolicyArn + x-create-only-properties: + - ManagedPolicyName + - Description + - Path + x-read-only-properties: + - PolicyArn + - AttachmentCount + - CreateDate + - DefaultVersionId + - IsAttachable + - PermissionsBoundaryUsageCount + - PolicyId + - UpdateDate + x-required-properties: + - PolicyDocument + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:CreatePolicy + - iam:AttachGroupPolicy + - iam:AttachUserPolicy + - iam:AttachRolePolicy + read: + - iam:GetPolicy + - iam:ListEntitiesForPolicy + - iam:GetPolicyVersion + update: + - iam:DetachRolePolicy + - iam:GetPolicy + - iam:ListPolicyVersions + - iam:DetachGroupPolicy + - iam:DetachUserPolicy + - iam:CreatePolicyVersion + - iam:DeletePolicyVersion + - iam:AttachGroupPolicy + - iam:AttachUserPolicy + - iam:AttachRolePolicy + delete: + - iam:DetachRolePolicy + - iam:GetPolicy + - iam:ListPolicyVersions + - iam:DetachGroupPolicy + - iam:DetachUserPolicy + - iam:DeletePolicyVersion + - iam:DeletePolicy + - iam:ListEntitiesForPolicy + list: + - iam:ListPolicies + OIDCProvider: + type: object + properties: + ClientIdList: + type: array + x-insertionOrder: false + items: + minLength: 1 + maxLength: 255 + type: string + Url: + minLength: 1 + maxLength: 255 + type: string + ThumbprintList: + type: array + x-insertionOrder: false + items: + minLength: 40 + maxLength: 40 + pattern: '[0-9A-Fa-f]{40}' + type: string + maxItems: 5 + Arn: + description: Amazon Resource Name (ARN) of the OIDC provider + minLength: 20 + maxLength: 2048 + type: string + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: oidc_provider + description: Resource Type definition for AWS::IAM::OIDCProvider + x-type-name: AWS::IAM::OIDCProvider + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Url + x-read-only-properties: + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - iam:TagOpenIDConnectProvider + - iam:UntagOpenIDConnectProvider + - iam:ListOpenIDConnectProviderTags + x-required-permissions: + create: + - iam:CreateOpenIDConnectProvider + - iam:TagOpenIDConnectProvider + - iam:GetOpenIDConnectProvider + read: + - iam:GetOpenIDConnectProvider + update: + - iam:UpdateOpenIDConnectProviderThumbprint + - iam:RemoveClientIDFromOpenIDConnectProvider + - iam:AddClientIDToOpenIDConnectProvider + - iam:GetOpenIDConnectProvider + - iam:TagOpenIDConnectProvider + - iam:UntagOpenIDConnectProvider + - iam:ListOpenIDConnectProviderTags + delete: + - iam:DeleteOpenIDConnectProvider + list: + - iam:ListOpenIDConnectProvider + - iam:GetOpenIDConnectProvider + RolePolicy: + type: object + properties: + PolicyDocument: + description: |- + The policy document. + You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. + The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range + + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) + + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) + type: object + PolicyName: + description: |- + The name of the policy document. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + type: string + RoleName: + description: |- + The name of the role to associate the policy with. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + type: string + required: + - PolicyName + - RoleName + x-stackql-resource-name: role_policy + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM role. + When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). You can update a role's trust policy using [UpdateAssumeRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). For information about roles, see [roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) in the *IAM User Guide*. + A role can also have a managed policy attached to it. To attach a managed policy to a role, use [AWS::IAM::Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. + For information about the maximum number of inline policies that you can embed with a role, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. + x-type-name: AWS::IAM::RolePolicy + x-stackql-primary-identifier: + - PolicyName + - RoleName + x-create-only-properties: + - PolicyName + - RoleName + x-required-properties: + - PolicyName + - RoleName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:PutRolePolicy + - iam:GetRolePolicy + read: + - iam:GetRolePolicy + update: + - iam:PutRolePolicy + - iam:GetRolePolicy + delete: + - iam:DeleteRolePolicy + - iam:GetRolePolicy + SAMLProvider: + type: object + properties: + Name: + minLength: 1 + maxLength: 128 + pattern: '[\w._-]+' + type: string + SamlMetadataDocument: + minLength: 1000 + maxLength: 10000000 + type: string + Arn: + description: Amazon Resource Name (ARN) of the SAML provider + minLength: 1 + maxLength: 1600 + type: string + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - SamlMetadataDocument + x-stackql-resource-name: saml_provider + description: Resource Type definition for AWS::IAM::SAMLProvider + x-type-name: AWS::IAM::SAMLProvider + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Arn + x-required-properties: + - SamlMetadataDocument + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - iam:TagSAMLProvider + - iam:ListSAMLProviderTags + - iam:UntagSAMLProvider + x-required-permissions: + create: + - iam:CreateSAMLProvider + - iam:GetSAMLProvider + - iam:TagSAMLProvider + read: + - iam:GetSAMLProvider + update: + - iam:UpdateSAMLProvider + - iam:GetSAMLProvider + - iam:TagSAMLProvider + - iam:ListSAMLProviderTags + - iam:UntagSAMLProvider + delete: + - iam:DeleteSAMLProvider + list: + - iam:ListSAMLProviders + - iam:GetSAMLProvider + ServiceLinkedRole: + type: object + properties: + RoleName: + description: The name of the role. + type: string + CustomSuffix: + description: A string that you provide, which is combined with the service-provided prefix to form the complete role name. + type: string + Description: + description: The description of the role. + type: string + AWSServiceName: + description: The service principal for the AWS service to which this role is attached. + type: string + required: [] + x-stackql-resource-name: service_linked_role + description: Resource Type definition for AWS::IAM::ServiceLinkedRole + x-type-name: AWS::IAM::ServiceLinkedRole + x-stackql-primary-identifier: + - RoleName + x-create-only-properties: + - CustomSuffix + - AWSServiceName + x-write-only-properties: + - CustomSuffix + - AWSServiceName + x-read-only-properties: + - RoleName + x-required-properties: [] + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:CreateServiceLinkedRole + - iam:GetRole + read: + - iam:GetRole + update: + - iam:UpdateRole + - iam:GetRole + delete: + - iam:DeleteServiceLinkedRole + - iam:GetServiceLinkedRoleDeletionStatus + - iam:GetRole + User: + type: object + properties: + Path: + description: |- + The path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + type: string + ManagedPolicyArns: + description: |- + A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user. + For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Policies: + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user). + The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail. + For information about limits on the number of inline policies that you can embed in a user, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Policy' + UserName: + description: |- + The name of the user to create. Do not include the path in this value. + This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john". + If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name. + If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). + Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. + type: string + Groups: + description: A list of group names to which you want to add the user. + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + Arn: + description: '' + type: string + LoginProfile: + description: |- + Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the console. + You can use the CLI, the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the console. + For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*. + $ref: '#/components/schemas/LoginProfile' + Tags: + description: |- + A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. + If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + PermissionsBoundary: + description: |- + The ARN of the managed policy that is used to set the permissions boundary for the user. + A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*. + For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide*. + type: string + x-stackql-resource-name: user + description: |- + Creates a new IAM user for your AWS-account. + For information about quotas for the number of IAM users you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. + x-type-name: AWS::IAM::User + x-stackql-primary-identifier: + - UserName + x-create-only-properties: + - UserName + x-write-only-properties: + - LoginProfile/Password + x-read-only-properties: + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - iam:CreateLoginProfile + - iam:AddUserToGroup + - iam:PutUserPolicy + - iam:AttachUserPolicy + - iam:CreateUser + - iam:GetUser + - iam:TagUser + read: + - iam:GetUserPolicy + - iam:ListGroupsForUser + - iam:ListAttachedUserPolicies + - iam:ListUserPolicies + - iam:GetUser + - iam:GetLoginProfile + update: + - iam:UpdateLoginProfile + - iam:UpdateUser + - iam:PutUserPermissionsBoundary + - iam:AttachUserPolicy + - iam:DeleteUserPolicy + - iam:DeleteUserPermissionsBoundary + - iam:TagUser + - iam:UntagUser + - iam:CreateLoginProfile + - iam:RemoveUserFromGroup + - iam:AddUserToGroup + - iam:PutUserPolicy + - iam:DetachUserPolicy + - iam:GetLoginProfile + - iam:DeleteLoginProfile + - iam:GetUser + - iam:ListUserTags + delete: + - iam:DeleteAccessKey + - iam:RemoveUserFromGroup + - iam:DeleteUserPolicy + - iam:DeleteUser + - iam:DetachUserPolicy + - iam:DeleteLoginProfile + - iam:ListAccessKeys + - iam:GetUserPolicy + - iam:ListGroupsForUser + - iam:ListAttachedUserPolicies + - iam:ListUserPolicies + - iam:GetUser + - iam:GetLoginProfile + list: + - iam:listUsers + UserPolicy: + type: object + properties: + PolicyDocument: + description: |- + The policy document. + You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. + The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range + + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) + + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) + type: object + PolicyName: + description: |- + The name of the policy document. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + type: string + UserName: + description: |- + The name of the user to associate the policy with. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + type: string + required: + - PolicyName + - UserName + x-stackql-resource-name: user_policy + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM user. + An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use [AWS::IAM::User](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. + For information about the maximum number of inline policies that you can embed in a user, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. + x-type-name: AWS::IAM::UserPolicy + x-stackql-primary-identifier: + - PolicyName + - UserName + x-create-only-properties: + - PolicyName + - UserName + x-required-properties: + - PolicyName + - UserName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - iam:PutUserPolicy + - iam:GetUserPolicy + read: + - iam:GetUserPolicy + update: + - iam:PutUserPolicy + - iam:GetUserPolicy + delete: + - iam:DeleteUserPolicy + - iam:GetUserPolicy + VirtualMFADevice: + type: object + properties: + VirtualMfaDeviceName: + minLength: 1 + maxLength: 226 + pattern: '[\w+=,.@-]+' + type: string + Path: + minLength: 1 + maxLength: 512 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + SerialNumber: + minLength: 9 + maxLength: 256 + pattern: '[\w+=/:,.@-]+' + type: string + Users: + type: array + uniqueItems: false + items: + type: string + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + required: + - Users + x-stackql-resource-name: virtualmfa_device + description: Resource Type definition for AWS::IAM::VirtualMFADevice + x-type-name: AWS::IAM::VirtualMFADevice + x-stackql-primary-identifier: + - SerialNumber + x-create-only-properties: + - VirtualMfaDeviceName + - Base32StringSeed + - Path + x-read-only-properties: + - SerialNumber + x-required-properties: + - Users + x-required-permissions: + create: + - iam:CreateVirtualMFADevice + - iam:EnableMFADevice + - iam:ListVirtualMFADevices + read: + - iam:ListVirtualMFADevices + update: + - iam:TagMFADevice + - iam:UntagMFADevice + delete: + - iam:DeleteVirtualMFADevice + - iam:DeactivateMFADevice + list: + - iam:ListVirtualMFADevices + CreateGroupRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + description: '' + type: string + GroupName: + description: |- + The name of the group to create. Do not include the path in this value. + The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the group name. + If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). + Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. + type: string + ManagedPolicyArns: + description: |- + The Amazon Resource Name (ARN) of the IAM policy you want to attach. + For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Path: + description: |- + The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + type: string + Policies: + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group). + The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail. + For information about limits on the number of inline policies that you can embed in a group, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Policy' + x-stackQL-stringOnly: true + x-title: CreateGroupRequest + type: object + required: [] + CreateGroupPolicyRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + PolicyDocument: + description: |- + The policy document. + You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. + The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range + + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) + + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) + type: object + PolicyName: + description: |- + The name of the policy document. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + type: string + GroupName: + description: |- + The name of the group to associate the policy with. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. + type: string + x-stackQL-stringOnly: true + x-title: CreateGroupPolicyRequest + type: object + required: [] + CreateInstanceProfileRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Path: + type: string + description: |- + The path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + Roles: + type: array + description: The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions. + uniqueItems: true + x-insertionOrder: false + items: + type: string + InstanceProfileName: + type: string + description: |- + The name of the instance profile to create. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + Arn: + type: string + description: '' + x-stackQL-stringOnly: true + x-title: CreateInstanceProfileRequest + type: object + required: [] + CreateManagedPolicyRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Description: + type: string + description: |- + A friendly description of the policy. + Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." + The policy description is immutable. After a value is assigned, it cannot be changed. + Groups: + x-insertionOrder: false + type: array + description: |- + The name (friendly name, not ARN) of the group to attach the policy to. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + uniqueItems: true + items: + type: string + ManagedPolicyName: + type: string + description: |- + The friendly name of the policy. + If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). + Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. + Path: + type: string + default: / + description: |- + The path for the policy. + For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + You cannot use an asterisk (*) in the path name. + PolicyDocument: + type: object + description: |- + The JSON policy document that you want to use as the content for the new policy. + You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. + The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide*. + The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range + + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) + + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) + Roles: + x-insertionOrder: false + type: array + description: |- + The name (friendly name, not ARN) of the role to attach the policy to. + This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy``) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service``) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that CFN deletes the ``AWS::ECS::Service`` resource before deleting its role's policy. + uniqueItems: true + items: + type: string + Users: + x-insertionOrder: false + type: array + description: |- + The name (friendly name, not ARN) of the IAM user to attach the policy to. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + uniqueItems: true + items: + type: string + PolicyArn: + type: string + description: '' + AttachmentCount: + type: integer + description: '' + CreateDate: + type: string + description: '' + UpdateDate: + type: string + description: '' + DefaultVersionId: + type: string + description: '' + IsAttachable: + type: boolean + description: '' + PermissionsBoundaryUsageCount: + type: integer + description: '' + PolicyId: + type: string + description: '' + x-stackQL-stringOnly: true + x-title: CreateManagedPolicyRequest + type: object + required: [] + CreateOIDCProviderRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ClientIdList: + type: array + x-insertionOrder: false + items: + minLength: 1 + maxLength: 255 + type: string + Url: + minLength: 1 + maxLength: 255 + type: string + ThumbprintList: + type: array + x-insertionOrder: false + items: + minLength: 40 + maxLength: 40 + pattern: '[0-9A-Fa-f]{40}' + type: string + maxItems: 5 + Arn: + description: Amazon Resource Name (ARN) of the OIDC provider + minLength: 20 + maxLength: 2048 + type: string + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateOIDCProviderRequest + type: object + required: [] + CreateRoleRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + description: '' + type: string + AssumeRolePolicyDocument: + description: >- + The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements + Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*. + type: object + Description: + description: A description of the role that you provide. + type: string + ManagedPolicyArns: + description: |- + A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. + For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + MaxSessionDuration: + description: |- + The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours. + Anyone who assumes the role from the CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*. + type: integer + Path: + description: |- + The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + default: / + type: string + PermissionsBoundary: + description: |- + The ARN of the policy used to set the permissions boundary for the role. + For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*. + type: string + Policies: + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM role. + When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html). + A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*. + For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. + If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy``) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service``) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that CFN deletes the ``AWS::ECS::Service`` resource before deleting its role's policy. + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Policy' + RoleId: + description: '' + type: string + RoleName: + description: |- + A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*. + This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1". + If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name. + If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). + Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. + type: string + Tags: + description: A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateRoleRequest + type: object + required: [] + CreateRolePolicyRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + PolicyDocument: + description: |- + The policy document. + You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. + The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range + + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) + + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) + type: object + PolicyName: + description: |- + The name of the policy document. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + type: string + RoleName: + description: |- + The name of the role to associate the policy with. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + type: string + x-stackQL-stringOnly: true + x-title: CreateRolePolicyRequest + type: object + required: [] + CreateSAMLProviderRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Name: + minLength: 1 + maxLength: 128 + pattern: '[\w._-]+' + type: string + SamlMetadataDocument: + minLength: 1000 + maxLength: 10000000 + type: string + Arn: + description: Amazon Resource Name (ARN) of the SAML provider + minLength: 1 + maxLength: 1600 + type: string + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateSAMLProviderRequest + type: object + required: [] + CreateServerCertificateRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + CertificateBody: + minLength: 1 + maxLength: 16384 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + CertificateChain: + minLength: 1 + maxLength: 2097152 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + ServerCertificateName: + minLength: 1 + maxLength: 128 + pattern: '[\w+=,.@-]+' + type: string + Path: + minLength: 1 + maxLength: 512 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + PrivateKey: + minLength: 1 + maxLength: 16384 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + Arn: + description: Amazon Resource Name (ARN) of the server certificate + minLength: 1 + maxLength: 1600 + type: string + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateServerCertificateRequest + type: object + required: [] + CreateUserRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Path: + description: |- + The path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. + This parameter is optional. If it is not included, it defaults to a slash (/). + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters. + type: string + ManagedPolicyArns: + description: |- + A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user. + For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. + type: array + uniqueItems: true + x-insertionOrder: false + items: + type: string + Policies: + description: |- + Adds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user). + The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail. + For information about limits on the number of inline policies that you can embed in a user, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Policy' + UserName: + description: |- + The name of the user to create. Do not include the path in this value. + This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john". + If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name. + If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). + Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. + type: string + Groups: + description: A list of group names to which you want to add the user. + type: array + uniqueItems: false + x-insertionOrder: false + items: + type: string + Arn: + description: '' + type: string + LoginProfile: + description: |- + Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the console. + You can use the CLI, the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the console. + For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*. + $ref: '#/components/schemas/LoginProfile' + Tags: + description: |- + A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. + If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + PermissionsBoundary: + description: |- + The ARN of the managed policy that is used to set the permissions boundary for the user. + A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*. + For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide*. + type: string + x-stackQL-stringOnly: true + x-title: CreateUserRequest + type: object + required: [] + CreateUserPolicyRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + PolicyDocument: + description: |- + The policy document. + You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. + The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range + + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``) + + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) + type: object + PolicyName: + description: |- + The name of the policy document. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + type: string + UserName: + description: |- + The name of the user to associate the policy with. + This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- + type: string + x-stackQL-stringOnly: true + x-title: CreateUserPolicyRequest + type: object + required: [] + CreateVirtualMFADeviceRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + VirtualMfaDeviceName: + minLength: 1 + maxLength: 226 + pattern: '[\w+=,.@-]+' + type: string + Path: + minLength: 1 + maxLength: 512 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + SerialNumber: + minLength: 9 + maxLength: 256 + pattern: '[\w+=/:,.@-]+' + type: string + Users: + type: array + uniqueItems: false + items: + type: string + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateVirtualMFADeviceRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + access_key_last_used: + id: aws.iam.access_key_last_used + x-cfn-schema-name: GetAccessKeyLastUsedResponse + x-example-where-clause: WHERE region = 'us-east-1' /* always 'us-east-1' for iam */ AND AccessKeyId = '' + x-type: native + methods: + access_key_last_used_Get: + operation: + $ref: '#/paths/~1?Action=GetAccessKeyLastUsed&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetAccessKeyLastUsedResult + openAPIDocKey: '200' + name: access_key_last_used + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/access_key_last_used/methods/access_key_last_used_Get' + update: [] + title: access_key_last_used + access_keys: + id: aws.iam.access_keys + methods: + access_keys_Create: + operation: + $ref: '#/paths/~1?Action=CreateAccessKey&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + access_keys_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteAccessKey&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + access_keys_List: + operation: + $ref: '#/paths/~1?Action=ListAccessKeys&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListAccessKeysResult/AccessKeyMetadata/member + openAPIDocKey: '200' + access_keys_Update: operation: - $ref: '#/paths/~1?Action=AttachRolePolicy&Version=2010-05-08&__nativeEndpoint=true/get' + $ref: '#/paths/~1?Action=UpdateAccessKey&Version=2010-05-08&__nativeEndpoint=true/get' response: openAPIDocKey: '200' + name: access_keys + sqlVerbs: delete: - serviceName: iam + - $ref: '#/components/x-stackQL-resources/access_keys/methods/access_keys_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/access_keys/methods/access_keys_Create' + select: + - $ref: '#/components/x-stackQL-resources/access_keys/methods/access_keys_List' + update: [] + title: access_keys + account_aliases: + id: aws.iam.account_aliases + methods: + account_aliases_List: operation: - $ref: '#/paths/~1?Action=DeleteRolePolicy&Version=2010-05-08&__nativeEndpoint=true/get' + $ref: '#/paths/~1?Action=ListAccountAliases&Version=2010-05-08&__nativeEndpoint=true/get' response: + mediaType: text/xml + objectKey: /*/ListAccountAliasesResult/AccountAliases/member openAPIDocKey: '200' - detach: - serviceName: iam + name: account_aliases + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/account_aliases/methods/account_aliases_List' + update: [] + title: account_aliases + account_authorization_details: + id: aws.iam.account_authorization_details + methods: + account_authorization_details_Get: operation: - $ref: '#/paths/~1?Action=DetachRolePolicy&Version=2010-05-08&__nativeEndpoint=true/get' + $ref: '#/paths/~1?Action=GetAccountAuthorizationDetails&Version=2010-05-08&__nativeEndpoint=true/get' response: + mediaType: text/xml + objectKey: /*/GetAccountAuthorizationDetailsResult openAPIDocKey: '200' - get: - serviceName: iam + name: account_authorization_details + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/account_authorization_details/methods/account_authorization_details_Get' + update: [] + title: account_authorization_details + account_password_policies: + id: aws.iam.account_password_policies + methods: + account_password_policies_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteAccountPasswordPolicy&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + account_password_policies_Get: + operation: + $ref: '#/paths/~1?Action=GetAccountPasswordPolicy&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetAccountPasswordPolicyResult + openAPIDocKey: '200' + account_password_policies_Update: + operation: + $ref: '#/paths/~1?Action=UpdateAccountPasswordPolicy&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + name: account_password_policies + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/account_password_policies/methods/account_password_policies_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/account_password_policies/methods/account_password_policies_Get' + update: [] + title: account_password_policies + account_summaries: + id: aws.iam.account_summaries + methods: + account_summaries_Get: + operation: + $ref: '#/paths/~1?Action=GetAccountSummary&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetAccountSummaryResult + openAPIDocKey: '200' + name: account_summaries + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/account_summaries/methods/account_summaries_Get' + update: [] + title: account_summaries + attached_group_policies: + id: aws.iam.attached_group_policies + methods: + attached_group_policies_List: + operation: + $ref: '#/paths/~1?Action=ListAttachedGroupPolicies&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListAttachedGroupPoliciesResult/AttachedPolicies/member + openAPIDocKey: '200' + name: attached_group_policies + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/attached_group_policies/methods/attached_group_policies_List' + update: [] + title: attached_group_policies + attached_role_policies: + id: aws.iam.attached_role_policies + methods: + attached_role_policies_List: + operation: + $ref: '#/paths/~1?Action=ListAttachedRolePolicies&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListAttachedRolePoliciesResult/AttachedPolicies/member + openAPIDocKey: '200' + name: attached_role_policies + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/attached_role_policies/methods/attached_role_policies_List' + update: [] + title: attached_role_policies + attached_user_policies: + id: aws.iam.attached_user_policies + methods: + attached_user_policies_List: + operation: + $ref: '#/paths/~1?Action=ListAttachedUserPolicies&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListAttachedUserPoliciesResult/AttachedPolicies/member + openAPIDocKey: '200' + name: attached_user_policies + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/attached_user_policies/methods/attached_user_policies_List' + update: [] + title: attached_user_policies + context_keys_for_custom_policies: + id: aws.iam.context_keys_for_custom_policies + methods: + context_keys_for_custom_policies_Get: + operation: + $ref: '#/paths/~1?Action=GetContextKeysForCustomPolicy&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetContextKeysForCustomPolicyResult + openAPIDocKey: '200' + name: context_keys_for_custom_policies + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/context_keys_for_custom_policies/methods/context_keys_for_custom_policies_Get' + update: [] + title: context_keys_for_custom_policies + context_keys_for_principal_policies: + id: aws.iam.context_keys_for_principal_policies + methods: + context_keys_for_principal_policies_Get: + operation: + $ref: '#/paths/~1?Action=GetContextKeysForPrincipalPolicy&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetContextKeysForPrincipalPolicyResult + openAPIDocKey: '200' + name: context_keys_for_principal_policies + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/context_keys_for_principal_policies/methods/context_keys_for_principal_policies_Get' + update: [] + title: context_keys_for_principal_policies + entities_for_policies: + id: aws.iam.entities_for_policies + methods: + entities_for_policies_List: + operation: + $ref: '#/paths/~1?Action=ListEntitiesForPolicy&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListEntitiesForPolicyResult/PolicyGroups/member + openAPIDocKey: '200' + name: entities_for_policies + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/entities_for_policies/methods/entities_for_policies_List' + update: [] + title: entities_for_policies + groups_for_user: + id: aws.iam.groups_for_user + methods: + groups_for_user_List: + operation: + $ref: '#/paths/~1?Action=ListGroupsForUser&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListGroupsForUserResult/Groups/member + openAPIDocKey: '200' + name: groups_for_user + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/groups_for_user/methods/groups_for_user_List' + update: [] + title: groups_for_user + instance_profiles_for_role: + id: aws.iam.instance_profiles_for_role + methods: + instance_profiles_for_role_List: + operation: + $ref: '#/paths/~1?Action=ListInstanceProfilesForRole&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListInstanceProfilesForRoleResult/InstanceProfiles/member + openAPIDocKey: '200' + name: instance_profiles_for_role + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/instance_profiles_for_role/methods/instance_profiles_for_role_List' + update: [] + title: instance_profiles_for_role + login_profiles: + id: aws.iam.login_profiles + methods: + login_profiles_Create: + operation: + $ref: '#/paths/~1?Action=CreateLoginProfile&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + login_profiles_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteLoginProfile&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + login_profiles_Get: + operation: + $ref: '#/paths/~1?Action=GetLoginProfile&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetLoginProfileResult + openAPIDocKey: '200' + login_profiles_Update: + operation: + $ref: '#/paths/~1?Action=UpdateLoginProfile&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + name: login_profiles + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/login_profiles/methods/login_profiles_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/login_profiles/methods/login_profiles_Create' + select: + - $ref: '#/components/x-stackQL-resources/login_profiles/methods/login_profiles_Get' + update: [] + title: login_profiles + mfa_device_tags: + id: aws.iam.mfa_device_tags + methods: + mfa_device_tags_List: + operation: + $ref: '#/paths/~1?Action=ListMFADeviceTags&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListMFADeviceTagsResult/Tags/member + openAPIDocKey: '200' + name: mfa_device_tags + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/mfa_device_tags/methods/mfa_device_tags_List' + update: [] + title: mfa_device_tags + mfa_devices: + id: aws.iam.mfa_devices + methods: + mfa_devices_Deactivate: + operation: + $ref: '#/paths/~1?Action=DeactivateMFADevice&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + mfa_devices_Enable: + operation: + $ref: '#/paths/~1?Action=EnableMFADevice&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + mfa_devices_List: + operation: + $ref: '#/paths/~1?Action=ListMFADevices&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListMFADevicesResult/MFADevices/member + openAPIDocKey: '200' + mfa_devices_Resync: + operation: + $ref: '#/paths/~1?Action=ResyncMFADevice&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + mfa_devices_Tag: + operation: + $ref: '#/paths/~1?Action=TagMFADevice&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + mfa_devices_Untag: + operation: + $ref: '#/paths/~1?Action=UntagMFADevice&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + name: mfa_devices + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/mfa_devices/methods/mfa_devices_List' + update: [] + title: mfa_devices + policy_tags: + id: aws.iam.policy_tags + methods: + policy_tags_List: + operation: + $ref: '#/paths/~1?Action=ListPolicyTags&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListPolicyTagsResult/Tags/member + openAPIDocKey: '200' + name: policy_tags + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/policy_tags/methods/policy_tags_List' + update: [] + title: policy_tags + policy_versions: + id: aws.iam.policy_versions + methods: + policy_versions_Create: + operation: + $ref: '#/paths/~1?Action=CreatePolicyVersion&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + policy_versions_Delete: + operation: + $ref: '#/paths/~1?Action=DeletePolicyVersion&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + policy_versions_Get: + operation: + $ref: '#/paths/~1?Action=GetPolicyVersion&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetPolicyVersionResult + openAPIDocKey: '200' + policy_versions_List: + operation: + $ref: '#/paths/~1?Action=ListPolicyVersions&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListPolicyVersionsResult/Versions/member + openAPIDocKey: '200' + name: policy_versions + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/policy_versions/methods/policy_versions_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/policy_versions/methods/policy_versions_Create' + select: + - $ref: '#/components/x-stackQL-resources/policy_versions/methods/policy_versions_Get' + - $ref: '#/components/x-stackQL-resources/policy_versions/methods/policy_versions_List' + update: [] + title: policy_versions + service_last_accessed_details_with_entities: + id: aws.iam.service_last_accessed_details_with_entities + methods: + service_last_accessed_details_with_entities_Get: + operation: + $ref: '#/paths/~1?Action=GetServiceLastAccessedDetailsWithEntities&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetServiceLastAccessedDetailsWithEntitiesResult + openAPIDocKey: '200' + name: service_last_accessed_details_with_entities + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/service_last_accessed_details_with_entities/methods/service_last_accessed_details_with_entities_Get' + update: [] + title: service_last_accessed_details_with_entities + service_linked_role_deletion_status: + id: aws.iam.service_linked_role_deletion_status + methods: + service_linked_role_deletion_status_Get: operation: - $ref: '#/paths/~1?Action=GetRolePolicy&Version=2010-05-08&__nativeEndpoint=true/get' + $ref: '#/paths/~1?Action=GetServiceLinkedRoleDeletionStatus&Version=2010-05-08&__nativeEndpoint=true/get' response: mediaType: text/xml - objectKey: /*/GetRolePolicyResult + objectKey: /*/GetServiceLinkedRoleDeletionStatusResult openAPIDocKey: '200' - list: - serviceName: iam + name: service_linked_role_deletion_status + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/service_linked_role_deletion_status/methods/service_linked_role_deletion_status_Get' + update: [] + title: service_linked_role_deletion_status + service_linked_roles: + id: aws.iam.service_linked_roles + methods: + service_linked_roles_Create: operation: - $ref: '#/paths/~1?Action=ListRolePolicies&Version=2010-05-08&__nativeEndpoint=true/get' + $ref: '#/paths/~1?Action=CreateServiceLinkedRole&Version=2010-05-08&__nativeEndpoint=true/get' response: mediaType: text/xml - objectKey: /*/ListRolePoliciesResult/PolicyNames/member openAPIDocKey: '200' - put: - serviceName: iam + service_linked_roles_Delete: operation: - $ref: '#/paths/~1?Action=PutRolePolicy&Version=2010-05-08&__nativeEndpoint=true/get' + $ref: '#/paths/~1?Action=DeleteServiceLinkedRole&Version=2010-05-08&__nativeEndpoint=true/get' response: + mediaType: text/xml openAPIDocKey: '200' create_resource: config: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__RolePolicy&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ServiceLinkedRole&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::IAM::RolePolicy" + "TypeName": "AWS::IAM::ServiceLinkedRole" } response: mediaType: application/json @@ -3244,7 +5980,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::IAM::RolePolicy" + "TypeName": "AWS::IAM::ServiceLinkedRole" } response: mediaType: application/json @@ -3256,27 +5992,26 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::IAM::RolePolicy" + "TypeName": "AWS::IAM::ServiceLinkedRole" } response: mediaType: application/json openAPIDocKey: '200' - name: role_policies + name: service_linked_roles sqlVerbs: delete: - - $ref: '#/components/x-stackQL-resources/role_policies/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/service_linked_roles/methods/delete_resource' insert: - - $ref: '#/components/x-stackQL-resources/role_policies/methods/create_resource' - select: - - $ref: '#/components/x-stackQL-resources/role_policies/methods/get' - - $ref: '#/components/x-stackQL-resources/role_policies/methods/list' + - $ref: '#/components/x-stackQL-resources/service_linked_roles/methods/create_resource' + select: [] update: - - $ref: '#/components/x-stackQL-resources/role_policies/methods/update_resource' - title: role_policies - x-cfn-type-name: AWS::IAM::RolePolicy + - $ref: '#/components/x-stackQL-resources/service_linked_roles/methods/update_resource' + title: service_linked_roles + x-cfn-schema-name: ServiceLinkedRole + x-cfn-type-name: AWS::IAM::ServiceLinkedRole x-identifiers: - - PolicyName - RoleName + x-type: cloud_control config: views: select: @@ -3285,11 +6020,12 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, - JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, - JSON_EXTRACT(Properties, '$.RoleName') as role_name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::RolePolicy' - AND data__Identifier = '|' + JSON_EXTRACT(Properties, '$.RoleName') as role_name, + JSON_EXTRACT(Properties, '$.CustomSuffix') as custom_suffix, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.AWSServiceName') as aws_service_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::ServiceLinkedRole' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -3297,12 +6033,257 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'PolicyDocument') as policy_document, - json_extract_path_text(Properties, 'PolicyName') as policy_name, - json_extract_path_text(Properties, 'RoleName') as role_name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::RolePolicy' - AND data__Identifier = '|' + json_extract_path_text(Properties, 'RoleName') as role_name, + json_extract_path_text(Properties, 'CustomSuffix') as custom_suffix, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'AWSServiceName') as aws_service_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::ServiceLinkedRole' + AND data__Identifier = '' AND region = 'us-east-1' + service_specific_credentials: + id: aws.iam.service_specific_credentials + methods: + service_specific_credentials_Create: + operation: + $ref: '#/paths/~1?Action=CreateServiceSpecificCredential&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + service_specific_credentials_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteServiceSpecificCredential&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + service_specific_credentials_List: + operation: + $ref: '#/paths/~1?Action=ListServiceSpecificCredentials&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListServiceSpecificCredentialsResult/ServiceSpecificCredentials/member + openAPIDocKey: '200' + service_specific_credentials_Reset: + operation: + $ref: '#/paths/~1?Action=ResetServiceSpecificCredential&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + service_specific_credentials_Update: + operation: + $ref: '#/paths/~1?Action=UpdateServiceSpecificCredential&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + name: service_specific_credentials + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/service_specific_credentials/methods/service_specific_credentials_Delete' + insert: + - $ref: '#/components/x-stackQL-resources/service_specific_credentials/methods/service_specific_credentials_Create' + select: + - $ref: '#/components/x-stackQL-resources/service_specific_credentials/methods/service_specific_credentials_List' + update: [] + title: service_specific_credentials + signing_certificates: + id: aws.iam.signing_certificates + methods: + signing_certificates_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteSigningCertificate&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + signing_certificates_List: + operation: + $ref: '#/paths/~1?Action=ListSigningCertificates&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListSigningCertificatesResult/Certificates/member + openAPIDocKey: '200' + signing_certificates_Update: + operation: + $ref: '#/paths/~1?Action=UpdateSigningCertificate&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + signing_certificates_Upload: + operation: + $ref: '#/paths/~1?Action=UploadSigningCertificate&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: signing_certificates + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/signing_certificates/methods/signing_certificates_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/signing_certificates/methods/signing_certificates_List' + update: [] + title: signing_certificates + ssh_public_keys: + id: aws.iam.ssh_public_keys + methods: + ssh_public_keys_Delete: + operation: + $ref: '#/paths/~1?Action=DeleteSSHPublicKey&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + ssh_public_keys_Get: + operation: + $ref: '#/paths/~1?Action=GetSSHPublicKey&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetSSHPublicKeyResult + openAPIDocKey: '200' + ssh_public_keys_List: + operation: + $ref: '#/paths/~1?Action=ListSSHPublicKeys&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListSSHPublicKeysResult/SSHPublicKeys/member + openAPIDocKey: '200' + ssh_public_keys_Update: + operation: + $ref: '#/paths/~1?Action=UpdateSSHPublicKey&Version=2010-05-08&__nativeEndpoint=true/get' + response: + openAPIDocKey: '200' + ssh_public_keys_Upload: + operation: + $ref: '#/paths/~1?Action=UploadSSHPublicKey&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + openAPIDocKey: '200' + name: ssh_public_keys + sqlVerbs: + delete: + - $ref: '#/components/x-stackQL-resources/ssh_public_keys/methods/ssh_public_keys_Delete' + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/ssh_public_keys/methods/ssh_public_keys_Get' + - $ref: '#/components/x-stackQL-resources/ssh_public_keys/methods/ssh_public_keys_List' + update: [] + title: ssh_public_keys + user_policies_list_only: + id: aws.iam.user_policies_list_only + x-cfn-schema-name: GetUserPolicyResponse + x-example-where-clause: WHERE region = 'us-east-1' /* always 'us-east-1' for iam */ AND UserName = '' AND PolicyName = '' + x-type: native + methods: + get: + serviceName: iam + operation: + $ref: '#/paths/~1?Action=GetUserPolicy&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetUserPolicyResult + openAPIDocKey: '200' + list: + serviceName: iam + operation: + $ref: '#/paths/~1?Action=ListUserPolicies&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListUserPoliciesResult/PolicyNames/member + openAPIDocKey: '200' + name: user_policies_list_only + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/user_policies_list_only/methods/get' + - $ref: '#/components/x-stackQL-resources/user_policies_list_only/methods/list' + update: [] + title: user_policies_list_only + group_policies_list_only: + id: aws.iam.group_policies_list_only + x-cfn-schema-name: GetGroupPolicyResponse + x-example-where-clause: WHERE region = 'us-east-1' /* always 'us-east-1' for iam */ AND GroupName = '' AND PolicyName = '' + x-type: native + methods: + get: + serviceName: iam + operation: + $ref: '#/paths/~1?Action=GetGroupPolicy&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetGroupPolicyResult + openAPIDocKey: '200' + list: + serviceName: iam + operation: + $ref: '#/paths/~1?Action=ListGroupPolicies&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListGroupPoliciesResult/PolicyNames/member + openAPIDocKey: '200' + name: group_policies_list_only + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/group_policies_list_only/methods/get' + - $ref: '#/components/x-stackQL-resources/group_policies_list_only/methods/list' + update: [] + title: group_policies_list_only + policies_list_only: + id: aws.iam.policies_list_only + x-cfn-schema-name: GetPolicyResponse + x-example-where-clause: WHERE region = 'us-east-1' /* always 'us-east-1' for iam */ AND PolicyArn = '' + x-type: native + methods: + get: + serviceName: iam + operation: + $ref: '#/paths/~1?Action=GetPolicy&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetPolicyResult + openAPIDocKey: '200' + list: + serviceName: iam + operation: + $ref: '#/paths/~1?Action=ListPolicies&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListPoliciesResult/Policies/member + openAPIDocKey: '200' + name: policies_list_only + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/policies_list_only/methods/get' + - $ref: '#/components/x-stackQL-resources/policies_list_only/methods/list' + update: [] + title: policies_list_only + role_policies_list_only: + id: aws.iam.role_policies_list_only + x-cfn-schema-name: GetRolePolicyResponse + x-example-where-clause: WHERE region = 'us-east-1' /* always 'us-east-1' for iam */ AND RoleName = '' AND PolicyName = '' + x-type: native + methods: + get: + serviceName: iam + operation: + $ref: '#/paths/~1?Action=GetRolePolicy&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/GetRolePolicyResult + openAPIDocKey: '200' + list: + serviceName: iam + operation: + $ref: '#/paths/~1?Action=ListRolePolicies&Version=2010-05-08&__nativeEndpoint=true/get' + response: + mediaType: text/xml + objectKey: /*/ListRolePoliciesResult/PolicyNames/member + openAPIDocKey: '200' + name: role_policies_list_only + sqlVerbs: + delete: [] + insert: [] + select: + - $ref: '#/components/x-stackQL-resources/role_policies_list_only/methods/get' + - $ref: '#/components/x-stackQL-resources/role_policies_list_only/methods/list' + update: [] + title: role_policies_list_only groups: name: groups id: aws.iam.groups @@ -3429,29 +6410,111 @@ components: x-cfn-type-name: AWS::IAM::Group x-identifiers: - GroupName - x-type: cloud_control_view - methods: {} + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.GroupName') as group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::Group' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'GroupName') as group_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::Group' + AND region = 'us-east-1' + group_policies: + name: group_policies + id: aws.iam.group_policies + x-cfn-schema-name: GroupPolicy + x-cfn-type-name: AWS::IAM::GroupPolicy + x-identifiers: + - PolicyName + - GroupName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__GroupPolicy&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IAM::GroupPolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IAM::GroupPolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IAM::GroupPolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' sqlVerbs: - insert: [] - delete: [] - update: [] + insert: + - $ref: '#/components/x-stackQL-resources/group_policies/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/group_policies/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/group_policies/methods/update_resource' config: views: select: - predicate: sqlDialect == "sqlite3" + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] ddl: |- SELECT region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, JSON_EXTRACT(Properties, '$.GroupName') as group_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::Group' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::GroupPolicy' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: - predicate: sqlDialect == "postgres" + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] ddl: |- SELECT region, + data__Identifier, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'PolicyName') as policy_name, json_extract_path_text(Properties, 'GroupName') as group_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IAM::Group' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::GroupPolicy' + AND data__Identifier = '|' AND region = 'us-east-1' instance_profiles: name: instance_profiles @@ -4227,6 +7290,88 @@ components: WHERE listing.data__TypeName = 'AWS::IAM::Role' AND detail.data__TypeName = 'AWS::IAM::Role' AND listing.region = 'us-east-1' + role_policies: + name: role_policies + id: aws.iam.role_policies + x-cfn-schema-name: RolePolicy + x-cfn-type-name: AWS::IAM::RolePolicy + x-identifiers: + - PolicyName + - RoleName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__RolePolicy&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IAM::RolePolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IAM::RolePolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IAM::RolePolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/role_policies/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/role_policies/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/role_policies/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.RoleName') as role_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::RolePolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'RoleName') as role_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::RolePolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' saml_providers: name: saml_providers id: aws.iam.saml_providers @@ -4607,117 +7752,34 @@ components: JSON_EXTRACT(detail.Properties, '$.PrivateKey') as private_key, JSON_EXTRACT(detail.Properties, '$.Arn') as arn FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::IAM::ServerCertificate' - AND detail.data__TypeName = 'AWS::IAM::ServerCertificate' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(json_each.value, 'Key') as tag_key, - json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'CertificateBody') as certificate_body, - json_extract_path_text(detail.Properties, 'CertificateChain') as certificate_chain, - json_extract_path_text(detail.Properties, 'ServerCertificateName') as server_certificate_name, - json_extract_path_text(detail.Properties, 'Path') as path, - json_extract_path_text(detail.Properties, 'PrivateKey') as private_key, - json_extract_path_text(detail.Properties, 'Arn') as arn - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::IAM::ServerCertificate' - AND detail.data__TypeName = 'AWS::IAM::ServerCertificate' - AND listing.region = 'us-east-1' - service_linked_roles: - name: service_linked_roles - id: aws.iam.service_linked_roles - x-cfn-schema-name: ServiceLinkedRole - x-cfn-type-name: AWS::IAM::ServiceLinkedRole - x-identifiers: - - RoleName - x-type: cloud_control - methods: - create_resource: - config: - requestBodyTranslate: - algorithm: naive_DesiredState - operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ServiceLinkedRole&__detailTransformed=true/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::IAM::ServiceLinkedRole" - } - response: - mediaType: application/json - openAPIDocKey: '200' - update_resource: - operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::IAM::ServiceLinkedRole" - } - response: - mediaType: application/json - openAPIDocKey: '200' - delete_resource: - operation: - $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::IAM::ServiceLinkedRole" - } - response: - mediaType: application/json - openAPIDocKey: '200' - sqlVerbs: - insert: - - $ref: '#/components/x-stackQL-resources/service_linked_roles/methods/create_resource' - delete: - - $ref: '#/components/x-stackQL-resources/service_linked_roles/methods/delete_resource' - update: - - $ref: '#/components/x-stackQL-resources/service_linked_roles/methods/update_resource' - config: - views: - select: - predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - JSON_EXTRACT(Properties, '$.RoleName') as role_name, - JSON_EXTRACT(Properties, '$.CustomSuffix') as custom_suffix, - JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.AWSServiceName') as aws_service_name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::ServiceLinkedRole' - AND data__Identifier = '' - AND region = 'us-east-1' + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::IAM::ServerCertificate' + AND detail.data__TypeName = 'AWS::IAM::ServerCertificate' + AND listing.region = 'us-east-1' fallback: - predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + predicate: sqlDialect == "postgres" ddl: |- SELECT - region, - data__Identifier, - json_extract_path_text(Properties, 'RoleName') as role_name, - json_extract_path_text(Properties, 'CustomSuffix') as custom_suffix, - json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'AWSServiceName') as aws_service_name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::ServiceLinkedRole' - AND data__Identifier = '' - AND region = 'us-east-1' + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'CertificateBody') as certificate_body, + json_extract_path_text(detail.Properties, 'CertificateChain') as certificate_chain, + json_extract_path_text(detail.Properties, 'ServerCertificateName') as server_certificate_name, + json_extract_path_text(detail.Properties, 'Path') as path, + json_extract_path_text(detail.Properties, 'PrivateKey') as private_key, + json_extract_path_text(detail.Properties, 'Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::IAM::ServerCertificate' + AND detail.data__TypeName = 'AWS::IAM::ServerCertificate' + AND listing.region = 'us-east-1' users: name: users id: aws.iam.users @@ -4943,6 +8005,88 @@ components: WHERE listing.data__TypeName = 'AWS::IAM::User' AND detail.data__TypeName = 'AWS::IAM::User' AND listing.region = 'us-east-1' + user_policies: + name: user_policies + id: aws.iam.user_policies + x-cfn-schema-name: UserPolicy + x-cfn-type-name: AWS::IAM::UserPolicy + x-identifiers: + - PolicyName + - UserName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__UserPolicy&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IAM::UserPolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IAM::UserPolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IAM::UserPolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/user_policies/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/user_policies/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/user_policies/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PolicyDocument') as policy_document, + JSON_EXTRACT(Properties, '$.PolicyName') as policy_name, + JSON_EXTRACT(Properties, '$.UserName') as user_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::UserPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PolicyDocument') as policy_document, + json_extract_path_text(Properties, 'PolicyName') as policy_name, + json_extract_path_text(Properties, 'UserName') as user_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IAM::UserPolicy' + AND data__Identifier = '|' + AND region = 'us-east-1' virtualmfa_devices: name: virtualmfa_devices id: aws.iam.virtualmfa_devices @@ -5155,39 +8299,4880 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateResource + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Group&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateGroup + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateGroupRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__GroupPolicy&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateGroupPolicy + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateGroupPolicyRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__InstanceProfile&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateInstanceProfile + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateInstanceProfileRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__ManagedPolicy&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateManagedPolicy + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateManagedPolicyRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__OIDCProvider&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateOIDCProvider + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateOIDCProviderRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Role&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateRole + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateRoleRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__RolePolicy&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateRolePolicy + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateRolePolicyRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__SAMLProvider&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateSAMLProvider + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateSAMLProviderRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__ServerCertificate&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateServerCertificate + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateServerCertificateRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__ServiceLinkedRole&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateServiceLinkedRole + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateServiceLinkedRoleRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__User&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateUser + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateUserRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__UserPolicy&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateUserPolicy + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateUserPolicyRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__VirtualMFADevice&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateVirtualMFADevice + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateVirtualMFADeviceRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=GetSSHPublicKey&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Retrieves the specified SSH public key, including metadata about the key.

The SSH public key retrieved by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: GET_GetSSHPublicKey + parameters: + - description: '

The name of the IAM user associated with the SSH public key.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The unique identifier for the SSH public key.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ in: query + name: SSHPublicKeyId + required: true + schema: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + - description: Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM. + in: query + name: Encoding + required: true + schema: + enum: + - SSH + - PEM + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetSSHPublicKeyResult: + $ref: '#/components/schemas/GetSSHPublicKeyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnrecognizedPublicKeyEncodingException' + description: UnrecognizedPublicKeyEncodingException + x-aws-operation-name: GetSSHPublicKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves the specified SSH public key, including metadata about the key.

The SSH public key retrieved by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: POST_GetSSHPublicKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetSSHPublicKeyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetSSHPublicKeyResult: + $ref: '#/components/schemas/GetSSHPublicKeyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnrecognizedPublicKeyEncodingException' + description: UnrecognizedPublicKeyEncodingException + x-aws-operation-name: GetSSHPublicKey + /?Action=CreatePolicyVersion&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version.

Optionally, you can set the new version as the policy's default version. The default version is the version that is in effect for the IAM users, groups, and roles to which the policy + is attached.

For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.

+ operationId: GET_CreatePolicyVersion + parameters: + - description:

The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ maxLength: 2048 + minLength: 20 + type: string + - description: >- +

The JSON policy document that you want to use as the content for this new version of the policy.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view + the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (\u0020) + through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ in: query + name: PolicyDocument + required: true + schema: + maxLength: 131072 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description: >- +

Specifies whether to set this version as the policy's default version.

When this parameter is true, the new policy version becomes the operative version. That is, it becomes the version that is in effect for the IAM users, groups, and roles that the policy is attached to.

For more information about managed policy versions, see Versioning for managed policies in + the IAM User Guide.

+ in: query + name: SetAsDefault + required: false + schema: + type: boolean + responses: + '200': + content: + text/xml: + schema: + properties: + CreatePolicyVersionResult: + $ref: '#/components/schemas/CreatePolicyVersionResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreatePolicyVersion + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version.

Optionally, you can set the new version as the policy's default version. The default version is the version that is in effect for the IAM users, groups, and roles to which the policy + is attached.

For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.

+ operationId: POST_CreatePolicyVersion + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreatePolicyVersionRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreatePolicyVersionResult: + $ref: '#/components/schemas/CreatePolicyVersionResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreatePolicyVersion + /?Action=DeletePolicyVersion&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Deletes the specified version from the specified managed policy.

You cannot delete the default version from a policy using this operation. To delete the default version from a policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use ListPolicyVersions.

For information about versions for managed policies, see Versioning for + managed policies in the IAM User Guide.

+ operationId: GET_DeletePolicyVersion + parameters: + - description:

The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ maxLength: 2048 + minLength: 20 + type: string + - description: >- +

The policy version to delete.

This parameter allows (through its regex pattern) a string of characters that consists of the lowercase letter 'v' followed by one or two digits, and optionally followed by a period '.' and a string of letters and digits.

For more information about managed policy versions, see Versioning for managed + policies in the IAM User Guide.

+ in: query + name: VersionId + required: true + schema: + pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)? + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeletePolicyVersion + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Deletes the specified version from the specified managed policy.

You cannot delete the default version from a policy using this operation. To delete the default version from a policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use ListPolicyVersions.

For information about versions for managed policies, see Versioning for + managed policies in the IAM User Guide.

+ operationId: POST_DeletePolicyVersion + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeletePolicyVersionRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteConflictException' + description: DeleteConflictException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeletePolicyVersion + /?Action=GetPolicyVersion&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Retrieves information about the specified version of the specified managed policy, including the policy document.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other + languages and SDKs provide similar functionality.

To list the available versions for a policy, use ListPolicyVersions.

This operation retrieves information about managed policies. To retrieve information about an inline policy that is embedded in a user, group, or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

For more information about the types of policies, see Managed policies and inline policies in the IAM User Guide.

For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.

+ operationId: GET_GetPolicyVersion + parameters: + - description:

The Amazon Resource Name (ARN) of the managed policy that you want information about.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ maxLength: 2048 + minLength: 20 + type: string + - description:

Identifies the policy version to retrieve.

This parameter allows (through its regex pattern) a string of characters that consists of the lowercase letter 'v' followed by one or two digits, and optionally followed by a period '.' and a string of letters and digits.

+ in: query + name: VersionId + required: true + schema: + pattern: v[1-9][0-9]*(\.[A-Za-z0-9-]*)? + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetPolicyVersionResult: + $ref: '#/components/schemas/GetPolicyVersionResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetPolicyVersion + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Retrieves information about the specified version of the specified managed policy, including the policy document.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other + languages and SDKs provide similar functionality.

To list the available versions for a policy, use ListPolicyVersions.

This operation retrieves information about managed policies. To retrieve information about an inline policy that is embedded in a user, group, or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

For more information about the types of policies, see Managed policies and inline policies in the IAM User Guide.

For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.

+ operationId: POST_GetPolicyVersion + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetPolicyVersionRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetPolicyVersionResult: + $ref: '#/components/schemas/GetPolicyVersionResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetPolicyVersion + /?Action=GetServiceLastAccessedDetailsWithEntities&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

After you generate a group or policy report using the GenerateServiceLastAccessedDetails operation, you can use the JobId parameter in GetServiceLastAccessedDetailsWithEntities. This operation retrieves the status of your report job and a list of entities that could have used group or policy permissions to access the specified service.

  • Group – For a group report, this operation returns a list of users in the group that + could have used the group’s policies in an attempt to access the service.

  • Policy – For a policy report, this operation returns a list of entities (users or roles) that could have used the policy in an attempt to access the service.

You can also use this operation for user or role reports to retrieve details about those entities.

If the operation fails, the GetServiceLastAccessedDetailsWithEntities operation returns the + reason that it failed.

By default, the list of associated entities is sorted by date, with the most recent access listed first.

+ operationId: GET_GetServiceLastAccessedDetailsWithEntities + parameters: + - description: The ID of the request generated by the GenerateServiceLastAccessedDetails operation. + in: query + name: JobId + required: true + schema: + maxLength: 36 + minLength: 36 + type: string + - description: "

The service namespace for an Amazon Web Services service. Provide the service namespace to learn when the IAM entity last attempted to access the specified service.

To learn the service namespace for a service, see Actions, resources, and condition keys for Amazon Web Services services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the\_Amazon Web Services General Reference.

" + in: query + name: ServiceNamespace + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w-]*' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetServiceLastAccessedDetailsWithEntitiesResult: + $ref: '#/components/schemas/GetServiceLastAccessedDetailsWithEntitiesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetServiceLastAccessedDetailsWithEntities + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

After you generate a group or policy report using the GenerateServiceLastAccessedDetails operation, you can use the JobId parameter in GetServiceLastAccessedDetailsWithEntities. This operation retrieves the status of your report job and a list of entities that could have used group or policy permissions to access the specified service.

  • Group – For a group report, this operation returns a list of users in the group that + could have used the group’s policies in an attempt to access the service.

  • Policy – For a policy report, this operation returns a list of entities (users or roles) that could have used the policy in an attempt to access the service.

You can also use this operation for user or role reports to retrieve details about those entities.

If the operation fails, the GetServiceLastAccessedDetailsWithEntities operation returns the + reason that it failed.

By default, the list of associated entities is sorted by date, with the most recent access listed first.

+ operationId: POST_GetServiceLastAccessedDetailsWithEntities + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetServiceLastAccessedDetailsWithEntitiesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetServiceLastAccessedDetailsWithEntitiesResult: + $ref: '#/components/schemas/GetServiceLastAccessedDetailsWithEntitiesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetServiceLastAccessedDetailsWithEntities + /?Action=GetServiceLinkedRoleDeletionStatus&Version=2010-05-08&__nativeEndpoint=true: + get: + description: Retrieves the status of your service-linked role deletion. After you use DeleteServiceLinkedRole to submit a service-linked role for deletion, you can use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus to check the status of the deletion. If the deletion fails, this operation returns the reason that it failed, if that information is returned by the service. + operationId: GET_GetServiceLinkedRoleDeletionStatus + parameters: + - description: The deletion task identifier. This identifier is returned by the DeleteServiceLinkedRole operation in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>. + in: query + name: DeletionTaskId + required: true + schema: + maxLength: 1000 + minLength: 1 + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetServiceLinkedRoleDeletionStatusResult: + $ref: '#/components/schemas/GetServiceLinkedRoleDeletionStatusResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetServiceLinkedRoleDeletionStatus + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Retrieves the status of your service-linked role deletion. After you use DeleteServiceLinkedRole to submit a service-linked role for deletion, you can use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus to check the status of the deletion. If the deletion fails, this operation returns the reason that it failed, if that information is returned by the service. + operationId: POST_GetServiceLinkedRoleDeletionStatus + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetServiceLinkedRoleDeletionStatusRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetServiceLinkedRoleDeletionStatusResult: + $ref: '#/components/schemas/GetServiceLinkedRoleDeletionStatusResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetServiceLinkedRoleDeletionStatus + /?Action=DeleteServiceLinkedRole&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Submits a service-linked role deletion request and returns a DeletionTaskId, which you can use to check the status of the deletion. Before you call this operation, confirm that the role has no active sessions and that any resources used by the role in the linked service are deleted. If you call this operation more than once for the same service-linked role and an earlier deletion task is not complete, then the DeletionTaskId of the earlier request is + returned.

If you submit a deletion request for a service-linked role whose linked service is still accessing a resource, then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation returns the reason for the failure, usually including the resources that must be deleted. To delete the service-linked role, you must first remove those resources from the linked service and then submit the deletion request again. Resources are specific to the + service that is linked to the role. For more information about removing resources from a service, see the Amazon Web Services documentation for your service.

For more information about service-linked roles, see Roles terms and concepts: Amazon Web Services service-linked role in the IAM User Guide.

+ operationId: GET_DeleteServiceLinkedRole + parameters: + - description: The name of the service-linked role to be deleted. + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + DeleteServiceLinkedRoleResult: + $ref: '#/components/schemas/DeleteServiceLinkedRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteServiceLinkedRole + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Submits a service-linked role deletion request and returns a DeletionTaskId, which you can use to check the status of the deletion. Before you call this operation, confirm that the role has no active sessions and that any resources used by the role in the linked service are deleted. If you call this operation more than once for the same service-linked role and an earlier deletion task is not complete, then the DeletionTaskId of the earlier request is + returned.

If you submit a deletion request for a service-linked role whose linked service is still accessing a resource, then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation returns the reason for the failure, usually including the resources that must be deleted. To delete the service-linked role, you must first remove those resources from the linked service and then submit the deletion request again. Resources are specific to the + service that is linked to the role. For more information about removing resources from a service, see the Amazon Web Services documentation for your service.

For more information about service-linked roles, see Roles terms and concepts: Amazon Web Services service-linked role in the IAM User Guide.

+ operationId: POST_DeleteServiceLinkedRole + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteServiceLinkedRoleRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + DeleteServiceLinkedRoleResult: + $ref: '#/components/schemas/DeleteServiceLinkedRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteServiceLinkedRole + /?Action=CreateServiceLinkedRole&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Creates an IAM role that is linked to a specific Amazon Web Services service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your Amazon Web Services resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see + Using service-linked roles in the IAM User Guide.

To attach a policy to this service-linked role, you must make the request using the Amazon Web Services service that depends on this role.

+ operationId: GET_CreateServiceLinkedRole + parameters: + - description: >- +

The service principal for the Amazon Web Services service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com.

Service principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see Amazon Web Services services that + work with IAM in the IAM User Guide. Look for the services that have Yes in the Service-Linked Role column. Choose the Yes link to view the service-linked role documentation for that service.

+ in: query + name: AWSServiceName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The description of the role. + in: query + name: Description + required: false + schema: + maxLength: 1000 + pattern: '[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]*' + type: string + - description: >- +

A string that you provide, which is combined with the service-provided prefix to form the complete role name. If you make multiple requests for the same service, then you must supply a different CustomSuffix for each request. Otherwise the request fails with a duplicate role name error. For example, you could add -1 or -debug to the suffix.

Some services do not support the CustomSuffix parameter. If you provide an + optional suffix and the operation fails, try the operation again without the suffix.

+ in: query + name: CustomSuffix + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + CreateServiceLinkedRoleResult: + $ref: '#/components/schemas/CreateServiceLinkedRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateServiceLinkedRole + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Creates an IAM role that is linked to a specific Amazon Web Services service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your Amazon Web Services resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see + Using service-linked roles in the IAM User Guide.

To attach a policy to this service-linked role, you must make the request using the Amazon Web Services service that depends on this role.

+ operationId: POST_CreateServiceLinkedRole + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateServiceLinkedRoleRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateServiceLinkedRoleResult: + $ref: '#/components/schemas/CreateServiceLinkedRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateServiceLinkedRole + /?Action=CreateServiceSpecificCredential&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.

You can have a maximum of two sets of service-specific credentials for each supported service per user.

You can create service-specific credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra).

You can reset the password to a new + service-generated value by calling ResetServiceSpecificCredential.

For more information about service-specific credentials, see Using IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys in the IAM User Guide.

+ operationId: GET_CreateServiceSpecificCredential + parameters: + - description: >- +

The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: + _+=,.@-

+ in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: The name of the Amazon Web Services service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials. + in: query + name: ServiceName + required: true + schema: + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + CreateServiceSpecificCredentialResult: + $ref: '#/components/schemas/CreateServiceSpecificCredentialResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceNotSupportedException' + description: ServiceNotSupportedException + x-aws-operation-name: CreateServiceSpecificCredential + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.

You can have a maximum of two sets of service-specific credentials for each supported service per user.

You can create service-specific credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra).

You can reset the password to a new + service-generated value by calling ResetServiceSpecificCredential.

For more information about service-specific credentials, see Using IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys in the IAM User Guide.

+ operationId: POST_CreateServiceSpecificCredential + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateServiceSpecificCredentialRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateServiceSpecificCredentialResult: + $ref: '#/components/schemas/CreateServiceSpecificCredentialResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceNotSupportedException' + description: ServiceNotSupportedException + x-aws-operation-name: CreateServiceSpecificCredential + /?Action=DeleteServiceSpecificCredential&Version=2010-05-08&__nativeEndpoint=true: + get: + description: Deletes the specified service-specific credential. + operationId: GET_DeleteServiceSpecificCredential + parameters: + - description: '

The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The unique identifier of the service-specific credential. You can get this value by calling ListServiceSpecificCredentials.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ in: query + name: ServiceSpecificCredentialId + required: true + schema: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: DeleteServiceSpecificCredential + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Deletes the specified service-specific credential. + operationId: POST_DeleteServiceSpecificCredential + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteServiceSpecificCredentialRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: DeleteServiceSpecificCredential + /?Action=ListServiceSpecificCredentials&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- + Returns information about the service-specific credentials associated with the specified IAM user. If none exists, the operation returns an empty list. The service-specific credentials returned by this operation are used only for authenticating the IAM user to a specific service. For more information about using service-specific credentials to authenticate to an Amazon Web Services service, see Set up + service-specific credentials in the CodeCommit User Guide. + operationId: GET_ListServiceSpecificCredentials + parameters: + - description: '

The name of the user whose service-specific credentials you want information about. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Filters the returned results to only those for the specified Amazon Web Services service. If not specified, then Amazon Web Services returns service-specific credentials for all services. + in: query + name: ServiceName + required: false + schema: + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + ListServiceSpecificCredentialsResult: + $ref: '#/components/schemas/ListServiceSpecificCredentialsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceNotSupportedException' + description: ServiceNotSupportedException + x-aws-operation-name: ListServiceSpecificCredentials + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- + Returns information about the service-specific credentials associated with the specified IAM user. If none exists, the operation returns an empty list. The service-specific credentials returned by this operation are used only for authenticating the IAM user to a specific service. For more information about using service-specific credentials to authenticate to an Amazon Web Services service, see Set up + service-specific credentials in the CodeCommit User Guide. + operationId: POST_ListServiceSpecificCredentials + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListServiceSpecificCredentialsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListServiceSpecificCredentialsResult: + $ref: '#/components/schemas/ListServiceSpecificCredentialsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceNotSupportedException' + description: ServiceNotSupportedException + x-aws-operation-name: ListServiceSpecificCredentials + /?Action=ListSigningCertificates&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Returns information about the signing certificates associated with the specified IAM user. If none exists, the operation returns an empty list.

Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the + request for this operation. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

+ operationId: GET_ListSigningCertificates + parameters: + - description: '

The name of the IAM user whose signing certificates you want to examine.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListSigningCertificatesResult: + $ref: '#/components/schemas/ListSigningCertificatesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListSigningCertificates + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Returns information about the signing certificates associated with the specified IAM user. If none exists, the operation returns an empty list.

Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the + request for this operation. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

+ operationId: POST_ListSigningCertificates + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListSigningCertificatesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListSigningCertificatesResult: + $ref: '#/components/schemas/ListSigningCertificatesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListSigningCertificates + /?Action=ResetServiceSpecificCredential&Version=2010-05-08&__nativeEndpoint=true: + get: + description: Resets the password for a service-specific credential. The new password is Amazon Web Services generated and cryptographically strong. It cannot be configured by the user. Resetting the password immediately invalidates the previous password associated with this user. + operationId: GET_ResetServiceSpecificCredential + parameters: + - description: '

The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The unique identifier of the service-specific credential.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ in: query + name: ServiceSpecificCredentialId + required: true + schema: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + ResetServiceSpecificCredentialResult: + $ref: '#/components/schemas/ResetServiceSpecificCredentialResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: ResetServiceSpecificCredential + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Resets the password for a service-specific credential. The new password is Amazon Web Services generated and cryptographically strong. It cannot be configured by the user. Resetting the password immediately invalidates the previous password associated with this user. + operationId: POST_ResetServiceSpecificCredential + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ResetServiceSpecificCredentialRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ResetServiceSpecificCredentialResult: + $ref: '#/components/schemas/ResetServiceSpecificCredentialResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: ResetServiceSpecificCredential + /?Action=UpdateServiceSpecificCredential&Version=2010-05-08&__nativeEndpoint=true: + get: + description: Sets the status of a service-specific credential to Active or Inactive. Service-specific credentials that are inactive cannot be used for authentication to the service. This operation can be used to disable a user's service-specific credential as part of a credential rotation work flow. + operationId: GET_UpdateServiceSpecificCredential + parameters: + - description: '

The name of the IAM user associated with the service-specific credential. If you do not specify this value, then the operation assumes the user whose credentials are used to call the operation.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The unique identifier of the service-specific credential.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ in: query + name: ServiceSpecificCredentialId + required: true + schema: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + - description: The status to be assigned to the service-specific credential. + in: query + name: Status + required: true + schema: + enum: + - Active + - Inactive + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: UpdateServiceSpecificCredential + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Sets the status of a service-specific credential to Active or Inactive. Service-specific credentials that are inactive cannot be used for authentication to the service. This operation can be used to disable a user's service-specific credential as part of a credential rotation work flow. + operationId: POST_UpdateServiceSpecificCredential + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateServiceSpecificCredentialRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: UpdateServiceSpecificCredential + /?Action=UpdateSigningCertificate&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Changes the status of the specified user signing certificate from active to disabled, or vice versa. This operation can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow.

If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can + use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

+ operationId: GET_UpdateSigningCertificate + parameters: + - description: '

The name of the IAM user the signing certificate belongs to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The ID of the signing certificate you want to update.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ in: query + name: CertificateId + required: true + schema: + maxLength: 128 + minLength: 24 + pattern: '[\w]+' + type: string + - description: ' The status you want to assign to the certificate. Active means that the certificate can be used for programmatic calls to Amazon Web Services Inactive means that the certificate cannot be used.' + in: query + name: Status + required: true + schema: + enum: + - Active + - Inactive + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateSigningCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Changes the status of the specified user signing certificate from active to disabled, or vice versa. This operation can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow.

If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can + use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

+ operationId: POST_UpdateSigningCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateSigningCertificateRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateSigningCertificate + /?Action=UploadSigningCertificate&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Uploads an X.509 signing certificate and associates it with the specified IAM user. Some Amazon Web Services services require you to use certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active.

For information about when you would use an X.509 signing certificate, see Managing server + certificates in IAM in the IAM User Guide.

If the UserName is not specified, the IAM user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

Because the + body of an X.509 certificate can be large, you should use POST rather than GET when calling UploadSigningCertificate. For information about setting up signatures and authorization through the API, see Signing Amazon Web Services API requests in the Amazon Web Services General Reference. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.

 + operationId: GET_UploadSigningCertificate + parameters: + - description: '

The name of the user the signing certificate is for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: >- +

The contents of the signing certificate.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    • +

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ in: query + name: CertificateBody + required: true + schema: + maxLength: 16384 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + UploadSigningCertificateResult: + $ref: '#/components/schemas/UploadSigningCertificateResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedCertificateException' + description: MalformedCertificateException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidCertificateException' + description: InvalidCertificateException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/DuplicateCertificateException' + description: DuplicateCertificateException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '486': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UploadSigningCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Uploads an X.509 signing certificate and associates it with the specified IAM user. Some Amazon Web Services services require you to use certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active.

For information about when you would use an X.509 signing certificate, see Managing server + certificates in IAM in the IAM User Guide.

If the UserName is not specified, the IAM user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

Because the + body of an X.509 certificate can be large, you should use POST rather than GET when calling UploadSigningCertificate. For information about setting up signatures and authorization through the API, see Signing Amazon Web Services API requests in the Amazon Web Services General Reference. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.

 + operationId: POST_UploadSigningCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UploadSigningCertificateRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + UploadSigningCertificateResult: + $ref: '#/components/schemas/UploadSigningCertificateResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedCertificateException' + description: MalformedCertificateException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidCertificateException' + description: InvalidCertificateException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/DuplicateCertificateException' + description: DuplicateCertificateException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '486': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UploadSigningCertificate + /?Action=DeleteSigningCertificate&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Deletes a signing certificate associated with the specified IAM user.

If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated IAM users.

+ operationId: GET_DeleteSigningCertificate + parameters: + - description: '

The name of the user the signing certificate belongs to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The ID of the signing certificate to delete.

The format of this parameter, as described by its regex pattern, is a string of characters that can be upper- or lower-cased letters or digits.

+ in: query + name: CertificateId + required: true + schema: + maxLength: 128 + minLength: 24 + pattern: '[\w]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteSigningCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes a signing certificate associated with the specified IAM user.

If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated IAM users.

+ operationId: POST_DeleteSigningCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteSigningCertificateRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteSigningCertificate + /?Action=DeleteSSHPublicKey&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Deletes the specified SSH public key.

The SSH public key deleted by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: GET_DeleteSSHPublicKey + parameters: + - description: '

The name of the IAM user associated with the SSH public key.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The unique identifier for the SSH public key.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ in: query + name: SSHPublicKeyId + required: true + schema: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: DeleteSSHPublicKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deletes the specified SSH public key.

The SSH public key deleted by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: POST_DeleteSSHPublicKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteSSHPublicKeyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: DeleteSSHPublicKey + /?Action=GetServerCertificate&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Retrieves information about the specified server certificate stored in IAM.

For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.

+ operationId: GET_GetServerCertificate + parameters: + - description: '

The name of the server certificate you want to retrieve information about.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: ServerCertificateName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetServerCertificateResult: + $ref: '#/components/schemas/GetServerCertificateResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetServerCertificate + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Retrieves information about the specified server certificate stored in IAM.

For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.

+ operationId: POST_GetServerCertificate + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetServerCertificateRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetServerCertificateResult: + $ref: '#/components/schemas/GetServerCertificateResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetServerCertificate + /?Action=ListSSHPublicKeys&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Returns information about the SSH public keys associated with the specified IAM user. If none exists, the operation returns an empty list.

The SSH public keys returned by this operation are used only for authenticating the IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH + connections in the CodeCommit User Guide.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

+ operationId: GET_ListSSHPublicKeys + parameters: + - description: '

The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the Amazon Web Services access key used to sign the request.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListSSHPublicKeysResult: + $ref: '#/components/schemas/ListSSHPublicKeysResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: ListSSHPublicKeys + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Returns information about the SSH public keys associated with the specified IAM user. If none exists, the operation returns an empty list.

The SSH public keys returned by this operation are used only for authenticating the IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH + connections in the CodeCommit User Guide.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

+ operationId: POST_ListSSHPublicKeys + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListSSHPublicKeysRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListSSHPublicKeysResult: + $ref: '#/components/schemas/ListSSHPublicKeysResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: ListSSHPublicKeys + /?Action=UpdateSSHPublicKey&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This operation can be used to disable a user's SSH public key as part of a key rotation work flow.

The SSH public key affected by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: GET_UpdateSSHPublicKey + parameters: + - description: '

The name of the IAM user associated with the SSH public key.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description:

The unique identifier for the SSH public key.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ in: query + name: SSHPublicKeyId + required: true + schema: + maxLength: 128 + minLength: 20 + pattern: '[\w]+' + type: string + - description: The status to assign to the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used. + in: query + name: Status + required: true + schema: + enum: + - Active + - Inactive + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: UpdateSSHPublicKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This operation can be used to disable a user's SSH public key as part of a key rotation work flow.

The SSH public key affected by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: POST_UpdateSSHPublicKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateSSHPublicKeyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: UpdateSSHPublicKey + /?Action=UploadSSHPublicKey&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Uploads an SSH public key and associates it with the specified IAM user.

The SSH public key uploaded by this operation can be used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: GET_UploadSSHPublicKey + parameters: + - description: '

The name of the IAM user to associate the SSH public key with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: >- +

The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. The minimum bit-length of the public key is 2048 bits. For example, you can generate a 2048-bit key, and the resulting PEM file is 1679 bytes long.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character + (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ in: query + name: SSHPublicKeyBody + required: true + schema: + maxLength: 16384 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + UploadSSHPublicKeyResult: + $ref: '#/components/schemas/UploadSSHPublicKeyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidPublicKeyException' + description: InvalidPublicKeyException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/DuplicateSSHPublicKeyException' + description: DuplicateSSHPublicKeyException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnrecognizedPublicKeyEncodingException' + description: UnrecognizedPublicKeyEncodingException + x-aws-operation-name: UploadSSHPublicKey + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Uploads an SSH public key and associates it with the specified IAM user.

The SSH public key uploaded by this operation can be used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

+ operationId: POST_UploadSSHPublicKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UploadSSHPublicKeyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + UploadSSHPublicKeyResult: + $ref: '#/components/schemas/UploadSSHPublicKeyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidPublicKeyException' + description: InvalidPublicKeyException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/DuplicateSSHPublicKeyException' + description: DuplicateSSHPublicKeyException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/UnrecognizedPublicKeyEncodingException' + description: UnrecognizedPublicKeyEncodingException + x-aws-operation-name: UploadSSHPublicKey + /?Action=ListPolicyTags&Version=2010-05-08&__nativeEndpoint=true: + get: + description: Lists the tags that are attached to the specified IAM customer managed policy. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide. + operationId: GET_ListPolicyTags + parameters: + - description: '

The ARN of the IAM customer managed policy whose tags you want to see.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ maxLength: 2048 + minLength: 20 + type: string + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListPolicyTagsResult: + $ref: '#/components/schemas/ListPolicyTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: ListPolicyTags + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Lists the tags that are attached to the specified IAM customer managed policy. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide. + operationId: POST_ListPolicyTags + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListPolicyTagsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListPolicyTagsResult: + $ref: '#/components/schemas/ListPolicyTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: ListPolicyTags + /?Action=ListPolicyVersions&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Lists information about the versions of the specified managed policy, including the version that is currently set as the policy's default version.

For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.

+ operationId: GET_ListPolicyVersions + parameters: + - description:

The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ maxLength: 2048 + minLength: 20 + type: string + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListPolicyVersionsResult: + $ref: '#/components/schemas/ListPolicyVersionsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListPolicyVersions + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists information about the versions of the specified managed policy, including the version that is currently set as the policy's default version.

For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.

+ operationId: POST_ListPolicyVersions + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListPolicyVersionsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListPolicyVersionsResult: + $ref: '#/components/schemas/ListPolicyVersionsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListPolicyVersions + /?Action=DeactivateMFADevice&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.

For more information about creating and working with virtual MFA devices, see Enabling a virtual multi-factor authentication (MFA) device in the IAM User Guide.

+ operationId: GET_DeactivateMFADevice + parameters: + - description: '

The name of the user whose MFA device you want to deactivate.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeactivateMFADevice + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.

For more information about creating and working with virtual MFA devices, see Enabling a virtual multi-factor authentication (MFA) device in the IAM User Guide.

+ operationId: POST_DeactivateMFADevice + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeactivateMFADeviceRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeactivateMFADevice + /?Action=EnableMFADevice&Version=2010-05-08&__nativeEndpoint=true: + get: + description: Enables the specified MFA device and associates it with the specified IAM user. When enabled, the MFA device is required for every subsequent login by the IAM user associated with the device. + operationId: GET_EnableMFADevice + parameters: + - description: '

The name of the IAM user for whom you want to enable the MFA device.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + - description: >- +

An authentication code emitted by the device.

The format for this parameter is a string of six digits.

Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you + can resync the device.

 + in: query + name: AuthenticationCode1 + required: true + schema: + maxLength: 6 + minLength: 6 + pattern: '[\d]+' + type: string + - description: >- +

A subsequent authentication code emitted by the device.

The format for this parameter is a string of six digits.

Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this + happens, you can resync the device.

 + in: query + name: AuthenticationCode2 + required: true + schema: + maxLength: 6 + minLength: 6 + pattern: '[\d]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidAuthenticationCodeException' + description: InvalidAuthenticationCodeException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: EnableMFADevice + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Enables the specified MFA device and associates it with the specified IAM user. When enabled, the MFA device is required for every subsequent login by the IAM user associated with the device. + operationId: POST_EnableMFADevice + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/EnableMFADeviceRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidAuthenticationCodeException' + description: InvalidAuthenticationCodeException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '485': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: EnableMFADevice + /?Action=ListMFADeviceTags&Version=2010-05-08&__nativeEndpoint=true: + get: + description: Lists the tags that are attached to the specified IAM virtual multi-factor authentication (MFA) device. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide. + operationId: GET_ListMFADeviceTags + parameters: + - description: '

The unique identifier for the IAM virtual MFA device whose tags you want to see. For virtual MFA devices, the serial number is the same as the ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListMFADeviceTagsResult: + $ref: '#/components/schemas/ListMFADeviceTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListMFADeviceTags + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Lists the tags that are attached to the specified IAM virtual multi-factor authentication (MFA) device. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide. + operationId: POST_ListMFADeviceTags + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListMFADeviceTagsRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListMFADeviceTagsResult: + $ref: '#/components/schemas/ListMFADeviceTagsResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListMFADeviceTags + /?Action=ListMFADevices&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Lists the MFA devices for an IAM user. If the request includes a IAM user name, then this operation lists all the MFA devices associated with the specified user. If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request for this operation.

You can paginate the results using the MaxItems and Marker parameters.

+ operationId: GET_ListMFADevices + parameters: + - description: '

The name of the user whose MFA devices you want to list.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: false + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListMFADevicesResult: + $ref: '#/components/schemas/ListMFADevicesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListMFADevices + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the MFA devices for an IAM user. If the request includes a IAM user name, then this operation lists all the MFA devices associated with the specified user. If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request for this operation.

You can paginate the results using the MaxItems and Marker parameters.

+ operationId: POST_ListMFADevices + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListMFADevicesRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListMFADevicesResult: + $ref: '#/components/schemas/ListMFADevicesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListMFADevices + /?Action=ResyncMFADevice&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Synchronizes the specified MFA device with its IAM resource object on the Amazon Web Services servers.

For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.

+ operationId: GET_ResyncMFADevice + parameters: + - description: '

The name of the user whose MFA device you want to resynchronize.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: '

Serial number that uniquely identifies the MFA device.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + - description:

An authentication code emitted by the device.

The format for this parameter is a sequence of six digits.

+ in: query + name: AuthenticationCode1 + required: true + schema: + maxLength: 6 + minLength: 6 + pattern: '[\d]+' + type: string + - description:

A subsequent authentication code emitted by the device.

The format for this parameter is a sequence of six digits.

+ in: query + name: AuthenticationCode2 + required: true + schema: + maxLength: 6 + minLength: 6 + pattern: '[\d]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidAuthenticationCodeException' + description: InvalidAuthenticationCodeException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ResyncMFADevice + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Synchronizes the specified MFA device with its IAM resource object on the Amazon Web Services servers.

For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.

+ operationId: POST_ResyncMFADevice + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ResyncMFADeviceRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidAuthenticationCodeException' + description: InvalidAuthenticationCodeException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ResyncMFADevice + /?Action=TagMFADevice&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Adds one or more tags to an IAM virtual multi-factor authentication (MFA) device. If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

  • Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key + name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.

  • Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM virtual MFA device that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.

  • If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User + Guide.

  • Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.

 + operationId: GET_TagMFADevice + parameters: + - description: '

The unique identifier for the IAM virtual MFA device to which you want to add tags. For virtual MFA devices, the serial number is the same as the ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + - description: The list of tags that you want to attach to the IAM virtual MFA device. Each tag consists of a key name and an associated value. + in: query + name: Tags + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/Tag' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagMFADevice + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Adds one or more tags to an IAM virtual multi-factor authentication (MFA) device. If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

  • Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key + name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.

  • Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM virtual MFA device that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.

  • If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User + Guide.

  • Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.

 + operationId: POST_TagMFADevice + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/TagMFADeviceRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: TagMFADevice + /?Action=UntagMFADevice&Version=2010-05-08&__nativeEndpoint=true: + get: + description: Removes the specified tags from the IAM virtual multi-factor authentication (MFA) device. For more information about tagging, see Tagging IAM resources in the IAM User Guide. + operationId: GET_UntagMFADevice + parameters: + - description: '

The unique identifier for the IAM virtual MFA device from which you want to remove tags. For virtual MFA devices, the serial number is the same as the ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: SerialNumber + required: true + schema: + maxLength: 256 + minLength: 9 + pattern: '[\w+=/:,.@-]+' + type: string + - description: A list of key names as a simple array of strings. The tags with matching keys are removed from the specified instance profile. + in: query + name: TagKeys + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/tagKeyType' + - xml: + name: member + maxItems: 50 + type: array + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagMFADevice + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: Removes the specified tags from the IAM virtual multi-factor authentication (MFA) device. For more information about tagging, see Tagging IAM resources in the IAM User Guide. + operationId: POST_UntagMFADevice + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UntagMFADeviceRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ConcurrentModificationException' + description: ConcurrentModificationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UntagMFADevice + /?Action=CreateLoginProfile&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Creates a password for the specified IAM user. A password allows an IAM user to access Amazon Web Services services through the Amazon Web Services Management Console.

You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to create a password for any IAM user. Use ChangePassword to update your own existing password in the My Security Credentials page in the Amazon Web Services Management Console.

For more information + about managing passwords, see Managing passwords in the IAM User Guide.

+ operationId: GET_CreateLoginProfile + parameters: + - description: '

The name of the IAM user to create a password for. The user must already exist.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: >- +

The new password for the user.

The regex pattern that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Any of + these characters are valid in a password. However, many tools, such as the Amazon Web Services Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.

+ in: query + name: Password + required: true + schema: + format: password + maxLength: 128 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description: Specifies whether the user is required to set a new password on next sign-in. + in: query + name: PasswordResetRequired + required: false + schema: + type: boolean + responses: + '200': + content: + text/xml: + schema: + properties: + CreateLoginProfileResult: + $ref: '#/components/schemas/CreateLoginProfileResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/PasswordPolicyViolationException' + description: PasswordPolicyViolationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateLoginProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Creates a password for the specified IAM user. A password allows an IAM user to access Amazon Web Services services through the Amazon Web Services Management Console.

You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to create a password for any IAM user. Use ChangePassword to update your own existing password in the My Security Credentials page in the Amazon Web Services Management Console.

For more information + about managing passwords, see Managing passwords in the IAM User Guide.

+ operationId: POST_CreateLoginProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateLoginProfileRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateLoginProfileResult: + $ref: '#/components/schemas/CreateLoginProfileResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityAlreadyExistsException' + description: EntityAlreadyExistsException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/PasswordPolicyViolationException' + description: PasswordPolicyViolationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateLoginProfile + /?Action=DeleteLoginProfile&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Deletes the password for the specified IAM user, which terminates the user's ability to access Amazon Web Services services through the Amazon Web Services Management Console.

You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to delete a password for any IAM user. You can use ChangePassword to update, but not delete, your own password in the My Security Credentials page in the Amazon Web Services Management Console.

+

Deleting a user's password does not prevent a user from accessing Amazon Web Services through the command line interface or the API. To prevent all user access, you must also either make any access keys inactive or delete them. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.

+ operationId: GET_DeleteLoginProfile + parameters: + - description: '

The name of the user whose password you want to delete.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteLoginProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Deletes the password for the specified IAM user, which terminates the user's ability to access Amazon Web Services services through the Amazon Web Services Management Console.

You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to delete a password for any IAM user. You can use ChangePassword to update, but not delete, your own password in the My Security Credentials page in the Amazon Web Services Management Console.

+

Deleting a user's password does not prevent a user from accessing Amazon Web Services through the command line interface or the API. To prevent all user access, you must also either make any access keys inactive or delete them. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.

+ operationId: POST_DeleteLoginProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteLoginProfileRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteLoginProfile + /?Action=GetLoginProfile&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Retrieves the user name for the specified IAM user. A login profile is created when you create a password for the user to access the Amazon Web Services Management Console. If the user does not exist or does not have a password, the operation returns a 404 (NoSuchEntity) error.

If you create an IAM user with access to the console, the CreateDate reflects the date you created the initial password for the user.

If you create an IAM user with + programmatic access, and then later add a password for the user to access the Amazon Web Services Management Console, the CreateDate reflects the initial password creation date. A user with programmatic access does not have a login profile unless you create a password for the user to access the Amazon Web Services Management Console.

+ operationId: GET_GetLoginProfile + parameters: + - description: '

The name of the user whose login profile you want to retrieve.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetLoginProfileResult: + $ref: '#/components/schemas/GetLoginProfileResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetLoginProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Retrieves the user name for the specified IAM user. A login profile is created when you create a password for the user to access the Amazon Web Services Management Console. If the user does not exist or does not have a password, the operation returns a 404 (NoSuchEntity) error.

If you create an IAM user with access to the console, the CreateDate reflects the date you created the initial password for the user.

If you create an IAM user with + programmatic access, and then later add a password for the user to access the Amazon Web Services Management Console, the CreateDate reflects the initial password creation date. A user with programmatic access does not have a login profile unless you create a password for the user to access the Amazon Web Services Management Console.

+ operationId: POST_GetLoginProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetLoginProfileRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetLoginProfileResult: + $ref: '#/components/schemas/GetLoginProfileResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetLoginProfile + /?Action=UpdateLoginProfile&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Changes the password for the specified IAM user. You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to change the password for any IAM user. Use ChangePassword to change your own password in the My Security Credentials page in the Amazon Web Services Management Console.

For more information about modifying passwords, see Managing + passwords in the IAM User Guide.

+ operationId: GET_UpdateLoginProfile + parameters: + - description: '

The name of the user whose password you want to update.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: >- +

The new password for the specified IAM user.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    +

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

However, the format can be further restricted by the account administrator by setting a password policy on the Amazon Web Services account. For more information, see UpdateAccountPasswordPolicy.

+ in: query + name: Password + required: false + schema: + format: password + maxLength: 128 + minLength: 1 + pattern: '[\u0009\u000A\u000D\u0020-\u00FF]+' + type: string + - description: Allows this new password to be used only once by requiring the specified IAM user to set a new password on next sign-in. + in: query + name: PasswordResetRequired + required: false + schema: + type: boolean + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/PasswordPolicyViolationException' + description: PasswordPolicyViolationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateLoginProfile + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Changes the password for the specified IAM user. You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to change the password for any IAM user. Use ChangePassword to change your own password in the My Security Credentials page in the Amazon Web Services Management Console.

For more information about modifying passwords, see Managing + passwords in the IAM User Guide.

+ operationId: POST_UpdateLoginProfile + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/UpdateLoginProfileRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/EntityTemporarilyUnmodifiableException' + description: EntityTemporarilyUnmodifiableException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/PasswordPolicyViolationException' + description: PasswordPolicyViolationException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '484': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateLoginProfile + /?Action=ListInstanceProfilesForRole&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Lists the instance profiles that have the specified associated IAM role. If there are none, the operation returns an empty list. For more information about instance profiles, go to About instance profiles.

You can paginate the results using the MaxItems and Marker parameters.

+ operationId: GET_ListInstanceProfilesForRole + parameters: + - description: '

The name of the role to list instance profiles for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListInstanceProfilesForRoleResult: + $ref: '#/components/schemas/ListInstanceProfilesForRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListInstanceProfilesForRole + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the instance profiles that have the specified associated IAM role. If there are none, the operation returns an empty list. For more information about instance profiles, go to About instance profiles.

You can paginate the results using the MaxItems and Marker parameters.

+ operationId: POST_ListInstanceProfilesForRole + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListInstanceProfilesForRoleRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListInstanceProfilesForRoleResult: + $ref: '#/components/schemas/ListInstanceProfilesForRoleResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListInstanceProfilesForRole + /?Action=ListGroupsForUser&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Lists the IAM groups that the specified IAM user belongs to.

You can paginate the results using the MaxItems and Marker parameters.

+ operationId: GET_ListGroupsForUser + parameters: + - description: '

The name of the user to list groups for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListGroupsForUserResult: + $ref: '#/components/schemas/ListGroupsForUserResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListGroupsForUser + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists the IAM groups that the specified IAM user belongs to.

You can paginate the results using the MaxItems and Marker parameters.

+ operationId: POST_ListGroupsForUser + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListGroupsForUserRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListGroupsForUserResult: + $ref: '#/components/schemas/ListGroupsForUserResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListGroupsForUser + /?Action=ListEntitiesForPolicy&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Lists all IAM users, groups, and roles that the specified managed policy is attached to.

You can use the optional EntityFilter parameter to limit the results to a particular type of entity (users, groups, or roles). For example, to list only the roles that are attached to the specified policy, set EntityFilter to Role.

You can paginate the results using the MaxItems and Marker parameters.

+ operationId: GET_ListEntitiesForPolicy + parameters: + - description:

The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicyArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ maxLength: 2048 + minLength: 20 + type: string + - description:

The entity type to use for filtering the results.

For example, when EntityFilter is Role, only the roles that are attached to the specified policy are returned. This parameter is optional. If it is not included, all attached entities (users, groups, and roles) are returned. The argument for this parameter must be one of the valid values listed below.

+ in: query + name: EntityFilter + required: false + schema: + enum: + - User + - Role + - Group + - LocalManagedPolicy + - AWSManagedPolicy + type: string + - description: >- +

The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities.

This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

+ in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) + type: string + - description: "

The policy usage method to use for filtering the results.

To list only permissions policies, set\_PolicyUsageFilter\_to\_PermissionsPolicy. To list only the policies used to set permissions boundaries, set\_the value to\_PermissionsBoundary.

This parameter is optional. If it is not included, all policies are returned.

" + in: query + name: PolicyUsageFilter + required: false + schema: + description:

The policy usage type that indicates whether the policy is used as a permissions policy or as the permissions boundary for an entity.

For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.

+ enum: + - PermissionsPolicy + - PermissionsBoundary + type: string + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListEntitiesForPolicyResult: + $ref: '#/components/schemas/ListEntitiesForPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListEntitiesForPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description:

Lists all IAM users, groups, and roles that the specified managed policy is attached to.

You can use the optional EntityFilter parameter to limit the results to a particular type of entity (users, groups, or roles). For example, to list only the roles that are attached to the specified policy, set EntityFilter to Role.

You can paginate the results using the MaxItems and Marker parameters.

+ operationId: POST_ListEntitiesForPolicy + parameters: + - description: Pagination limit + in: query + name: MaxItems + required: false + schema: + type: string + - description: Pagination token + in: query + name: Marker + required: false + schema: + type: string + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/ListEntitiesForPolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + ListEntitiesForPolicyResult: + $ref: '#/components/schemas/ListEntitiesForPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListEntitiesForPolicy + /?Action=GetContextKeysForCustomPolicy&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.

Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value specified in an IAM + policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity but must be URL encoded to be included as a part of a real HTML request.

+ operationId: GET_GetContextKeysForCustomPolicy + parameters: + - description: >- +

A list of policies for which you want the list of context keys referenced in those policies. Each document is specified as a string containing the complete, valid JSON text of an IAM policy.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII + character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ in: query + name: PolicyInputList + required: true + schema: + items: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - xml: + name: member + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + GetContextKeysForCustomPolicyResult: + $ref: '#/components/schemas/GetContextKeysForPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetContextKeysForCustomPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.

Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value specified in an IAM + policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity but must be URL encoded to be included as a part of a real HTML request.

+ operationId: POST_GetContextKeysForCustomPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetContextKeysForCustomPolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetContextKeysForCustomPolicyResult: + $ref: '#/components/schemas/GetContextKeysForPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetContextKeysForCustomPolicy + /?Action=GetContextKeysForPrincipalPolicy&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all of the policies attached to groups that the user is a member of.

You can optionally include a list of one or more additional policies, specified as strings. If you want to include only a list of policies by string, use + GetContextKeysForCustomPolicy instead.

Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use GetContextKeysForCustomPolicy instead.

Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a + value in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call SimulatePrincipalPolicy.

+ operationId: GET_GetContextKeysForPrincipalPolicy + parameters: + - description: >- +

The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies that are attached to the user. The list also includes all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be + URL encoded to be included as a part of a real HTML request.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ in: query + name: PolicySourceArn + required: true + schema: + description:

The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

+ maxLength: 2048 + minLength: 20 + type: string + - description: >- +

An optional list of additional policies for which you want the list of context keys that are referenced.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 + Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

+ in: query + name: PolicyInputList + required: false + schema: + items: + allOf: + - $ref: '#/components/schemas/policyDocumentType' + - xml: + name: member + type: array + responses: + '200': + content: + text/xml: + schema: + properties: + GetContextKeysForPrincipalPolicyResult: + $ref: '#/components/schemas/GetContextKeysForPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetContextKeysForPrincipalPolicy + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + description: >- +

Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all of the policies attached to groups that the user is a member of.

You can optionally include a list of one or more additional policies, specified as strings. If you want to include only a list of policies by string, use + GetContextKeysForCustomPolicy instead.

Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use GetContextKeysForCustomPolicy instead.

Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a + value in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call SimulatePrincipalPolicy.

+ operationId: POST_GetContextKeysForPrincipalPolicy + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetContextKeysForPrincipalPolicyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetContextKeysForPrincipalPolicyResult: + $ref: '#/components/schemas/GetContextKeysForPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + x-aws-operation-name: GetContextKeysForPrincipalPolicy + /?Action=ListAttachedRolePolicies&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Lists all managed policies that are attached to the specified IAM role.

An IAM role can also have inline policies embedded with it. To list the inline policies for a role, use ListRolePolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and + Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the operation returns an empty list.

+ operationId: GET_ListAttachedRolePolicies parameters: - - description: Action Header - in: header - name: X-Amz-Target + - description: '

The name (friendly name, not ARN) of the role to list attached policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: RoleName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: >- +

The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.

This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

+ in: query + name: PathPrefix required: false schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource + maxLength: 512 + minLength: 1 + pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ type: string - - in: header - name: Content-Type + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker required: false schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' - required: true + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer responses: '200': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + properties: + ListAttachedRolePoliciesResult: + $ref: '#/components/schemas/ListAttachedRolePoliciesResponse' + type: object description: Success - /?Action=DeleteResource&Version=2021-09-30: + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAttachedRolePolicies parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5197,39 +13182,132 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: DeleteResource + description: >- +

Lists all managed policies that are attached to the specified IAM role.

An IAM role can also have inline policies embedded with it. To list the inline policies for a role, use ListRolePolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and + Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the operation returns an empty list.

+ operationId: POST_ListAttachedRolePolicies parameters: - - description: Action Header - in: header - name: X-Amz-Target + - description: Pagination limit + in: query + name: MaxItems required: false schema: - default: CloudApiService.DeleteResource - enum: - - CloudApiService.DeleteResource type: string - - in: header - name: Content-Type + - description: Pagination token + in: query + name: Marker required: false schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 type: string requestBody: content: - application/x-amz-json-1.0: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' - required: true + $ref: '#/components/schemas/ListAttachedRolePoliciesRequest' responses: '200': content: - application/json: + text/xml: + schema: + properties: + ListAttachedRolePoliciesResult: + $ref: '#/components/schemas/ListAttachedRolePoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAttachedRolePolicies + /?Action=ListAttachedUserPolicies&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Lists all managed policies that are attached to the specified IAM user.

An IAM user can also have inline policies embedded with it. To list the inline policies for a user, use ListUserPolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and + Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.

+ operationId: GET_ListAttachedUserPolicies + parameters: + - description: '

The name (friendly name, not ARN) of the user to list attached policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName + required: true + schema: + maxLength: 64 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: >- +

The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.

This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

+ in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ + type: string + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListAttachedUserPoliciesResult: + $ref: '#/components/schemas/ListAttachedUserPoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' - description: Success - /?Action=UpdateResource&Version=2021-09-30: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAttachedUserPolicies parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5239,55 +13317,132 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: UpdateResource + description: >- +

Lists all managed policies that are attached to the specified IAM user.

An IAM user can also have inline policies embedded with it. To list the inline policies for a user, use ListUserPolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and + Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.

+ operationId: POST_ListAttachedUserPolicies parameters: - - description: Action Header - in: header - name: X-Amz-Target + - description: Pagination limit + in: query + name: MaxItems required: false schema: - default: CloudApiService.UpdateResource - enum: - - CloudApiService.UpdateResource type: string - - in: header - name: Content-Type + - description: Pagination token + in: query + name: Marker required: false schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 type: string requestBody: content: - application/x-amz-json-1.0: + text/xml: schema: - properties: - ClientName: - type: string - Identifier: - $ref: '#/components/x-cloud-control-schemas/Identifier' - PatchDocument: - type: string - RoleArn: - $ref: '#/components/x-cloud-control-schemas/RoleArn' - TypeName: - $ref: '#/components/x-cloud-control-schemas/TypeName' - TypeVersionId: - $ref: '#/components/x-cloud-control-schemas/TypeVersionId' - required: - - Identifier - - PatchDocument - type: object - required: true + $ref: '#/components/schemas/ListAttachedUserPoliciesRequest' responses: '200': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + properties: + ListAttachedUserPoliciesResult: + $ref: '#/components/schemas/ListAttachedUserPoliciesResponse' + type: object description: Success - /?Action=CreateResource&Version=2021-09-30&__Group&__detailTransformed=true: + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAttachedUserPolicies + /?Action=ListAttachedGroupPolicies&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Lists all managed policies that are attached to the specified IAM group.

An IAM group can also have inline policies embedded with it. To list the inline policies for a group, use ListGroupPolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and + Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.

+ operationId: GET_ListAttachedGroupPolicies + parameters: + - description: '

The name (friendly name, not ARN) of the group to list attached policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: GroupName + required: true + schema: + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' + type: string + - description: >- +

The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.

This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

+ in: query + name: PathPrefix + required: false + schema: + maxLength: 512 + minLength: 1 + pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ + type: string + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListAttachedGroupPoliciesResult: + $ref: '#/components/schemas/ListAttachedGroupPoliciesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAttachedGroupPolicies parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5297,39 +13452,79 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateGroup + description: >- +

Lists all managed policies that are attached to the specified IAM group.

An IAM group can also have inline policies embedded with it. To list the inline policies for a group, use ListGroupPolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and + Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.

+ operationId: POST_ListAttachedGroupPolicies parameters: - - description: Action Header - in: header - name: X-Amz-Target + - description: Pagination limit + in: query + name: MaxItems required: false schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource type: string - - in: header - name: Content-Type + - description: Pagination token + in: query + name: Marker required: false schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 type: string requestBody: content: - application/x-amz-json-1.0: + text/xml: schema: - $ref: '#/components/schemas/CreateGroupRequest' - required: true + $ref: '#/components/schemas/ListAttachedGroupPoliciesRequest' responses: '200': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + properties: + ListAttachedGroupPoliciesResult: + $ref: '#/components/schemas/ListAttachedGroupPoliciesResponse' + type: object description: Success - /?Action=CreateResource&Version=2021-09-30&__GroupPolicy&__detailTransformed=true: + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/InvalidInputException' + description: InvalidInputException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAttachedGroupPolicies + /?Action=GetAccountSummary&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Retrieves information about IAM entity usage and IAM quotas in the Amazon Web Services account.

For information about IAM quotas, see IAM and STS quotas in the IAM User Guide.

+ operationId: GET_GetAccountSummary + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccountSummaryResult: + $ref: '#/components/schemas/GetAccountSummaryResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetAccountSummary parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5339,39 +13534,54 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateGroupPolicy - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateGroupPolicyRequest' - required: true + description:

Retrieves information about IAM entity usage and IAM quotas in the Amazon Web Services account.

For information about IAM quotas, see IAM and STS quotas in the IAM User Guide.

+ operationId: POST_GetAccountSummary + parameters: [] responses: '200': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + properties: + GetAccountSummaryResult: + $ref: '#/components/schemas/GetAccountSummaryResponse' + type: object description: Success - /?Action=CreateResource&Version=2021-09-30&__InstanceProfile&__detailTransformed=true: + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetAccountSummary + /?Action=GetAccountPasswordPolicy&Version=2010-05-08&__nativeEndpoint=true: + get: + description: Retrieves the password policy for the Amazon Web Services account. This tells you the complexity requirements and mandatory rotation periods for the IAM user passwords in your account. For more information about using a password policy, see Managing an IAM password policy. + operationId: GET_GetAccountPasswordPolicy + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccountPasswordPolicyResult: + $ref: '#/components/schemas/GetAccountPasswordPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetAccountPasswordPolicy parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5381,39 +13591,132 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateInstanceProfile + description: Retrieves the password policy for the Amazon Web Services account. This tells you the complexity requirements and mandatory rotation periods for the IAM user passwords in your account. For more information about using a password policy, see Managing an IAM password policy. + operationId: POST_GetAccountPasswordPolicy + parameters: [] + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccountPasswordPolicyResult: + $ref: '#/components/schemas/GetAccountPasswordPolicyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetAccountPasswordPolicy + /?Action=UpdateAccountPasswordPolicy&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Updates the password policy settings for the Amazon Web Services account.

This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter's value reverts to its default value. See the Request Parameters section for each parameter's default value. Also note that some parameters do not allow the default parameter to be explicitly set. Instead, to invoke the default value, do not include that + parameter when you invoke the operation.

For more information about using a password policy, see Managing an IAM password policy in the IAM User Guide.

+ operationId: GET_UpdateAccountPasswordPolicy parameters: - - description: Action Header - in: header - name: X-Amz-Target + - description:

The minimum number of characters allowed in an IAM user password.

If you do not specify a value for this parameter, then the operation uses the default value of 6.

+ in: query + name: MinimumPasswordLength required: false schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type + maximum: 128 + minimum: 6 + type: integer + - description: '

Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters:

! @ # $ % ^ & * ( ) _ + - = [ ] { } | ''

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one symbol character.

' + in: query + name: RequireSymbols required: false schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateInstanceProfileRequest' - required: true + type: boolean + - description:

Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one numeric character.

+ in: query + name: RequireNumbers + required: false + schema: + type: boolean + - description:

Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one uppercase character.

+ in: query + name: RequireUppercaseCharacters + required: false + schema: + type: boolean + - description:

Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z).

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one lowercase character.

+ in: query + name: RequireLowercaseCharacters + required: false + schema: + type: boolean + - description: >- +

Allows all IAM users in your account to use the Amazon Web Services Management Console to change their own passwords. For more information, see Permitting IAM users to change their own passwords in the IAM User Guide.

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM + users in the account do not automatically have permissions to change their own password.

+ in: query + name: AllowUsersToChangePassword + required: false + schema: + type: boolean + - description:

The number of days that an IAM user password is valid.

If you do not specify a value for this parameter, then the operation uses the default value of 0. The result is that IAM user passwords never expire.

+ in: query + name: MaxPasswordAge + required: false + schema: + maximum: 1095 + minimum: 1 + type: integer + - description:

Specifies the number of previous passwords that IAM users are prevented from reusing.

If you do not specify a value for this parameter, then the operation uses the default value of 0. The result is that IAM users are not prevented from reusing previous passwords.

+ in: query + name: PasswordReusePrevention + required: false + schema: + maximum: 24 + minimum: 1 + type: integer + - description: >- +

Prevents IAM users who are accessing the account via the Amazon Web Services Management Console from setting a new console password after their password has expired. The IAM user cannot access the console until an administrator resets the password.

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users can change their passwords after they expire and continue to sign in as the + user.

In the Amazon Web Services Management Console, the custom password policy option Allow users to change their own password gives IAM users permissions to iam:ChangePassword for only their user and to the iam:GetAccountPasswordPolicy action. This option does not attach a permissions policy to each user, rather the permissions are applied at the account-level for all users by IAM. IAM users with iam:ChangePassword + permission and active access keys can reset their own expired console password using the CLI or API.

 + in: query + name: HardExpiry + required: false + schema: + type: boolean responses: '200': + description: Success + '480': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?Action=CreateResource&Version=2021-09-30&__ManagedPolicy&__detailTransformed=true: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateAccountPasswordPolicy parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5423,39 +13726,71 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateManagedPolicy - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string + description: >- +

Updates the password policy settings for the Amazon Web Services account.

This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter's value reverts to its default value. See the Request Parameters section for each parameter's default value. Also note that some parameters do not allow the default parameter to be explicitly set. Instead, to invoke the default value, do not include that + parameter when you invoke the operation.

For more information about using a password policy, see Managing an IAM password policy in the IAM User Guide.

+ operationId: POST_UpdateAccountPasswordPolicy + parameters: [] requestBody: content: - application/x-amz-json-1.0: + text/xml: schema: - $ref: '#/components/schemas/CreateManagedPolicyRequest' - required: true + $ref: '#/components/schemas/UpdateAccountPasswordPolicyRequest' responses: '200': + description: Success + '480': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/MalformedPolicyDocumentException' + description: MalformedPolicyDocumentException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '483': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateAccountPasswordPolicy + /?Action=DeleteAccountPasswordPolicy&Version=2010-05-08&__nativeEndpoint=true: + get: + description: Deletes the password policy for the Amazon Web Services account. There are no parameters. + operationId: GET_DeleteAccountPasswordPolicy + parameters: [] + responses: + '200': description: Success - /?Action=CreateResource&Version=2021-09-30&__OIDCProvider&__detailTransformed=true: + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteAccountPasswordPolicy parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5465,39 +13800,85 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateOIDCProvider + description: Deletes the password policy for the Amazon Web Services account. There are no parameters. + operationId: POST_DeleteAccountPasswordPolicy + parameters: [] + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteAccountPasswordPolicy + /?Action=GetAccountAuthorizationDetails&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Retrieves information about all IAM users, groups, roles, and policies in your Amazon Web Services account, including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back + to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

You can optionally filter the results using the Filter parameter. You can paginate the results using the MaxItems and Marker parameters.

+ operationId: GET_GetAccountAuthorizationDetails parameters: - - description: Action Header - in: header - name: X-Amz-Target + - description:

A list of entity types used to filter the results. Only the entities that match the types you specify are included in the output. Use the value LocalManagedPolicy to include customer managed policies.

The format for this parameter is a comma-separated (if more than one) list of strings. Each string value in the list must be one of the valid values listed below.

+ in: query + name: Filter required: false schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type + items: + allOf: + - $ref: '#/components/schemas/EntityType' + - xml: + name: member + type: array + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems required: false schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 + maximum: 1000 + minimum: 1 + type: integer + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateOIDCProviderRequest' - required: true responses: '200': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + properties: + GetAccountAuthorizationDetailsResult: + $ref: '#/components/schemas/GetAccountAuthorizationDetailsResponse' + type: object description: Success - /?Action=CreateResource&Version=2021-09-30&__Role&__detailTransformed=true: + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetAccountAuthorizationDetails parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5507,39 +13888,86 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateRole + description: >- +

Retrieves information about all IAM users, groups, roles, and policies in your Amazon Web Services account, including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back + to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

You can optionally filter the results using the Filter parameter. You can paginate the results using the MaxItems and Marker parameters.

+ operationId: POST_GetAccountAuthorizationDetails parameters: - - description: Action Header - in: header - name: X-Amz-Target + - description: Pagination limit + in: query + name: MaxItems required: false schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource type: string - - in: header - name: Content-Type + - description: Pagination token + in: query + name: Marker required: false schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 type: string requestBody: content: - application/x-amz-json-1.0: + text/xml: schema: - $ref: '#/components/schemas/CreateRoleRequest' - required: true + $ref: '#/components/schemas/GetAccountAuthorizationDetailsRequest' responses: '200': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + properties: + GetAccountAuthorizationDetailsResult: + $ref: '#/components/schemas/GetAccountAuthorizationDetailsResponse' + type: object description: Success - /?Action=CreateResource&Version=2021-09-30&__RolePolicy&__detailTransformed=true: + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: GetAccountAuthorizationDetails + /?Action=ListAccountAliases&Version=2010-05-08&__nativeEndpoint=true: + get: + description: 'Lists the account alias associated with the Amazon Web Services account (Note: you can have only one). For information about using an Amazon Web Services account alias, see Using an alias for your Amazon Web Services account ID in the IAM User Guide.' + operationId: GET_ListAccountAliases + parameters: + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker + required: false + schema: + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' + type: string + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + responses: + '200': + content: + text/xml: + schema: + properties: + ListAccountAliasesResult: + $ref: '#/components/schemas/ListAccountAliasesResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAccountAliases parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5549,39 +13977,74 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateRolePolicy + description: 'Lists the account alias associated with the Amazon Web Services account (Note: you can have only one). For information about using an Amazon Web Services account alias, see Using an alias for your Amazon Web Services account ID in the IAM User Guide.' + operationId: POST_ListAccountAliases parameters: - - description: Action Header - in: header - name: X-Amz-Target + - description: Pagination limit + in: query + name: MaxItems required: false schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource type: string - - in: header - name: Content-Type + - description: Pagination token + in: query + name: Marker required: false schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 type: string requestBody: content: - application/x-amz-json-1.0: + text/xml: schema: - $ref: '#/components/schemas/CreateRolePolicyRequest' - required: true + $ref: '#/components/schemas/ListAccountAliasesRequest' responses: '200': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + properties: + ListAccountAliasesResult: + $ref: '#/components/schemas/ListAccountAliasesResponse' + type: object description: Success - /?Action=CreateResource&Version=2021-09-30&__SAMLProvider&__detailTransformed=true: + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAccountAliases + /?Action=GetAccessKeyLastUsed&Version=2010-05-08&__nativeEndpoint=true: + get: + description: Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the Amazon Web Services service and Region that were specified in the last request made with that key. + operationId: GET_GetAccessKeyLastUsed + parameters: + - description:

The identifier of an access key.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ in: query + name: AccessKeyId + required: true + schema: + maxLength: 128 + minLength: 16 + pattern: '[\w]+' + type: string + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccessKeyLastUsedResult: + $ref: '#/components/schemas/GetAccessKeyLastUsedResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: GetAccessKeyLastUsed parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5591,39 +14054,77 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateSAMLProvider + description: Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the Amazon Web Services service and Region that were specified in the last request made with that key. + operationId: POST_GetAccessKeyLastUsed + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/GetAccessKeyLastUsedRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + GetAccessKeyLastUsedResult: + $ref: '#/components/schemas/GetAccessKeyLastUsedResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + x-aws-operation-name: GetAccessKeyLastUsed + /?Action=CreateAccessKey&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services access key ID for the specified user. The default status for new keys is Active.

If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account + root user credentials. This is true even if the Amazon Web Services account has no associated users.

For information about quotas on the number of keys you can create, see IAM and STS quotas in the IAM User Guide.

To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key and user creation. You must save the key + (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.

 + operationId: GET_CreateAccessKey parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type + - description: '

The name of the IAM user that the new key will belong to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName required: false schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateSAMLProviderRequest' - required: true responses: '200': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + properties: + CreateAccessKeyResult: + $ref: '#/components/schemas/CreateAccessKeyResponse' + type: object description: Success - /?Action=CreateResource&Version=2021-09-30&__ServerCertificate&__detailTransformed=true: + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateAccessKey parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5633,39 +14134,91 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateServerCertificate + description: >- +

Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services access key ID for the specified user. The default status for new keys is Active.

If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account + root user credentials. This is true even if the Amazon Web Services account has no associated users.

For information about quotas on the number of keys you can create, see IAM and STS quotas in the IAM User Guide.

To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key and user creation. You must save the key + (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.

 + operationId: POST_CreateAccessKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/CreateAccessKeyRequest' + responses: + '200': + content: + text/xml: + schema: + properties: + CreateAccessKeyResult: + $ref: '#/components/schemas/CreateAccessKeyResponse' + type: object + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: CreateAccessKey + /?Action=DeleteAccessKey&Version=2010-05-08&__nativeEndpoint=true: + get: + description:

Deletes the access key pair associated with the specified IAM user.

If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

+ operationId: GET_DeleteAccessKey parameters: - - description: Action Header - in: header - name: X-Amz-Target + - description: '

The name of the user whose access key pair you want to delete.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName required: false schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' type: string - - in: header - name: Content-Type - required: false + - description:

The access key ID for the access key ID and secret access key you want to delete.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ in: query + name: AccessKeyId + required: true schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateServerCertificateRequest' - required: true + maxLength: 128 + minLength: 16 + pattern: '[\w]+' + type: string responses: '200': + description: Success + '480': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?Action=CreateResource&Version=2021-09-30&__ServiceLinkedRole&__detailTransformed=true: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteAccessKey parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5675,39 +14228,94 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateServiceLinkedRole + description:

Deletes the access key pair associated with the specified IAM user.

If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

+ operationId: POST_DeleteAccessKey + parameters: [] + requestBody: + content: + text/xml: + schema: + $ref: '#/components/schemas/DeleteAccessKeyRequest' + responses: + '200': + description: Success + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: DeleteAccessKey + /?Action=ListAccessKeys&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This + operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key and user creation.

 + operationId: GET_ListAccessKeys parameters: - - description: Action Header - in: header - name: X-Amz-Target + - description: '

The name of the user.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName required: false schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' type: string - - in: header - name: Content-Type + - description: Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. + in: query + name: Marker required: false schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 + maxLength: 320 + minLength: 1 + pattern: '[\u0020-\u00FF]+' type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateServiceLinkedRoleRequest' - required: true + - description: >- +

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, + and Marker contains a value to include in the subsequent call that tells the service where to continue from.

+ in: query + name: MaxItems + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer responses: '200': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + properties: + ListAccessKeysResult: + $ref: '#/components/schemas/ListAccessKeysResponse' + type: object description: Success - /?Action=CreateResource&Version=2021-09-30&__User&__detailTransformed=true: + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAccessKeys parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5717,81 +14325,107 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateUser + description: >- +

Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This + operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key and user creation.

 + operationId: POST_ListAccessKeys parameters: - - description: Action Header - in: header - name: X-Amz-Target + - description: Pagination limit + in: query + name: MaxItems required: false schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource type: string - - in: header - name: Content-Type + - description: Pagination token + in: query + name: Marker required: false schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 type: string requestBody: content: - application/x-amz-json-1.0: + text/xml: schema: - $ref: '#/components/schemas/CreateUserRequest' - required: true + $ref: '#/components/schemas/ListAccessKeysRequest' responses: '200': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + properties: + ListAccessKeysResult: + $ref: '#/components/schemas/ListAccessKeysResponse' + type: object description: Success - /?Action=CreateResource&Version=2021-09-30&__UserPolicy&__detailTransformed=true: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: CreateUserPolicy + '480': + content: + text/xml: + schema: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: ListAccessKeys + /?Action=UpdateAccessKey&Version=2010-05-08&__nativeEndpoint=true: + get: + description: >- +

Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.

If the UserName is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services + account root user credentials even if the Amazon Web Services account has no associated users.

For information about rotating keys, see Managing keys and certificates in the IAM User Guide.

+ operationId: GET_UpdateAccessKey parameters: - - description: Action Header - in: header - name: X-Amz-Target + - description: '

The name of the user whose key you want to update.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

' + in: query + name: UserName required: false schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource + maxLength: 128 + minLength: 1 + pattern: '[\w+=,.@-]+' type: string - - in: header - name: Content-Type - required: false + - description:

The access key ID of the secret access key you want to update.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

+ in: query + name: AccessKeyId + required: true + schema: + maxLength: 128 + minLength: 16 + pattern: '[\w]+' + type: string + - description: ' The status you want to assign to the secret access key. Active means that the key can be used for programmatic calls to Amazon Web Services, while Inactive means that the key cannot be used.' + in: query + name: Status + required: true schema: - default: application/x-amz-json-1.0 enum: - - application/x-amz-json-1.0 + - Active + - Inactive type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateUserPolicyRequest' - required: true responses: '200': + description: Success + '480': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?Action=CreateResource&Version=2021-09-30&__VirtualMFADevice&__detailTransformed=true: + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateAccessKey parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5801,38 +14435,38 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateVirtualMFADevice - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string + description: >- +

Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.

If the UserName is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services + account root user credentials even if the Amazon Web Services account has no associated users.

For information about rotating keys, see Managing keys and certificates in the IAM User Guide.

+ operationId: POST_UpdateAccessKey + parameters: [] requestBody: content: - application/x-amz-json-1.0: + text/xml: schema: - $ref: '#/components/schemas/CreateVirtualMFADeviceRequest' - required: true + $ref: '#/components/schemas/UpdateAccessKeyRequest' responses: '200': + description: Success + '480': content: - application/json: + text/xml: schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success + $ref: '#/components/schemas/NoSuchEntityException' + description: NoSuchEntityException + '481': + content: + text/xml: + schema: + $ref: '#/components/schemas/LimitExceededException' + description: LimitExceededException + '482': + content: + text/xml: + schema: + $ref: '#/components/schemas/ServiceFailureException' + description: ServiceFailureException + x-aws-operation-name: UpdateAccessKey /?Action=AttachGroupPolicy&Version=2010-05-08&__nativeEndpoint=true: servers: - description: The general IAM multi-region endpoint diff --git a/providers/src/aws/v00.00.00000/services/imagebuilder.yaml b/providers/src/aws/v00.00.00000/services/imagebuilder.yaml index cfe22f26..19b9c4a5 100644 --- a/providers/src/aws/v00.00.00000/services/imagebuilder.yaml +++ b/providers/src/aws/v00.00.00000/services/imagebuilder.yaml @@ -415,6 +415,7 @@ components: enum: - Windows - Linux + - macOS Data: description: The data of the component. type: string @@ -480,7 +481,10 @@ components: create: - iam:CreateServiceLinkedRole - iam:GetRole - - kms:GenerateDataKey* + - kms:GenerateDataKey + - kms:GenerateDataKeyPair + - kms:GenerateDataKeyPairWithoutPlaintext + - kms:GenerateDataKeyWithoutPlaintext - kms:Encrypt - kms:Decrypt - s3:GetObject @@ -491,12 +495,14 @@ components: - imagebuilder:CreateComponent read: - imagebuilder:GetComponent + - kms:Decrypt delete: - imagebuilder:GetComponent - imagebuilder:UnTagResource - imagebuilder:DeleteComponent list: - imagebuilder:ListComponents + - imagebuilder:ListComponentBuildVersions ComponentConfiguration: description: Configuration details of the component. type: object @@ -716,13 +722,17 @@ components: - kms:Decrypt - kms:ReEncryptFrom - kms:ReEncryptTo - - kms:GenerateDataKey* + - kms:GenerateDataKey + - kms:GenerateDataKeyPair + - kms:GenerateDataKeyPairWithoutPlaintext + - kms:GenerateDataKeyWithoutPlaintext - s3:GetObject - s3:ListBucket - ecr:DescribeRepositories - ec2:DescribeImages read: - imagebuilder:GetContainerRecipe + - kms:Decrypt delete: - imagebuilder:UnTagResource - imagebuilder:GetContainerRecipe @@ -961,19 +971,6 @@ components: - imagebuilder:DeleteDistributionConfiguration list: - imagebuilder:ListDistributionConfigurations - ImageTestsConfiguration: - description: Image tests configuration. - type: object - additionalProperties: false - properties: - ImageTestsEnabled: - description: Defines if tests should be executed when building this image. - type: boolean - TimeoutMinutes: - description: The maximum time in minutes that tests are permitted to run. - type: integer - minimum: 60 - maximum: 1440 ImageScanningConfiguration: description: Determines if tests should run after building the image. Image Builder defaults to enable tests to run following the image build, before image distribution. type: object @@ -985,20 +982,6 @@ components: ImageScanningEnabled: description: This sets whether Image Builder keeps a snapshot of the vulnerability scans that Amazon Inspector runs against the build instance when you create a new image. type: boolean - EcrConfiguration: - description: Settings for Image Builder to configure the ECR repository and output container images that are scanned. - type: object - additionalProperties: false - properties: - ContainerTags: - description: Tags for Image Builder to apply the output container image that is scanned. Tags can help you identify and manage your scanned images. - type: array - x-insertionOrder: true - items: - type: string - RepositoryName: - description: The name of the container repository that Amazon Inspector scans to identify findings for your container images. The name includes the path for the repository location. If you don't provide this information, Image Builder creates a repository in your account named image-builder-image-scanning-repository to use for vulnerability scans for your output container images. - type: string WorkflowConfiguration: description: The workflow configuration of the image type: object @@ -1022,6 +1005,36 @@ components: enum: - CONTINUE - ABORT + EcrConfiguration: + description: Settings for Image Builder to configure the ECR repository and output container images that are scanned. + type: object + additionalProperties: false + properties: + ContainerTags: + description: Tags for Image Builder to apply the output container image that is scanned. Tags can help you identify and manage your scanned images. + type: array + x-insertionOrder: true + items: + type: string + RepositoryName: + description: The name of the container repository that Amazon Inspector scans to identify findings for your container images. The name includes the path for the repository location. If you don't provide this information, Image Builder creates a repository in your account named image-builder-image-scanning-repository to use for vulnerability scans for your output container images. + type: string + WorkflowParameterValue: + description: The value associated with the workflow parameter + type: string + ImageTestsConfiguration: + description: Image tests configuration. + type: object + additionalProperties: false + properties: + ImageTestsEnabled: + description: Defines if tests should be executed when building this image. + type: boolean + TimeoutMinutes: + description: The maximum time in minutes that tests are permitted to run. + type: integer + minimum: 60 + maximum: 1440 WorkflowParameter: description: A parameter associated with the workflow type: object @@ -1034,61 +1047,58 @@ components: x-insertionOrder: true items: $ref: '#/components/schemas/WorkflowParameterValue' - WorkflowParameterValue: - description: The value associated with the workflow parameter - type: string Image: type: object properties: - Arn: - description: The Amazon Resource Name (ARN) of the image. + ImageScanningConfiguration: + description: Contains settings for vulnerability scans. + $ref: '#/components/schemas/ImageScanningConfiguration' + ContainerRecipeArn: + description: The Amazon Resource Name (ARN) of the container recipe that defines how images are configured and tested. + type: string + Workflows: + description: Workflows to define the image build process + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/WorkflowConfiguration' + ImageUri: + description: URI for containers created in current Region with default ECR image tag type: string Name: description: The name of the image. type: string - ImageTestsConfiguration: - description: The image tests configuration used when creating this image. - $ref: '#/components/schemas/ImageTestsConfiguration' + InfrastructureConfigurationArn: + description: The Amazon Resource Name (ARN) of the infrastructure configuration. + type: string ImageRecipeArn: description: The Amazon Resource Name (ARN) of the image recipe that defines how images are configured, tested, and assessed. type: string - ContainerRecipeArn: - description: The Amazon Resource Name (ARN) of the container recipe that defines how images are configured and tested. - type: string DistributionConfigurationArn: description: The Amazon Resource Name (ARN) of the distribution configuration. type: string - InfrastructureConfigurationArn: - description: The Amazon Resource Name (ARN) of the infrastructure configuration. - type: string - Workflows: - description: Workflows to define the image build process - type: array - x-insertionOrder: true - items: - $ref: '#/components/schemas/WorkflowConfiguration' ImageId: description: The AMI ID of the EC2 AMI in current region. type: string - ImageUri: - description: URI for containers created in current Region with default ECR image tag + ImageTestsConfiguration: + description: The image tests configuration used when creating this image. + $ref: '#/components/schemas/ImageTestsConfiguration' + Arn: + description: The Amazon Resource Name (ARN) of the image. type: string EnhancedImageMetadataEnabled: description: Collects additional information about the image being created, including the operating system (OS) version and package list. type: boolean - ImageScanningConfiguration: - description: Contains settings for vulnerability scans. - $ref: '#/components/schemas/ImageScanningConfiguration' ExecutionRole: description: The execution role name/ARN for the image build, if provided type: string Tags: - description: The tags associated with the image. - type: object - additionalProperties: false x-patternProperties: .{1,}: type: string + description: The tags associated with the image. + additionalProperties: false + type: object x-stackql-resource-name: image description: Resource schema for AWS::ImageBuilder::Image x-type-name: AWS::ImageBuilder::Image @@ -1112,6 +1122,8 @@ components: x-tagging: taggable: false x-required-permissions: + read: + - imagebuilder:GetImage create: - ecr:BatchGetRepositoryScanningConfiguration - iam:GetRole @@ -1125,15 +1137,14 @@ components: - imagebuilder:CreateImage - imagebuilder:TagResource - inspector2:BatchGetAccountStatus - read: - - imagebuilder:GetImage + list: + - imagebuilder:ListImages + - imagebuilder:ListImageBuildVersions delete: - imagebuilder:GetImage - imagebuilder:DeleteImage - imagebuilder:UnTagResource - imagebuilder:CancelImageCreation - list: - - imagebuilder:ListImages Schedule: description: The schedule of the image pipeline. type: object @@ -1399,6 +1410,27 @@ components: S3KeyPrefix: description: S3KeyPrefix type: string + Placement: + description: The placement options + type: object + additionalProperties: false + properties: + AvailabilityZone: + description: AvailabilityZone + type: string + Tenancy: + description: Tenancy + type: string + enum: + - default + - dedicated + - host + HostId: + description: HostId + type: string + HostResourceGroupArn: + description: HostResourceGroupArn + type: string InfrastructureConfiguration: type: object properties: @@ -1458,6 +1490,9 @@ components: x-patternProperties: .{1,}: type: string + Placement: + description: The placement option settings for the infrastructure configuration. + $ref: '#/components/schemas/Placement' required: - Name - InstanceProfileName @@ -1823,7 +1858,10 @@ components: x-required-permissions: create: - iam:GetRole - - kms:GenerateDataKey* + - kms:GenerateDataKey + - kms:GenerateDataKeyPair + - kms:GenerateDataKeyPairWithoutPlaintext + - kms:GenerateDataKeyWithoutPlaintext - kms:Encrypt - kms:Decrypt - s3:GetObject @@ -1834,12 +1872,14 @@ components: - imagebuilder:CreateWorkflow read: - imagebuilder:GetWorkflow + - kms:Decrypt delete: - imagebuilder:GetWorkflow - imagebuilder:UnTagResource - imagebuilder:DeleteWorkflow list: - imagebuilder:ListWorkflows + - imagebuilder:ListWorkflowBuildVersions CreateComponentRequest: properties: ClientToken: @@ -1880,6 +1920,7 @@ components: enum: - Windows - Linux + - macOS Data: description: The data of the component. type: string @@ -2041,55 +2082,55 @@ components: DesiredState: type: object properties: - Arn: - description: The Amazon Resource Name (ARN) of the image. + ImageScanningConfiguration: + description: Contains settings for vulnerability scans. + $ref: '#/components/schemas/ImageScanningConfiguration' + ContainerRecipeArn: + description: The Amazon Resource Name (ARN) of the container recipe that defines how images are configured and tested. + type: string + Workflows: + description: Workflows to define the image build process + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/WorkflowConfiguration' + ImageUri: + description: URI for containers created in current Region with default ECR image tag type: string Name: description: The name of the image. type: string - ImageTestsConfiguration: - description: The image tests configuration used when creating this image. - $ref: '#/components/schemas/ImageTestsConfiguration' + InfrastructureConfigurationArn: + description: The Amazon Resource Name (ARN) of the infrastructure configuration. + type: string ImageRecipeArn: description: The Amazon Resource Name (ARN) of the image recipe that defines how images are configured, tested, and assessed. type: string - ContainerRecipeArn: - description: The Amazon Resource Name (ARN) of the container recipe that defines how images are configured and tested. - type: string DistributionConfigurationArn: description: The Amazon Resource Name (ARN) of the distribution configuration. type: string - InfrastructureConfigurationArn: - description: The Amazon Resource Name (ARN) of the infrastructure configuration. - type: string - Workflows: - description: Workflows to define the image build process - type: array - x-insertionOrder: true - items: - $ref: '#/components/schemas/WorkflowConfiguration' ImageId: description: The AMI ID of the EC2 AMI in current region. type: string - ImageUri: - description: URI for containers created in current Region with default ECR image tag + ImageTestsConfiguration: + description: The image tests configuration used when creating this image. + $ref: '#/components/schemas/ImageTestsConfiguration' + Arn: + description: The Amazon Resource Name (ARN) of the image. type: string EnhancedImageMetadataEnabled: description: Collects additional information about the image being created, including the operating system (OS) version and package list. type: boolean - ImageScanningConfiguration: - description: Contains settings for vulnerability scans. - $ref: '#/components/schemas/ImageScanningConfiguration' ExecutionRole: description: The execution role name/ARN for the image build, if provided type: string Tags: - description: The tags associated with the image. - type: object - additionalProperties: false x-patternProperties: .{1,}: type: string + description: The tags associated with the image. + additionalProperties: false + type: object x-stackQL-stringOnly: true x-title: CreateImageRequest type: object @@ -2292,6 +2333,9 @@ components: x-patternProperties: .{1,}: type: string + Placement: + description: The placement option settings for the infrastructure configuration. + $ref: '#/components/schemas/Placement' x-stackQL-stringOnly: true x-title: CreateInfrastructureConfigurationRequest type: object @@ -3159,18 +3203,18 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ImageScanningConfiguration') as image_scanning_configuration, + JSON_EXTRACT(Properties, '$.ContainerRecipeArn') as container_recipe_arn, + JSON_EXTRACT(Properties, '$.Workflows') as workflows, + JSON_EXTRACT(Properties, '$.ImageUri') as image_uri, JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.ImageTestsConfiguration') as image_tests_configuration, + JSON_EXTRACT(Properties, '$.InfrastructureConfigurationArn') as infrastructure_configuration_arn, JSON_EXTRACT(Properties, '$.ImageRecipeArn') as image_recipe_arn, - JSON_EXTRACT(Properties, '$.ContainerRecipeArn') as container_recipe_arn, JSON_EXTRACT(Properties, '$.DistributionConfigurationArn') as distribution_configuration_arn, - JSON_EXTRACT(Properties, '$.InfrastructureConfigurationArn') as infrastructure_configuration_arn, - JSON_EXTRACT(Properties, '$.Workflows') as workflows, JSON_EXTRACT(Properties, '$.ImageId') as image_id, - JSON_EXTRACT(Properties, '$.ImageUri') as image_uri, + JSON_EXTRACT(Properties, '$.ImageTestsConfiguration') as image_tests_configuration, + JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.EnhancedImageMetadataEnabled') as enhanced_image_metadata_enabled, - JSON_EXTRACT(Properties, '$.ImageScanningConfiguration') as image_scanning_configuration, JSON_EXTRACT(Properties, '$.ExecutionRole') as execution_role, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::Image' @@ -3181,18 +3225,18 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ImageScanningConfiguration') as image_scanning_configuration, + JSON_EXTRACT(detail.Properties, '$.ContainerRecipeArn') as container_recipe_arn, + JSON_EXTRACT(detail.Properties, '$.Workflows') as workflows, + JSON_EXTRACT(detail.Properties, '$.ImageUri') as image_uri, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.ImageTestsConfiguration') as image_tests_configuration, + JSON_EXTRACT(detail.Properties, '$.InfrastructureConfigurationArn') as infrastructure_configuration_arn, JSON_EXTRACT(detail.Properties, '$.ImageRecipeArn') as image_recipe_arn, - JSON_EXTRACT(detail.Properties, '$.ContainerRecipeArn') as container_recipe_arn, JSON_EXTRACT(detail.Properties, '$.DistributionConfigurationArn') as distribution_configuration_arn, - JSON_EXTRACT(detail.Properties, '$.InfrastructureConfigurationArn') as infrastructure_configuration_arn, - JSON_EXTRACT(detail.Properties, '$.Workflows') as workflows, JSON_EXTRACT(detail.Properties, '$.ImageId') as image_id, - JSON_EXTRACT(detail.Properties, '$.ImageUri') as image_uri, + JSON_EXTRACT(detail.Properties, '$.ImageTestsConfiguration') as image_tests_configuration, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.EnhancedImageMetadataEnabled') as enhanced_image_metadata_enabled, - JSON_EXTRACT(detail.Properties, '$.ImageScanningConfiguration') as image_scanning_configuration, JSON_EXTRACT(detail.Properties, '$.ExecutionRole') as execution_role, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing @@ -3208,18 +3252,18 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ImageScanningConfiguration') as image_scanning_configuration, + json_extract_path_text(Properties, 'ContainerRecipeArn') as container_recipe_arn, + json_extract_path_text(Properties, 'Workflows') as workflows, + json_extract_path_text(Properties, 'ImageUri') as image_uri, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'ImageTestsConfiguration') as image_tests_configuration, + json_extract_path_text(Properties, 'InfrastructureConfigurationArn') as infrastructure_configuration_arn, json_extract_path_text(Properties, 'ImageRecipeArn') as image_recipe_arn, - json_extract_path_text(Properties, 'ContainerRecipeArn') as container_recipe_arn, json_extract_path_text(Properties, 'DistributionConfigurationArn') as distribution_configuration_arn, - json_extract_path_text(Properties, 'InfrastructureConfigurationArn') as infrastructure_configuration_arn, - json_extract_path_text(Properties, 'Workflows') as workflows, json_extract_path_text(Properties, 'ImageId') as image_id, - json_extract_path_text(Properties, 'ImageUri') as image_uri, + json_extract_path_text(Properties, 'ImageTestsConfiguration') as image_tests_configuration, + json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'EnhancedImageMetadataEnabled') as enhanced_image_metadata_enabled, - json_extract_path_text(Properties, 'ImageScanningConfiguration') as image_scanning_configuration, json_extract_path_text(Properties, 'ExecutionRole') as execution_role, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::Image' @@ -3230,18 +3274,18 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ImageScanningConfiguration') as image_scanning_configuration, + json_extract_path_text(detail.Properties, 'ContainerRecipeArn') as container_recipe_arn, + json_extract_path_text(detail.Properties, 'Workflows') as workflows, + json_extract_path_text(detail.Properties, 'ImageUri') as image_uri, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'ImageTestsConfiguration') as image_tests_configuration, + json_extract_path_text(detail.Properties, 'InfrastructureConfigurationArn') as infrastructure_configuration_arn, json_extract_path_text(detail.Properties, 'ImageRecipeArn') as image_recipe_arn, - json_extract_path_text(detail.Properties, 'ContainerRecipeArn') as container_recipe_arn, json_extract_path_text(detail.Properties, 'DistributionConfigurationArn') as distribution_configuration_arn, - json_extract_path_text(detail.Properties, 'InfrastructureConfigurationArn') as infrastructure_configuration_arn, - json_extract_path_text(detail.Properties, 'Workflows') as workflows, json_extract_path_text(detail.Properties, 'ImageId') as image_id, - json_extract_path_text(detail.Properties, 'ImageUri') as image_uri, + json_extract_path_text(detail.Properties, 'ImageTestsConfiguration') as image_tests_configuration, + json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'EnhancedImageMetadataEnabled') as enhanced_image_metadata_enabled, - json_extract_path_text(detail.Properties, 'ImageScanningConfiguration') as image_scanning_configuration, json_extract_path_text(detail.Properties, 'ExecutionRole') as execution_role, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing @@ -3302,18 +3346,18 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ImageScanningConfiguration') as image_scanning_configuration, + JSON_EXTRACT(detail.Properties, '$.ContainerRecipeArn') as container_recipe_arn, + JSON_EXTRACT(detail.Properties, '$.Workflows') as workflows, + JSON_EXTRACT(detail.Properties, '$.ImageUri') as image_uri, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.ImageTestsConfiguration') as image_tests_configuration, + JSON_EXTRACT(detail.Properties, '$.InfrastructureConfigurationArn') as infrastructure_configuration_arn, JSON_EXTRACT(detail.Properties, '$.ImageRecipeArn') as image_recipe_arn, - JSON_EXTRACT(detail.Properties, '$.ContainerRecipeArn') as container_recipe_arn, JSON_EXTRACT(detail.Properties, '$.DistributionConfigurationArn') as distribution_configuration_arn, - JSON_EXTRACT(detail.Properties, '$.InfrastructureConfigurationArn') as infrastructure_configuration_arn, - JSON_EXTRACT(detail.Properties, '$.Workflows') as workflows, JSON_EXTRACT(detail.Properties, '$.ImageId') as image_id, - JSON_EXTRACT(detail.Properties, '$.ImageUri') as image_uri, + JSON_EXTRACT(detail.Properties, '$.ImageTestsConfiguration') as image_tests_configuration, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.EnhancedImageMetadataEnabled') as enhanced_image_metadata_enabled, - JSON_EXTRACT(detail.Properties, '$.ImageScanningConfiguration') as image_scanning_configuration, JSON_EXTRACT(detail.Properties, '$.ExecutionRole') as execution_role FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -3330,18 +3374,18 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ImageScanningConfiguration') as image_scanning_configuration, + json_extract_path_text(detail.Properties, 'ContainerRecipeArn') as container_recipe_arn, + json_extract_path_text(detail.Properties, 'Workflows') as workflows, + json_extract_path_text(detail.Properties, 'ImageUri') as image_uri, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'ImageTestsConfiguration') as image_tests_configuration, + json_extract_path_text(detail.Properties, 'InfrastructureConfigurationArn') as infrastructure_configuration_arn, json_extract_path_text(detail.Properties, 'ImageRecipeArn') as image_recipe_arn, - json_extract_path_text(detail.Properties, 'ContainerRecipeArn') as container_recipe_arn, json_extract_path_text(detail.Properties, 'DistributionConfigurationArn') as distribution_configuration_arn, - json_extract_path_text(detail.Properties, 'InfrastructureConfigurationArn') as infrastructure_configuration_arn, - json_extract_path_text(detail.Properties, 'Workflows') as workflows, json_extract_path_text(detail.Properties, 'ImageId') as image_id, - json_extract_path_text(detail.Properties, 'ImageUri') as image_uri, + json_extract_path_text(detail.Properties, 'ImageTestsConfiguration') as image_tests_configuration, + json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'EnhancedImageMetadataEnabled') as enhanced_image_metadata_enabled, - json_extract_path_text(detail.Properties, 'ImageScanningConfiguration') as image_scanning_configuration, json_extract_path_text(detail.Properties, 'ExecutionRole') as execution_role FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -3906,7 +3950,8 @@ components: JSON_EXTRACT(Properties, '$.InstanceMetadataOptions') as instance_metadata_options, JSON_EXTRACT(Properties, '$.SnsTopicArn') as sns_topic_arn, JSON_EXTRACT(Properties, '$.ResourceTags') as resource_tags, - JSON_EXTRACT(Properties, '$.Tags') as tags + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Placement') as placement FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::InfrastructureConfiguration' AND data__Identifier = '' AND region = 'us-east-1' @@ -3928,7 +3973,8 @@ components: JSON_EXTRACT(detail.Properties, '$.InstanceMetadataOptions') as instance_metadata_options, JSON_EXTRACT(detail.Properties, '$.SnsTopicArn') as sns_topic_arn, JSON_EXTRACT(detail.Properties, '$.ResourceTags') as resource_tags, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.Placement') as placement FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3955,7 +4001,8 @@ components: json_extract_path_text(Properties, 'InstanceMetadataOptions') as instance_metadata_options, json_extract_path_text(Properties, 'SnsTopicArn') as sns_topic_arn, json_extract_path_text(Properties, 'ResourceTags') as resource_tags, - json_extract_path_text(Properties, 'Tags') as tags + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Placement') as placement FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ImageBuilder::InfrastructureConfiguration' AND data__Identifier = '' AND region = 'us-east-1' @@ -3977,7 +4024,8 @@ components: json_extract_path_text(detail.Properties, 'InstanceMetadataOptions') as instance_metadata_options, json_extract_path_text(detail.Properties, 'SnsTopicArn') as sns_topic_arn, json_extract_path_text(detail.Properties, 'ResourceTags') as resource_tags, - json_extract_path_text(detail.Properties, 'Tags') as tags + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Placement') as placement FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -4048,7 +4096,8 @@ components: JSON_EXTRACT(detail.Properties, '$.InstanceProfileName') as instance_profile_name, JSON_EXTRACT(detail.Properties, '$.InstanceMetadataOptions') as instance_metadata_options, JSON_EXTRACT(detail.Properties, '$.SnsTopicArn') as sns_topic_arn, - JSON_EXTRACT(detail.Properties, '$.ResourceTags') as resource_tags + JSON_EXTRACT(detail.Properties, '$.ResourceTags') as resource_tags, + JSON_EXTRACT(detail.Properties, '$.Placement') as placement FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -4076,7 +4125,8 @@ components: json_extract_path_text(detail.Properties, 'InstanceProfileName') as instance_profile_name, json_extract_path_text(detail.Properties, 'InstanceMetadataOptions') as instance_metadata_options, json_extract_path_text(detail.Properties, 'SnsTopicArn') as sns_topic_arn, - json_extract_path_text(detail.Properties, 'ResourceTags') as resource_tags + json_extract_path_text(detail.Properties, 'ResourceTags') as resource_tags, + json_extract_path_text(detail.Properties, 'Placement') as placement FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/inspectorv2.yaml b/providers/src/aws/v00.00.00000/services/inspectorv2.yaml index 8575815b..050985f1 100644 --- a/providers/src/aws/v00.00.00000/services/inspectorv2.yaml +++ b/providers/src/aws/v00.00.00000/services/inspectorv2.yaml @@ -470,13 +470,14 @@ components: maxItems: 10000 items: type: string - pattern: ^\d{12}|ALL_MEMBERS|SELF$ + pattern: ^\d{12}|ALL_ACCOUNTS|SELF$ uniqueItems: true TargetResourceTags: $ref: '#/components/schemas/TargetResourceTags' additionalProperties: false required: - AccountIds + - TargetResourceTags TargetResourceTags: x-patternProperties: ^.+$: @@ -515,6 +516,11 @@ components: description: CIS Scan configuration unique identifier Tags: $ref: '#/components/schemas/CisTagMap' + required: + - ScanName + - SecurityLevel + - Schedule + - Targets x-stackql-resource-name: cis_scan_configuration description: CIS Scan Configuration resource schema x-type-name: AWS::InspectorV2::CisScanConfiguration @@ -522,6 +528,11 @@ components: - Arn x-read-only-properties: - Arn + x-required-properties: + - ScanName + - SecurityLevel + - Schedule + - Targets x-tagging: taggable: true tagOnCreate: true diff --git a/providers/src/aws/v00.00.00000/services/internetmonitor.yaml b/providers/src/aws/v00.00.00000/services/internetmonitor.yaml index 7408000b..dae8dddd 100644 --- a/providers/src/aws/v00.00.00000/services/internetmonitor.yaml +++ b/providers/src/aws/v00.00.00000/services/internetmonitor.yaml @@ -564,6 +564,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - internetmonitor:TagResource + - internetmonitor:UntagResource + - internetmonitor:ListTagsForResource x-required-permissions: create: - internetmonitor:CreateMonitor @@ -603,6 +607,7 @@ components: list: - internetmonitor:ListMonitors - internetmonitor:GetMonitor + - internetmonitor:ListTagsForResource - logs:GetLogDelivery CreateMonitorRequest: properties: diff --git a/providers/src/aws/v00.00.00000/services/invoicing.yaml b/providers/src/aws/v00.00.00000/services/invoicing.yaml new file mode 100644 index 00000000..703ecdcc --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/invoicing.yaml @@ -0,0 +1,904 @@ +openapi: 3.0.0 +info: + title: Invoicing + version: 2.0.0 + x-serviceName: cloudcontrolapi +servers: + - url: https://cloudcontrolapi.{region}.amazonaws.com + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The CloudControlApi multi-region endpoint + - url: https://cloudcontrolapi.{region}.amazonaws.com.cn + variables: + region: + description: The AWS region + enum: + - cn-north-1 + - cn-northwest-1 + default: cn-north-1 + description: The CloudControlApi endpoint for China (Beijing) and China (Ningxia) +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + x-cloud-control-schemas: + AlreadyExistsException: {} + CancelResourceRequestInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: CancelResourceRequestInput + type: object + CancelResourceRequestOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + ClientToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + ClientTokenConflictException: {} + ConcurrentModificationException: {} + ConcurrentOperationException: {} + CreateResourceInput: + properties: + ClientToken: + type: string + DesiredState: + allOf: + - $ref: '#/components/x-cloud-control-schemas/Properties' + - description: >- +

Structured data format representing the desired state of the resource, consisting of that resource's properties and their desired values.

Cloud Control API currently supports JSON as a structured data format.

 
 <p>Specify the desired state as one of the following:</p> <ul> <li> <p>A JSON blob</p> </li> <li> <p>A local path containing the desired state in JSON data format</p>
+                </li> </ul> <p>For more information, see <a href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-create.html#resource-operations-create-desiredstate">Composing the desired state of the resource</a> in the <i>Amazon Web Services Cloud Control API User Guide</i>.</p> <p>For more information about the properties of a specific resource, refer to the related topic for the resource in the
+                <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Resource and property types reference</a> in the <i>CloudFormation Users Guide</i>.</p>
+ RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - DesiredState + title: CreateResourceInput + type: object + CreateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + DeleteResourceInput: + properties: + ClientToken: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - Identifier + title: DeleteResourceInput + type: object + DeleteResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + GeneralServiceException: {} + GetResourceInput: + properties: + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + required: + - TypeName + - Identifier + title: GetResourceInput + type: object + GetResourceOutput: + properties: + ResourceDescription: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + TypeName: + type: string + type: object + GetResourceRequestStatusInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: GetResourceRequestStatusInput + type: object + GetResourceRequestStatusOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + HandlerErrorCode: + enum: + - NotUpdatable + - InvalidRequest + - AccessDenied + - InvalidCredentials + - AlreadyExists + - NotFound + - ResourceConflict + - Throttling + - ServiceLimitExceeded + - NotStabilized + - GeneralServiceException + - ServiceInternalError + - ServiceTimeout + - NetworkFailure + - InternalFailure + type: string + HandlerFailureException: {} + HandlerInternalFailureException: {} + HandlerNextToken: + maxLength: 2048 + minLength: 1 + pattern: .+ + type: string + Identifier: + maxLength: 1024 + minLength: 1 + pattern: .+ + type: string + InvalidCredentialsException: {} + InvalidRequestException: {} + MaxResults: + maximum: 100 + minimum: 1 + type: integer + NetworkFailureException: {} + NextToken: + maxLength: 2048 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + NotStabilizedException: {} + NotUpdatableException: {} + Operation: + enum: + - CREATE + - DELETE + - UPDATE + type: string + OperationStatus: + enum: + - PENDING + - IN_PROGRESS + - SUCCESS + - FAILED + - CANCEL_IN_PROGRESS + - CANCEL_COMPLETE + type: string + OperationStatuses: + items: + $ref: '#/components/x-cloud-control-schemas/OperationStatus' + type: array + Operations: + items: + $ref: '#/components/x-cloud-control-schemas/Operation' + type: array + PatchDocument: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + PrivateTypeException: {} + ProgressEvent: + example: + ErrorCode: string + EventTime: number + Identifier: string + Operation: string + OperationStatus: string + RequestToken: string + ResourceModel: string + RetryAfter: number + StatusMessage: string + TypeName: string + properties: + ErrorCode: + type: string + EventTime: + type: number + Identifier: + type: string + Operation: + type: string + OperationStatus: + type: string + RequestToken: + type: string + ResourceModel: + type: string + RetryAfter: + type: number + StatusMessage: + type: string + TypeName: + type: string + type: object + Properties: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + RequestToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + RequestTokenNotFoundException: {} + ResourceConflictException: {} + ResourceDescription: + description: Represents information about a provisioned resource. + properties: + Identifier: + type: string + Properties: + type: string + type: object + ResourceDescriptions: + items: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + type: array + ResourceNotFoundException: {} + ResourceRequestStatusFilter: + description: The filter criteria to use in determining the requests returned. + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/OperationStatuses' + - description: >- +

The operation statuses to include in the filter.

  • PENDING: The operation has been requested, but not yet initiated.

  • IN_PROGRESS: The operation is in progress.

  • SUCCESS: The operation completed.

  • FAILED: The operation failed.

  • CANCEL_IN_PROGRESS: The operation is in the process of being canceled.

  • + CANCEL_COMPLETE: The operation has been canceled.

+ type: object + ResourceRequestStatusSummaries: + items: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: array + RoleArn: + maxLength: 2048 + minLength: 20 + pattern: arn:.+:iam::[0-9]{12}:role/.+ + type: string + ServiceInternalErrorException: {} + ServiceLimitExceededException: {} + StatusMessage: + maxLength: 1024 + minLength: 0 + pattern: '[\s\S]*' + type: string + ThrottlingException: {} + Timestamp: + format: date-time + type: string + TypeName: + maxLength: 196 + minLength: 10 + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}' + type: string + TypeNotFoundException: {} + TypeVersionId: + maxLength: 128 + minLength: 1 + pattern: '[A-Za-z0-9-]+' + type: string + UnsupportedActionException: {} + UpdateResourceInput: + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/PatchDocument' + required: + - Identifier + - PatchDocument + title: UpdateResourceInput + type: object + UpdateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + schemas: + InvoiceUnitArn: + type: string + pattern: ^arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:[-a-zA-Z0-9/:_]+$ + minLength: 1 + maxLength: 256 + InvoiceReceiver: + type: string + pattern: ^\d{12}$ + minLength: 12 + maxLength: 12 + Name: + type: string + pattern: ^(?! )[\p{L}\p{N}\p{Z}-_]*(?' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.InvoiceUnitArn') as invoice_unit_arn, + JSON_EXTRACT(detail.Properties, '$.InvoiceReceiver') as invoice_receiver, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.TaxInheritanceDisabled') as tax_inheritance_disabled, + JSON_EXTRACT(detail.Properties, '$.Rule') as rule, + JSON_EXTRACT(detail.Properties, '$.LastModified') as last_modified, + JSON_EXTRACT(detail.Properties, '$.ResourceTags') as resource_tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Invoicing::InvoiceUnit' + AND detail.data__TypeName = 'AWS::Invoicing::InvoiceUnit' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'InvoiceUnitArn') as invoice_unit_arn, + json_extract_path_text(Properties, 'InvoiceReceiver') as invoice_receiver, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'TaxInheritanceDisabled') as tax_inheritance_disabled, + json_extract_path_text(Properties, 'Rule') as rule, + json_extract_path_text(Properties, 'LastModified') as last_modified, + json_extract_path_text(Properties, 'ResourceTags') as resource_tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Invoicing::InvoiceUnit' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'InvoiceUnitArn') as invoice_unit_arn, + json_extract_path_text(detail.Properties, 'InvoiceReceiver') as invoice_receiver, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'TaxInheritanceDisabled') as tax_inheritance_disabled, + json_extract_path_text(detail.Properties, 'Rule') as rule, + json_extract_path_text(detail.Properties, 'LastModified') as last_modified, + json_extract_path_text(detail.Properties, 'ResourceTags') as resource_tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Invoicing::InvoiceUnit' + AND detail.data__TypeName = 'AWS::Invoicing::InvoiceUnit' + AND listing.region = 'us-east-1' + invoice_units_list_only: + name: invoice_units_list_only + id: aws.invoicing.invoice_units_list_only + x-cfn-schema-name: InvoiceUnit + x-cfn-type-name: AWS::Invoicing::InvoiceUnit + x-identifiers: + - InvoiceUnitArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.InvoiceUnitArn') as invoice_unit_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Invoicing::InvoiceUnit' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'InvoiceUnitArn') as invoice_unit_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Invoicing::InvoiceUnit' + AND region = 'us-east-1' +paths: + /?Action=CreateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__InvoiceUnit&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateInvoiceUnit + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateInvoiceUnitRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success +x-stackQL-config: + requestTranslate: + algorithm: drop_double_underscore_params + pagination: + requestToken: + key: NextToken + location: body + responseToken: + key: NextToken + location: body diff --git a/providers/src/aws/v00.00.00000/services/iot.yaml b/providers/src/aws/v00.00.00000/services/iot.yaml index dae8965c..1bf16f70 100644 --- a/providers/src/aws/v00.00.00000/services/iot.yaml +++ b/providers/src/aws/v00.00.00000/services/iot.yaml @@ -546,7 +546,8 @@ components: type: boolean Tags: type: array - x-insertionOrder: true + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' required: @@ -714,6 +715,7 @@ components: Tags: description: An array of key-value pairs to apply to this resource. type: array + uniqueItems: true x-insertionOrder: false items: $ref: '#/components/schemas/Tag' @@ -869,7 +871,8 @@ components: description: An array of key-value pairs to apply to this resource. type: array maxItems: 50 - x-insertionOrder: true + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' Arn: @@ -916,6 +919,172 @@ components: - iot:DescribeCertificateProvider list: - iot:ListCertificateProviders + CommandParameterList: + type: array + items: + $ref: '#/components/schemas/CommandParameter' + minItems: 1 + x-insertionOrder: false + CommandParameter: + type: object + properties: + Name: + $ref: '#/components/schemas/CommandParameterName' + Value: + $ref: '#/components/schemas/CommandParameterValue' + DefaultValue: + $ref: '#/components/schemas/CommandParameterValue' + Description: + $ref: '#/components/schemas/CommandParameterDescription' + required: + - Name + additionalProperties: false + CommandParameterName: + type: string + pattern: ^[.$a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 192 + CommandParameterDescription: + type: string + maxLength: 2028 + CommandParameterValue: + type: object + properties: + S: + type: string + minLength: 1 + B: + type: boolean + I: + type: integer + L: + type: string + pattern: ^-?\d+$ + maxLength: 19 + D: + type: number + BIN: + type: string + minLength: 1 + UL: + type: string + pattern: ^[0-9]*$ + minLength: 1 + maxLength: 20 + additionalProperties: false + MimeType: + type: string + minLength: 1 + CommandPayloadContent: + type: string + CommandPayload: + type: object + properties: + Content: + $ref: '#/components/schemas/CommandPayloadContent' + ContentType: + $ref: '#/components/schemas/MimeType' + additionalProperties: false + Command: + type: object + properties: + CommandArn: + type: string + description: The Amazon Resource Name (ARN) of the command. + CommandId: + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + description: The unique identifier for the command. + CreatedAt: + type: string + description: The date and time when the command was created. + Deprecated: + type: boolean + description: A flag indicating whether the command is deprecated. + Description: + type: string + maxLength: 2028 + description: The description of the command. + DisplayName: + type: string + description: The display name for the command. + LastUpdatedAt: + type: string + description: The date and time when the command was last updated. + MandatoryParameters: + $ref: '#/components/schemas/CommandParameterList' + description: The list of mandatory parameters for the command. + Namespace: + type: string + enum: + - AWS-IoT + - AWS-IoT-FleetWise + description: The namespace to which the command belongs. + RoleArn: + type: string + minLength: 20 + maxLength: 2028 + description: The customer role associated with the command. + Payload: + $ref: '#/components/schemas/CommandPayload' + description: The payload associated with the command. + PendingDeletion: + type: boolean + description: A flag indicating whether the command is pending deletion. + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + description: The tags to be associated with the command. + x-insertionOrder: true + required: + - CommandId + x-stackql-resource-name: command + description: Represents the resource definition of AWS IoT Command. + x-type-name: AWS::IoT::Command + x-stackql-primary-identifier: + - CommandId + x-create-only-properties: + - CommandId + x-write-only-properties: + - LastUpdatedAt + x-read-only-properties: + - CommandArn + x-required-properties: + - CommandId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - iot:TagResource + - iot:UntagResource + - iot:ListTagsForResource + x-required-permissions: + create: + - iam:PassRole + - iot:CreateCommand + - iot:TagResource + read: + - iot:GetCommand + - iot:ListTagsForResource + update: + - iam:PassRole + - iot:UpdateCommand + - iot:GetCommand + - iot:TagResource + - iot:UntagResource + - iot:ListTagsForResource + delete: + - iot:GetCommand + - iot:UpdateCommand + - iot:DeleteCommand + list: + - iot:ListCommands CustomMetric: type: object properties: @@ -1066,6 +1235,15 @@ components: properties: EnableOCSPCheck: type: boolean + OcspLambdaArn: + type: string + minLength: 1 + maxLength: 170 + OcspAuthorizedResponderArn: + type: string + pattern: ^arn:aws(-cn|-us-gov|-iso-b|-iso)?:acm:[a-z]{2}-(gov-|iso-|isob-)?[a-z]{4,9}-\d{1}:\d{12}:certificate/[a-zA-Z0-9/-]+$ + minLength: 1 + maxLength: 2048 additionalProperties: false ServerCertificateSummary: type: object @@ -1090,6 +1268,14 @@ components: type: string maxLength: 128 additionalProperties: false + ClientCertificateConfig: + type: object + properties: + ClientCertificateCallbackArn: + type: string + minLength: 1 + maxLength: 170 + additionalProperties: false DomainConfiguration: type: object properties: @@ -1145,9 +1331,27 @@ components: $ref: '#/components/schemas/ServerCertificateSummary' TlsConfig: $ref: '#/components/schemas/TlsConfig' + AuthenticationType: + type: string + enum: + - AWS_X509 + - CUSTOM_AUTH + - AWS_SIGV4 + - CUSTOM_AUTH_X509 + - DEFAULT + ApplicationProtocol: + type: string + enum: + - SECURE_MQTT + - MQTT_WSS + - HTTPS + - DEFAULT + ClientCertificateConfig: + $ref: '#/components/schemas/ClientCertificateConfig' Tags: type: array - x-insertionOrder: true + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' required: [] @@ -1176,6 +1380,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iot:ListTagsForResource + - iot:TagResource + - iot:UntagResource x-required-permissions: create: - iot:CreateDomainConfiguration @@ -1870,7 +2078,8 @@ components: type: string Tags: type: array - x-insertionOrder: true + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' required: @@ -1925,6 +2134,7 @@ components: type: string PayloadVersion: type: string + additionalProperties: false ProvisioningTemplate: type: object properties: @@ -1953,7 +2163,8 @@ components: $ref: '#/components/schemas/ProvisioningHook' Tags: type: array - x-insertionOrder: true + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' required: @@ -2096,7 +2307,8 @@ components: default: 3600 Tags: type: array - x-insertionOrder: true + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' required: @@ -2635,6 +2847,7 @@ components: pattern: ^[a-zA-Z0-9-_.]+$ PackageVersionArn: type: string + pattern: ^arn:[!-~]+$ Status: $ref: '#/components/schemas/PackageVersionStatus' Tags: @@ -2673,6 +2886,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iot:TagResource + - iot:UntagResource + - iot:ListTagsForResource x-required-permissions: create: - iot:CreatePackageVersion @@ -2829,6 +3046,25 @@ components: - iot:UpdateDynamicThingGroup - iot:TagResource - iot:UntagResource + PropagatingAttribute: + type: object + additionalProperties: false + properties: + UserPropertyKey: + type: string + pattern: '[a-zA-Z0-9:$.]+' + maxLength: 128 + ThingAttribute: + type: string + pattern: '[a-zA-Z0-9_.,@/:#-]+' + maxLength: 128 + ConnectionAttribute: + type: string + enum: + - iot:ClientId + - iot:Thing.ThingName + required: + - UserPropertyKey ThingType: type: object properties: @@ -2860,6 +3096,15 @@ components: pattern: '[\p{Graph}\x20]*' type: string maxLength: 2028 + Mqtt5Configuration: + type: object + additionalProperties: false + properties: + PropagatingAttributes: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/PropagatingAttribute' Tags: description: An array of key-value pairs to apply to this resource. type: array @@ -2875,7 +3120,6 @@ components: - ThingTypeName x-create-only-properties: - ThingTypeName - - ThingTypeProperties x-read-only-properties: - Arn - Id @@ -3522,6 +3766,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iot:UntagResource + - iot:TagResource + - iot:ListTagsForResource x-required-permissions: create: - iam:PassRole @@ -3698,7 +3946,8 @@ components: type: boolean Tags: type: array - x-insertionOrder: true + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true @@ -3797,6 +4046,7 @@ components: Tags: description: An array of key-value pairs to apply to this resource. type: array + uniqueItems: true x-insertionOrder: false items: $ref: '#/components/schemas/Tag' @@ -3882,7 +4132,8 @@ components: description: An array of key-value pairs to apply to this resource. type: array maxItems: 50 - x-insertionOrder: true + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' Arn: @@ -3891,6 +4142,74 @@ components: x-title: CreateCertificateProviderRequest type: object required: [] + CreateCommandRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + CommandArn: + type: string + description: The Amazon Resource Name (ARN) of the command. + CommandId: + type: string + pattern: ^[a-zA-Z0-9_-]+$ + minLength: 1 + maxLength: 64 + description: The unique identifier for the command. + CreatedAt: + type: string + description: The date and time when the command was created. + Deprecated: + type: boolean + description: A flag indicating whether the command is deprecated. + Description: + type: string + maxLength: 2028 + description: The description of the command. + DisplayName: + type: string + description: The display name for the command. + LastUpdatedAt: + type: string + description: The date and time when the command was last updated. + MandatoryParameters: + $ref: '#/components/schemas/CommandParameterList' + description: The list of mandatory parameters for the command. + Namespace: + type: string + enum: + - AWS-IoT + - AWS-IoT-FleetWise + description: The namespace to which the command belongs. + RoleArn: + type: string + minLength: 20 + maxLength: 2028 + description: The customer role associated with the command. + Payload: + $ref: '#/components/schemas/CommandPayload' + description: The payload associated with the command. + PendingDeletion: + type: boolean + description: A flag indicating whether the command is pending deletion. + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + description: The tags to be associated with the command. + x-insertionOrder: true + x-stackQL-stringOnly: true + x-title: CreateCommandRequest + type: object + required: [] CreateCustomMetricRequest: properties: ClientToken: @@ -4054,9 +4373,27 @@ components: $ref: '#/components/schemas/ServerCertificateSummary' TlsConfig: $ref: '#/components/schemas/TlsConfig' + AuthenticationType: + type: string + enum: + - AWS_X509 + - CUSTOM_AUTH + - AWS_SIGV4 + - CUSTOM_AUTH_X509 + - DEFAULT + ApplicationProtocol: + type: string + enum: + - SECURE_MQTT + - MQTT_WSS + - HTTPS + - DEFAULT + ClientCertificateConfig: + $ref: '#/components/schemas/ClientCertificateConfig' Tags: type: array - x-insertionOrder: true + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true @@ -4341,7 +4678,8 @@ components: type: string Tags: type: array - x-insertionOrder: true + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true @@ -4386,7 +4724,8 @@ components: $ref: '#/components/schemas/ProvisioningHook' Tags: type: array - x-insertionOrder: true + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true @@ -4475,7 +4814,8 @@ components: default: 3600 Tags: type: array - x-insertionOrder: true + uniqueItems: true + x-insertionOrder: false items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true @@ -4702,6 +5042,7 @@ components: pattern: ^[a-zA-Z0-9-_.]+$ PackageVersionArn: type: string + pattern: ^arn:[!-~]+$ Status: $ref: '#/components/schemas/PackageVersionStatus' Tags: @@ -4843,6 +5184,15 @@ components: pattern: '[\p{Graph}\x20]*' type: string maxLength: 2028 + Mqtt5Configuration: + type: object + additionalProperties: false + properties: + PropagatingAttributes: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/PropagatingAttribute' Tags: description: An array of key-value pairs to apply to this resource. type: array @@ -6085,6 +6435,255 @@ components: WHERE listing.data__TypeName = 'AWS::IoT::CertificateProvider' AND detail.data__TypeName = 'AWS::IoT::CertificateProvider' AND listing.region = 'us-east-1' + commands: + name: commands + id: aws.iot.commands + x-cfn-schema-name: Command + x-cfn-type-name: AWS::IoT::Command + x-identifiers: + - CommandId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Command&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IoT::Command" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IoT::Command" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IoT::Command" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/commands/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/commands/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/commands/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CommandArn') as command_arn, + JSON_EXTRACT(Properties, '$.CommandId') as command_id, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Deprecated') as deprecated, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(Properties, '$.MandatoryParameters') as mandatory_parameters, + JSON_EXTRACT(Properties, '$.Namespace') as namespace, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Payload') as payload, + JSON_EXTRACT(Properties, '$.PendingDeletion') as pending_deletion, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Command' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.CommandArn') as command_arn, + JSON_EXTRACT(detail.Properties, '$.CommandId') as command_id, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Deprecated') as deprecated, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(detail.Properties, '$.MandatoryParameters') as mandatory_parameters, + JSON_EXTRACT(detail.Properties, '$.Namespace') as namespace, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Payload') as payload, + JSON_EXTRACT(detail.Properties, '$.PendingDeletion') as pending_deletion, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::IoT::Command' + AND detail.data__TypeName = 'AWS::IoT::Command' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CommandArn') as command_arn, + json_extract_path_text(Properties, 'CommandId') as command_id, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Deprecated') as deprecated, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(Properties, 'MandatoryParameters') as mandatory_parameters, + json_extract_path_text(Properties, 'Namespace') as namespace, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Payload') as payload, + json_extract_path_text(Properties, 'PendingDeletion') as pending_deletion, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::Command' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'CommandArn') as command_arn, + json_extract_path_text(detail.Properties, 'CommandId') as command_id, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Deprecated') as deprecated, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, + json_extract_path_text(detail.Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(detail.Properties, 'MandatoryParameters') as mandatory_parameters, + json_extract_path_text(detail.Properties, 'Namespace') as namespace, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Payload') as payload, + json_extract_path_text(detail.Properties, 'PendingDeletion') as pending_deletion, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::IoT::Command' + AND detail.data__TypeName = 'AWS::IoT::Command' + AND listing.region = 'us-east-1' + commands_list_only: + name: commands_list_only + id: aws.iot.commands_list_only + x-cfn-schema-name: Command + x-cfn-type-name: AWS::IoT::Command + x-identifiers: + - CommandId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.CommandId') as command_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Command' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'CommandId') as command_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoT::Command' + AND region = 'us-east-1' + command_tags: + name: command_tags + id: aws.iot.command_tags + x-cfn-schema-name: Command + x-cfn-type-name: AWS::IoT::Command + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.CommandArn') as command_arn, + JSON_EXTRACT(detail.Properties, '$.CommandId') as command_id, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Deprecated') as deprecated, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(detail.Properties, '$.MandatoryParameters') as mandatory_parameters, + JSON_EXTRACT(detail.Properties, '$.Namespace') as namespace, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Payload') as payload, + JSON_EXTRACT(detail.Properties, '$.PendingDeletion') as pending_deletion + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::IoT::Command' + AND detail.data__TypeName = 'AWS::IoT::Command' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'CommandArn') as command_arn, + json_extract_path_text(detail.Properties, 'CommandId') as command_id, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Deprecated') as deprecated, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, + json_extract_path_text(detail.Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(detail.Properties, 'MandatoryParameters') as mandatory_parameters, + json_extract_path_text(detail.Properties, 'Namespace') as namespace, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Payload') as payload, + json_extract_path_text(detail.Properties, 'PendingDeletion') as pending_deletion + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::IoT::Command' + AND detail.data__TypeName = 'AWS::IoT::Command' + AND listing.region = 'us-east-1' custom_metrics: name: custom_metrics id: aws.iot.custom_metrics @@ -6562,6 +7161,9 @@ components: JSON_EXTRACT(Properties, '$.ServerCertificateConfig') as server_certificate_config, JSON_EXTRACT(Properties, '$.ServerCertificates') as server_certificates, JSON_EXTRACT(Properties, '$.TlsConfig') as tls_config, + JSON_EXTRACT(Properties, '$.AuthenticationType') as authentication_type, + JSON_EXTRACT(Properties, '$.ApplicationProtocol') as application_protocol, + JSON_EXTRACT(Properties, '$.ClientCertificateConfig') as client_certificate_config, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::DomainConfiguration' AND data__Identifier = '' @@ -6583,6 +7185,9 @@ components: JSON_EXTRACT(detail.Properties, '$.ServerCertificateConfig') as server_certificate_config, JSON_EXTRACT(detail.Properties, '$.ServerCertificates') as server_certificates, JSON_EXTRACT(detail.Properties, '$.TlsConfig') as tls_config, + JSON_EXTRACT(detail.Properties, '$.AuthenticationType') as authentication_type, + JSON_EXTRACT(detail.Properties, '$.ApplicationProtocol') as application_protocol, + JSON_EXTRACT(detail.Properties, '$.ClientCertificateConfig') as client_certificate_config, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -6609,6 +7214,9 @@ components: json_extract_path_text(Properties, 'ServerCertificateConfig') as server_certificate_config, json_extract_path_text(Properties, 'ServerCertificates') as server_certificates, json_extract_path_text(Properties, 'TlsConfig') as tls_config, + json_extract_path_text(Properties, 'AuthenticationType') as authentication_type, + json_extract_path_text(Properties, 'ApplicationProtocol') as application_protocol, + json_extract_path_text(Properties, 'ClientCertificateConfig') as client_certificate_config, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoT::DomainConfiguration' AND data__Identifier = '' @@ -6630,6 +7238,9 @@ components: json_extract_path_text(detail.Properties, 'ServerCertificateConfig') as server_certificate_config, json_extract_path_text(detail.Properties, 'ServerCertificates') as server_certificates, json_extract_path_text(detail.Properties, 'TlsConfig') as tls_config, + json_extract_path_text(detail.Properties, 'AuthenticationType') as authentication_type, + json_extract_path_text(detail.Properties, 'ApplicationProtocol') as application_protocol, + json_extract_path_text(detail.Properties, 'ClientCertificateConfig') as client_certificate_config, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -6700,7 +7311,10 @@ components: JSON_EXTRACT(detail.Properties, '$.DomainType') as domain_type, JSON_EXTRACT(detail.Properties, '$.ServerCertificateConfig') as server_certificate_config, JSON_EXTRACT(detail.Properties, '$.ServerCertificates') as server_certificates, - JSON_EXTRACT(detail.Properties, '$.TlsConfig') as tls_config + JSON_EXTRACT(detail.Properties, '$.TlsConfig') as tls_config, + JSON_EXTRACT(detail.Properties, '$.AuthenticationType') as authentication_type, + JSON_EXTRACT(detail.Properties, '$.ApplicationProtocol') as application_protocol, + JSON_EXTRACT(detail.Properties, '$.ClientCertificateConfig') as client_certificate_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -6727,7 +7341,10 @@ components: json_extract_path_text(detail.Properties, 'DomainType') as domain_type, json_extract_path_text(detail.Properties, 'ServerCertificateConfig') as server_certificate_config, json_extract_path_text(detail.Properties, 'ServerCertificates') as server_certificates, - json_extract_path_text(detail.Properties, 'TlsConfig') as tls_config + json_extract_path_text(detail.Properties, 'TlsConfig') as tls_config, + json_extract_path_text(detail.Properties, 'AuthenticationType') as authentication_type, + json_extract_path_text(detail.Properties, 'ApplicationProtocol') as application_protocol, + json_extract_path_text(detail.Properties, 'ClientCertificateConfig') as client_certificate_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -10517,6 +11134,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Command&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateCommand + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateCommandRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__CustomMetric&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/iotcoredeviceadvisor.yaml b/providers/src/aws/v00.00.00000/services/iotcoredeviceadvisor.yaml index 7e469ef4..07997677 100644 --- a/providers/src/aws/v00.00.00000/services/iotcoredeviceadvisor.yaml +++ b/providers/src/aws/v00.00.00000/services/iotcoredeviceadvisor.yaml @@ -495,6 +495,16 @@ components: - SuiteDefinitionVersion x-required-properties: - SuiteDefinitionConfiguration + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotdeviceadvisor:TagResource + - iotdeviceadvisor:UntagResource + - iot:ListTagsForResource x-required-permissions: create: - iot:DescribeCertificate @@ -503,7 +513,6 @@ components: - iot:ListAttachedPolicies - iot:ListCertificates - iot:ListPrincipalPolicies - - iot:ListTagsForResource - iot:ListThingPrincipals - iot:ListThings - iotdeviceadvisor:CreateSuiteDefinition @@ -511,7 +520,7 @@ components: - iam:PassRole read: - iotdeviceadvisor:GetSuiteDefinition - - iotdeviceadvisor:TagResource + - iot:ListTagsForResource update: - iot:DescribeCertificate - iot:DescribeThing @@ -519,7 +528,6 @@ components: - iot:ListAttachedPolicies - iot:ListCertificates - iot:ListPrincipalPolicies - - iot:ListTagsForResource - iot:ListThingPrincipals - iot:ListThings - iotdeviceadvisor:UpdateSuiteDefinition diff --git a/providers/src/aws/v00.00.00000/services/iotevents.yaml b/providers/src/aws/v00.00.00000/services/iotevents.yaml index cf677c17..a00edc1f 100644 --- a/providers/src/aws/v00.00.00000/services/iotevents.yaml +++ b/providers/src/aws/v00.00.00000/services/iotevents.yaml @@ -392,6 +392,7 @@ components: properties: SimpleRule: $ref: '#/components/schemas/SimpleRule' + description: A rule that compares an input property value to a threshold value with a comparison operator. SimpleRule: type: object additionalProperties: false @@ -401,7 +402,7 @@ components: type: string minLength: 1 maxLength: 512 - description: The value on the left side of the comparison operator. You can specify an AWS IoT Events input attribute as an input property. + description: The value on the left side of the comparison operator. You can specify an ITE input attribute as an input property. ComparisonOperator: type: string enum: @@ -416,7 +417,7 @@ components: type: string minLength: 1 maxLength: 512 - description: The value on the right side of the comparison operator. You can enter a number or specify an AWS IoT Events input attribute. + description: The value on the right side of the comparison operator. You can enter a number or specify an ITE input attribute. required: - InputProperty - ComparisonOperator @@ -428,15 +429,18 @@ components: properties: AlarmActions: $ref: '#/components/schemas/AlarmActions' + description: Specifies one or more supported actions to receive notifications when the alarm state changes. AlarmCapabilities: type: object - description: Contains the configuration information of alarm state changes + description: Contains the configuration information of alarm state changes. additionalProperties: false properties: InitializationConfiguration: $ref: '#/components/schemas/InitializationConfiguration' + description: Specifies the default alarm state. The configuration applies to all alarms that were created based on this alarm model. AcknowledgeFlow: $ref: '#/components/schemas/AcknowledgeFlow' + description: Specifies whether to get notified for alarm state changes. AlarmActions: type: array description: Specifies one or more supported actions to receive notifications when the alarm state changes. @@ -447,88 +451,143 @@ components: AlarmAction: type: object additionalProperties: false - description: The actions to be performed. + description: Specifies one of the following actions to receive notifications when the alarm state changes. properties: DynamoDB: $ref: '#/components/schemas/DynamoDB' + description: |- + Defines an action to write to the Amazon DynamoDB table that you created. The standard action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. + You must use expressions for all parameters in ``DynamoDBAction``. The expressions accept literals, operators, functions, references, and substitution templates. + **Examples** + + For literal values, the expressions must contain single quotes. For example, the value for the ``hashKeyType`` parameter can be ``'STRING'``. + + For references, you must specify either variables or input values. For example, the value for the ``hashKeyField`` parameter can be ``$input.GreenhouseInput.name``. + + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates. + In the following example, the value for the ``hashKeyValue`` parameter uses a substitution template. + ``'${$input.GreenhouseInput.temperature * 6 / 5 + 32} in Fahrenheit'`` + + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates. + In the following example, the value for the ``tableName`` parameter uses a string concatenation. + ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` + + For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*. + If the defined payload type is a string, ``DynamoDBAction`` writes non-JSON data to the DynamoDB table as binary data. The DynamoDB console displays the data as Base64-encoded text. The value for the ``payloadField`` parameter is ``_raw``. DynamoDBv2: $ref: '#/components/schemas/DynamoDBv2' + description: |- + Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify. + You must use expressions for all parameters in ``DynamoDBv2Action``. The expressions accept literals, operators, functions, references, and substitution templates. + **Examples** + + For literal values, the expressions must contain single quotes. For example, the value for the ``tableName`` parameter can be ``'GreenhouseTemperatureTable'``. + + For references, you must specify either variables or input values. For example, the value for the ``tableName`` parameter can be ``$variable.ddbtableName``. + + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates. + In the following example, the value for the ``contentExpression`` parameter in ``Payload`` uses a substitution template. + ``'{\"sensorID\": \"${$input.GreenhouseInput.sensor_id}\", \"temperature\": \"${$input.GreenhouseInput.temperature * 9 / 5 + 32}\"}'`` + + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates. + In the following example, the value for the ``tableName`` parameter uses a string concatenation. + ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` + + For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*. + The value for the ``type`` parameter in ``Payload`` must be ``JSON``. Firehose: $ref: '#/components/schemas/Firehose' + description: Sends information about the detector model instance and the event that triggered the action to an Amazon Kinesis Data Firehose delivery stream. IotEvents: $ref: '#/components/schemas/IotEvents' + description: Sends an ITE input, passing in information about the detector model instance and the event that triggered the action. IotSiteWise: $ref: '#/components/schemas/IotSiteWise' + description: |- + Sends information about the detector model instance and the event that triggered the action to a specified asset property in ITSW. + You must use expressions for all parameters in ``IotSiteWiseAction``. The expressions accept literals, operators, functions, references, and substitutions templates. + **Examples** + + For literal values, the expressions must contain single quotes. For example, the value for the ``propertyAlias`` parameter can be ``'/company/windfarm/3/turbine/7/temperature'``. + + For references, you must specify either variables or input values. For example, the value for the ``assetId`` parameter can be ``$input.TurbineInput.assetId1``. + + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates. + In the following example, the value for the ``propertyAlias`` parameter uses a substitution template. + ``'company/windfarm/${$input.TemperatureInput.sensorData.windfarmID}/turbine/ ${$input.TemperatureInput.sensorData.turbineID}/temperature'`` + + You must specify either ``propertyAlias`` or both ``assetId`` and ``propertyId`` to identify the target asset property in ITSW. + For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*. IotTopicPublish: $ref: '#/components/schemas/IotTopicPublish' + description: Information required to publish the MQTT message through the IoT message broker. Lambda: $ref: '#/components/schemas/Lambda' + description: Calls a Lambda function, passing in information about the detector model instance and the event that triggered the action. Sns: $ref: '#/components/schemas/Sns' + description: Information required to publish the Amazon SNS message. Sqs: $ref: '#/components/schemas/Sqs' + description: Sends information about the detector model instance and the event that triggered the action to an Amazon SQS queue. DynamoDB: type: object additionalProperties: false - description: >- - Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can also customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. For more information, see - [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *AWS IoT Events Developer Guide*. + description: |- + Defines an action to write to the Amazon DynamoDB table that you created. The standard action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. + You must use expressions for all parameters in ``DynamoDBAction``. The expressions accept literals, operators, functions, references, and substitution templates. + **Examples** + + For literal values, the expressions must contain single quotes. For example, the value for the ``hashKeyType`` parameter can be ``'STRING'``. + + For references, you must specify either variables or input values. For example, the value for the ``hashKeyField`` parameter can be ``$input.GreenhouseInput.name``. + + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates. + In the following example, the value for the ``hashKeyValue`` parameter uses a substitution template. + ``'${$input.GreenhouseInput.temperature * 6 / 5 + 32} in Fahrenheit'`` + + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates. + In the following example, the value for the ``tableName`` parameter uses a string concatenation. + ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` + + For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*. + If the defined payload type is a string, ``DynamoDBAction`` writes non-JSON data to the DynamoDB table as binary data. The DynamoDB console displays the data as Base64-encoded text. The value for the ``payloadField`` parameter is ``_raw``. properties: HashKeyField: type: string - description: The name of the hash key (also called the partition key). + description: The name of the hash key (also called the partition key). The ``hashKeyField`` value must match the partition key of the target DynamoDB table. HashKeyType: type: string description: |- The data type for the hash key (also called the partition key). You can specify the following values: - - * `STRING` - The hash key is a string. - - * `NUMBER` - The hash key is a number. - - If you don't specify `hashKeyType`, the default value is `STRING`. + + ``'STRING'`` - The hash key is a string. + + ``'NUMBER'`` - The hash key is a number. + + If you don't specify ``hashKeyType``, the default value is ``'STRING'``. HashKeyValue: type: string description: The value of the hash key (also called the partition key). Operation: type: string description: |- - The type of operation to perform. You can specify the following values: - - * `INSERT` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key. - - * `UPDATE` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key. - - * `DELETE` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key. - - If you don't specify this parameter, AWS IoT Events triggers the `INSERT` operation. + The type of operation to perform. You can specify the following values: + + ``'INSERT'`` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key. + + ``'UPDATE'`` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key. + + ``'DELETE'`` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key. + + If you don't specify this parameter, ITE triggers the ``'INSERT'`` operation. Payload: $ref: '#/components/schemas/Payload' + description: |- + Information needed to configure the payload. + By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``. PayloadField: type: string description: |- The name of the DynamoDB column that receives the action payload. - - If you don't specify this parameter, the name of the DynamoDB column is `payload`. + If you don't specify this parameter, the name of the DynamoDB column is ``payload``. RangeKeyField: type: string - description: The name of the range key (also called the sort key). + description: The name of the range key (also called the sort key). The ``rangeKeyField`` value must match the sort key of the target DynamoDB table. RangeKeyType: type: string description: |- The data type for the range key (also called the sort key), You can specify the following values: - - * `STRING` - The range key is a string. - - * `NUMBER` - The range key is number. - - If you don't specify `rangeKeyField`, the default value is `STRING`. + + ``'STRING'`` - The range key is a string. + + ``'NUMBER'`` - The range key is number. + + If you don't specify ``rangeKeyField``, the default value is ``'STRING'``. RangeKeyValue: type: string description: The value of the range key (also called the sort key). TableName: type: string - description: The name of the DynamoDB table. + description: The name of the DynamoDB table. The ``tableName`` value must match the table name of the target DynamoDB table. required: - HashKeyField - HashKeyValue @@ -537,12 +596,26 @@ components: type: object additionalProperties: false description: |- - Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can also customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify. - - You can use expressions for parameters that are strings. For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *AWS IoT Events Developer Guide*. + Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify. + You must use expressions for all parameters in ``DynamoDBv2Action``. The expressions accept literals, operators, functions, references, and substitution templates. + **Examples** + + For literal values, the expressions must contain single quotes. For example, the value for the ``tableName`` parameter can be ``'GreenhouseTemperatureTable'``. + + For references, you must specify either variables or input values. For example, the value for the ``tableName`` parameter can be ``$variable.ddbtableName``. + + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates. + In the following example, the value for the ``contentExpression`` parameter in ``Payload`` uses a substitution template. + ``'{\"sensorID\": \"${$input.GreenhouseInput.sensor_id}\", \"temperature\": \"${$input.GreenhouseInput.temperature * 9 / 5 + 32}\"}'`` + + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates. + In the following example, the value for the ``tableName`` parameter uses a string concatenation. + ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` + + For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*. + The value for the ``type`` parameter in ``Payload`` must be ``JSON``. properties: Payload: $ref: '#/components/schemas/Payload' + description: |- + Information needed to configure the payload. + By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``. TableName: type: string description: The name of the DynamoDB table. @@ -558,6 +631,7 @@ components: description: The name of the Kinesis Data Firehose delivery stream where the data is written. Payload: $ref: '#/components/schemas/Payload' + description: You can configure the action payload when you send a message to an Amazon Data Firehose delivery stream. Separator: type: string description: 'A character separator that is used to separate records written to the Kinesis Data Firehose delivery stream. Valid values are: ''\n'' (newline), ''\t'' (tab), ''\r\n'' (Windows newline), '','' (comma).' @@ -567,51 +641,65 @@ components: IotEvents: type: object additionalProperties: false - description: Sends an AWS IoT Events input, passing in information about the detector model instance and the event that triggered the action. + description: Sends an ITE input, passing in information about the detector model instance and the event that triggered the action. properties: InputName: type: string - description: The name of the AWS IoT Events input where the data is sent. + description: The name of the ITE input where the data is sent. minLength: 1 maxLength: 128 pattern: ^[a-zA-Z][a-zA-Z0-9_]*$ Payload: $ref: '#/components/schemas/Payload' + description: You can configure the action payload when you send a message to an ITE input. required: - InputName IotSiteWise: type: object additionalProperties: false - description: Sends information about the detector model instance and the event that triggered the action to a specified asset property in AWS IoT SiteWise. + description: |- + Sends information about the detector model instance and the event that triggered the action to a specified asset property in ITSW. + You must use expressions for all parameters in ``IotSiteWiseAction``. The expressions accept literals, operators, functions, references, and substitutions templates. + **Examples** + + For literal values, the expressions must contain single quotes. For example, the value for the ``propertyAlias`` parameter can be ``'/company/windfarm/3/turbine/7/temperature'``. + + For references, you must specify either variables or input values. For example, the value for the ``assetId`` parameter can be ``$input.TurbineInput.assetId1``. + + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates. + In the following example, the value for the ``propertyAlias`` parameter uses a substitution template. + ``'company/windfarm/${$input.TemperatureInput.sensorData.windfarmID}/turbine/ ${$input.TemperatureInput.sensorData.turbineID}/temperature'`` + + You must specify either ``propertyAlias`` or both ``assetId`` and ``propertyId`` to identify the target asset property in ITSW. + For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*. properties: AssetId: type: string - description: The ID of the asset that has the specified property. You can specify an expression. + description: The ID of the asset that has the specified property. EntryId: type: string - description: A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier. You can also specify an expression. + description: A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier. PropertyAlias: type: string - description: The alias of the asset property. You can also specify an expression. + description: The alias of the asset property. PropertyId: type: string - description: The ID of the asset property. You can specify an expression. + description: The ID of the asset property. PropertyValue: $ref: '#/components/schemas/AssetPropertyValue' + description: The value to send to the asset property. This value contains timestamp, quality, and value (TQV) information. required: - PropertyValue IotTopicPublish: type: object additionalProperties: false - description: Information required to publish the MQTT message through the AWS IoT message broker. + description: Information required to publish the MQTT message through the IoT message broker. properties: MqttTopic: type: string - description: The MQTT topic of the message. You can use a string expression that includes variables (`$variable.`) and input values (`$input..`) as the topic string. + description: The MQTT topic of the message. You can use a string expression that includes variables (``$variable.``) and input values (``$input..``) as the topic string. minLength: 1 maxLength: 128 Payload: $ref: '#/components/schemas/Payload' + description: You can configure the action payload when you publish a message to an IoTCore topic. required: - MqttTopic Lambda: @@ -625,8 +713,10 @@ components: maxLength: 2048 Payload: $ref: '#/components/schemas/Payload' + description: You can configure the action payload when you send a message to a Lambda function. required: - FunctionArn + description: Calls a Lambda function, passing in information about the detector model instance and the event that triggered the action. Sns: type: object additionalProperties: false @@ -634,6 +724,7 @@ components: properties: Payload: $ref: '#/components/schemas/Payload' + description: You can configure the action payload when you send a message as an Amazon SNS push notification. TargetArn: type: string description: The ARN of the Amazon SNS target where the message is sent. @@ -647,29 +738,30 @@ components: properties: Payload: $ref: '#/components/schemas/Payload' + description: You can configure the action payload when you send a message to an Amazon SQS queue. QueueUrl: type: string description: The URL of the SQS queue where the data is written. UseBase64: type: boolean - description: Set this to `TRUE` if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to `FALSE`. + description: Set this to TRUE if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to FALSE. required: - QueueUrl + description: Sends information about the detector model instance and the event that triggered the action to an Amazon SQS queue. Payload: type: object additionalProperties: false description: |- Information needed to configure the payload. - - By default, AWS IoT Events generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use `contentExpression`. + By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``. properties: ContentExpression: type: string - description: The content of the payload. You can use a string expression that includes quoted strings (`''`), variables (`$variable.`), input values (`$input..`), string concatenations, and quoted strings that contain `${}` as the content. The recommended maximum size of a content expression is 1 KB. + description: The content of the payload. You can use a string expression that includes quoted strings (``''``), variables (``$variable.``), input values (``$input..``), string concatenations, and quoted strings that contain ``${}`` as the content. The recommended maximum size of a content expression is 1 KB. minLength: 1 Type: type: string - description: The value of the payload type can be either `STRING` or `JSON`. + description: The value of the payload type can be either ``STRING`` or ``JSON``. required: - ContentExpression - Type @@ -680,7 +772,7 @@ components: properties: DisabledOnInitialization: type: boolean - description: The value must be TRUE or FALSE. If FALSE, all alarm instances created based on the alarm model are activated. The default value is TRUE. + description: The value must be ``TRUE`` or ``FALSE``. If ``FALSE``, all alarm instances created based on the alarm model are activated. The default value is ``TRUE``. default: 'true' required: - DisabledOnInitialization @@ -691,62 +783,92 @@ components: properties: Enabled: type: boolean - description: The value must be TRUE or FALSE. If TRUE, you receive a notification when the alarm state changes. You must choose to acknowledge the notification before the alarm state can return to NORMAL. If FALSE, you won't receive notifications. The alarm automatically changes to the NORMAL state when the input property value returns to the specified range. + description: The value must be ``TRUE`` or ``FALSE``. If ``TRUE``, you receive a notification when the alarm state changes. You must choose to acknowledge the notification before the alarm state can return to ``NORMAL``. If ``FALSE``, you won't receive notifications. The alarm automatically changes to the ``NORMAL`` state when the input property value returns to the specified range. default: 'true' AssetPropertyValue: type: object additionalProperties: false - description: A structure that contains value information. For more information, see [AssetPropertyValue](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetPropertyValue.html) in the *AWS IoT SiteWise API Reference*. + description: |- + A structure that contains value information. For more information, see [AssetPropertyValue](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetPropertyValue.html) in the *API Reference*. + You must use expressions for all parameters in ``AssetPropertyValue``. The expressions accept literals, operators, functions, references, and substitution templates. + **Examples** + + For literal values, the expressions must contain single quotes. For example, the value for the ``quality`` parameter can be ``'GOOD'``. + + For references, you must specify either variables or input values. For example, the value for the ``quality`` parameter can be ``$input.TemperatureInput.sensorData.quality``. + + For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*. properties: Quality: type: string - description: The quality of the asset property value. The value must be `GOOD`, `BAD`, or `UNCERTAIN`. You can also specify an expression. + description: The quality of the asset property value. The value must be ``'GOOD'``, ``'BAD'``, or ``'UNCERTAIN'``. Timestamp: $ref: '#/components/schemas/AssetPropertyTimestamp' + description: The timestamp associated with the asset property value. The default is the current event time. Value: $ref: '#/components/schemas/AssetPropertyVariant' + description: The value to send to an asset property. required: - Value AssetPropertyTimestamp: type: object additionalProperties: false - description: A structure that contains timestamp information. For more information, see [TimeInNanos](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_TimeInNanos.html) in the *AWS IoT SiteWise API Reference*. + description: |- + A structure that contains timestamp information. For more information, see [TimeInNanos](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_TimeInNanos.html) in the *API Reference*. + You must use expressions for all parameters in ``AssetPropertyTimestamp``. The expressions accept literals, operators, functions, references, and substitution templates. + **Examples** + + For literal values, the expressions must contain single quotes. For example, the value for the ``timeInSeconds`` parameter can be ``'1586400675'``. + + For references, you must specify either variables or input values. For example, the value for the ``offsetInNanos`` parameter can be ``$variable.time``. + + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates. + In the following example, the value for the ``timeInSeconds`` parameter uses a substitution template. + ``'${$input.TemperatureInput.sensorData.timestamp / 1000}'`` + + For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*. properties: OffsetInNanos: type: string - description: The timestamp, in seconds, in the Unix epoch format. The valid range is between `1-31556889864403199`. You can also specify an expression. + description: The nanosecond offset converted from ``timeInSeconds``. The valid range is between 0-999999999. TimeInSeconds: type: string - description: The nanosecond offset converted from `timeInSeconds`. The valid range is between `0-999999999`. You can also specify an expression. + description: The timestamp, in seconds, in the Unix epoch format. The valid range is between 1-31556889864403199. required: - TimeInSeconds AssetPropertyVariant: type: object additionalProperties: false - description: A structure that contains an asset property value. For more information, see [Variant](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_Variant.html) in the *AWS IoT SiteWise API Reference*. + description: |- + A structure that contains an asset property value. For more information, see [Variant](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_Variant.html) in the *API Reference*. + You must use expressions for all parameters in ``AssetPropertyVariant``. The expressions accept literals, operators, functions, references, and substitution templates. + **Examples** + + For literal values, the expressions must contain single quotes. For example, the value for the ``integerValue`` parameter can be ``'100'``. + + For references, you must specify either variables or parameters. For example, the value for the ``booleanValue`` parameter can be ``$variable.offline``. + + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates. + In the following example, the value for the ``doubleValue`` parameter uses a substitution template. + ``'${$input.TemperatureInput.sensorData.temperature * 6 / 5 + 32}'`` + + For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*. + You must specify one of the following value types, depending on the ``dataType`` of the specified asset property. For more information, see [AssetProperty](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetProperty.html) in the *API Reference*. properties: BooleanValue: type: string - description: The asset property value is a Boolean value that must be `TRUE` or `FALSE`. You can also specify an expression. If you use an expression, the evaluated result should be a Boolean value. + description: The asset property value is a Boolean value that must be ``'TRUE'`` or ``'FALSE'``. You must use an expression, and the evaluated result should be a Boolean value. DoubleValue: type: string - description: The asset property value is a double. You can also specify an expression. If you use an expression, the evaluated result should be a double. + description: The asset property value is a double. You must use an expression, and the evaluated result should be a double. IntegerValue: type: string - description: The asset property value is an integer. You can also specify an expression. If you use an expression, the evaluated result should be an integer. + description: The asset property value is an integer. You must use an expression, and the evaluated result should be an integer. StringValue: type: string - description: The asset property value is a string. You can also specify an expression. If you use an expression, the evaluated result should be a string. + description: The asset property value is a string. You must use an expression, and the evaluated result should be a string. Tag: type: object additionalProperties: false - description: Tags to be applied to Input. + description: Metadata that can be used to manage the resource. properties: Key: - description: Key of the Tag. + description: The tag's key. type: string Value: - description: Value of the Tag. + description: The tag's value. type: string required: - Value @@ -762,53 +884,47 @@ components: pattern: ^[a-zA-Z0-9_-]+$ AlarmModelDescription: type: string - description: A brief description of the alarm model. + description: The description of the alarm model. maxLength: 1024 RoleArn: type: string - description: The ARN of the role that grants permission to AWS IoT Events to perform its operations. + description: The ARN of the IAM role that allows the alarm to perform actions and access AWS resources. For more information, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. minLength: 1 maxLength: 2048 Key: type: string - description: |- - The value used to identify a alarm instance. When a device or system sends input, a new alarm instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding alarm instance based on this identifying information. - - This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct alarm instance, the device must send a message payload that contains the same attribute-value. + description: An input attribute used as a key to create an alarm. ITE routes [inputs](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Input.html) associated with this key to the alarm. minLength: 1 maxLength: 128 pattern: ^((`[\w\- ]+`)|([\w\-]+))(\.((`[\w\- ]+`)|([\w\-]+)))*$ Severity: type: integer - description: |+ - A non-negative integer that reflects the severity level of the alarm. - + description: A non-negative integer that reflects the severity level of the alarm. minimum: 0 maximum: 2147483647 AlarmRule: $ref: '#/components/schemas/AlarmRule' + description: Defines when your alarm is invoked. AlarmEventActions: $ref: '#/components/schemas/AlarmEventActions' + description: Contains information about one or more alarm actions. AlarmCapabilities: $ref: '#/components/schemas/AlarmCapabilities' + description: Contains the configuration information of alarm state changes. Tags: type: array uniqueItems: false x-insertionOrder: false description: |- - An array of key-value pairs to apply to this resource. - - For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + A list of key-value pairs that contain metadata for the alarm model. The tags help you manage the alarm model. For more information, see [Tagging your resources](https://docs.aws.amazon.com/iotevents/latest/developerguide/tagging-iotevents.html) in the *Developer Guide*. + You can create up to 50 tags for one alarm model. items: $ref: '#/components/schemas/Tag' required: - RoleArn - AlarmRule x-stackql-resource-name: alarm_model - description: |- - The AWS::IoTEvents::AlarmModel resource creates a alarm model. AWS IoT Events alarms help you monitor your data for changes. The data can be metrics that you measure for your equipment and processes. You can create alarms that send notifications when a threshold is breached. Alarms help you detect issues, streamline maintenance, and optimize performance of your equipment and processes. - - Alarms are instances of alarm models. The alarm model specifies what to detect, when to send notifications, who gets notified, and more. You can also specify one or more supported actions that occur when the alarm state changes. AWS IoT Events routes input attributes derived from your data to the appropriate alarms. If the data that you're monitoring is outside the specified range, the alarm is invoked. You can also acknowledge the alarms or set them to the snooze mode. + description: Represents an alarm model to monitor an ITE input attribute. You can use the alarm to get notified when the value is outside a specified range. For more information, see [Create an alarm model](https://docs.aws.amazon.com/iotevents/latest/developerguide/create-alarms.html) in the *Developer Guide*. x-type-name: AWS::IoTEvents::AlarmModel x-stackql-primary-identifier: - AlarmModelName @@ -818,6 +934,16 @@ components: x-required-properties: - RoleArn - AlarmRule + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - iotevents:UntagResource + - iotevents:TagResource + - iotevents:ListTagsForResource x-required-permissions: create: - iotevents:CreateAlarmModel @@ -870,10 +996,13 @@ components: properties: OnEnter: $ref: '#/components/schemas/OnEnter' + description: When entering this state, perform these ``actions`` if the ``condition`` is TRUE. OnExit: $ref: '#/components/schemas/OnExit' + description: When exiting this state, perform these ``actions`` if the specified ``condition`` is ``TRUE``. OnInput: $ref: '#/components/schemas/OnInput' + description: When an input is received and the ``condition`` is TRUE, perform the specified ``actions``. StateName: type: string minLength: 1 @@ -884,50 +1013,50 @@ components: OnEnter: type: object additionalProperties: false - description: When entering this state, perform these `actions` if the `condition` is `TRUE`. + description: When entering this state, perform these ``actions`` if the ``condition`` is TRUE. properties: Events: type: array uniqueItems: false x-insertionOrder: false - description: Specifies the `actions` that are performed when the state is entered and the `condition` is `TRUE`. + description: Specifies the actions that are performed when the state is entered and the ``condition`` is ``TRUE``. items: $ref: '#/components/schemas/Event' OnExit: type: object additionalProperties: false - description: When exiting this state, perform these `actions` if the specified `condition` is `TRUE`. + description: When exiting this state, perform these ``actions`` if the specified ``condition`` is ``TRUE``. properties: Events: type: array uniqueItems: false x-insertionOrder: false - description: Specifies the `actions` that are performed when the state is exited and the `condition` is `TRUE`. + description: Specifies the ``actions`` that are performed when the state is exited and the ``condition`` is ``TRUE``. items: $ref: '#/components/schemas/Event' OnInput: type: object additionalProperties: false - description: When an input is received and the `condition` is `TRUE`, perform the specified `actions`. + description: Specifies the actions performed when the ``condition`` evaluates to TRUE. properties: Events: type: array uniqueItems: false x-insertionOrder: false - description: Specifies the `actions` performed when the `condition` evaluates to `TRUE`. + description: Specifies the actions performed when the ``condition`` evaluates to TRUE. items: $ref: '#/components/schemas/Event' TransitionEvents: type: array uniqueItems: false x-insertionOrder: true - description: Specifies the `actions` performed, and the next `state` entered, when a `condition` evaluates to `TRUE`. + description: Specifies the actions performed, and the next state entered, when a ``condition`` evaluates to TRUE. items: $ref: '#/components/schemas/TransitionEvent' Event: type: object additionalProperties: false - description: Specifies the `actions` to be performed when the `condition` evaluates to `TRUE`. + description: Specifies the ``actions`` to be performed when the ``condition`` evaluates to TRUE. properties: Actions: type: array @@ -938,7 +1067,7 @@ components: $ref: '#/components/schemas/Action' Condition: type: string - description: The Boolean expression that, when `TRUE`, causes the `actions` to be performed. If not present, the `actions` are performed (=`TRUE`). If the expression result is not a `Boolean` value, the `actions` are not performed (=`FALSE`). + description: Optional. The Boolean expression that, when TRUE, causes the ``actions`` to be performed. If not present, the actions are performed (=TRUE). If the expression result is not a Boolean value, the actions are not performed (=FALSE). maxLength: 512 EventName: type: string @@ -949,7 +1078,7 @@ components: TransitionEvent: type: object additionalProperties: false - description: Specifies the `actions `performed and the next `state` entered when a `condition` evaluates to `TRUE`. + description: Specifies the actions performed and the next state entered when a ``condition`` evaluates to TRUE. properties: Actions: type: array @@ -960,11 +1089,11 @@ components: $ref: '#/components/schemas/Action' Condition: type: string - description: A Boolean expression that when `TRUE` causes the `actions` to be performed and the `nextState` to be entered. + description: Required. A Boolean expression that when TRUE causes the actions to be performed and the ``nextState`` to be entered. maxLength: 512 EventName: type: string - description: The name of the event. + description: The name of the transition event. minLength: 1 maxLength: 128 NextState: @@ -979,34 +1108,51 @@ components: Action: type: object additionalProperties: false - description: The actions to be performed. + description: An action to be performed when the ``condition`` is TRUE. properties: ClearTimer: $ref: '#/components/schemas/ClearTimer' + description: Information needed to clear the timer. DynamoDB: $ref: '#/components/schemas/DynamoDB' + description: >- + Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. For more information, see + [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *Developer Guide*. DynamoDBv2: $ref: '#/components/schemas/DynamoDBv2' + description: >- + Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify. For more information, see + [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *Developer Guide*. Firehose: $ref: '#/components/schemas/Firehose' + description: Sends information about the detector model instance and the event that triggered the action to an Amazon Kinesis Data Firehose delivery stream. IotEvents: $ref: '#/components/schemas/IotEvents' + description: Sends ITE input, which passes information about the detector model instance and the event that triggered the action. IotSiteWise: $ref: '#/components/schemas/IotSiteWise' + description: Sends information about the detector model instance and the event that triggered the action to an asset property in ITSW . IotTopicPublish: $ref: '#/components/schemas/IotTopicPublish' + description: Publishes an MQTT message with the given topic to the IoT message broker. Lambda: $ref: '#/components/schemas/Lambda' + description: Calls a Lambda function, passing in information about the detector model instance and the event that triggered the action. ResetTimer: $ref: '#/components/schemas/ResetTimer' + description: Information needed to reset the timer. SetTimer: $ref: '#/components/schemas/SetTimer' + description: Information needed to set the timer. SetVariable: $ref: '#/components/schemas/SetVariable' + description: Sets a variable to a specified value. Sns: $ref: '#/components/schemas/Sns' + description: Sends an Amazon SNS message. Sqs: $ref: '#/components/schemas/Sqs' + description: Sends an Amazon SNS message. ClearTimer: type: object additionalProperties: false @@ -1016,6 +1162,7 @@ components: type: string minLength: 1 maxLength: 128 + description: The name of the timer to clear. required: - TimerName ResetTimer: @@ -1037,12 +1184,12 @@ components: properties: DurationExpression: type: string - description: The duration of the timer, in seconds. You can use a string expression that includes numbers, variables (`$variable.`), and input values (`$input..`) as the duration. The range of the duration is `1-31622400` seconds. To ensure accuracy, the minimum duration is `60` seconds. The evaluated result of the duration is rounded down to the nearest whole number. + description: The duration of the timer, in seconds. You can use a string expression that includes numbers, variables (``$variable.``), and input values (``$input..``) as the duration. The range of the duration is 1-31622400 seconds. To ensure accuracy, the minimum duration is 60 seconds. The evaluated result of the duration is rounded down to the nearest whole number. minLength: 1 maxLength: 1024 Seconds: type: integer - description: The number of seconds until the timer expires. The minimum value is `60` seconds to ensure accuracy. The maximum value is `31622400` seconds. + description: The number of seconds until the timer expires. The minimum value is 60 seconds to ensure accuracy. The maximum value is 31622400 seconds. minimum: 60 maximum: 31622400 TimerName: @@ -1076,6 +1223,7 @@ components: properties: DetectorModelDefinition: $ref: '#/components/schemas/DetectorModelDefinition' + description: Information that defines how a detector operates. DetectorModelDescription: type: string description: A brief description of the detector model. @@ -1095,15 +1243,14 @@ components: Key: type: string description: |- - The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding detector instance based on this identifying information. - - This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value. + The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. ITE can continue to route input to its corresponding detector instance based on this identifying information. + This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value. minLength: 1 maxLength: 128 pattern: ^((`[\w\- ]+`)|([\w\-]+))(\.((`[\w\- ]+`)|([\w\-]+)))*$ RoleArn: type: string - description: The ARN of the role that grants permission to AWS IoT Events to perform its operations. + description: The ARN of the role that grants permission to ITE to perform its operations. minLength: 1 maxLength: 2048 Tags: @@ -1112,8 +1259,7 @@ components: x-insertionOrder: false description: |- An array of key-value pairs to apply to this resource. - - For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). items: $ref: '#/components/schemas/Tag' required: @@ -1122,7 +1268,11 @@ components: x-stackql-resource-name: detector_model description: >- The AWS::IoTEvents::DetectorModel resource creates a detector model. You create a *detector model* (a model of your equipment or process) using *states*. For each state, you define conditional (Boolean) logic that evaluates the incoming inputs to detect significant events. When an event is detected, it can change the state or trigger custom-built or predefined actions using other AWS services. You can define additional events that trigger actions when entering or exiting a state and, - optionally, when a condition is met. For more information, see [How to Use AWS IoT Events](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *AWS IoT Events Developer Guide*. + optionally, when a condition is met. For more information, see [How to Use](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *Developer Guide*. + When you successfully update a detector model (using the ITE console, ITE API or CLI commands, or CFN) all detector instances created by the model are reset to their initial states. (The detector's ``state``, and the values of any variables and timers are reset.) + When you successfully update a detector model (using the ITE console, ITE API or CLI commands, or CFN) the version number of the detector model is incremented. (A detector model with version number 1 before the update has version number 2 after the update succeeds.) + If you attempt to update a detector model using CFN and the update does not succeed, the system may, in some cases, restore the original detector model. When this occurs, the detector model's version is incremented twice (for example, from version 1 to version 3) and the detector instances are reset. + Also, be aware that if you attempt to update several detector models at once using CFN, some updates may succeed and others fail. In this case, the effects on each detector model's detector instances and version number depend on whether the update succeeded or failed, with the results as stated. x-type-name: AWS::IoTEvents::DetectorModel x-stackql-primary-identifier: - DetectorModelName @@ -1132,7 +1282,16 @@ components: x-required-properties: - DetectorModelDefinition - RoleArn - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - iotevents:UntagResource + - iotevents:TagResource + - iotevents:ListTagsForResource x-required-permissions: create: - iotevents:CreateDetectorModel @@ -1166,7 +1325,7 @@ components: type: array uniqueItems: true x-insertionOrder: false - description: The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the AWS IoT Events system using `BatchPutMessage`. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the `condition` expressions used by detectors that monitor this input. + description: The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the ITE system using ``BatchPutMessage``. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the ``condition`` expressions used by detectors that monitor this input. minItems: 1 maxItems: 200 items: @@ -1176,13 +1335,12 @@ components: Attribute: type: object additionalProperties: false - description: The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the AWS IoT Events system using `BatchPutMessage`. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the `condition` expressions used by detectors that monitor this input. + description: The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the ITE system using ``BatchPutMessage``. Each such message contains a JSON payload. Those attributes (and their paired values) specified here are available for use in the ``condition`` expressions used by detectors. properties: JsonPath: description: |- - An expression that specifies an attribute-value pair in a JSON structure. Use this to specify an attribute from the JSON payload that is made available by the input. Inputs are derived from messages sent to AWS IoT Events (`BatchPutMessage`). Each such message contains a JSON payload. The attribute (and its paired value) specified here are available for use in the `condition` expressions used by detectors. - - _Syntax_: `....` + An expression that specifies an attribute-value pair in a JSON structure. Use this to specify an attribute from the JSON payload that is made available by the input. Inputs are derived from messages sent to ITE (``BatchPutMessage``). Each such message contains a JSON payload. The attribute (and its paired value) specified here are available for use in the ``condition`` expressions used by detectors. + Syntax: ``....`` minLength: 1 maxLength: 128 pattern: ^((`[a-zA-Z0-9_\- ]+`)|([a-zA-Z0-9_\-]+))(\.((`[a-zA-Z0-9_\- ]+`)|([a-zA-Z0-9_\-]+)))*$ @@ -1194,6 +1352,7 @@ components: properties: InputDefinition: $ref: '#/components/schemas/InputDefinition' + description: The definition of the input. InputDescription: description: A brief description of the input. minLength: 1 @@ -1211,14 +1370,13 @@ components: x-insertionOrder: false description: |- An array of key-value pairs to apply to this resource. - - For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). items: $ref: '#/components/schemas/Tag' required: - InputDefinition x-stackql-resource-name: input - description: The AWS::IoTEvents::Input resource creates an input. To monitor your devices and processes, they must have a way to get telemetry data into AWS IoT Events. This is done by sending messages as *inputs* to AWS IoT Events. For more information, see [How to Use AWS IoT Events](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *AWS IoT Events Developer Guide*. + description: The AWS::IoTEvents::Input resource creates an input. To monitor your devices and processes, they must have a way to get telemetry data into ITE. This is done by sending messages as *inputs* to ITE. For more information, see [How to Use](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *Developer Guide*. x-type-name: AWS::IoTEvents::Input x-stackql-primary-identifier: - InputName @@ -1226,7 +1384,16 @@ components: - InputName x-required-properties: - InputDefinition - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - iotevents:UntagResource + - iotevents:TagResource + - iotevents:ListTagsForResource x-required-permissions: create: - iotevents:CreateInput @@ -1268,43 +1435,40 @@ components: pattern: ^[a-zA-Z0-9_-]+$ AlarmModelDescription: type: string - description: A brief description of the alarm model. + description: The description of the alarm model. maxLength: 1024 RoleArn: type: string - description: The ARN of the role that grants permission to AWS IoT Events to perform its operations. + description: The ARN of the IAM role that allows the alarm to perform actions and access AWS resources. For more information, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*. minLength: 1 maxLength: 2048 Key: type: string - description: |- - The value used to identify a alarm instance. When a device or system sends input, a new alarm instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding alarm instance based on this identifying information. - - This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct alarm instance, the device must send a message payload that contains the same attribute-value. + description: An input attribute used as a key to create an alarm. ITE routes [inputs](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Input.html) associated with this key to the alarm. minLength: 1 maxLength: 128 pattern: ^((`[\w\- ]+`)|([\w\-]+))(\.((`[\w\- ]+`)|([\w\-]+)))*$ Severity: type: integer - description: |+ - A non-negative integer that reflects the severity level of the alarm. - + description: A non-negative integer that reflects the severity level of the alarm. minimum: 0 maximum: 2147483647 AlarmRule: $ref: '#/components/schemas/AlarmRule' + description: Defines when your alarm is invoked. AlarmEventActions: $ref: '#/components/schemas/AlarmEventActions' + description: Contains information about one or more alarm actions. AlarmCapabilities: $ref: '#/components/schemas/AlarmCapabilities' + description: Contains the configuration information of alarm state changes. Tags: type: array uniqueItems: false x-insertionOrder: false description: |- - An array of key-value pairs to apply to this resource. - - For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + A list of key-value pairs that contain metadata for the alarm model. The tags help you manage the alarm model. For more information, see [Tagging your resources](https://docs.aws.amazon.com/iotevents/latest/developerguide/tagging-iotevents.html) in the *Developer Guide*. + You can create up to 50 tags for one alarm model. items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true @@ -1326,6 +1490,7 @@ components: properties: DetectorModelDefinition: $ref: '#/components/schemas/DetectorModelDefinition' + description: Information that defines how a detector operates. DetectorModelDescription: type: string description: A brief description of the detector model. @@ -1345,15 +1510,14 @@ components: Key: type: string description: |- - The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding detector instance based on this identifying information. - - This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value. + The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. ITE can continue to route input to its corresponding detector instance based on this identifying information. + This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value. minLength: 1 maxLength: 128 pattern: ^((`[\w\- ]+`)|([\w\-]+))(\.((`[\w\- ]+`)|([\w\-]+)))*$ RoleArn: type: string - description: The ARN of the role that grants permission to AWS IoT Events to perform its operations. + description: The ARN of the role that grants permission to ITE to perform its operations. minLength: 1 maxLength: 2048 Tags: @@ -1362,8 +1526,7 @@ components: x-insertionOrder: false description: |- An array of key-value pairs to apply to this resource. - - For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true @@ -1385,6 +1548,7 @@ components: properties: InputDefinition: $ref: '#/components/schemas/InputDefinition' + description: The definition of the input. InputDescription: description: A brief description of the input. minLength: 1 @@ -1402,8 +1566,7 @@ components: x-insertionOrder: false description: |- An array of key-value pairs to apply to this resource. - - For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). + For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true diff --git a/providers/src/aws/v00.00.00000/services/iotfleetwise.yaml b/providers/src/aws/v00.00.00000/services/iotfleetwise.yaml index ec2731e5..34770f57 100644 --- a/providers/src/aws/v00.00.00000/services/iotfleetwise.yaml +++ b/providers/src/aws/v00.00.00000/services/iotfleetwise.yaml @@ -409,6 +409,14 @@ components: $ref: '#/components/schemas/TimestreamConfig' required: - TimestreamConfig + - type: object + title: MqttTopicConfig + properties: + MqttTopicConfig: + $ref: '#/components/schemas/MqttTopicConfig' + required: + - MqttTopicConfig + additionalProperties: false S3Config: additionalProperties: false type: object @@ -446,6 +454,23 @@ components: required: - TimestreamTableArn - ExecutionRoleArn + MqttTopicConfig: + type: object + properties: + MqttTopicArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:.* + ExecutionRoleArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:(aws[a-zA-Z0-9-]*):iam::(\d{12})?:(role((\u002F)|(\u002F[\u0021-\u007F]+\u002F))[\w+=,.@-]+)$ + required: + - ExecutionRoleArn + - MqttTopicArn + additionalProperties: false UpdateCampaignAction: type: string enum: @@ -460,6 +485,19 @@ components: - WAITING_FOR_APPROVAL - RUNNING - SUSPENDED + ConditionBasedSignalFetchConfig: + type: object + properties: + ConditionExpression: + type: string + maxLength: 2048 + minLength: 1 + TriggerMode: + $ref: '#/components/schemas/TriggerMode' + required: + - ConditionExpression + - TriggerMode + additionalProperties: false DiagnosticsMode: type: string enum: @@ -483,18 +521,74 @@ components: maximum: 4294967295 type: number minimum: 0 + DataPartitionId: + $ref: '#/components/schemas/DataPartitionId' required: - Name + SignalFetchConfig: + oneOf: + - type: object + title: TimeBased + properties: + TimeBased: + $ref: '#/components/schemas/TimeBasedSignalFetchConfig' + required: + - TimeBased + additionalProperties: false + - type: object + title: ConditionBased + properties: + ConditionBased: + $ref: '#/components/schemas/ConditionBasedSignalFetchConfig' + required: + - ConditionBased + additionalProperties: false + SignalFetchInformation: + type: object + properties: + FullyQualifiedName: + type: string + maxLength: 150 + minLength: 1 + pattern: ^[a-zA-Z0-9_.]+$ + SignalFetchConfig: + $ref: '#/components/schemas/SignalFetchConfig' + ConditionLanguageVersion: + type: number + maximum: 1 + minimum: 1 + Actions: + type: array + items: + type: string + maxLength: 2048 + minLength: 1 + maxItems: 5 + minItems: 1 + required: + - Actions + - FullyQualifiedName + - SignalFetchConfig + additionalProperties: false TimeBasedCollectionScheme: additionalProperties: false type: object properties: PeriodMs: - maximum: 60000 + maximum: 86400000 type: number minimum: 10000 required: - PeriodMs + TimeBasedSignalFetchConfig: + type: object + properties: + ExecutionFrequencyMs: + type: number + minimum: 1 + required: + - ExecutionFrequencyMs + additionalProperties: false SpoolingMode: type: string enum: @@ -543,16 +637,108 @@ components: type: number minimum: 0 Expression: - minLength: 1 - type: string - maxLength: 2048 + $ref: '#/components/schemas/EventExpression' TriggerMode: $ref: '#/components/schemas/TriggerMode' ConditionLanguageVersion: - type: integer - minimum: 1 + $ref: '#/components/schemas/LanguageVersion' required: - Expression + EventExpression: + type: string + minLength: 1 + maxLength: 2048 + LanguageVersion: + type: integer + minimum: 1 + DataPartition: + type: object + properties: + Id: + $ref: '#/components/schemas/DataPartitionId' + StorageOptions: + $ref: '#/components/schemas/DataPartitionStorageOptions' + UploadOptions: + $ref: '#/components/schemas/DataPartitionUploadOptions' + required: + - Id + - StorageOptions + additionalProperties: false + DataPartitionStorageOptions: + type: object + properties: + MaximumSize: + $ref: '#/components/schemas/StorageMaximumSize' + MinimumTimeToLive: + $ref: '#/components/schemas/StorageMinimumTimeToLive' + StorageLocation: + $ref: '#/components/schemas/StorageLocation' + required: + - MaximumSize + - MinimumTimeToLive + - StorageLocation + additionalProperties: false + StorageLocation: + type: string + minLength: 1 + maxLength: 4096 + StorageMaximumSize: + type: object + properties: + Unit: + $ref: '#/components/schemas/StorageMaximumSizeUnit' + Value: + $ref: '#/components/schemas/StorageMaximumSizeValue' + required: + - Unit + - Value + additionalProperties: false + StorageMaximumSizeUnit: + type: string + enum: + - MB + - GB + - TB + StorageMaximumSizeValue: + type: integer + minimum: 1 + maximum: 1073741824 + StorageMinimumTimeToLive: + type: object + properties: + Unit: + $ref: '#/components/schemas/StorageMinimumTimeToLiveUnit' + Value: + $ref: '#/components/schemas/StorageMinimumTimeToLiveValue' + required: + - Unit + - Value + additionalProperties: false + StorageMinimumTimeToLiveUnit: + type: string + enum: + - HOURS + - DAYS + - WEEKS + StorageMinimumTimeToLiveValue: + type: integer + minimum: 1 + maximum: 10000 + DataPartitionUploadOptions: + type: object + properties: + Expression: + $ref: '#/components/schemas/EventExpression' + ConditionLanguageVersion: + $ref: '#/components/schemas/LanguageVersion' + required: + - Expression + additionalProperties: false + DataPartitionId: + type: string + pattern: ^[a-zA-Z0-9]+$ + minLength: 1 + maxLength: 128 Tag: type: object properties: @@ -568,6 +754,25 @@ components: - Key - Value additionalProperties: false + TimePeriod: + type: object + properties: + Unit: + $ref: '#/components/schemas/TimeUnit' + Value: + type: number + minimum: 1 + required: + - Unit + - Value + additionalProperties: false + TimeUnit: + type: string + enum: + - MILLISECOND + - SECOND + - MINUTE + - HOUR Campaign: type: object properties: @@ -596,6 +801,13 @@ components: type: array items: $ref: '#/components/schemas/SignalInformation' + SignalsToFetch: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SignalFetchInformation' + maxItems: 10 + minItems: 0 DataDestinationConfigs: minItems: 1 maxItems: 1 @@ -646,6 +858,14 @@ components: type: string CollectionScheme: $ref: '#/components/schemas/CollectionScheme' + DataPartitions: + type: array + items: + $ref: '#/components/schemas/DataPartition' + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + minItems: 0 Tags: type: array items: @@ -656,7 +876,6 @@ components: minItems: 0 required: - Name - - Action - CollectionScheme - SignalCatalogArn - TargetArn @@ -677,6 +896,7 @@ components: - Compression - StartTime - ExpiryTime + - DataPartitions x-write-only-properties: - Action x-read-only-properties: @@ -686,7 +906,6 @@ components: - LastModificationTime x-required-properties: - Name - - Action - CollectionScheme - SignalCatalogArn - TargetArn @@ -696,6 +915,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iotfleetwise:UntagResource + - iotfleetwise:TagResource + - iotfleetwise:ListTagsForResource x-required-permissions: read: - iotfleetwise:GetCampaign @@ -911,6 +1134,73 @@ components: - Type - ObdSignal additionalProperties: false + CustomDecodingNetworkInterface: + type: object + properties: + InterfaceId: + type: string + maxLength: 50 + minLength: 1 + Type: + type: string + enum: + - CUSTOM_DECODING_INTERFACE + CustomDecodingInterface: + $ref: '#/components/schemas/CustomDecodingInterface' + required: + - InterfaceId + - Type + - CustomDecodingInterface + additionalProperties: false + CustomDecodingInterface: + type: object + properties: + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z\d\-_:]+$ + required: + - Name + additionalProperties: false + CustomDecodingSignal: + type: object + properties: + Id: + type: string + maxLength: 150 + minLength: 1 + pattern: ^(?!.*\.\.)[a-zA-Z0-9_\-#:.]+$ + required: + - Id + additionalProperties: false + CustomDecodingSignalDecoder: + type: object + properties: + FullyQualifiedName: + type: string + maxLength: 150 + minLength: 1 + Type: + type: string + enum: + - CUSTOM_DECODING_SIGNAL + InterfaceId: + type: string + maxLength: 50 + minLength: 1 + CustomDecodingSignal: + $ref: '#/components/schemas/CustomDecodingSignal' + required: + - FullyQualifiedName + - InterfaceId + - Type + - CustomDecodingSignal + additionalProperties: false + DefaultForUnmappedSignalsType: + type: string + enum: + - CUSTOM_DECODING DecoderManifest: type: object properties: @@ -941,7 +1231,8 @@ components: oneOf: - $ref: '#/components/schemas/CanNetworkInterface' - $ref: '#/components/schemas/ObdNetworkInterface' - maxItems: 500 + - $ref: '#/components/schemas/CustomDecodingNetworkInterface' + maxItems: 5000 minItems: 1 SignalDecoders: x-insertionOrder: false @@ -950,10 +1241,13 @@ components: oneOf: - $ref: '#/components/schemas/CanSignalDecoder' - $ref: '#/components/schemas/ObdSignalDecoder' - maxItems: 500 + - $ref: '#/components/schemas/CustomDecodingSignalDecoder' + maxItems: 5000 minItems: 1 Status: $ref: '#/components/schemas/ManifestStatus' + DefaultForUnmappedSignals: + $ref: '#/components/schemas/DefaultForUnmappedSignalsType' Tags: type: array items: @@ -973,6 +1267,8 @@ components: x-create-only-properties: - Name - ModelManifestArn + x-write-only-properties: + - DefaultForUnmappedSignals x-read-only-properties: - Arn - CreationTime @@ -986,6 +1282,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iotfleetwise:UntagResource + - iotfleetwise:TagResource + - iotfleetwise:ListTagsForResource x-required-permissions: create: - iotfleetwise:CreateDecoderManifest @@ -1068,6 +1368,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iotfleetwise:UntagResource + - iotfleetwise:TagResource + - iotfleetwise:ListTagsForResource x-required-permissions: create: - iotfleetwise:GetFleet @@ -1152,6 +1456,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iotfleetwise:UntagResource + - iotfleetwise:TagResource + - iotfleetwise:ListTagsForResource x-required-permissions: create: - iotfleetwise:CreateModelManifest @@ -1372,7 +1680,7 @@ components: uniqueItems: true items: $ref: '#/components/schemas/Node' - maxItems: 500 + maxItems: 5000 minItems: 1 Tags: type: array @@ -1404,6 +1712,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iotfleetwise:UntagResource + - iotfleetwise:TagResource + - iotfleetwise:ListTagsForResource x-required-permissions: create: - iotfleetwise:GetSignalCatalog @@ -1427,6 +1739,120 @@ components: - iotfleetwise:DeleteSignalCatalog list: - iotfleetwise:ListSignalCatalogs + Unit: + type: object + additionalProperties: false + StateTemplate: + type: object + properties: + Arn: + type: string + CreationTime: + type: string + format: date-time + Description: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[^\u0000-\u001F\u007F]+$ + LastModificationTime: + type: string + format: date-time + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z\d\-_:]+$ + SignalCatalogArn: + type: string + StateTemplateProperties: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 150 + minLength: 1 + pattern: ^[a-zA-Z0-9_.]+$ + maxItems: 500 + minItems: 1 + DataExtraDimensions: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 150 + minLength: 1 + pattern: ^[a-zA-Z0-9_.]+$ + maxItems: 5 + minItems: 0 + MetadataExtraDimensions: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 150 + minLength: 1 + pattern: ^[a-zA-Z0-9_.]+$ + maxItems: 5 + minItems: 0 + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + minItems: 0 + required: + - Name + - SignalCatalogArn + - StateTemplateProperties + x-stackql-resource-name: state_template + description: Definition of AWS::IoTFleetWise::StateTemplate Resource Type + x-type-name: AWS::IoTFleetWise::StateTemplate + x-stackql-primary-identifier: + - Name + x-create-only-properties: + - Name + - SignalCatalogArn + x-read-only-properties: + - Arn + - CreationTime + - LastModificationTime + x-required-properties: + - Name + - SignalCatalogArn + - StateTemplateProperties + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotfleetwise:ListTagsForResource + - iotfleetwise:TagResource + - iotfleetwise:UntagResource + x-required-permissions: + create: + - iotfleetwise:GetStateTemplate + - iotfleetwise:CreateStateTemplate + - iotfleetwise:ListTagsForResource + - iotfleetwise:TagResource + read: + - iotfleetwise:GetStateTemplate + - iotfleetwise:ListTagsForResource + update: + - iotfleetwise:UpdateStateTemplate + - iotfleetwise:GetStateTemplate + - iotfleetwise:ListTagsForResource + - iotfleetwise:TagResource + - iotfleetwise:UntagResource + delete: + - iotfleetwise:DeleteStateTemplate + - iotfleetwise:GetStateTemplate + list: + - iotfleetwise:ListStateTemplates VehicleAssociationBehavior: type: string enum: @@ -1498,6 +1924,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iotfleetwise:UntagResource + - iotfleetwise:TagResource + - iotfleetwise:ListTagsForResource x-required-permissions: create: - iotfleetwise:GetVehicle @@ -1559,6 +1989,13 @@ components: type: array items: $ref: '#/components/schemas/SignalInformation' + SignalsToFetch: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/SignalFetchInformation' + maxItems: 10 + minItems: 0 DataDestinationConfigs: minItems: 1 maxItems: 1 @@ -1609,6 +2046,14 @@ components: type: string CollectionScheme: $ref: '#/components/schemas/CollectionScheme' + DataPartitions: + type: array + items: + $ref: '#/components/schemas/DataPartition' + x-insertionOrder: true + uniqueItems: true + maxItems: 20 + minItems: 0 Tags: type: array items: @@ -1661,7 +2106,8 @@ components: oneOf: - $ref: '#/components/schemas/CanNetworkInterface' - $ref: '#/components/schemas/ObdNetworkInterface' - maxItems: 500 + - $ref: '#/components/schemas/CustomDecodingNetworkInterface' + maxItems: 5000 minItems: 1 SignalDecoders: x-insertionOrder: false @@ -1670,10 +2116,13 @@ components: oneOf: - $ref: '#/components/schemas/CanSignalDecoder' - $ref: '#/components/schemas/ObdSignalDecoder' - maxItems: 500 + - $ref: '#/components/schemas/CustomDecodingSignalDecoder' + maxItems: 5000 minItems: 1 Status: $ref: '#/components/schemas/ManifestStatus' + DefaultForUnmappedSignals: + $ref: '#/components/schemas/DefaultForUnmappedSignalsType' Tags: type: array items: @@ -1821,21 +2270,96 @@ components: Nodes: type: array x-insertionOrder: false - uniqueItems: true + uniqueItems: true + items: + $ref: '#/components/schemas/Node' + maxItems: 5000 + minItems: 1 + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + x-insertionOrder: false + uniqueItems: true + maxItems: 50 + minItems: 0 + x-stackQL-stringOnly: true + x-title: CreateSignalCatalogRequest + type: object + required: [] + CreateStateTemplateRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + CreationTime: + type: string + format: date-time + Description: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[^\u0000-\u001F\u007F]+$ + LastModificationTime: + type: string + format: date-time + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z\d\-_:]+$ + SignalCatalogArn: + type: string + StateTemplateProperties: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 150 + minLength: 1 + pattern: ^[a-zA-Z0-9_.]+$ + maxItems: 500 + minItems: 1 + DataExtraDimensions: + type: array + x-insertionOrder: false items: - $ref: '#/components/schemas/Node' - maxItems: 500 - minItems: 1 - Tags: + type: string + maxLength: 150 + minLength: 1 + pattern: ^[a-zA-Z0-9_.]+$ + maxItems: 5 + minItems: 0 + MetadataExtraDimensions: type: array + x-insertionOrder: false items: - $ref: '#/components/schemas/Tag' + type: string + maxLength: 150 + minLength: 1 + pattern: ^[a-zA-Z0-9_.]+$ + maxItems: 5 + minItems: 0 + Tags: + type: array x-insertionOrder: false uniqueItems: true + items: + $ref: '#/components/schemas/Tag' maxItems: 50 minItems: 0 x-stackQL-stringOnly: true - x-title: CreateSignalCatalogRequest + x-title: CreateStateTemplateRequest type: object required: [] CreateVehicleRequest: @@ -1962,6 +2486,7 @@ components: JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.Priority') as priority, JSON_EXTRACT(Properties, '$.SignalsToCollect') as signals_to_collect, + JSON_EXTRACT(Properties, '$.SignalsToFetch') as signals_to_fetch, JSON_EXTRACT(Properties, '$.DataDestinationConfigs') as data_destination_configs, JSON_EXTRACT(Properties, '$.StartTime') as start_time, JSON_EXTRACT(Properties, '$.Name') as name, @@ -1975,6 +2500,7 @@ components: JSON_EXTRACT(Properties, '$.TargetArn') as target_arn, JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.CollectionScheme') as collection_scheme, + JSON_EXTRACT(Properties, '$.DataPartitions') as data_partitions, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::Campaign' AND data__Identifier = '' @@ -1991,6 +2517,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.Priority') as priority, JSON_EXTRACT(detail.Properties, '$.SignalsToCollect') as signals_to_collect, + JSON_EXTRACT(detail.Properties, '$.SignalsToFetch') as signals_to_fetch, JSON_EXTRACT(detail.Properties, '$.DataDestinationConfigs') as data_destination_configs, JSON_EXTRACT(detail.Properties, '$.StartTime') as start_time, JSON_EXTRACT(detail.Properties, '$.Name') as name, @@ -2004,6 +2531,7 @@ components: JSON_EXTRACT(detail.Properties, '$.TargetArn') as target_arn, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.CollectionScheme') as collection_scheme, + JSON_EXTRACT(detail.Properties, '$.DataPartitions') as data_partitions, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -2025,6 +2553,7 @@ components: json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'Priority') as priority, json_extract_path_text(Properties, 'SignalsToCollect') as signals_to_collect, + json_extract_path_text(Properties, 'SignalsToFetch') as signals_to_fetch, json_extract_path_text(Properties, 'DataDestinationConfigs') as data_destination_configs, json_extract_path_text(Properties, 'StartTime') as start_time, json_extract_path_text(Properties, 'Name') as name, @@ -2038,6 +2567,7 @@ components: json_extract_path_text(Properties, 'TargetArn') as target_arn, json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'CollectionScheme') as collection_scheme, + json_extract_path_text(Properties, 'DataPartitions') as data_partitions, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::Campaign' AND data__Identifier = '' @@ -2054,6 +2584,7 @@ components: json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'Priority') as priority, json_extract_path_text(detail.Properties, 'SignalsToCollect') as signals_to_collect, + json_extract_path_text(detail.Properties, 'SignalsToFetch') as signals_to_fetch, json_extract_path_text(detail.Properties, 'DataDestinationConfigs') as data_destination_configs, json_extract_path_text(detail.Properties, 'StartTime') as start_time, json_extract_path_text(detail.Properties, 'Name') as name, @@ -2067,6 +2598,7 @@ components: json_extract_path_text(detail.Properties, 'TargetArn') as target_arn, json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'CollectionScheme') as collection_scheme, + json_extract_path_text(detail.Properties, 'DataPartitions') as data_partitions, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -2133,6 +2665,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.Priority') as priority, JSON_EXTRACT(detail.Properties, '$.SignalsToCollect') as signals_to_collect, + JSON_EXTRACT(detail.Properties, '$.SignalsToFetch') as signals_to_fetch, JSON_EXTRACT(detail.Properties, '$.DataDestinationConfigs') as data_destination_configs, JSON_EXTRACT(detail.Properties, '$.StartTime') as start_time, JSON_EXTRACT(detail.Properties, '$.Name') as name, @@ -2145,7 +2678,8 @@ components: JSON_EXTRACT(detail.Properties, '$.DiagnosticsMode') as diagnostics_mode, JSON_EXTRACT(detail.Properties, '$.TargetArn') as target_arn, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.CollectionScheme') as collection_scheme + JSON_EXTRACT(detail.Properties, '$.CollectionScheme') as collection_scheme, + JSON_EXTRACT(detail.Properties, '$.DataPartitions') as data_partitions FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2168,6 +2702,7 @@ components: json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'Priority') as priority, json_extract_path_text(detail.Properties, 'SignalsToCollect') as signals_to_collect, + json_extract_path_text(detail.Properties, 'SignalsToFetch') as signals_to_fetch, json_extract_path_text(detail.Properties, 'DataDestinationConfigs') as data_destination_configs, json_extract_path_text(detail.Properties, 'StartTime') as start_time, json_extract_path_text(detail.Properties, 'Name') as name, @@ -2180,7 +2715,8 @@ components: json_extract_path_text(detail.Properties, 'DiagnosticsMode') as diagnostics_mode, json_extract_path_text(detail.Properties, 'TargetArn') as target_arn, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'CollectionScheme') as collection_scheme + json_extract_path_text(detail.Properties, 'CollectionScheme') as collection_scheme, + json_extract_path_text(detail.Properties, 'DataPartitions') as data_partitions FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2261,6 +2797,7 @@ components: JSON_EXTRACT(Properties, '$.NetworkInterfaces') as network_interfaces, JSON_EXTRACT(Properties, '$.SignalDecoders') as signal_decoders, JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.DefaultForUnmappedSignals') as default_for_unmapped_signals, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::DecoderManifest' AND data__Identifier = '' @@ -2279,6 +2816,7 @@ components: JSON_EXTRACT(detail.Properties, '$.NetworkInterfaces') as network_interfaces, JSON_EXTRACT(detail.Properties, '$.SignalDecoders') as signal_decoders, JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.DefaultForUnmappedSignals') as default_for_unmapped_signals, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -2302,6 +2840,7 @@ components: json_extract_path_text(Properties, 'NetworkInterfaces') as network_interfaces, json_extract_path_text(Properties, 'SignalDecoders') as signal_decoders, json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'DefaultForUnmappedSignals') as default_for_unmapped_signals, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::DecoderManifest' AND data__Identifier = '' @@ -2320,6 +2859,7 @@ components: json_extract_path_text(detail.Properties, 'NetworkInterfaces') as network_interfaces, json_extract_path_text(detail.Properties, 'SignalDecoders') as signal_decoders, json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'DefaultForUnmappedSignals') as default_for_unmapped_signals, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -2387,7 +2927,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.NetworkInterfaces') as network_interfaces, JSON_EXTRACT(detail.Properties, '$.SignalDecoders') as signal_decoders, - JSON_EXTRACT(detail.Properties, '$.Status') as status + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.DefaultForUnmappedSignals') as default_for_unmapped_signals FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2411,7 +2952,8 @@ components: json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'NetworkInterfaces') as network_interfaces, json_extract_path_text(detail.Properties, 'SignalDecoders') as signal_decoders, - json_extract_path_text(detail.Properties, 'Status') as status + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'DefaultForUnmappedSignals') as default_for_unmapped_signals FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3077,6 +3619,237 @@ components: WHERE listing.data__TypeName = 'AWS::IoTFleetWise::SignalCatalog' AND detail.data__TypeName = 'AWS::IoTFleetWise::SignalCatalog' AND listing.region = 'us-east-1' + state_templates: + name: state_templates + id: aws.iotfleetwise.state_templates + x-cfn-schema-name: StateTemplate + x-cfn-type-name: AWS::IoTFleetWise::StateTemplate + x-identifiers: + - Name + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__StateTemplate&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IoTFleetWise::StateTemplate" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IoTFleetWise::StateTemplate" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IoTFleetWise::StateTemplate" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/state_templates/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/state_templates/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/state_templates/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.LastModificationTime') as last_modification_time, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.SignalCatalogArn') as signal_catalog_arn, + JSON_EXTRACT(Properties, '$.StateTemplateProperties') as state_template_properties, + JSON_EXTRACT(Properties, '$.DataExtraDimensions') as data_extra_dimensions, + JSON_EXTRACT(Properties, '$.MetadataExtraDimensions') as metadata_extra_dimensions, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::StateTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.LastModificationTime') as last_modification_time, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.SignalCatalogArn') as signal_catalog_arn, + JSON_EXTRACT(detail.Properties, '$.StateTemplateProperties') as state_template_properties, + JSON_EXTRACT(detail.Properties, '$.DataExtraDimensions') as data_extra_dimensions, + JSON_EXTRACT(detail.Properties, '$.MetadataExtraDimensions') as metadata_extra_dimensions, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::IoTFleetWise::StateTemplate' + AND detail.data__TypeName = 'AWS::IoTFleetWise::StateTemplate' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'LastModificationTime') as last_modification_time, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'SignalCatalogArn') as signal_catalog_arn, + json_extract_path_text(Properties, 'StateTemplateProperties') as state_template_properties, + json_extract_path_text(Properties, 'DataExtraDimensions') as data_extra_dimensions, + json_extract_path_text(Properties, 'MetadataExtraDimensions') as metadata_extra_dimensions, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTFleetWise::StateTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CreationTime') as creation_time, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'LastModificationTime') as last_modification_time, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'SignalCatalogArn') as signal_catalog_arn, + json_extract_path_text(detail.Properties, 'StateTemplateProperties') as state_template_properties, + json_extract_path_text(detail.Properties, 'DataExtraDimensions') as data_extra_dimensions, + json_extract_path_text(detail.Properties, 'MetadataExtraDimensions') as metadata_extra_dimensions, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::IoTFleetWise::StateTemplate' + AND detail.data__TypeName = 'AWS::IoTFleetWise::StateTemplate' + AND listing.region = 'us-east-1' + state_templates_list_only: + name: state_templates_list_only + id: aws.iotfleetwise.state_templates_list_only + x-cfn-schema-name: StateTemplate + x-cfn-type-name: AWS::IoTFleetWise::StateTemplate + x-identifiers: + - Name + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::StateTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IoTFleetWise::StateTemplate' + AND region = 'us-east-1' + state_template_tags: + name: state_template_tags + id: aws.iotfleetwise.state_template_tags + x-cfn-schema-name: StateTemplate + x-cfn-type-name: AWS::IoTFleetWise::StateTemplate + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.LastModificationTime') as last_modification_time, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.SignalCatalogArn') as signal_catalog_arn, + JSON_EXTRACT(detail.Properties, '$.StateTemplateProperties') as state_template_properties, + JSON_EXTRACT(detail.Properties, '$.DataExtraDimensions') as data_extra_dimensions, + JSON_EXTRACT(detail.Properties, '$.MetadataExtraDimensions') as metadata_extra_dimensions + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::IoTFleetWise::StateTemplate' + AND detail.data__TypeName = 'AWS::IoTFleetWise::StateTemplate' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CreationTime') as creation_time, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'LastModificationTime') as last_modification_time, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'SignalCatalogArn') as signal_catalog_arn, + json_extract_path_text(detail.Properties, 'StateTemplateProperties') as state_template_properties, + json_extract_path_text(detail.Properties, 'DataExtraDimensions') as data_extra_dimensions, + json_extract_path_text(detail.Properties, 'MetadataExtraDimensions') as metadata_extra_dimensions + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::IoTFleetWise::StateTemplate' + AND detail.data__TypeName = 'AWS::IoTFleetWise::StateTemplate' + AND listing.region = 'us-east-1' vehicles: name: vehicles id: aws.iotfleetwise.vehicles @@ -3655,6 +4428,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__StateTemplate&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateStateTemplate + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateStateTemplateRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Vehicle&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/iotsitewise.yaml b/providers/src/aws/v00.00.00000/services/iotsitewise.yaml index 9b435687..dc22f4a9 100644 --- a/providers/src/aws/v00.00.00000/services/iotsitewise.yaml +++ b/providers/src/aws/v00.00.00000/services/iotsitewise.yaml @@ -436,6 +436,14 @@ components: PortalStartUrl: description: The public root URL for the AWS IoT AWS IoT SiteWise Monitor application portal. type: string + PortalType: + description: The type of portal + type: string + enum: + - SITEWISE_PORTAL_V1 + - SITEWISE_PORTAL_V2 + PortalTypeConfiguration: + $ref: '#/components/schemas/PortalTypeConfiguration' RoleArn: description: The ARN of a service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. type: string @@ -473,8 +481,7 @@ components: - - PortalArn x-create-only-properties: - PortalAuthMode - x-write-only-properties: - - Tags + - PortalType x-read-only-properties: - PortalArn - PortalClientId @@ -484,7 +491,16 @@ components: - PortalContactEmail - PortalName - RoleArn - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotsitewise:TagResource + - iotsitewise:UntagResource + - iotsitewise:ListTagsForResource x-required-permissions: create: - iotsitewise:CreatePortal @@ -512,6 +528,7 @@ components: - sso:DeleteManagedApplicationInstance list: - iotsitewise:ListPortals + - iotsitewise:ListTagsForResource Project: type: object properties: @@ -559,7 +576,16 @@ components: x-required-properties: - PortalId - ProjectName - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotsitewise:TagResource + - iotsitewise:UntagResource + - iotsitewise:ListTagsForResource x-required-permissions: create: - iotsitewise:CreateProject @@ -586,6 +612,7 @@ components: - iotsitewise:DeleteProject list: - iotsitewise:ListProjects + - iotsitewise:ListTagsForResource AccessPolicyIdentity: description: The identity for this access policy. Choose either an SSO user or group or an IAM user or role. type: object @@ -640,6 +667,8 @@ components: - AccessPolicyIdentity - AccessPolicyPermission - AccessPolicyResource + x-tagging: + taggable: false x-required-permissions: create: - iotsitewise:CreateAccessPolicy @@ -653,6 +682,8 @@ components: - iotsitewise:DeleteAccessPolicy list: - iotsitewise:ListAccessPolicies + - iotsitewise:ListProjects + - iotsitewise:ListPortals AssetProperty: description: The asset property's definition, alias, unit, and notification state. type: object @@ -1308,7 +1339,16 @@ components: - DashboardDefinition - DashboardDescription - DashboardName - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotsitewise:TagResource + - iotsitewise:UntagResource + - iotsitewise:ListTagsForResource x-required-permissions: create: - iotsitewise:CreateDashboard @@ -1337,100 +1377,101 @@ components: - iotsitewise:DeleteDashboard list: - iotsitewise:ListDashboards - GatewayPlatform: - description: Contains a gateway's platform information. - type: object + - iotsitewise:ListTagsForResource + GatewayCapabilitySummary: + description: Contains a summary of a gateway capability configuration. additionalProperties: false - properties: - Greengrass: - description: A gateway that runs on AWS IoT Greengrass V1. - $ref: '#/components/schemas/Greengrass' - GreengrassV2: - description: A gateway that runs on AWS IoT Greengrass V2. - $ref: '#/components/schemas/GreengrassV2' - SiemensIE: - description: A gateway that runs on Siemens Industrial Edge. - $ref: '#/components/schemas/SiemensIE' - oneOf: - - required: - - Greengrass - - required: - - GreengrassV2 - - required: - - SiemensIE - Greengrass: - description: Contains the ARN of AWS IoT Greengrass Group V1 that the gateway runs on. type: object - additionalProperties: false properties: - GroupArn: - description: The ARN of the Greengrass group. - type: string + CapabilityNamespace: + $ref: '#/components/schemas/CapabilityNamespace' + CapabilityConfiguration: + $ref: '#/components/schemas/CapabilityConfiguration' required: - - GroupArn + - CapabilityNamespace GreengrassV2: description: Contains the CoreDeviceThingName of AWS IoT Greengrass Group V2 that the gateway runs on. - type: object additionalProperties: false + type: object properties: CoreDeviceThingName: description: The name of the CoreDevice in GreenGrass V2. type: string required: - CoreDeviceThingName - SiemensIE: - description: Contains the IotCoreThingName of AWS IoT Thing that the gateway runs on. - type: object + CapabilityNamespace: + description: The namespace of the capability configuration. + type: string + Greengrass: + description: Contains the ARN of AWS IoT Greengrass Group V1 that the gateway runs on. additionalProperties: false + type: object properties: - IotCoreThingName: - description: The name of the IoT Core Thing. + GroupArn: + description: The ARN of the Greengrass group. type: string required: - - IotCoreThingName - CapabilityNamespace: - description: The namespace of the capability configuration. - type: string + - GroupArn CapabilityConfiguration: description: The JSON document that defines the gateway capability's configuration. type: string - GatewayCapabilitySummary: - description: Contains a summary of a gateway capability configuration. + GatewayPlatform: + oneOf: + - required: + - Greengrass + - required: + - GreengrassV2 + - required: + - SiemensIE + description: Contains a gateway's platform information. + additionalProperties: false type: object + properties: + GreengrassV2: + description: A gateway that runs on AWS IoT Greengrass V2. + $ref: '#/components/schemas/GreengrassV2' + Greengrass: + description: A gateway that runs on AWS IoT Greengrass V1. + $ref: '#/components/schemas/Greengrass' + SiemensIE: + description: A gateway that runs on Siemens Industrial Edge. + $ref: '#/components/schemas/SiemensIE' + SiemensIE: + description: Contains the IotCoreThingName of AWS IoT Thing that the gateway runs on. additionalProperties: false + type: object properties: - CapabilityNamespace: - $ref: '#/components/schemas/CapabilityNamespace' - CapabilityConfiguration: - $ref: '#/components/schemas/CapabilityConfiguration' + IotCoreThingName: + description: The name of the IoT Core Thing. + type: string required: - - CapabilityNamespace + - IotCoreThingName Gateway: type: object properties: + GatewayCapabilitySummaries: + uniqueItems: true + description: A list of gateway capability summaries that each contain a namespace and status. + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/GatewayCapabilitySummary' GatewayName: description: A unique, friendly name for the gateway. type: string GatewayPlatform: description: The gateway's platform. You can only specify one platform in a gateway. $ref: '#/components/schemas/GatewayPlatform' - Tags: - description: A list of key-value pairs that contain metadata for the gateway. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' GatewayId: description: The ID of the gateway device. type: string - GatewayCapabilitySummaries: - description: A list of gateway capability summaries that each contain a namespace and status. + Tags: + uniqueItems: false + description: A list of key-value pairs that contain metadata for the gateway. + x-insertionOrder: false type: array - uniqueItems: true - x-insertionOrder: true items: - $ref: '#/components/schemas/GatewayCapabilitySummary' + $ref: '#/components/schemas/Tag' required: - GatewayName - GatewayPlatform @@ -1446,8 +1487,21 @@ components: x-required-properties: - GatewayName - GatewayPlatform - x-taggable: true + x-tagging: + permissions: + - iotsitewise:TagResource + - iotsitewise:UntagResource + - iotsitewise:ListTagsForResource + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true x-required-permissions: + read: + - iotsitewise:DescribeGateway + - iotsitewise:DescribeGatewayCapabilityConfiguration + - iotsitewise:ListTagsForResource create: - iotsitewise:CreateGateway - iotsitewise:DescribeGateway @@ -1459,10 +1513,6 @@ components: - iotsitewise:ListTagsForResource - iotsitewise:TagResource - iot:DescribeThing - read: - - iotsitewise:DescribeGateway - - iotsitewise:DescribeGatewayCapabilityConfiguration - - iotsitewise:ListTagsForResource update: - iotsitewise:UpdateGateway - iotsitewise:UpdateGatewayCapabilityConfiguration @@ -1471,12 +1521,34 @@ components: - iotsitewise:DescribeGateway - iotsitewise:DescribeGatewayCapabilityConfiguration - iotsitewise:ListTagsForResource + list: + - iotsitewise:ListGateways + - iotsitewise:ListTagsForResource delete: - iotsitewise:DescribeGateway - iotsitewise:DescribeGatewayCapabilityConfiguration - iotsitewise:DeleteGateway - list: - - iotsitewise:ListGateways + PortalTypeEntry: + description: Container associated a certain PortalType. + type: object + additionalProperties: false + properties: + PortalTools: + $ref: '#/components/schemas/PortalTools' + required: + - PortalTools + PortalTools: + description: List of enabled Tools for a certain portal. + type: array + items: + type: string + PortalTypeConfiguration: + description: Map to associate detail of configuration related with a PortalType. + type: object + additionalProperties: false + x-patternProperties: + ^[a-z][a-zA-Z0-9_]*$: + $ref: '#/components/schemas/PortalTypeEntry' AssetId: description: The ID of the asset type: string @@ -1517,6 +1589,14 @@ components: PortalStartUrl: description: The public root URL for the AWS IoT AWS IoT SiteWise Monitor application portal. type: string + PortalType: + description: The type of portal + type: string + enum: + - SITEWISE_PORTAL_V1 + - SITEWISE_PORTAL_V2 + PortalTypeConfiguration: + $ref: '#/components/schemas/PortalTypeConfiguration' RoleArn: description: The ARN of a service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. type: string @@ -1800,29 +1880,29 @@ components: DesiredState: type: object properties: + GatewayCapabilitySummaries: + uniqueItems: true + description: A list of gateway capability summaries that each contain a namespace and status. + x-insertionOrder: true + type: array + items: + $ref: '#/components/schemas/GatewayCapabilitySummary' GatewayName: description: A unique, friendly name for the gateway. type: string GatewayPlatform: description: The gateway's platform. You can only specify one platform in a gateway. $ref: '#/components/schemas/GatewayPlatform' - Tags: - description: A list of key-value pairs that contain metadata for the gateway. - type: array - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' GatewayId: description: The ID of the gateway device. type: string - GatewayCapabilitySummaries: - description: A list of gateway capability summaries that each contain a namespace and status. + Tags: + uniqueItems: false + description: A list of key-value pairs that contain metadata for the gateway. + x-insertionOrder: false type: array - uniqueItems: true - x-insertionOrder: true items: - $ref: '#/components/schemas/GatewayCapabilitySummary' + $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true x-title: CreateGatewayRequest type: object @@ -1906,6 +1986,8 @@ components: JSON_EXTRACT(Properties, '$.PortalId') as portal_id, JSON_EXTRACT(Properties, '$.PortalName') as portal_name, JSON_EXTRACT(Properties, '$.PortalStartUrl') as portal_start_url, + JSON_EXTRACT(Properties, '$.PortalType') as portal_type, + JSON_EXTRACT(Properties, '$.PortalTypeConfiguration') as portal_type_configuration, JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(Properties, '$.NotificationSenderEmail') as notification_sender_email, JSON_EXTRACT(Properties, '$.Alarms') as alarms, @@ -1926,6 +2008,8 @@ components: JSON_EXTRACT(detail.Properties, '$.PortalId') as portal_id, JSON_EXTRACT(detail.Properties, '$.PortalName') as portal_name, JSON_EXTRACT(detail.Properties, '$.PortalStartUrl') as portal_start_url, + JSON_EXTRACT(detail.Properties, '$.PortalType') as portal_type, + JSON_EXTRACT(detail.Properties, '$.PortalTypeConfiguration') as portal_type_configuration, JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(detail.Properties, '$.NotificationSenderEmail') as notification_sender_email, JSON_EXTRACT(detail.Properties, '$.Alarms') as alarms, @@ -1951,6 +2035,8 @@ components: json_extract_path_text(Properties, 'PortalId') as portal_id, json_extract_path_text(Properties, 'PortalName') as portal_name, json_extract_path_text(Properties, 'PortalStartUrl') as portal_start_url, + json_extract_path_text(Properties, 'PortalType') as portal_type, + json_extract_path_text(Properties, 'PortalTypeConfiguration') as portal_type_configuration, json_extract_path_text(Properties, 'RoleArn') as role_arn, json_extract_path_text(Properties, 'NotificationSenderEmail') as notification_sender_email, json_extract_path_text(Properties, 'Alarms') as alarms, @@ -1971,6 +2057,8 @@ components: json_extract_path_text(detail.Properties, 'PortalId') as portal_id, json_extract_path_text(detail.Properties, 'PortalName') as portal_name, json_extract_path_text(detail.Properties, 'PortalStartUrl') as portal_start_url, + json_extract_path_text(detail.Properties, 'PortalType') as portal_type, + json_extract_path_text(detail.Properties, 'PortalTypeConfiguration') as portal_type_configuration, json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, json_extract_path_text(detail.Properties, 'NotificationSenderEmail') as notification_sender_email, json_extract_path_text(detail.Properties, 'Alarms') as alarms, @@ -2041,6 +2129,8 @@ components: JSON_EXTRACT(detail.Properties, '$.PortalId') as portal_id, JSON_EXTRACT(detail.Properties, '$.PortalName') as portal_name, JSON_EXTRACT(detail.Properties, '$.PortalStartUrl') as portal_start_url, + JSON_EXTRACT(detail.Properties, '$.PortalType') as portal_type, + JSON_EXTRACT(detail.Properties, '$.PortalTypeConfiguration') as portal_type_configuration, JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(detail.Properties, '$.NotificationSenderEmail') as notification_sender_email, JSON_EXTRACT(detail.Properties, '$.Alarms') as alarms @@ -2067,6 +2157,8 @@ components: json_extract_path_text(detail.Properties, 'PortalId') as portal_id, json_extract_path_text(detail.Properties, 'PortalName') as portal_name, json_extract_path_text(detail.Properties, 'PortalStartUrl') as portal_start_url, + json_extract_path_text(detail.Properties, 'PortalType') as portal_type, + json_extract_path_text(detail.Properties, 'PortalTypeConfiguration') as portal_type_configuration, json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, json_extract_path_text(detail.Properties, 'NotificationSenderEmail') as notification_sender_email, json_extract_path_text(detail.Properties, 'Alarms') as alarms @@ -3173,11 +3265,11 @@ components: SELECT region, data__Identifier, + JSON_EXTRACT(Properties, '$.GatewayCapabilitySummaries') as gateway_capability_summaries, JSON_EXTRACT(Properties, '$.GatewayName') as gateway_name, JSON_EXTRACT(Properties, '$.GatewayPlatform') as gateway_platform, - JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.GatewayId') as gateway_id, - JSON_EXTRACT(Properties, '$.GatewayCapabilitySummaries') as gateway_capability_summaries + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::Gateway' AND data__Identifier = '' AND region = 'us-east-1' @@ -3186,11 +3278,11 @@ components: ddl: |- SELECT detail.region, + JSON_EXTRACT(detail.Properties, '$.GatewayCapabilitySummaries') as gateway_capability_summaries, JSON_EXTRACT(detail.Properties, '$.GatewayName') as gateway_name, JSON_EXTRACT(detail.Properties, '$.GatewayPlatform') as gateway_platform, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.GatewayId') as gateway_id, - JSON_EXTRACT(detail.Properties, '$.GatewayCapabilitySummaries') as gateway_capability_summaries + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3204,11 +3296,11 @@ components: SELECT region, data__Identifier, + json_extract_path_text(Properties, 'GatewayCapabilitySummaries') as gateway_capability_summaries, json_extract_path_text(Properties, 'GatewayName') as gateway_name, json_extract_path_text(Properties, 'GatewayPlatform') as gateway_platform, - json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'GatewayId') as gateway_id, - json_extract_path_text(Properties, 'GatewayCapabilitySummaries') as gateway_capability_summaries + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IoTSiteWise::Gateway' AND data__Identifier = '' AND region = 'us-east-1' @@ -3217,11 +3309,11 @@ components: ddl: |- SELECT detail.region, + json_extract_path_text(detail.Properties, 'GatewayCapabilitySummaries') as gateway_capability_summaries, json_extract_path_text(detail.Properties, 'GatewayName') as gateway_name, json_extract_path_text(detail.Properties, 'GatewayPlatform') as gateway_platform, - json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'GatewayId') as gateway_id, - json_extract_path_text(detail.Properties, 'GatewayCapabilitySummaries') as gateway_capability_summaries + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3280,10 +3372,10 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.GatewayCapabilitySummaries') as gateway_capability_summaries, JSON_EXTRACT(detail.Properties, '$.GatewayName') as gateway_name, JSON_EXTRACT(detail.Properties, '$.GatewayPlatform') as gateway_platform, - JSON_EXTRACT(detail.Properties, '$.GatewayId') as gateway_id, - JSON_EXTRACT(detail.Properties, '$.GatewayCapabilitySummaries') as gateway_capability_summaries + JSON_EXTRACT(detail.Properties, '$.GatewayId') as gateway_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3299,10 +3391,10 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'GatewayCapabilitySummaries') as gateway_capability_summaries, json_extract_path_text(detail.Properties, 'GatewayName') as gateway_name, json_extract_path_text(detail.Properties, 'GatewayPlatform') as gateway_platform, - json_extract_path_text(detail.Properties, 'GatewayId') as gateway_id, - json_extract_path_text(detail.Properties, 'GatewayCapabilitySummaries') as gateway_capability_summaries + json_extract_path_text(detail.Properties, 'GatewayId') as gateway_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/iottwinmaker.yaml b/providers/src/aws/v00.00.00000/services/iottwinmaker.yaml index 4b1e5946..6193d259 100644 --- a/providers/src/aws/v00.00.00000/services/iottwinmaker.yaml +++ b/providers/src/aws/v00.00.00000/services/iottwinmaker.yaml @@ -770,6 +770,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iottwinmaker:TagResource + - iottwinmaker:UntagResource + - iottwinmaker:ListTagsForResource x-required-permissions: create: - iottwinmaker:CreateComponentType @@ -1040,6 +1044,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iottwinmaker:TagResource + - iottwinmaker:UntagResource + - iottwinmaker:ListTagsForResource x-required-permissions: create: - iottwinmaker:GetWorkspace @@ -1186,6 +1194,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iottwinmaker:TagResource + - iottwinmaker:UntagResource + - iottwinmaker:ListTagsForResource x-required-permissions: create: - iottwinmaker:CreateScene @@ -1290,6 +1302,10 @@ components: tagUpdatable: false cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iottwinmaker:TagResource + - iottwinmaker:UntagResource + - iottwinmaker:ListTagsForResource x-required-permissions: create: - iam:PassRole @@ -1380,6 +1396,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iottwinmaker:TagResource + - iottwinmaker:UntagResource + - iottwinmaker:ListTagsForResource x-required-permissions: create: - iam:PassRole diff --git a/providers/src/aws/v00.00.00000/services/iotwireless.yaml b/providers/src/aws/v00.00.00000/services/iotwireless.yaml index 4d1a70e2..18d632c8 100644 --- a/providers/src/aws/v00.00.00000/services/iotwireless.yaml +++ b/providers/src/aws/v00.00.00000/services/iotwireless.yaml @@ -452,21 +452,30 @@ components: - Name - Expression - ExpressionType - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotwireless:TagResource + - iotwireless:UntagResource + - iotwireless:ListTagsForResource x-required-permissions: create: - iam:PassRole - iotwireless:CreateDestination - iotwireless:TagResource - - iotwireless:ListTagsForResource read: - iotwireless:GetDestination - iotwireless:ListTagsForResource update: - iam:PassRole + - iotwireless:GetDestination - iotwireless:UpdateDestination - iotwireless:UntagResource - - iotwireless:ListTagsForResource + - iotwireless:TagResource delete: - iotwireless:DeleteDestination list: @@ -577,16 +586,31 @@ components: x-type-name: AWS::IoTWireless::DeviceProfile x-stackql-primary-identifier: - Id + x-create-only-properties: + - Name + - LoRaWAN x-read-only-properties: - Arn - Id x-required-properties: [] - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotwireless:TagResource + - iotwireless:UntagResource + - iotwireless:ListTagsForResource x-required-permissions: create: - iotwireless:CreateDeviceProfile - iotwireless:TagResource - - iotwireless:ListTagsForResource + update: + - iotwireless:GetDeviceProfile + - iotwireless:TagResource + - iotwireless:UntagResource read: - iotwireless:GetDeviceProfile - iotwireless:ListTagsForResource @@ -694,12 +718,20 @@ components: - LoRaWAN - FirmwareUpdateImage - FirmwareUpdateRole - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotwireless:TagResource + - iotwireless:UntagResource + - iotwireless:ListTagsForResource x-required-permissions: create: - iotwireless:CreateFuotaTask - iotwireless:TagResource - - iotwireless:ListTagsForResource - iam:GetRole - iam:PassRole read: @@ -708,8 +740,9 @@ components: update: - iam:PassRole - iotwireless:UpdateFuotaTask + - iotwireless:GetFuotaTask + - iotwireless:TagResource - iotwireless:UntagResource - - iotwireless:ListTagsForResource - iotwireless:AssociateMulticastGroupWithFuotaTask - iotwireless:DisassociateMulticastGroupFromFuotaTask - iotwireless:AssociateWirelessDeviceWithFuotaTask @@ -774,19 +807,28 @@ components: - LoRaWAN/NumberOfDevicesInGroup x-required-properties: - LoRaWAN - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotwireless:TagResource + - iotwireless:UntagResource + - iotwireless:ListTagsForResource x-required-permissions: create: - iotwireless:CreateMulticastGroup - iotwireless:TagResource - - iotwireless:ListTagsForResource read: - iotwireless:GetMulticastGroup - iotwireless:ListTagsForResource update: - iotwireless:UpdateMulticastGroup + - iotwireless:GetMulticastGroup + - iotwireless:TagResource - iotwireless:UntagResource - - iotwireless:ListTagsForResource - iotwireless:AssociateWirelessDeviceWithMulticastGroup - iotwireless:DisassociateWirelessDeviceFromMulticastGroup delete: @@ -860,7 +902,6 @@ components: - Name x-create-only-properties: - Name - - Tags x-read-only-properties: - Arn x-required-properties: @@ -868,21 +909,25 @@ components: x-tagging: taggable: true tagOnCreate: true - tagUpdatable: false + tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - iotwireless:TagResource + - iotwireless:UntagResource + - iotwireless:ListTagsForResource x-required-permissions: create: - iotwireless:CreateNetworkAnalyzerConfiguration - iotwireless:TagResource - - iotwireless:ListTagsForResource read: - iotwireless:GetNetworkAnalyzerConfiguration - iotwireless:ListTagsForResource update: - iotwireless:UpdateNetworkAnalyzerConfiguration + - iotwireless:GetNetworkAnalyzerConfiguration + - iotwireless:TagResource - iotwireless:UntagResource - - iotwireless:ListTagsForResource delete: - iotwireless:DeleteNetworkAnalyzerConfiguration list: @@ -973,12 +1018,21 @@ components: x-read-only-properties: - Arn - Fingerprint - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotwireless:TagResource + - iotwireless:UntagResource + - iotwireless:ListTagsForResource x-required-permissions: create: - iotwireless:AssociateAwsAccountWithPartnerAccount - iotwireless:TagResource - - iotwireless:ListTagsForResource + - iotwireless:GetPartnerAccount read: - iotwireless:GetPartnerAccount - iotwireless:ListTagsForResource @@ -986,9 +1040,12 @@ components: - iotwireless:ListPartnerAccounts - iotwireless:ListTagsForResource update: + - iotwireless:GetPartnerAccount + - iotwireless:AssociateAwsAccountWithPartnerAccount - iotwireless:UpdatePartnerAccount - - iotwireless:UntagResource - iotwireless:ListTagsForResource + - iotwireless:TagResource + - iotwireless:UntagResource delete: - iotwireless:DisassociateAwsAccountFromPartnerAccount LoRaWANServiceProfile: @@ -1064,6 +1121,9 @@ components: x-type-name: AWS::IoTWireless::ServiceProfile x-stackql-primary-identifier: - Id + x-create-only-properties: + - Name + - LoRaWAN x-read-only-properties: - Id - Arn @@ -1084,12 +1144,24 @@ components: - LoRaWAN/TargetPer - LoRaWAN/MinGwDiversity x-required-properties: [] - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotwireless:TagResource + - iotwireless:UntagResource + - iotwireless:ListTagsForResource x-required-permissions: create: - iotwireless:CreateServiceProfile - iotwireless:TagResource - - iotwireless:ListTagsForResource + update: + - iotwireless:GetServiceProfile + - iotwireless:TagResource + - iotwireless:UntagResource read: - iotwireless:GetServiceProfile - iotwireless:ListTagsForResource @@ -1200,14 +1272,26 @@ components: - Arn x-required-properties: - AutoCreateTasks - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotwireless:TagResource + - iotwireless:UntagResource + - iotwireless:ListTagsForResource x-required-permissions: create: - iotwireless:CreateWirelessGatewayTaskDefinition - iotwireless:TagResource - - iotwireless:ListTagsForResource - iam:GetRole - iam:PassRole + update: + - iotwireless:GetWirelessGatewayTaskDefinition + - iotwireless:TagResource + - iotwireless:UntagResource read: - iotwireless:GetWirelessGatewayTaskDefinition - iotwireless:ListTagsForResource @@ -1366,6 +1450,9 @@ components: type: string enum: - SemtechGeolocation + - SemtechGNSS + - SemtechGNSSNG + - SemtechWiFi additionalProperties: false WirelessDevice: type: object @@ -1436,20 +1523,29 @@ components: x-required-properties: - Type - DestinationName - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotwireless:TagResource + - iotwireless:UntagResource + - iotwireless:ListTagsForResource x-required-permissions: create: - iotwireless:CreateWirelessDevice - iotwireless:TagResource - - iotwireless:ListTagsForResource read: - iotwireless:GetWirelessDevice - iotwireless:ListTagsForResource update: - iotwireless:UpdateWirelessDevice - - iotwireless:UntagResource - - iotwireless:ListTagsForResource + - iotwireless:GetWirelessDevice - iotwireless:AssociateWirelessDeviceWithThing + - iotwireless:TagResource + - iotwireless:UntagResource delete: - iotwireless:DeleteWirelessDevice - iotwireless:DisassociateWirelessDeviceFromThing @@ -1500,14 +1596,6 @@ components: $ref: '#/components/schemas/DeviceCreationFileList' Role: $ref: '#/components/schemas/Role' - oneOf: - - allOf: - - required: - - DeviceCreationFile - - required: - - Role - - required: - - SidewalkManufacturingSn Status: description: Status for import task type: string @@ -1568,23 +1656,27 @@ components: x-tagging: taggable: true tagOnCreate: true - tagUpdatable: false - cloudFormationSystemTags: false + tagUpdatable: true + cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - iotwireless:TagResource + - iotwireless:UntagResource + - iotwireless:ListTagsForResource x-required-permissions: create: - iotwireless:StartWirelessDeviceImportTask - iotwireless:StartSingleWirelessDeviceImportTask - iotwireless:TagResource - - iotwireless:ListTagsForResource - iam:PassRole read: - iotwireless:GetWirelessDeviceImportTask - iotwireless:ListTagsForResource update: + - iotwireless:GetWirelessDeviceImportTask - iotwireless:UpdateWirelessDeviceImportTask + - iotwireless:TagResource - iotwireless:UntagResource - - iotwireless:ListTagsForResource - iam:PassRole delete: - iotwireless:DeleteWirelessDeviceImportTask @@ -1654,20 +1746,29 @@ components: - Arn x-required-properties: - LoRaWAN - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - iotwireless:TagResource + - iotwireless:UntagResource + - iotwireless:ListTagsForResource x-required-permissions: create: - iotwireless:CreateWirelessGateway - iotwireless:TagResource - - iotwireless:ListTagsForResource read: - iotwireless:GetWirelessGateway - iotwireless:ListTagsForResource update: + - iotwireless:GetWirelessGateway - iotwireless:UpdateWirelessGateway - - iotwireless:UntagResource - - iotwireless:ListTagsForResource - iotwireless:AssociateWirelessGatewayWithThing + - iotwireless:TagResource + - iotwireless:UntagResource delete: - iotwireless:DeleteWirelessGateway - iotwireless:DisassociateWirelessGatewayFromThing @@ -2205,14 +2306,6 @@ components: $ref: '#/components/schemas/DeviceCreationFileList' Role: $ref: '#/components/schemas/Role' - oneOf: - - allOf: - - required: - - DeviceCreationFile - - required: - - Role - - required: - - SidewalkManufacturingSn Status: description: Status for import task type: string @@ -2546,6 +2639,18 @@ components: response: mediaType: application/json openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IoTWireless::DeviceProfile" + } + response: + mediaType: application/json + openAPIDocKey: '200' delete_resource: operation: $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' @@ -2563,7 +2668,8 @@ components: - $ref: '#/components/x-stackQL-resources/device_profiles/methods/create_resource' delete: - $ref: '#/components/x-stackQL-resources/device_profiles/methods/delete_resource' - update: [] + update: + - $ref: '#/components/x-stackQL-resources/device_profiles/methods/update_resource' config: views: select: @@ -3646,6 +3752,18 @@ components: response: mediaType: application/json openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IoTWireless::ServiceProfile" + } + response: + mediaType: application/json + openAPIDocKey: '200' delete_resource: operation: $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' @@ -3663,7 +3781,8 @@ components: - $ref: '#/components/x-stackQL-resources/service_profiles/methods/create_resource' delete: - $ref: '#/components/x-stackQL-resources/service_profiles/methods/delete_resource' - update: [] + update: + - $ref: '#/components/x-stackQL-resources/service_profiles/methods/update_resource' config: views: select: @@ -3834,6 +3953,18 @@ components: response: mediaType: application/json openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IoTWireless::TaskDefinition" + } + response: + mediaType: application/json + openAPIDocKey: '200' delete_resource: operation: $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' @@ -3851,7 +3982,8 @@ components: - $ref: '#/components/x-stackQL-resources/task_definitions/methods/create_resource' delete: - $ref: '#/components/x-stackQL-resources/task_definitions/methods/delete_resource' - update: [] + update: + - $ref: '#/components/x-stackQL-resources/task_definitions/methods/update_resource' config: views: select: diff --git a/providers/src/aws/v00.00.00000/services/ivs.yaml b/providers/src/aws/v00.00.00000/services/ivs.yaml index 60825859..b462adcd 100644 --- a/providers/src/aws/v00.00.00000/services/ivs.yaml +++ b/providers/src/aws/v00.00.00000/services/ivs.yaml @@ -465,6 +465,7 @@ components: description: Optional transcode preset for the channel. This is selectable only for ADVANCED_HD and ADVANCED_SD channel types. For those channel types, the default preset is HIGHER_BANDWIDTH_DELIVERY. For other channel types (BASIC and STANDARD), preset is the empty string (""). type: string enum: + - '' - HIGHER_BANDWIDTH_DELIVERY - CONSTRAINED_BANDWIDTH_DELIVERY required: [] @@ -484,6 +485,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource x-required-permissions: create: - ivs:CreateChannel @@ -495,11 +500,11 @@ components: - ivs:GetChannel - ivs:UpdateChannel - ivs:TagResource - - ivs:UnTagResource + - ivs:UntagResource - ivs:ListTagsForResource delete: - ivs:DeleteChannel - - ivs:UnTagResource + - ivs:UntagResource list: - ivs:ListChannels - ivs:ListTagsForResource @@ -530,15 +535,15 @@ components: maximum: 60 default: 30 Height: - description: 'Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.' + description: 'Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.' type: integer - minimum: 1 + minimum: 2 maximum: 1920 default: 720 Width: - description: 'Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.' + description: 'Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.' type: integer - minimum: 1 + minimum: 2 maximum: 1920 default: 1280 Name: @@ -577,6 +582,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource x-required-permissions: create: - ivs:CreateEncoderConfiguration @@ -595,6 +604,115 @@ components: list: - ivs:ListEncoderConfigurations - ivs:ListTagsForResource + IngestConfiguration: + type: object + properties: + Arn: + description: IngestConfiguration ARN is automatically generated on creation and assigned as the unique identifier. + type: string + pattern: ^arn:aws:ivs:[a-z0-9-]+:[0-9]+:ingest-configuration/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + Name: + description: IngestConfiguration + type: string + minLength: 0 + maxLength: 128 + pattern: ^[a-zA-Z0-9-_]*$ + default: '-' + StageArn: + description: 'Stage ARN. A value other than an empty string indicates that stage is linked to IngestConfiguration. Default: "" (recording is disabled).' + type: string + default: '' + pattern: ^arn:aws:ivs:[a-z0-9-]+:[0-9]+:stage/[a-zA-Z0-9-]+$ + minLength: 0 + maxLength: 128 + ParticipantId: + description: Participant Id is automatically generated on creation and assigned. + type: string + minLength: 0 + maxLength: 64 + pattern: ^[a-zA-Z0-9-_]*$ + IngestProtocol: + description: Ingest Protocol. + type: string + enum: + - RTMP + - RTMPS + default: RTMPS + InsecureIngest: + description: Whether ingest configuration allows insecure ingest. + type: boolean + default: false + State: + description: State of IngestConfiguration which determines whether IngestConfiguration is in use or not. + type: string + enum: + - ACTIVE + - INACTIVE + default: INACTIVE + StreamKey: + description: Stream-key value. + type: string + UserId: + description: User defined indentifier for participant associated with IngestConfiguration. + type: string + Tags: + description: A list of key-value pairs that contain metadata for the asset model. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: [] + x-stackql-resource-name: ingest_configuration + description: Resource Type definition for AWS::IVS::IngestConfiguration + x-type-name: AWS::IVS::IngestConfiguration + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - InsecureIngest + - UserId + - Name + - IngestProtocol + x-write-only-properties: + - InsecureIngest + x-read-only-properties: + - Arn + - ParticipantId + - StreamKey + - State + x-required-properties: [] + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource + x-required-permissions: + create: + - ivs:CreateIngestConfiguration + - ivs:TagResource + read: + - ivs:GetIngestConfiguration + - ivs:ListTagsForResource + update: + - ivs:GetIngestConfiguration + - ivs:UpdateIngestConfiguration + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource + delete: + - ivs:DeleteIngestConfiguration + - ivs:UntagResource + list: + - ivs:ListIngestConfigurations + - ivs:ListTagsForResource PlaybackKeyPair: type: object properties: @@ -643,6 +761,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource x-required-permissions: create: - ivs:ImportPlaybackKeyPair @@ -721,6 +843,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource x-required-permissions: create: - ivs:CreatePlaybackRestrictionPolicy @@ -740,6 +866,74 @@ components: list: - ivs:ListPlaybackRestrictionPolicies - ivs:ListTagsForResource + PublicKey: + type: object + properties: + Name: + description: Name of the public key to be imported. The value does not need to be unique. + type: string + pattern: ^[a-zA-Z0-9-_]*$ + minLength: 0 + maxLength: 128 + PublicKeyMaterial: + description: The public portion of a customer-generated key pair. + type: string + pattern: '-----BEGIN PUBLIC KEY-----\r?\n([a-zA-Z0-9+/=\r\n]+)\r?\n-----END PUBLIC KEY-----(\r?\n)?' + Fingerprint: + description: Key-pair identifier. + type: string + Arn: + description: Key-pair identifier. + type: string + pattern: ^arn:aws:ivs:[a-z0-9-]+:[0-9]+:public-key/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + Tags: + description: A list of key-value pairs that contain metadata for the asset model. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: public_key + description: Resource Type definition for AWS::IVS::PublicKey + x-type-name: AWS::IVS::PublicKey + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - PublicKeyMaterial + - Name + x-read-only-properties: + - Arn + - Fingerprint + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource + x-required-permissions: + create: + - ivs:ImportPublicKey + - ivs:TagResource + read: + - ivs:GetPublicKey + update: + - ivs:GetPublicKey + - ivs:ListTagsForResource + - ivs:UntagResource + - ivs:TagResource + delete: + - ivs:DeletePublicKey + - ivs:UntagResource + list: + - ivs:ListPublicKeys + - ivs:ListTagsForResource DestinationConfiguration: description: Recording Destination Configuration. type: object @@ -901,6 +1095,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource x-required-permissions: create: - ivs:CreateRecordingConfiguration @@ -934,6 +1132,33 @@ components: - ivs:ListRecordingConfigurations - s3:GetBucketLocation - ivs:ListTagsForResource + AutoParticipantRecordingConfiguration: + description: Configuration object for individual participant recording, to attach to the new stage. + type: object + additionalProperties: false + properties: + StorageConfigurationArn: + description: ARN of the StorageConfiguration resource to use for individual participant recording. + type: string + pattern: ^$|^arn:aws:ivs:[a-z0-9-]+:[0-9]+:storage-configuration/[a-zA-Z0-9-]+$ + minLength: 0 + maxLength: 128 + MediaTypes: + description: 'Types of media to be recorded. Default: AUDIO_VIDEO.' + type: array + minItems: 0 + maxItems: 1 + uniqueItems: true + x-insertionOrder: false + items: + type: string + enum: + - AUDIO_VIDEO + - AUDIO_ONLY + default: + - AUDIO_VIDEO + required: + - StorageConfigurationArn Stage: type: object properties: @@ -949,6 +1174,8 @@ components: minLength: 0 maxLength: 128 pattern: ^[a-zA-Z0-9-_]*$ + AutoParticipantRecordingConfiguration: + $ref: '#/components/schemas/AutoParticipantRecordingConfiguration' Tags: description: An array of key-value pairs to apply to this resource. type: array @@ -976,6 +1203,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource x-required-permissions: create: - ivs:CreateStage @@ -989,11 +1220,11 @@ components: - ivs:GetStage - ivs:UpdateStage - ivs:TagResource - - ivs:UnTagResource + - ivs:UntagResource - ivs:ListTagsForResource delete: - ivs:DeleteStage - - ivs:UnTagResource + - ivs:UntagResource list: - ivs:ListStages - ivs:ListTagsForResource @@ -1056,6 +1287,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource x-required-permissions: create: - ivs:CreateStorageConfiguration @@ -1128,6 +1363,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ivs:TagResource + - ivs:UntagResource + - ivs:ListTagsForResource x-required-permissions: create: - ivs:TagResource @@ -1222,6 +1461,7 @@ components: description: Optional transcode preset for the channel. This is selectable only for ADVANCED_HD and ADVANCED_SD channel types. For those channel types, the default preset is HIGHER_BANDWIDTH_DELIVERY. For other channel types (BASIC and STANDARD), preset is the empty string (""). type: string enum: + - '' - HIGHER_BANDWIDTH_DELIVERY - CONSTRAINED_BANDWIDTH_DELIVERY x-stackQL-stringOnly: true @@ -1265,15 +1505,15 @@ components: maximum: 60 default: 30 Height: - description: 'Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.' + description: 'Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.' type: integer - minimum: 1 + minimum: 2 maximum: 1920 default: 720 Width: - description: 'Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.' + description: 'Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.' type: integer - minimum: 1 + minimum: 2 maximum: 1920 default: 1280 Name: @@ -1294,6 +1534,81 @@ components: x-title: CreateEncoderConfigurationRequest type: object required: [] + CreateIngestConfigurationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + description: IngestConfiguration ARN is automatically generated on creation and assigned as the unique identifier. + type: string + pattern: ^arn:aws:ivs:[a-z0-9-]+:[0-9]+:ingest-configuration/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + Name: + description: IngestConfiguration + type: string + minLength: 0 + maxLength: 128 + pattern: ^[a-zA-Z0-9-_]*$ + default: '-' + StageArn: + description: 'Stage ARN. A value other than an empty string indicates that stage is linked to IngestConfiguration. Default: "" (recording is disabled).' + type: string + default: '' + pattern: ^arn:aws:ivs:[a-z0-9-]+:[0-9]+:stage/[a-zA-Z0-9-]+$ + minLength: 0 + maxLength: 128 + ParticipantId: + description: Participant Id is automatically generated on creation and assigned. + type: string + minLength: 0 + maxLength: 64 + pattern: ^[a-zA-Z0-9-_]*$ + IngestProtocol: + description: Ingest Protocol. + type: string + enum: + - RTMP + - RTMPS + default: RTMPS + InsecureIngest: + description: Whether ingest configuration allows insecure ingest. + type: boolean + default: false + State: + description: State of IngestConfiguration which determines whether IngestConfiguration is in use or not. + type: string + enum: + - ACTIVE + - INACTIVE + default: INACTIVE + StreamKey: + description: Stream-key value. + type: string + UserId: + description: User defined indentifier for participant associated with IngestConfiguration. + type: string + Tags: + description: A list of key-value pairs that contain metadata for the asset model. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateIngestConfigurationRequest + type: object + required: [] CreatePlaybackKeyPairRequest: properties: ClientToken: @@ -1393,6 +1708,50 @@ components: x-title: CreatePlaybackRestrictionPolicyRequest type: object required: [] + CreatePublicKeyRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Name: + description: Name of the public key to be imported. The value does not need to be unique. + type: string + pattern: ^[a-zA-Z0-9-_]*$ + minLength: 0 + maxLength: 128 + PublicKeyMaterial: + description: The public portion of a customer-generated key pair. + type: string + pattern: '-----BEGIN PUBLIC KEY-----\r?\n([a-zA-Z0-9+/=\r\n]+)\r?\n-----END PUBLIC KEY-----(\r?\n)?' + Fingerprint: + description: Key-pair identifier. + type: string + Arn: + description: Key-pair identifier. + type: string + pattern: ^arn:aws:ivs:[a-z0-9-]+:[0-9]+:public-key/[a-zA-Z0-9-]+$ + minLength: 1 + maxLength: 128 + Tags: + description: A list of key-value pairs that contain metadata for the asset model. + type: array + uniqueItems: true + x-insertionOrder: false + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreatePublicKeyRequest + type: object + required: [] CreateRecordingConfigurationRequest: properties: ClientToken: @@ -1474,6 +1833,8 @@ components: minLength: 0 maxLength: 128 pattern: ^[a-zA-Z0-9-_]*$ + AutoParticipantRecordingConfiguration: + $ref: '#/components/schemas/AutoParticipantRecordingConfiguration' Tags: description: An array of key-value pairs to apply to this resource. type: array @@ -1987,8 +2348,233 @@ components: ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::IVS::EncoderConfiguration' - AND detail.data__TypeName = 'AWS::IVS::EncoderConfiguration' + WHERE listing.data__TypeName = 'AWS::IVS::EncoderConfiguration' + AND detail.data__TypeName = 'AWS::IVS::EncoderConfiguration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Video') as video, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::IVS::EncoderConfiguration' + AND detail.data__TypeName = 'AWS::IVS::EncoderConfiguration' + AND listing.region = 'us-east-1' + ingest_configurations: + name: ingest_configurations + id: aws.ivs.ingest_configurations + x-cfn-schema-name: IngestConfiguration + x-cfn-type-name: AWS::IVS::IngestConfiguration + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__IngestConfiguration&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IVS::IngestConfiguration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IVS::IngestConfiguration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IVS::IngestConfiguration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/ingest_configurations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/ingest_configurations/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/ingest_configurations/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.StageArn') as stage_arn, + JSON_EXTRACT(Properties, '$.ParticipantId') as participant_id, + JSON_EXTRACT(Properties, '$.IngestProtocol') as ingest_protocol, + JSON_EXTRACT(Properties, '$.InsecureIngest') as insecure_ingest, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.StreamKey') as stream_key, + JSON_EXTRACT(Properties, '$.UserId') as user_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::IngestConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.StageArn') as stage_arn, + JSON_EXTRACT(detail.Properties, '$.ParticipantId') as participant_id, + JSON_EXTRACT(detail.Properties, '$.IngestProtocol') as ingest_protocol, + JSON_EXTRACT(detail.Properties, '$.InsecureIngest') as insecure_ingest, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.StreamKey') as stream_key, + JSON_EXTRACT(detail.Properties, '$.UserId') as user_id, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::IVS::IngestConfiguration' + AND detail.data__TypeName = 'AWS::IVS::IngestConfiguration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'StageArn') as stage_arn, + json_extract_path_text(Properties, 'ParticipantId') as participant_id, + json_extract_path_text(Properties, 'IngestProtocol') as ingest_protocol, + json_extract_path_text(Properties, 'InsecureIngest') as insecure_ingest, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'StreamKey') as stream_key, + json_extract_path_text(Properties, 'UserId') as user_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::IngestConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'StageArn') as stage_arn, + json_extract_path_text(detail.Properties, 'ParticipantId') as participant_id, + json_extract_path_text(detail.Properties, 'IngestProtocol') as ingest_protocol, + json_extract_path_text(detail.Properties, 'InsecureIngest') as insecure_ingest, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'StreamKey') as stream_key, + json_extract_path_text(detail.Properties, 'UserId') as user_id, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::IVS::IngestConfiguration' + AND detail.data__TypeName = 'AWS::IVS::IngestConfiguration' + AND listing.region = 'us-east-1' + ingest_configurations_list_only: + name: ingest_configurations_list_only + id: aws.ivs.ingest_configurations_list_only + x-cfn-schema-name: IngestConfiguration + x-cfn-type-name: AWS::IVS::IngestConfiguration + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::IngestConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::IngestConfiguration' + AND region = 'us-east-1' + ingest_configuration_tags: + name: ingest_configuration_tags + id: aws.ivs.ingest_configuration_tags + x-cfn-schema-name: IngestConfiguration + x-cfn-type-name: AWS::IVS::IngestConfiguration + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.StageArn') as stage_arn, + JSON_EXTRACT(detail.Properties, '$.ParticipantId') as participant_id, + JSON_EXTRACT(detail.Properties, '$.IngestProtocol') as ingest_protocol, + JSON_EXTRACT(detail.Properties, '$.InsecureIngest') as insecure_ingest, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.StreamKey') as stream_key, + JSON_EXTRACT(detail.Properties, '$.UserId') as user_id + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::IVS::IngestConfiguration' + AND detail.data__TypeName = 'AWS::IVS::IngestConfiguration' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -1998,15 +2584,21 @@ components: json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'Video') as video, - json_extract_path_text(detail.Properties, 'Name') as name + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'StageArn') as stage_arn, + json_extract_path_text(detail.Properties, 'ParticipantId') as participant_id, + json_extract_path_text(detail.Properties, 'IngestProtocol') as ingest_protocol, + json_extract_path_text(detail.Properties, 'InsecureIngest') as insecure_ingest, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'StreamKey') as stream_key, + json_extract_path_text(detail.Properties, 'UserId') as user_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::IVS::EncoderConfiguration' - AND detail.data__TypeName = 'AWS::IVS::EncoderConfiguration' + WHERE listing.data__TypeName = 'AWS::IVS::IngestConfiguration' + AND detail.data__TypeName = 'AWS::IVS::IngestConfiguration' AND listing.region = 'us-east-1' playback_key_pairs: name: playback_key_pairs @@ -2416,6 +3008,207 @@ components: WHERE listing.data__TypeName = 'AWS::IVS::PlaybackRestrictionPolicy' AND detail.data__TypeName = 'AWS::IVS::PlaybackRestrictionPolicy' AND listing.region = 'us-east-1' + public_keys: + name: public_keys + id: aws.ivs.public_keys + x-cfn-schema-name: PublicKey + x-cfn-type-name: AWS::IVS::PublicKey + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__PublicKey&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IVS::PublicKey" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IVS::PublicKey" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::IVS::PublicKey" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/public_keys/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/public_keys/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/public_keys/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PublicKeyMaterial') as public_key_material, + JSON_EXTRACT(Properties, '$.Fingerprint') as fingerprint, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::PublicKey' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.PublicKeyMaterial') as public_key_material, + JSON_EXTRACT(detail.Properties, '$.Fingerprint') as fingerprint, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::IVS::PublicKey' + AND detail.data__TypeName = 'AWS::IVS::PublicKey' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PublicKeyMaterial') as public_key_material, + json_extract_path_text(Properties, 'Fingerprint') as fingerprint, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::PublicKey' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'PublicKeyMaterial') as public_key_material, + json_extract_path_text(detail.Properties, 'Fingerprint') as fingerprint, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::IVS::PublicKey' + AND detail.data__TypeName = 'AWS::IVS::PublicKey' + AND listing.region = 'us-east-1' + public_keys_list_only: + name: public_keys_list_only + id: aws.ivs.public_keys_list_only + x-cfn-schema-name: PublicKey + x-cfn-type-name: AWS::IVS::PublicKey + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::PublicKey' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::IVS::PublicKey' + AND region = 'us-east-1' + public_key_tags: + name: public_key_tags + id: aws.ivs.public_key_tags + x-cfn-schema-name: PublicKey + x-cfn-type-name: AWS::IVS::PublicKey + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.PublicKeyMaterial') as public_key_material, + JSON_EXTRACT(detail.Properties, '$.Fingerprint') as fingerprint, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::IVS::PublicKey' + AND detail.data__TypeName = 'AWS::IVS::PublicKey' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'PublicKeyMaterial') as public_key_material, + json_extract_path_text(detail.Properties, 'Fingerprint') as fingerprint, + json_extract_path_text(detail.Properties, 'Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::IVS::PublicKey' + AND detail.data__TypeName = 'AWS::IVS::PublicKey' + AND listing.region = 'us-east-1' recording_configurations: name: recording_configurations id: aws.ivs.recording_configurations @@ -2700,6 +3493,7 @@ components: data__Identifier, JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.AutoParticipantRecordingConfiguration') as auto_participant_recording_configuration, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.ActiveSessionId') as active_session_id FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::Stage' @@ -2712,6 +3506,7 @@ components: detail.region, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.AutoParticipantRecordingConfiguration') as auto_participant_recording_configuration, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.ActiveSessionId') as active_session_id FROM aws.cloud_control.resources listing @@ -2729,6 +3524,7 @@ components: data__Identifier, json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'AutoParticipantRecordingConfiguration') as auto_participant_recording_configuration, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'ActiveSessionId') as active_session_id FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::IVS::Stage' @@ -2741,6 +3537,7 @@ components: detail.region, json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'AutoParticipantRecordingConfiguration') as auto_participant_recording_configuration, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'ActiveSessionId') as active_session_id FROM aws.cloud_control.resources listing @@ -2803,6 +3600,7 @@ components: JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.AutoParticipantRecordingConfiguration') as auto_participant_recording_configuration, JSON_EXTRACT(detail.Properties, '$.ActiveSessionId') as active_session_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -2821,6 +3619,7 @@ components: json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'AutoParticipantRecordingConfiguration') as auto_participant_recording_configuration, json_extract_path_text(detail.Properties, 'ActiveSessionId') as active_session_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -3447,6 +4246,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__IngestConfiguration&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateIngestConfiguration + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateIngestConfigurationRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__PlaybackKeyPair&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -3531,6 +4372,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__PublicKey&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreatePublicKey + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreatePublicKeyRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__RecordingConfiguration&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/ivschat.yaml b/providers/src/aws/v00.00.00000/services/ivschat.yaml index 04b61edb..6a191db6 100644 --- a/providers/src/aws/v00.00.00000/services/ivschat.yaml +++ b/providers/src/aws/v00.00.00000/services/ivschat.yaml @@ -647,6 +647,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - ivschat:TagResource + - ivschat:ListTagsForResource + - ivschat:UntagResource x-required-permissions: create: - ivschat:CreateRoom diff --git a/providers/src/aws/v00.00.00000/services/kafkaconnect.yaml b/providers/src/aws/v00.00.00000/services/kafkaconnect.yaml index 58646b47..79ef7057 100644 --- a/providers/src/aws/v00.00.00000/services/kafkaconnect.yaml +++ b/providers/src/aws/v00.00.00000/services/kafkaconnect.yaml @@ -521,6 +521,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - kafkaconnect:ListTagsForResource + - kafkaconnect:UntagResource + - kafkaconnect:TagResource x-required-permissions: create: - kafkaconnect:DescribeCustomPlugin @@ -765,6 +769,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - kafkaconnect:ListTagsForResource + - kafkaconnect:UntagResource + - kafkaconnect:TagResource x-required-permissions: create: - kafkaconnect:DescribeWorkerConfiguration @@ -900,6 +908,11 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - kafkaconnect:ListTagsForResource + - kafkaconnect:UntagResource + - kafkaconnect:TagResource + - firehose:TagDeliveryStream x-required-permissions: create: - kafkaconnect:CreateConnector diff --git a/providers/src/aws/v00.00.00000/services/kendra.yaml b/providers/src/aws/v00.00.00000/services/kendra.yaml index 7ece2e84..b6bccad5 100644 --- a/providers/src/aws/v00.00.00000/services/kendra.yaml +++ b/providers/src/aws/v00.00.00000/services/kendra.yaml @@ -1858,6 +1858,7 @@ components: enum: - DEVELOPER_EDITION - ENTERPRISE_EDITION + - GEN_AI_ENTERPRISE_EDITION UserContextPolicy: type: string enum: diff --git a/providers/src/aws/v00.00.00000/services/kinesis.yaml b/providers/src/aws/v00.00.00000/services/kinesis.yaml index 74872a27..948e0244 100644 --- a/providers/src/aws/v00.00.00000/services/kinesis.yaml +++ b/providers/src/aws/v00.00.00000/services/kinesis.yaml @@ -385,6 +385,52 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + ResourcePolicy: + type: object + properties: + ResourceArn: + description: The ARN of the AWS Kinesis resource to which the policy applies. + type: string + minLength: 1 + maxLength: 2048 + pattern: arn:aws.*:kinesis:.*:\d{12}:stream/\S+ + anyOf: + - relationshipRef: + typeName: AWS::Kinesis::Stream + propertyPath: /properties/Arn + - relationshipRef: + typeName: AWS::Kinesis::StreamConsumer + propertyPath: /properties/ConsumerARN + ResourcePolicy: + description: A policy document containing permissions to add to the specified resource. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. + type: object + required: + - ResourceArn + - ResourcePolicy + x-stackql-resource-name: resource_policy + description: Resource Type definition for AWS::Kinesis::ResourcePolicy + x-type-name: AWS::Kinesis::ResourcePolicy + x-stackql-primary-identifier: + - ResourceArn + x-create-only-properties: + - ResourceArn + x-required-properties: + - ResourceArn + - ResourcePolicy + x-tagging: + taggable: false + x-required-permissions: + create: + - kinesis:GetResourcePolicy + - kinesis:PutResourcePolicy + read: + - kinesis:GetResourcePolicy + update: + - kinesis:PutResourcePolicy + - kinesis:GetResourcePolicy + delete: + - kinesis:DeleteResourcePolicy + - kinesis:GetResourcePolicy StreamModeDetails: description: When specified, enables or updates the mode of stream. Default is PROVISIONED. additionalProperties: false @@ -487,6 +533,10 @@ components: x-read-only-properties: - Arn x-tagging: + permissions: + - kinesis:AddTagsToStream + - kinesis:RemoveTagsFromStream + - kinesis:ListTagsForStream taggable: true tagOnCreate: true tagUpdatable: true @@ -523,6 +573,39 @@ components: - kinesis:DescribeStreamSummary - kinesis:DeleteStream - kinesis:RemoveTagsFromStream + CreateResourcePolicyRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ResourceArn: + description: The ARN of the AWS Kinesis resource to which the policy applies. + type: string + minLength: 1 + maxLength: 2048 + pattern: arn:aws.*:kinesis:.*:\d{12}:stream/\S+ + anyOf: + - relationshipRef: + typeName: AWS::Kinesis::Stream + propertyPath: /properties/Arn + - relationshipRef: + typeName: AWS::Kinesis::StreamConsumer + propertyPath: /properties/ConsumerARN + ResourcePolicy: + description: A policy document containing permissions to add to the specified resource. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. + type: object + x-stackQL-stringOnly: true + x-title: CreateResourcePolicyRequest + type: object + required: [] CreateStreamRequest: properties: ClientToken: @@ -581,6 +664,85 @@ components: description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: + resource_policies: + name: resource_policies + id: aws.kinesis.resource_policies + x-cfn-schema-name: ResourcePolicy + x-cfn-type-name: AWS::Kinesis::ResourcePolicy + x-identifiers: + - ResourceArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ResourcePolicy&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Kinesis::ResourcePolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Kinesis::ResourcePolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Kinesis::ResourcePolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/resource_policies/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/resource_policies/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/resource_policies/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.ResourcePolicy') as resource_policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Kinesis::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'ResourcePolicy') as resource_policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Kinesis::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' streams: name: streams id: aws.kinesis.streams @@ -937,6 +1099,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' description: Success + /?Action=CreateResource&Version=2021-09-30&__ResourcePolicy&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResourcePolicy + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateResourcePolicyRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Stream&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/kinesisanalyticsv2.yaml b/providers/src/aws/v00.00.00000/services/kinesisanalyticsv2.yaml index 82e559dd..67ff79f9 100644 --- a/providers/src/aws/v00.00.00000/services/kinesisanalyticsv2.yaml +++ b/providers/src/aws/v00.00.00000/services/kinesisanalyticsv2.yaml @@ -402,6 +402,9 @@ components: ApplicationSnapshotConfiguration: description: Describes whether snapshots are enabled for a Flink-based Kinesis Data Analytics application. $ref: '#/components/schemas/ApplicationSnapshotConfiguration' + ApplicationSystemRollbackConfiguration: + description: Describes whether system initiated rollbacks are enabled for a Flink-based Kinesis Data Analytics application. + $ref: '#/components/schemas/ApplicationSystemRollbackConfiguration' EnvironmentProperties: description: Describes execution properties for a Flink-based Kinesis Data Analytics application. $ref: '#/components/schemas/EnvironmentProperties' @@ -520,6 +523,16 @@ components: type: boolean required: - SnapshotsEnabled + ApplicationSystemRollbackConfiguration: + description: Describes whether system initiated rollbacks are enabled for a Flink-based Kinesis Data Analytics application. + type: object + additionalProperties: false + properties: + RollbackEnabled: + description: Describes whether system initiated rollbacks are enabled for a Flink-based Kinesis Data Analytics application. + type: boolean + required: + - RollbackEnabled EnvironmentProperties: description: Describes execution properties for a Flink-based Kinesis Data Analytics application. type: object diff --git a/providers/src/aws/v00.00.00000/services/kinesisfirehose.yaml b/providers/src/aws/v00.00.00000/services/kinesisfirehose.yaml index a4d477cf..8a6cc7a3 100644 --- a/providers/src/aws/v00.00.00000/services/kinesisfirehose.yaml +++ b/providers/src/aws/v00.00.00000/services/kinesisfirehose.yaml @@ -394,6 +394,9 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/Arn KeyType: type: string enum: @@ -432,12 +435,13 @@ components: type: string S3Configuration: $ref: '#/components/schemas/S3DestinationConfiguration' + SecretsManagerConfiguration: + $ref: '#/components/schemas/SecretsManagerConfiguration' BufferingHints: $ref: '#/components/schemas/SplunkBufferingHints' required: - HECEndpoint - S3Configuration - - HECToken - HECEndpointType HttpEndpointDestinationConfiguration: type: object @@ -448,6 +452,9 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn EndpointConfiguration: $ref: '#/components/schemas/HttpEndpointConfiguration' RequestConfiguration: @@ -464,6 +471,8 @@ components: type: string S3Configuration: $ref: '#/components/schemas/S3DestinationConfiguration' + SecretsManagerConfiguration: + $ref: '#/components/schemas/SecretsManagerConfiguration' required: - EndpointConfiguration - S3Configuration @@ -476,14 +485,153 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::Kinesis::Stream + propertyPath: /properties/Arn RoleARN: type: string minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn required: - RoleARN - KinesisStreamARN + DatabaseSourceConfiguration: + type: object + additionalProperties: false + properties: + Type: + type: string + enum: + - MySQL + - PostgreSQL + Endpoint: + type: string + minLength: 1 + maxLength: 255 + pattern: ^(?!\s*$).+ + Port: + type: integer + minimum: 0 + maximum: 65535 + SSLMode: + type: string + enum: + - Disabled + - Enabled + Databases: + $ref: '#/components/schemas/Databases' + Tables: + $ref: '#/components/schemas/DatabaseTables' + Columns: + $ref: '#/components/schemas/DatabaseColumns' + SurrogateKeys: + type: array + items: + type: string + minLength: 1 + maxLength: 1024 + pattern: ^\S+$ + SnapshotWatermarkTable: + $ref: '#/components/schemas/DatabaseTableName' + DatabaseSourceAuthenticationConfiguration: + $ref: '#/components/schemas/DatabaseSourceAuthenticationConfiguration' + DatabaseSourceVPCConfiguration: + $ref: '#/components/schemas/DatabaseSourceVPCConfiguration' + Digest: + type: string + minLength: 1 + maxLength: 512 + pattern: .* + PublicCertificate: + type: string + minLength: 1 + maxLength: 4096 + pattern: .* + required: + - Type + - Endpoint + - Port + - Databases + - Tables + - SnapshotWatermarkTable + - DatabaseSourceAuthenticationConfiguration + - DatabaseSourceVPCConfiguration + Databases: + type: object + additionalProperties: false + properties: + Include: + type: array + items: + $ref: '#/components/schemas/DatabaseName' + Exclude: + type: array + items: + $ref: '#/components/schemas/DatabaseName' + DatabaseName: + type: string + minLength: 1 + maxLength: 64 + pattern: '[\u0001-\uFFFF]*' + DatabaseTables: + type: object + additionalProperties: false + properties: + Include: + type: array + items: + $ref: '#/components/schemas/DatabaseTableName' + Exclude: + type: array + items: + $ref: '#/components/schemas/DatabaseTableName' + DatabaseTableName: + type: string + minLength: 1 + maxLength: 129 + pattern: '[\u0001-\uFFFF]*' + DatabaseColumns: + type: object + additionalProperties: false + properties: + Include: + type: array + items: + $ref: '#/components/schemas/DatabaseColumnName' + Exclude: + type: array + items: + $ref: '#/components/schemas/DatabaseColumnName' + DatabaseColumnName: + type: string + minLength: 1 + maxLength: 194 + pattern: '[\u0001-\uFFFF]*' + DatabaseSourceAuthenticationConfiguration: + type: object + additionalProperties: false + properties: + SecretsManagerConfiguration: + $ref: '#/components/schemas/SecretsManagerConfiguration' + required: + - SecretsManagerConfiguration + DatabaseSourceVPCConfiguration: + type: object + additionalProperties: false + properties: + VpcEndpointServiceName: + $ref: '#/components/schemas/VpcEndpointServiceName' + required: + - VpcEndpointServiceName + VpcEndpointServiceName: + type: string + minLength: 47 + maxLength: 255 + pattern: ([a-zA-Z0-9\-\_]+\.){2,3}vpce\.[a-zA-Z0-9\-]*\.vpce-svc\-[a-zA-Z0-9\-]{17}$ MSKSourceConfiguration: type: object additionalProperties: false @@ -493,11 +641,16 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::MSK::Cluster + propertyPath: /properties/Arn TopicName: type: string minLength: 1 maxLength: 255 pattern: '[a-zA-Z0-9\._\-]+' + ReadFromTimestamp: + type: string AuthenticationConfiguration: $ref: '#/components/schemas/AuthenticationConfiguration' required: @@ -513,6 +666,9 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn Connectivity: type: string enum: @@ -530,6 +686,9 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn SubnetIds: type: array uniqueItems: true @@ -537,6 +696,9 @@ components: type: string minLength: 1 maxLength: 1024 + relationshipRef: + typeName: AWS::EC2::Subnet + propertyPath: /properties/SubnetId minItems: 1 maxItems: 16 SecurityGroupIds: @@ -546,6 +708,9 @@ components: type: string minLength: 1 maxLength: 1024 + relationshipRef: + typeName: AWS::EC2::SecurityGroup + propertyPath: /properties/GroupId minItems: 1 maxItems: 5 required: @@ -572,6 +737,9 @@ components: minLength: 1 maxLength: 2048 pattern: arn:.* + x-relationshipRef: + typeName: AWS::S3::Bucket + propertyPath: /properties/Arn BufferingHints: $ref: '#/components/schemas/BufferingHints' CloudWatchLoggingOptions: @@ -614,6 +782,9 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn S3BackupConfiguration: $ref: '#/components/schemas/S3DestinationConfiguration' S3BackupMode: @@ -633,6 +804,9 @@ components: minLength: 1 maxLength: 2048 pattern: arn:.* + x-relationshipRef: + typeName: AWS::S3::Bucket + propertyPath: /properties/Arn BufferingHints: $ref: '#/components/schemas/BufferingHints' CloudWatchLoggingOptions: @@ -660,6 +834,9 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn required: - BucketARN - RoleARN @@ -688,6 +865,9 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn S3BackupConfiguration: $ref: '#/components/schemas/S3DestinationConfiguration' S3BackupMode: @@ -697,17 +877,17 @@ components: - Enabled S3Configuration: $ref: '#/components/schemas/S3DestinationConfiguration' + SecretsManagerConfiguration: + $ref: '#/components/schemas/SecretsManagerConfiguration' Username: type: string minLength: 1 maxLength: 512 required: - S3Configuration - - Username - ClusterJDBCURL - CopyCommand - RoleARN - - Password ElasticsearchDestinationConfiguration: type: object additionalProperties: false @@ -721,6 +901,13 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + anyOf: + - relationshipRef: + typeName: AWS::Elasticsearch::Domain + propertyPath: /properties/Arn + - relationshipRef: + typeName: AWS::OpenSearchService::Domain + propertyPath: /properties/Arn IndexName: type: string minLength: 1 @@ -742,6 +929,9 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn S3BackupMode: type: string enum: @@ -800,6 +990,9 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn S3BackupMode: type: string enum: @@ -845,6 +1038,9 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn S3BackupMode: type: string enum: @@ -857,6 +1053,9 @@ components: minLength: 1 maxLength: 512 pattern: https:.* + x-relationshipRef: + typeName: AWS::OpenSearchServerless::Collection + propertyPath: /properties/CollectionEndpoint VpcConfiguration: $ref: '#/components/schemas/VpcConfiguration' required: @@ -924,6 +1123,9 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn RetryOptions: $ref: '#/components/schemas/SnowflakeRetryOptions' S3BackupMode: @@ -933,15 +1135,89 @@ components: - AllData S3Configuration: $ref: '#/components/schemas/S3DestinationConfiguration' + SecretsManagerConfiguration: + $ref: '#/components/schemas/SecretsManagerConfiguration' + BufferingHints: + $ref: '#/components/schemas/SnowflakeBufferingHints' required: - AccountUrl - - PrivateKey - - User - Database - Schema - Table - RoleARN - S3Configuration + IcebergDestinationConfiguration: + type: object + additionalProperties: false + properties: + DestinationTableConfigurationList: + $ref: '#/components/schemas/DestinationTableConfigurationList' + ProcessingConfiguration: + $ref: '#/components/schemas/ProcessingConfiguration' + CloudWatchLoggingOptions: + $ref: '#/components/schemas/CloudWatchLoggingOptions' + CatalogConfiguration: + $ref: '#/components/schemas/CatalogConfiguration' + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn + RetryOptions: + $ref: '#/components/schemas/RetryOptions' + s3BackupMode: + type: string + enum: + - AllData + - FailedDataOnly + BufferingHints: + $ref: '#/components/schemas/BufferingHints' + S3Configuration: + $ref: '#/components/schemas/S3DestinationConfiguration' + required: + - RoleARN + - CatalogConfiguration + - S3Configuration + CatalogConfiguration: + type: object + additionalProperties: false + properties: + CatalogArn: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.* + DestinationTableConfiguration: + type: object + additionalProperties: false + properties: + DestinationTableName: + type: string + minLength: 1 + maxLength: 512 + DestinationDatabaseName: + type: string + minLength: 1 + maxLength: 512 + S3ErrorOutputPrefix: + type: string + minLength: 1 + maxLength: 1024 + UniqueKeys: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/UniqueKey' + required: + - DestinationDatabaseName + - DestinationTableName + UniqueKey: + type: string + minLength: 1 + maxLength: 512 BufferingHints: type: object additionalProperties: false @@ -961,6 +1237,10 @@ components: uniqueItems: true items: $ref: '#/components/schemas/Processor' + DestinationTableConfigurationList: + type: array + items: + $ref: '#/components/schemas/DestinationTableConfiguration' SplunkRetryOptions: type: object additionalProperties: false @@ -1083,6 +1363,14 @@ components: type: integer SizeInMBs: type: integer + SnowflakeBufferingHints: + type: object + additionalProperties: false + properties: + IntervalInSeconds: + type: integer + SizeInMBs: + type: integer CloudWatchLoggingOptions: type: object additionalProperties: false @@ -1091,8 +1379,14 @@ components: type: boolean LogGroupName: type: string + x-relationshipRef: + typeName: AWS::Logs::LogGroup + propertyPath: /properties/LogGroupName LogStreamName: type: string + x-relationshipRef: + typeName: AWS::Logs::LogStream + propertyPath: /properties/LogStreamName OutputFormatConfiguration: type: object additionalProperties: false @@ -1125,6 +1419,9 @@ components: properties: AWSKMSKeyARN: type: string + x-relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/Arn required: - AWSKMSKeyARN InputFormatConfiguration: @@ -1141,6 +1438,9 @@ components: type: string DatabaseName: type: string + x-relationshipRef: + typeName: AWS::Glue::Database + propertyPath: /properties/Id Region: type: string RoleARN: @@ -1148,8 +1448,14 @@ components: minLength: 1 maxLength: 512 pattern: arn:.* + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn TableName: type: string + x-relationshipRef: + typeName: AWS::Glue::Table + propertyPath: /properties/Id VersionId: type: string Serializer: @@ -1168,6 +1474,16 @@ components: type: string ParameterValue: type: string + anyOf: + - relationshipRef: + typeName: AWS::Lambda::Function + propertyPath: /properties/Arn + - relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn + - relationshipRef: + typeName: AWS::Lambda::Alias + propertyPath: /properties/Id required: - ParameterValue - ParameterName @@ -1315,6 +1631,30 @@ components: pattern: ([a-zA-Z0-9\-\_]+\.){2,3}vpce\.[a-zA-Z0-9\-]*\.vpce-svc\-[a-zA-Z0-9\-]{17}$ required: - PrivateLinkVpceId + SecretsManagerConfiguration: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + RoleARN: + type: string + minLength: 1 + maxLength: 512 + pattern: arn:.*:iam::\d{12}:role/[a-zA-Z_0-9+=,.@\-_/]+ + x-relationshipRef: + typeName: AWS::IAM::Role + propertyPath: /properties/Arn + SecretARN: + type: string + minLength: 1 + maxLength: 2048 + pattern: arn:.*:secretsmanager:[a-zA-Z0-9\-]+:\d{12}:secret:[a-zA-Z0-9\-/_+=.@]+ + x-relationshipRef: + typeName: AWS::SecretsManager::Secret + propertyPath: /properties/Arn + required: + - Enabled Tag: type: object additionalProperties: false @@ -1346,6 +1686,7 @@ components: DeliveryStreamType: type: string enum: + - DatabaseAsSource - DirectPut - KinesisStreamAsSource - MSKAsSource @@ -1357,6 +1698,8 @@ components: $ref: '#/components/schemas/AmazonOpenSearchServerlessDestinationConfiguration' ExtendedS3DestinationConfiguration: $ref: '#/components/schemas/ExtendedS3DestinationConfiguration' + DatabaseSourceConfiguration: + $ref: '#/components/schemas/DatabaseSourceConfiguration' KinesisStreamSourceConfiguration: $ref: '#/components/schemas/KinesisStreamSourceConfiguration' MSKSourceConfiguration: @@ -1371,6 +1714,8 @@ components: $ref: '#/components/schemas/HttpEndpointDestinationConfiguration' SnowflakeDestinationConfiguration: $ref: '#/components/schemas/SnowflakeDestinationConfiguration' + IcebergDestinationConfiguration: + $ref: '#/components/schemas/IcebergDestinationConfiguration' Tags: type: array items: @@ -1388,8 +1733,10 @@ components: - ElasticsearchDestinationConfiguration/VpcConfiguration - AmazonopensearchserviceDestinationConfiguration/VpcConfiguration - AmazonOpenSearchServerlessDestinationConfiguration/VpcConfiguration + - DatabaseSourceConfiguration - KinesisStreamSourceConfiguration - MSKSourceConfiguration + - IcebergDestinationConfiguration - SnowflakeDestinationConfiguration/SnowflakeVpcConfiguration x-read-only-properties: - Arn @@ -1447,6 +1794,7 @@ components: DeliveryStreamType: type: string enum: + - DatabaseAsSource - DirectPut - KinesisStreamAsSource - MSKAsSource @@ -1458,6 +1806,8 @@ components: $ref: '#/components/schemas/AmazonOpenSearchServerlessDestinationConfiguration' ExtendedS3DestinationConfiguration: $ref: '#/components/schemas/ExtendedS3DestinationConfiguration' + DatabaseSourceConfiguration: + $ref: '#/components/schemas/DatabaseSourceConfiguration' KinesisStreamSourceConfiguration: $ref: '#/components/schemas/KinesisStreamSourceConfiguration' MSKSourceConfiguration: @@ -1472,6 +1822,8 @@ components: $ref: '#/components/schemas/HttpEndpointDestinationConfiguration' SnowflakeDestinationConfiguration: $ref: '#/components/schemas/SnowflakeDestinationConfiguration' + IcebergDestinationConfiguration: + $ref: '#/components/schemas/IcebergDestinationConfiguration' Tags: type: array items: @@ -1561,6 +1913,7 @@ components: JSON_EXTRACT(Properties, '$.AmazonopensearchserviceDestinationConfiguration') as amazonopensearchservice_destination_configuration, JSON_EXTRACT(Properties, '$.AmazonOpenSearchServerlessDestinationConfiguration') as amazon_open_search_serverless_destination_configuration, JSON_EXTRACT(Properties, '$.ExtendedS3DestinationConfiguration') as extended_s3_destination_configuration, + JSON_EXTRACT(Properties, '$.DatabaseSourceConfiguration') as database_source_configuration, JSON_EXTRACT(Properties, '$.KinesisStreamSourceConfiguration') as kinesis_stream_source_configuration, JSON_EXTRACT(Properties, '$.MSKSourceConfiguration') as msk_source_configuration, JSON_EXTRACT(Properties, '$.RedshiftDestinationConfiguration') as redshift_destination_configuration, @@ -1568,6 +1921,7 @@ components: JSON_EXTRACT(Properties, '$.SplunkDestinationConfiguration') as splunk_destination_configuration, JSON_EXTRACT(Properties, '$.HttpEndpointDestinationConfiguration') as http_endpoint_destination_configuration, JSON_EXTRACT(Properties, '$.SnowflakeDestinationConfiguration') as snowflake_destination_configuration, + JSON_EXTRACT(Properties, '$.IcebergDestinationConfiguration') as iceberg_destination_configuration, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KinesisFirehose::DeliveryStream' AND data__Identifier = '' @@ -1585,6 +1939,7 @@ components: JSON_EXTRACT(detail.Properties, '$.AmazonopensearchserviceDestinationConfiguration') as amazonopensearchservice_destination_configuration, JSON_EXTRACT(detail.Properties, '$.AmazonOpenSearchServerlessDestinationConfiguration') as amazon_open_search_serverless_destination_configuration, JSON_EXTRACT(detail.Properties, '$.ExtendedS3DestinationConfiguration') as extended_s3_destination_configuration, + JSON_EXTRACT(detail.Properties, '$.DatabaseSourceConfiguration') as database_source_configuration, JSON_EXTRACT(detail.Properties, '$.KinesisStreamSourceConfiguration') as kinesis_stream_source_configuration, JSON_EXTRACT(detail.Properties, '$.MSKSourceConfiguration') as msk_source_configuration, JSON_EXTRACT(detail.Properties, '$.RedshiftDestinationConfiguration') as redshift_destination_configuration, @@ -1592,6 +1947,7 @@ components: JSON_EXTRACT(detail.Properties, '$.SplunkDestinationConfiguration') as splunk_destination_configuration, JSON_EXTRACT(detail.Properties, '$.HttpEndpointDestinationConfiguration') as http_endpoint_destination_configuration, JSON_EXTRACT(detail.Properties, '$.SnowflakeDestinationConfiguration') as snowflake_destination_configuration, + JSON_EXTRACT(detail.Properties, '$.IcebergDestinationConfiguration') as iceberg_destination_configuration, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -1614,6 +1970,7 @@ components: json_extract_path_text(Properties, 'AmazonopensearchserviceDestinationConfiguration') as amazonopensearchservice_destination_configuration, json_extract_path_text(Properties, 'AmazonOpenSearchServerlessDestinationConfiguration') as amazon_open_search_serverless_destination_configuration, json_extract_path_text(Properties, 'ExtendedS3DestinationConfiguration') as extended_s3_destination_configuration, + json_extract_path_text(Properties, 'DatabaseSourceConfiguration') as database_source_configuration, json_extract_path_text(Properties, 'KinesisStreamSourceConfiguration') as kinesis_stream_source_configuration, json_extract_path_text(Properties, 'MSKSourceConfiguration') as msk_source_configuration, json_extract_path_text(Properties, 'RedshiftDestinationConfiguration') as redshift_destination_configuration, @@ -1621,6 +1978,7 @@ components: json_extract_path_text(Properties, 'SplunkDestinationConfiguration') as splunk_destination_configuration, json_extract_path_text(Properties, 'HttpEndpointDestinationConfiguration') as http_endpoint_destination_configuration, json_extract_path_text(Properties, 'SnowflakeDestinationConfiguration') as snowflake_destination_configuration, + json_extract_path_text(Properties, 'IcebergDestinationConfiguration') as iceberg_destination_configuration, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::KinesisFirehose::DeliveryStream' AND data__Identifier = '' @@ -1638,6 +1996,7 @@ components: json_extract_path_text(detail.Properties, 'AmazonopensearchserviceDestinationConfiguration') as amazonopensearchservice_destination_configuration, json_extract_path_text(detail.Properties, 'AmazonOpenSearchServerlessDestinationConfiguration') as amazon_open_search_serverless_destination_configuration, json_extract_path_text(detail.Properties, 'ExtendedS3DestinationConfiguration') as extended_s3_destination_configuration, + json_extract_path_text(detail.Properties, 'DatabaseSourceConfiguration') as database_source_configuration, json_extract_path_text(detail.Properties, 'KinesisStreamSourceConfiguration') as kinesis_stream_source_configuration, json_extract_path_text(detail.Properties, 'MSKSourceConfiguration') as msk_source_configuration, json_extract_path_text(detail.Properties, 'RedshiftDestinationConfiguration') as redshift_destination_configuration, @@ -1645,6 +2004,7 @@ components: json_extract_path_text(detail.Properties, 'SplunkDestinationConfiguration') as splunk_destination_configuration, json_extract_path_text(detail.Properties, 'HttpEndpointDestinationConfiguration') as http_endpoint_destination_configuration, json_extract_path_text(detail.Properties, 'SnowflakeDestinationConfiguration') as snowflake_destination_configuration, + json_extract_path_text(detail.Properties, 'IcebergDestinationConfiguration') as iceberg_destination_configuration, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -1712,13 +2072,15 @@ components: JSON_EXTRACT(detail.Properties, '$.AmazonopensearchserviceDestinationConfiguration') as amazonopensearchservice_destination_configuration, JSON_EXTRACT(detail.Properties, '$.AmazonOpenSearchServerlessDestinationConfiguration') as amazon_open_search_serverless_destination_configuration, JSON_EXTRACT(detail.Properties, '$.ExtendedS3DestinationConfiguration') as extended_s3_destination_configuration, + JSON_EXTRACT(detail.Properties, '$.DatabaseSourceConfiguration') as database_source_configuration, JSON_EXTRACT(detail.Properties, '$.KinesisStreamSourceConfiguration') as kinesis_stream_source_configuration, JSON_EXTRACT(detail.Properties, '$.MSKSourceConfiguration') as msk_source_configuration, JSON_EXTRACT(detail.Properties, '$.RedshiftDestinationConfiguration') as redshift_destination_configuration, JSON_EXTRACT(detail.Properties, '$.S3DestinationConfiguration') as s3_destination_configuration, JSON_EXTRACT(detail.Properties, '$.SplunkDestinationConfiguration') as splunk_destination_configuration, JSON_EXTRACT(detail.Properties, '$.HttpEndpointDestinationConfiguration') as http_endpoint_destination_configuration, - JSON_EXTRACT(detail.Properties, '$.SnowflakeDestinationConfiguration') as snowflake_destination_configuration + JSON_EXTRACT(detail.Properties, '$.SnowflakeDestinationConfiguration') as snowflake_destination_configuration, + JSON_EXTRACT(detail.Properties, '$.IcebergDestinationConfiguration') as iceberg_destination_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1742,13 +2104,15 @@ components: json_extract_path_text(detail.Properties, 'AmazonopensearchserviceDestinationConfiguration') as amazonopensearchservice_destination_configuration, json_extract_path_text(detail.Properties, 'AmazonOpenSearchServerlessDestinationConfiguration') as amazon_open_search_serverless_destination_configuration, json_extract_path_text(detail.Properties, 'ExtendedS3DestinationConfiguration') as extended_s3_destination_configuration, + json_extract_path_text(detail.Properties, 'DatabaseSourceConfiguration') as database_source_configuration, json_extract_path_text(detail.Properties, 'KinesisStreamSourceConfiguration') as kinesis_stream_source_configuration, json_extract_path_text(detail.Properties, 'MSKSourceConfiguration') as msk_source_configuration, json_extract_path_text(detail.Properties, 'RedshiftDestinationConfiguration') as redshift_destination_configuration, json_extract_path_text(detail.Properties, 'S3DestinationConfiguration') as s3_destination_configuration, json_extract_path_text(detail.Properties, 'SplunkDestinationConfiguration') as splunk_destination_configuration, json_extract_path_text(detail.Properties, 'HttpEndpointDestinationConfiguration') as http_endpoint_destination_configuration, - json_extract_path_text(detail.Properties, 'SnowflakeDestinationConfiguration') as snowflake_destination_configuration + json_extract_path_text(detail.Properties, 'SnowflakeDestinationConfiguration') as snowflake_destination_configuration, + json_extract_path_text(detail.Properties, 'IcebergDestinationConfiguration') as iceberg_destination_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/kms.yaml b/providers/src/aws/v00.00.00000/services/kms.yaml index bd467597..8c4d48fe 100644 --- a/providers/src/aws/v00.00.00000/services/kms.yaml +++ b/providers/src/aws/v00.00.00000/services/kms.yaml @@ -526,17 +526,19 @@ components: Determines the [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. The default value is ``ENCRYPT_DECRYPT``. This property is required for asymmetric KMS keys and HMAC KMS keys. You can't change the ``KeyUsage`` value after the KMS key is created. If you change the value of the ``KeyUsage`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value. Select only one valid value. - + For symmetric encryption KMS keys, omit the property or specify ``ENCRYPT_DECRYPT``. - + For asymmetric KMS keys with RSA key material, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``. - + For asymmetric KMS keys with ECC key material, specify ``SIGN_VERIFY``. - + For asymmetric KMS keys with SM2 (China Regions only) key material, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``. - + For HMAC KMS keys, specify ``GENERATE_VERIFY_MAC``. + + For symmetric encryption KMS keys, omit the parameter or specify ``ENCRYPT_DECRYPT``. + + For HMAC KMS keys (symmetric), specify ``GENERATE_VERIFY_MAC``. + + For asymmetric KMS keys with RSA key pairs, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``. + + For asymmetric KMS keys with NIST-recommended elliptic curve key pairs, specify ``SIGN_VERIFY`` or ``KEY_AGREEMENT``. + + For asymmetric KMS keys with ``ECC_SECG_P256K1`` key pairs specify ``SIGN_VERIFY``. + + For asymmetric KMS keys with SM2 key pairs (China Regions only), specify ``ENCRYPT_DECRYPT``, ``SIGN_VERIFY``, or ``KEY_AGREEMENT``. type: string default: ENCRYPT_DECRYPT enum: - ENCRYPT_DECRYPT - SIGN_VERIFY - GENERATE_VERIFY_MAC + - KEY_AGREEMENT Origin: description: |- The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is ``AWS_KMS``, which means that KMS creates the key material. @@ -565,21 +567,21 @@ components: + ``HMAC_384`` + ``HMAC_512`` - + Asymmetric RSA key pairs + + Asymmetric RSA key pairs (encryption and decryption *or* signing and verification) + ``RSA_2048`` + ``RSA_3072`` + ``RSA_4096`` - + Asymmetric NIST-recommended elliptic curve key pairs + + Asymmetric NIST-recommended elliptic curve key pairs (signing and verification *or* deriving shared secrets) + ``ECC_NIST_P256`` (secp256r1) + ``ECC_NIST_P384`` (secp384r1) + ``ECC_NIST_P521`` (secp521r1) - + Other asymmetric elliptic curve key pairs + + Other asymmetric elliptic curve key pairs (signing and verification) + ``ECC_SECG_P256K1`` (secp256k1), commonly used for cryptocurrencies. - + SM2 key pairs (China Regions only) - + ``SM2`` + + SM2 key pairs (encryption and decryption *or* signing and verification *or* deriving shared secrets) + + ``SM2`` (China Regions only) type: string default: SYMMETRIC_DEFAULT enum: @@ -766,6 +768,7 @@ components: taggable: true tagOnCreate: true tagUpdatable: true + tagProperty: /properties/Tags cloudFormationSystemTags: false x-required-permissions: read: @@ -901,17 +904,19 @@ components: Determines the [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. The default value is ``ENCRYPT_DECRYPT``. This property is required for asymmetric KMS keys and HMAC KMS keys. You can't change the ``KeyUsage`` value after the KMS key is created. If you change the value of the ``KeyUsage`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value. Select only one valid value. - + For symmetric encryption KMS keys, omit the property or specify ``ENCRYPT_DECRYPT``. - + For asymmetric KMS keys with RSA key material, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``. - + For asymmetric KMS keys with ECC key material, specify ``SIGN_VERIFY``. - + For asymmetric KMS keys with SM2 (China Regions only) key material, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``. - + For HMAC KMS keys, specify ``GENERATE_VERIFY_MAC``. + + For symmetric encryption KMS keys, omit the parameter or specify ``ENCRYPT_DECRYPT``. + + For HMAC KMS keys (symmetric), specify ``GENERATE_VERIFY_MAC``. + + For asymmetric KMS keys with RSA key pairs, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``. + + For asymmetric KMS keys with NIST-recommended elliptic curve key pairs, specify ``SIGN_VERIFY`` or ``KEY_AGREEMENT``. + + For asymmetric KMS keys with ``ECC_SECG_P256K1`` key pairs specify ``SIGN_VERIFY``. + + For asymmetric KMS keys with SM2 key pairs (China Regions only), specify ``ENCRYPT_DECRYPT``, ``SIGN_VERIFY``, or ``KEY_AGREEMENT``. type: string default: ENCRYPT_DECRYPT enum: - ENCRYPT_DECRYPT - SIGN_VERIFY - GENERATE_VERIFY_MAC + - KEY_AGREEMENT Origin: description: |- The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is ``AWS_KMS``, which means that KMS creates the key material. @@ -940,21 +945,21 @@ components: + ``HMAC_384`` + ``HMAC_512`` - + Asymmetric RSA key pairs + + Asymmetric RSA key pairs (encryption and decryption *or* signing and verification) + ``RSA_2048`` + ``RSA_3072`` + ``RSA_4096`` - + Asymmetric NIST-recommended elliptic curve key pairs + + Asymmetric NIST-recommended elliptic curve key pairs (signing and verification *or* deriving shared secrets) + ``ECC_NIST_P256`` (secp256r1) + ``ECC_NIST_P384`` (secp384r1) + ``ECC_NIST_P521`` (secp521r1) - + Other asymmetric elliptic curve key pairs + + Other asymmetric elliptic curve key pairs (signing and verification) + ``ECC_SECG_P256K1`` (secp256k1), commonly used for cryptocurrencies. - + SM2 key pairs (China Regions only) - + ``SM2`` + + SM2 key pairs (encryption and decryption *or* signing and verification *or* deriving shared secrets) + + ``SM2`` (China Regions only) type: string default: SYMMETRIC_DEFAULT enum: diff --git a/providers/src/aws/v00.00.00000/services/lakeformation.yaml b/providers/src/aws/v00.00.00000/services/lakeformation.yaml index 66fb3300..428443fe 100644 --- a/providers/src/aws/v00.00.00000/services/lakeformation.yaml +++ b/providers/src/aws/v00.00.00000/services/lakeformation.yaml @@ -690,8 +690,9 @@ components: - CREATE_DATABASE - CREATE_TABLE - DATA_LOCATION_ACCESS - - CREATE_TAG + - CREATE_LF_TAG - ASSOCIATE + - GRANT_WITH_LF_TAG_EXPRESSION LFTagKey: type: string minLength: 1 diff --git a/providers/src/aws/v00.00.00000/services/lambda.yaml b/providers/src/aws/v00.00.00000/services/lambda.yaml index f079e0f8..d75697ed 100644 --- a/providers/src/aws/v00.00.00000/services/lambda.yaml +++ b/providers/src/aws/v00.00.00000/services/lambda.yaml @@ -385,6 +385,110 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + ProvisionedConcurrencyConfiguration: + type: object + description: A provisioned concurrency configuration for a function's version. + additionalProperties: false + properties: + ProvisionedConcurrentExecutions: + type: integer + description: The amount of provisioned concurrency to allocate for the version. + required: + - ProvisionedConcurrentExecutions + VersionWeight: + type: object + description: The traffic-shifting configuration of a Lambda function alias. + additionalProperties: false + properties: + FunctionWeight: + type: number + description: The percentage of traffic that the alias routes to the second version. + FunctionVersion: + type: string + description: The qualifier of the second version. + required: + - FunctionVersion + - FunctionWeight + AliasRoutingConfiguration: + type: object + description: The traffic-shifting configuration of a Lambda function alias. + additionalProperties: false + properties: + AdditionalVersionWeights: + type: array + description: The second version, and the percentage of traffic that's routed to it. + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/VersionWeight' + Alias: + type: object + properties: + FunctionName: + description: The name of the Lambda function. + type: string + AliasArn: + description: Lambda Alias ARN generated by the service. + type: string + ProvisionedConcurrencyConfig: + description: Specifies a provisioned concurrency configuration for a function's alias. + $ref: '#/components/schemas/ProvisionedConcurrencyConfiguration' + Description: + description: A description of the alias. + type: string + FunctionVersion: + description: The function version that the alias invokes. + type: string + RoutingConfig: + description: The routing configuration of the alias. + $ref: '#/components/schemas/AliasRoutingConfiguration' + Name: + description: The name of the alias. + type: string + required: + - FunctionName + - FunctionVersion + - Name + x-stackql-resource-name: alias + description: Resource Type definition for AWS::Lambda::Alias + x-type-name: AWS::Lambda::Alias + x-stackql-primary-identifier: + - AliasArn + x-create-only-properties: + - Name + - FunctionName + x-read-only-properties: + - AliasArn + x-required-properties: + - FunctionName + - FunctionVersion + - Name + x-tagging: + taggable: false + x-required-permissions: + create: + - lambda:CreateAlias + - lambda:PutProvisionedConcurrencyConfig + - lambda:GetProvisionedConcurrencyConfig + read: + - lambda:GetAlias + - lambda:GetProvisionedConcurrencyConfig + delete: + - lambda:DeleteAlias + - lambda:GetAlias + list: + - lambda:ListAliases + update: + - lambda:UpdateAlias + - lambda:GetAlias + - lambda:PutProvisionedConcurrencyConfig + - lambda:DeleteProvisionedConcurrencyConfig + - lambda:GetProvisionedConcurrencyConfig + - codedeploy:CreateDeployment + - codedeploy:GetDeployment + - codedeploy:GetDeploymentGroup + - codedeploy:GetDeploymentConfig + - codedeploy:StopDeployment AllowedPublishers: type: object description: When the CodeSigningConfig is later on attached to a function, the function code will be expected to be signed by profiles from this list @@ -416,6 +520,23 @@ components: - Enforce required: - UntrustedArtifactOnDeployment + Tag: + description: A [tag](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function. + additionalProperties: false + type: object + properties: + Value: + minLength: 0 + description: The value for this tag. + type: string + maxLength: 256 + Key: + minLength: 1 + description: The key for this tag. + type: string + maxLength: 128 + required: + - Key CodeSigningConfig: type: object properties: @@ -438,6 +559,13 @@ components: description: A unique Arn for CodeSigningConfig resource type: string pattern: arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:code-signing-config:csc-[a-z0-9]{17} + Tags: + description: A list of tags to apply to CodeSigningConfig resource + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' required: - AllowedPublishers x-stackql-resource-name: code_signing_config @@ -450,39 +578,49 @@ components: - CodeSigningConfigArn x-required-properties: - AllowedPublishers + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags x-required-permissions: create: - lambda:CreateCodeSigningConfig + - lambda:TagResource read: - lambda:GetCodeSigningConfig + - lambda:ListTags update: - lambda:UpdateCodeSigningConfig + - lambda:ListTags + - lambda:TagResource + - lambda:UntagResource delete: - lambda:DeleteCodeSigningConfig list: - lambda:ListCodeSigningConfigs DestinationConfig: - description: A configuration object that specifies the destination of an event after Lambda processes it. - additionalProperties: false type: object + additionalProperties: false + description: A configuration object that specifies the destination of an event after Lambda processes it. properties: OnFailure: description: The destination configuration for failed invocations. $ref: '#/components/schemas/OnFailure' OnFailure: + type: object description: A destination for events that failed processing. additionalProperties: false - type: object properties: Destination: - minLength: 12 - pattern: arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1})?:(\d{12})?:(.*) description: |- The Amazon Resource Name (ARN) of the destination resource. - To retain records of [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations), you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination. - To retain records of failed invocations from [Kinesis and DynamoDB event sources](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations), you can configure an Amazon SNS topic or Amazon SQS queue as the destination. - To retain records of failed invocations from [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination), you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination. + To retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations), you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination. + To retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html), [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html), [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination), you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination. type: string + pattern: arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1})?:(\d{12})?:(.*) + minLength: 12 maxLength: 1024 OnSuccess: description: The destination configuration for successful invocations. @@ -491,7 +629,7 @@ components: Destination: description: The Amazon Resource Name (ARN) of the destination resource. type: string - pattern: ^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}(-gov)?-[a-z]+-\d{1})?:(\d{12})?:(.*) + pattern: ^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1})?:(\d{12})?:(.*) minLength: 0 maxLength: 350 required: @@ -505,7 +643,7 @@ components: FunctionName: description: The name of the Lambda function. type: string - pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ + pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ MaximumEventAgeInSeconds: description: The maximum age of a request that Lambda sends to a function for processing. type: integer @@ -551,31 +689,34 @@ components: - lambda:DeleteFunctionEventInvokeConfig list: - lambda:ListFunctionEventInvokeConfigs - ScalingConfig: - description: (Amazon SQS only) The scaling configuration for the event source. To remove the configuration, pass an empty value. - additionalProperties: false + FilterCriteria: type: object - properties: - MaximumConcurrency: - description: Limits the number of concurrent instances that the SQS event source can invoke. - $ref: '#/components/schemas/MaximumConcurrency' - SelfManagedEventSource: - description: The self-managed Apache Kafka cluster for your event source. + description: An object that contains the filters for an event source. additionalProperties: false + properties: + Filters: + description: A list of filters. + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Filter' + minItems: 1 + maxItems: 20 + Filter: type: object + description: A structure within a ``FilterCriteria`` object that defines an event filtering pattern. + additionalProperties: false properties: - Endpoints: - description: 'The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]``.' - $ref: '#/components/schemas/Endpoints' - MaximumConcurrency: - description: The maximum number of concurrent functions that an event source can invoke. - maximum: 1000 - type: integer - minimum: 2 + Pattern: + type: string + description: A filter pattern. For more information on the syntax of a filter pattern, see [Filter rule syntax](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-syntax). + pattern: .* + minLength: 0 + maxLength: 4096 SourceAccessConfiguration: - description: An array of the authentication protocol, VPC components, or virtual host to secure and define your event source. - additionalProperties: false type: object + additionalProperties: false + description: An array of the authentication protocol, VPC components, or virtual host to secure and define your event source. properties: Type: description: |- @@ -589,7 +730,6 @@ components: + ``VIRTUAL_HOST`` –- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call. + ``CLIENT_CERTIFICATE_TLS_AUTH`` – (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers. + ``SERVER_ROOT_CA_CERTIFICATE`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers. - type: string enum: - BASIC_AUTH - VPC_SUBNET @@ -599,157 +739,133 @@ components: - VIRTUAL_HOST - CLIENT_CERTIFICATE_TLS_AUTH - SERVER_ROOT_CA_CERTIFICATE + type: string URI: - minLength: 1 - pattern: '[a-zA-Z0-9-\/*:_+=.@-]*' description: 'The value for your chosen configuration in ``Type``. For example: ``"URI": "arn:aws:secretsmanager:us-east-1:01234567890:secret:MyBrokerSecretName"``.' type: string + pattern: '[a-zA-Z0-9-\/*:_+=.@-]*' + minLength: 1 maxLength: 200 - FilterCriteria: - description: An object that contains the filters for an event source. + SelfManagedEventSource: + type: object additionalProperties: false + description: The self-managed Apache Kafka cluster for your event source. + properties: + Endpoints: + description: 'The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]``.' + $ref: '#/components/schemas/Endpoints' + Endpoints: type: object + additionalProperties: false + description: 'The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]``.' properties: - Filters: - minItems: 1 - maxItems: 20 - uniqueItems: true - description: A list of filters. + KafkaBootstrapServers: type: array + description: 'The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]``.' + uniqueItems: true items: - $ref: '#/components/schemas/Filter' + type: string + description: The URL of a Kafka server. + pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]):[0-9]{1,5} + minLength: 1 + maxLength: 300 + minItems: 1 + maxItems: 10 + ConsumerGroupId: + description: The identifier for the Kafka Consumer Group to join. + type: string + pattern: '[a-zA-Z0-9-\/*:_+=.@-]*' + minLength: 1 + maxLength: 200 + AmazonManagedKafkaEventSourceConfig: + description: Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source. + type: object + additionalProperties: false + properties: + ConsumerGroupId: + description: The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id). + $ref: '#/components/schemas/ConsumerGroupId' SelfManagedKafkaEventSourceConfig: description: Specific configuration settings for a self-managed Apache Kafka event source. - additionalProperties: false type: object + additionalProperties: false properties: ConsumerGroupId: description: The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id). $ref: '#/components/schemas/ConsumerGroupId' + MaximumConcurrency: + description: The maximum number of concurrent functions that an event source can invoke. + type: integer + minimum: 2 + maximum: 1000 + ScalingConfig: + description: (Amazon SQS only) The scaling configuration for the event source. To remove the configuration, pass an empty value. + type: object + additionalProperties: false + properties: + MaximumConcurrency: + description: Limits the number of concurrent instances that the SQS event source can invoke. + $ref: '#/components/schemas/MaximumConcurrency' DocumentDBEventSourceConfig: description: Specific configuration settings for a DocumentDB event source. - additionalProperties: false type: object + additionalProperties: false properties: - FullDocument: - description: Determines what DocumentDB sends to your event stream during document update operations. If set to UpdateLookup, DocumentDB sends a delta describing the changes, along with a copy of the entire document. Otherwise, DocumentDB sends only a partial document that contains the changes. + DatabaseName: + description: The name of the database to consume within the DocumentDB cluster. type: string - enum: - - UpdateLookup - - Default - CollectionName: minLength: 1 + maxLength: 63 + CollectionName: description: The name of the collection to consume within the database. If you do not specify a collection, Lambda consumes all collections. type: string - maxLength: 57 - DatabaseName: minLength: 1 - description: The name of the database to consume within the DocumentDB cluster. + maxLength: 57 + FullDocument: + description: Determines what DocumentDB sends to your event stream during document update operations. If set to UpdateLookup, DocumentDB sends a delta describing the changes, along with a copy of the entire document. Otherwise, DocumentDB sends only a partial document that contains the changes. type: string - maxLength: 63 - Endpoints: - description: 'The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]``.' + enum: + - UpdateLookup + - Default + ProvisionedPollerConfig: + description: The [provisioned mode](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#invocation-eventsourcemapping-provisioned-mode) configuration for the event source. Use provisioned mode to customize the minimum and maximum number of event pollers for your event source. + type: object additionalProperties: false + properties: + MinimumPollers: + description: The minimum number of event pollers this event source can scale down to. + type: integer + minimum: 1 + maximum: 200 + MaximumPollers: + description: The maximum number of event pollers this event source can scale up to. + type: integer + minimum: 1 + maximum: 2000 + MetricsConfig: + description: The metrics configuration for your event source. Use this configuration object to define which metrics you want your event source mapping to produce. type: object + additionalProperties: false properties: - KafkaBootstrapServers: - minItems: 1 - maxItems: 10 - uniqueItems: true - description: 'The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]``.' + Metrics: + description: The metrics you want your event source mapping to produce. Include ``EventCount`` to receive event source mapping metrics related to the number of events processed by your event source mapping. For more information about these metrics, see [Event source mapping metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-metrics-types.html#event-source-mapping-metrics). type: array + uniqueItems: true items: - minLength: 1 - pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]):[0-9]{1,5} - description: The URL of a Kafka server. type: string - maxLength: 300 - ConsumerGroupId: - minLength: 1 - pattern: '[a-zA-Z0-9-\/*:_+=.@-]*' - description: The identifier for the Kafka Consumer Group to join. - type: string - maxLength: 200 - Filter: - description: A structure within a ``FilterCriteria`` object that defines an event filtering pattern. - additionalProperties: false - type: object - properties: - Pattern: - minLength: 0 - pattern: .* - description: A filter pattern. For more information on the syntax of a filter pattern, see [Filter rule syntax](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-syntax). - type: string - maxLength: 4096 - AmazonManagedKafkaEventSourceConfig: - description: Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source. - additionalProperties: false - type: object - properties: - ConsumerGroupId: - description: The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id). - $ref: '#/components/schemas/ConsumerGroupId' + enum: + - EventCount + minItems: 0 + maxItems: 1 EventSourceMapping: type: object properties: - StartingPosition: - minLength: 6 - pattern: (LATEST|TRIM_HORIZON|AT_TIMESTAMP)+ - description: |- - The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB. - + *LATEST* - Read only new records. - + *TRIM_HORIZON* - Process all available records. - + *AT_TIMESTAMP* - Specify a time from which to start reading records. - type: string - maxLength: 12 - SelfManagedEventSource: - description: The self-managed Apache Kafka cluster for your event source. - $ref: '#/components/schemas/SelfManagedEventSource' - ParallelizationFactor: - description: (Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1. - maximum: 10 - type: integer - minimum: 1 - FilterCriteria: - description: An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html). - $ref: '#/components/schemas/FilterCriteria' - FunctionName: - minLength: 1 - pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))? - description: |- - The name or ARN of the Lambda function. - **Name formats** - + *Function name* – ``MyFunction``. - + *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction``. - + *Version or Alias ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD``. - + *Partial ARN* – ``123456789012:function:MyFunction``. - - The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length. + Id: + description: '' type: string - maxLength: 140 - DestinationConfig: - description: (Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it. - $ref: '#/components/schemas/DestinationConfig' - AmazonManagedKafkaEventSourceConfig: - description: Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source. - $ref: '#/components/schemas/AmazonManagedKafkaEventSourceConfig' - SourceAccessConfigurations: - minItems: 1 - maxItems: 22 - uniqueItems: true - description: An array of the authentication protocol, VPC components, or virtual host to secure and define your event source. - type: array - items: - $ref: '#/components/schemas/SourceAccessConfiguration' - MaximumBatchingWindowInSeconds: - description: |- - The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function. - *Default (, , event sources)*: 0 - *Default (, Kafka, , event sources)*: 500 ms - *Related setting:* For SQS event sources, when you set ``BatchSize`` to a value greater than 10, you must set ``MaximumBatchingWindowInSeconds`` to at least 1. - maximum: 300 - type: integer - minimum: 0 + pattern: '[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}' + minLength: 36 + maxLength: 36 BatchSize: description: |- The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB). @@ -760,36 +876,21 @@ components: + *Self-managed Apache Kafka* – Default 100. Max 10,000. + *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000. + *DocumentDB* – Default 100. Max 10,000. - maximum: 10000 type: integer minimum: 1 - MaximumRetryAttempts: - description: (Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source. maximum: 10000 - type: integer - minimum: -1 - Topics: - minItems: 1 - maxItems: 1 - uniqueItems: true - description: The name of the Kafka topic. - type: array - items: - minLength: 1 - pattern: ^[^.]([a-zA-Z0-9\-_.]+) - type: string - maxLength: 249 - ScalingConfig: - description: (Amazon SQS only) The scaling configuration for the event source. For more information, see [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency). - $ref: '#/components/schemas/ScalingConfig' + BisectBatchOnFunctionError: + description: (Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false. + type: boolean + DestinationConfig: + description: (Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it. + $ref: '#/components/schemas/DestinationConfig' Enabled: description: |- When true, the event source mapping is active. When false, Lambda pauses polling and invocation. Default: True type: boolean EventSourceArn: - minLength: 12 - pattern: arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1})?:(\d{12})?:(.*) description: |- The Amazon Resource Name (ARN) of the event source. + *Amazon Kinesis* – The ARN of the data stream or a stream consumer. @@ -799,60 +900,154 @@ components: + *Amazon MQ* – The ARN of the broker. + *Amazon DocumentDB* – The ARN of the DocumentDB change stream. type: string + pattern: arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1})?:(\d{12})?:(.*) + minLength: 12 maxLength: 1024 - SelfManagedKafkaEventSourceConfig: - description: Specific configuration settings for a self-managed Apache Kafka event source. - $ref: '#/components/schemas/SelfManagedKafkaEventSourceConfig' - DocumentDBEventSourceConfig: - description: Specific configuration settings for a DocumentDB event source. - $ref: '#/components/schemas/DocumentDBEventSourceConfig' - TumblingWindowInSeconds: - description: (Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window. - maximum: 900 + EventSourceMappingArn: + description: '' + type: string + pattern: arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:\d{12}:event-source-mapping:[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12} + minLength: 85 + maxLength: 120 + FilterCriteria: + description: An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html). + $ref: '#/components/schemas/FilterCriteria' + KmsKeyArn: + description: The ARN of the KMSlong (KMS) customer managed key that Lambda uses to encrypt your function's [filter criteria](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics). + type: string + pattern: (arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|() + minLength: 12 + maxLength: 2048 + FunctionName: + description: |- + The name or ARN of the Lambda function. + **Name formats** + + *Function name* – ``MyFunction``. + + *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction``. + + *Version or Alias ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD``. + + *Partial ARN* – ``123456789012:function:MyFunction``. + + The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length. + type: string + pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))? + minLength: 1 + maxLength: 140 + MaximumBatchingWindowInSeconds: + description: |- + The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function. + *Default (, , event sources)*: 0 + *Default (, Kafka, , event sources)*: 500 ms + *Related setting:* For SQS event sources, when you set ``BatchSize`` to a value greater than 10, you must set ``MaximumBatchingWindowInSeconds`` to at least 1. type: integer minimum: 0 - BisectBatchOnFunctionError: - description: (Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false. - type: boolean + maximum: 300 MaximumRecordAgeInSeconds: description: |- (Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records. The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed + type: integer + minimum: -1 maximum: 604800 + MaximumRetryAttempts: + description: (Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source. type: integer minimum: -1 + maximum: 10000 + ParallelizationFactor: + description: (Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1. + type: integer + minimum: 1 + maximum: 10 + StartingPosition: + description: |- + The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB. + + *LATEST* - Read only new records. + + *TRIM_HORIZON* - Process all available records. + + *AT_TIMESTAMP* - Specify a time from which to start reading records. + type: string + pattern: (LATEST|TRIM_HORIZON|AT_TIMESTAMP)+ + minLength: 6 + maxLength: 12 StartingPositionTimestamp: description: With ``StartingPosition`` set to ``AT_TIMESTAMP``, the time from which to start reading, in Unix time seconds. ``StartingPositionTimestamp`` cannot be in the future. type: number - Queues: + Tags: + description: |- + A list of tags to add to the event source mapping. + You must have the ``lambda:TagResource``, ``lambda:UntagResource``, and ``lambda:ListTags`` permissions for your [principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the CFN stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Topics: + description: The name of the Kafka topic. + type: array + uniqueItems: true + items: + type: string + pattern: ^[^.]([a-zA-Z0-9\-_.]+) + minLength: 1 + maxLength: 249 minItems: 1 maxItems: 1 - uniqueItems: true + Queues: description: (Amazon MQ) The name of the Amazon MQ broker destination queue to consume. type: array + uniqueItems: true items: - minLength: 1 - pattern: '[\s\S]*' type: string + pattern: '[\s\S]*' + minLength: 1 maxLength: 1000 - Id: - minLength: 36 - pattern: '[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}' - description: '' - type: string - maxLength: 36 - FunctionResponseTypes: + minItems: 1 + maxItems: 1 + SourceAccessConfigurations: + description: An array of the authentication protocol, VPC components, or virtual host to secure and define your event source. + type: array uniqueItems: true - minLength: 0 + items: + $ref: '#/components/schemas/SourceAccessConfiguration' + minItems: 1 + maxItems: 22 + TumblingWindowInSeconds: + description: (Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window. + type: integer + minimum: 0 + maximum: 900 + FunctionResponseTypes: description: |- - (Streams and SQS) A list of current response type enums applied to the event source mapping. + (Kinesis, DynamoDB Streams, and SQS) A list of current response type enums applied to the event source mapping. Valid Values: ``ReportBatchItemFailures`` type: array + uniqueItems: true items: type: string enum: - ReportBatchItemFailures + minLength: 0 maxLength: 1 + SelfManagedEventSource: + description: The self-managed Apache Kafka cluster for your event source. + $ref: '#/components/schemas/SelfManagedEventSource' + AmazonManagedKafkaEventSourceConfig: + description: Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source. + $ref: '#/components/schemas/AmazonManagedKafkaEventSourceConfig' + SelfManagedKafkaEventSourceConfig: + description: Specific configuration settings for a self-managed Apache Kafka event source. + $ref: '#/components/schemas/SelfManagedKafkaEventSourceConfig' + ScalingConfig: + description: (Amazon SQS only) The scaling configuration for the event source. For more information, see [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency). + $ref: '#/components/schemas/ScalingConfig' + DocumentDBEventSourceConfig: + description: Specific configuration settings for a DocumentDB event source. + $ref: '#/components/schemas/DocumentDBEventSourceConfig' + ProvisionedPollerConfig: + description: (Amazon MSK and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see [provisioned mode](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#invocation-eventsourcemapping-provisioned-mode). + $ref: '#/components/schemas/ProvisionedPollerConfig' + MetricsConfig: + description: The metrics configuration for your event source. For more information, see [Event source mapping metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-metrics-types.html#event-source-mapping-metrics). + $ref: '#/components/schemas/MetricsConfig' required: - FunctionName x-stackql-resource-name: event_source_mapping @@ -878,27 +1073,42 @@ components: - SelfManagedKafkaEventSourceConfig x-read-only-properties: - Id + - EventSourceMappingArn x-required-properties: - FunctionName x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false - cloudFormationSystemTags: false + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags x-required-permissions: - read: - - lambda:GetEventSourceMapping create: - lambda:CreateEventSourceMapping - lambda:GetEventSourceMapping - update: - - lambda:UpdateEventSourceMapping + - lambda:TagResource + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + delete: + - lambda:DeleteEventSourceMapping - lambda:GetEventSourceMapping + - kms:Decrypt list: - lambda:ListEventSourceMappings - delete: - - lambda:DeleteEventSourceMapping + read: + - lambda:GetEventSourceMapping + - lambda:ListTags + - kms:Decrypt + update: + - lambda:UpdateEventSourceMapping - lambda:GetEventSourceMapping + - lambda:ListTags + - lambda:TagResource + - lambda:UntagResource + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt ImageConfig: description: Configuration values that override the container image Dockerfile settings. For more information, see [Container image settings](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms). additionalProperties: false @@ -1028,6 +1238,10 @@ components: additionalProperties: false type: object properties: + SourceKMSKeyArn: + pattern: ^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$ + description: '' + type: string S3ObjectVersion: minLength: 1 description: For versioned objects, the version of the deployment package object to use. @@ -1087,6 +1301,12 @@ components: - DEBUG - INFO - WARN + RecursiveLoop: + description: The function recursion configuration. + type: string + enum: + - Allow + - Terminate Environment: description: A function's environment variable settings. You can use environment variables to adjust your function's behavior without updating code. An environment variable is a pair of strings that are stored in a function's version-specific configuration. additionalProperties: false @@ -1096,7 +1316,9 @@ components: x-patternProperties: '[a-zA-Z][a-zA-Z0-9_]+': type: string - description: Environment variable key-value pairs. For more information, see [Using Lambda environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html). + description: |- + Environment variable key-value pairs. For more information, see [Using Lambda environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html). + If the value of the environment variable is a time or a duration, enclose the value in quotes. additionalProperties: false type: object FileSystemConfig: @@ -1105,7 +1327,7 @@ components: type: object properties: Arn: - pattern: ^arn:aws[a-zA-Z-]*:elasticfilesystem:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:access-point/fsap-[a-f0-9]{17}$ + pattern: ^arn:aws[a-zA-Z-]*:elasticfilesystem:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:\d{12}:access-point/fsap-[a-f0-9]{17}$ description: The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system. type: string maxLength: 200 @@ -1117,23 +1339,6 @@ components: required: - Arn - LocalMountPath - Tag: - description: '' - additionalProperties: false - type: object - properties: - Value: - minLength: 0 - description: '' - type: string - maxLength: 256 - Key: - minLength: 1 - description: '' - type: string - maxLength: 128 - required: - - Key EphemeralStorage: description: The size of the function's ``/tmp`` directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB. additionalProperties: false @@ -1185,14 +1390,15 @@ components: type: string Runtime: description: |- - The identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). Runtime is required if the deployment package is a .zip file archive. - The following list includes deprecated runtimes. For more information, see [Runtime deprecation policy](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). + The identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image. + The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see [Runtime use after deprecation](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-deprecation-levels). + For a list of all currently supported runtimes, see [Supported runtimes](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-supported). type: string KmsKeyArn: pattern: ^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$ description: >- - The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption). When [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your - function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key. + The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption). When [SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, LAM also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, LAM also uses this key to encrypt your function + when it's deployed. Note that this is not the same key that's used to protect your container image in the ECRlong (ECR). If you don't provide a customer managed key, LAM uses a default service key. type: string PackageType: description: The type of deployment package. Set to ``Image`` for container image and set ``Zip`` for .zip file archive. @@ -1201,7 +1407,7 @@ components: - Image - Zip CodeSigningConfigArn: - pattern: arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:code-signing-config:csc-[a-z0-9]{17} + pattern: arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:\d{12}:code-signing-config:csc-[a-z0-9]{17} description: To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. type: string Layers: @@ -1212,7 +1418,9 @@ components: type: string Tags: uniqueItems: true - description: A list of [tags](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function. + description: |- + A list of [tags](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function. + You must have the ``lambda:TagResource``, ``lambda:UntagResource``, and ``lambda:ListTags`` permissions for your [principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the CFN stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update. x-insertionOrder: false type: array items: @@ -1239,7 +1447,11 @@ components: description: '' $ref: '#/components/schemas/SnapStartResponse' Code: - description: The code for the function. + description: |- + The code for the function. You can define your function code in multiple ways: + + For .zip deployment packages, you can specify the S3 location of the .zip file in the ``S3Bucket``, ``S3Key``, and ``S3ObjectVersion`` properties. + + For .zip deployment packages, you can alternatively define the function code inline in the ``ZipFile`` property. This method works only for Node.js and Python functions. + + For container images, specify the URI of your container image in the ECR registry in the ``ImageUri`` property. $ref: '#/components/schemas/Code' Role: pattern: ^arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ @@ -1248,6 +1460,12 @@ components: LoggingConfig: description: The function's Amazon CloudWatch Logs configuration settings. $ref: '#/components/schemas/LoggingConfig' + RecursiveLoop: + description: |- + The status of your function's recursive loop detection configuration. + When this value is set to ``Allow``and Lambda detects your function being invoked as part of a recursive loop, it doesn't take any action. + When this value is set to ``Terminate`` and Lambda detects your function being invoked as part of a recursive loop, it stops your function being invoked and notifies you. + $ref: '#/components/schemas/RecursiveLoop' Environment: description: Environment variables that are accessible from function code during execution. $ref: '#/components/schemas/Environment' @@ -1275,9 +1493,10 @@ components: description: >- The ``AWS::Lambda::Function`` resource creates a Lambda function. To create a function, you need a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) and an [execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html). The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing. - You set the package type to ``Image`` if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html). For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties. - You set the package type to ``Zip`` if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip). For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. For a Python example, see [Deploy Python Lambda functions with .zip file archives](https://docs.aws.amazon.com/lambda/latest/dg/python-package.html). + You set the package type to ``Image`` if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html). For these functions, include the URI of the container image in the ECR registry in the [ImageUri property of the Code property](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-imageuri). You do not need to specify the handler and runtime properties. + You set the package type to ``Zip`` if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip). For these functions, specify the S3 location of your .zip file in the ``Code`` property. Alternatively, for Node.js and Python functions, you can define your function inline in the [ZipFile property of the Code property](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile). In both cases, you must also specify the handler and runtime properties. You can use [code signing](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with ``UpdateFunctionCode``, Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. + When you update a ``AWS::Lambda::Function`` resource, CFNshort calls the [UpdateFunctionConfiguration](https://docs.aws.amazon.com/lambda/latest/api/API_UpdateFunctionConfiguration.html) and [UpdateFunctionCode](https://docs.aws.amazon.com/lambda/latest/api/API_UpdateFunctionCode.html) LAM APIs under the hood. Because these calls happen sequentially, and invocations can happen between these calls, your function may encounter errors in the time between the calls. For example, if you remove an environment variable, and the code that references that environment variable in the same CFNshort update, you may see invocation errors related to a missing environment variable. To work around this, you can invoke your function against a version or alias by default, rather than the ``$LATEST`` version. Note that you configure [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) on a ``AWS::Lambda::Version`` or a ``AWS::Lambda::Alias``. For a complete introduction to Lambda functions, see [What is Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/lambda-welcome.html) in the *Lambda developer guide.* x-type-name: AWS::Lambda::Function @@ -1312,6 +1531,7 @@ components: read: - lambda:GetFunction - lambda:GetFunctionCodeSigningConfig + - lambda:GetFunctionRecursionConfig create: - lambda:CreateFunction - lambda:GetFunction @@ -1333,11 +1553,8 @@ components: - lambda:GetRuntimeManagementConfig - lambda:PutRuntimeManagementConfig - lambda:TagResource - - lambda:GetPolicy - - lambda:AddPermission - - lambda:RemovePermission - - lambda:GetResourcePolicy - - lambda:PutResourcePolicy + - lambda:PutFunctionRecursionConfig + - lambda:GetFunctionRecursionConfig update: - lambda:DeleteFunctionConcurrency - lambda:GetFunction @@ -1363,12 +1580,8 @@ components: - lambda:DeleteFunctionCodeSigningConfig - lambda:GetCodeSigningConfig - lambda:GetFunctionCodeSigningConfig - - lambda:GetPolicy - - lambda:AddPermission - - lambda:RemovePermission - - lambda:GetResourcePolicy - - lambda:PutResourcePolicy - - lambda:DeleteResourcePolicy + - lambda:PutFunctionRecursionConfig + - lambda:GetFunctionRecursionConfig list: - lambda:ListFunctions delete: @@ -1515,25 +1728,9 @@ components: Permission: type: object properties: - Id: - description: '' - type: string - pattern: ^.*$ - minLength: 1 - maxLength: 256 - Action: - description: The action that the principal can use on the function. For example, ``lambda:InvokeFunction`` or ``lambda:GetFunction``. - type: string - pattern: ^(lambda:[*]|lambda:[a-zA-Z]+|[*])$ - minLength: 1 - maxLength: 256 - EventSourceToken: - description: For Alexa Smart Home functions, a token that the invoker must supply. - type: string - pattern: ^[a-zA-Z0-9._\-]+$ - minLength: 1 - maxLength: 256 FunctionName: + minLength: 1 + pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ description: |- The name or ARN of the Lambda function, version, or alias. **Name formats** @@ -1543,41 +1740,57 @@ components: You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length. type: string - pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ - minLength: 1 maxLength: 140 + Action: + minLength: 1 + pattern: ^(lambda:[*]|lambda:[a-zA-Z]+|[*])$ + description: The action that the principal can use on the function. For example, ``lambda:InvokeFunction`` or ``lambda:GetFunction``. + type: string + maxLength: 256 + EventSourceToken: + minLength: 1 + pattern: ^[a-zA-Z0-9._\-]+$ + description: For Alexa Smart Home functions, a token that the invoker must supply. + type: string + maxLength: 256 FunctionUrlAuthType: description: The type of authentication that your function URL uses. Set to ``AWS_IAM`` if you want to restrict access to authenticated users only. Set to ``NONE`` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). type: string enum: - AWS_IAM - NONE - Principal: - description: The AWS-service or AWS-account that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service. + SourceArn: + minLength: 12 + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.*)$ + description: |- + For AWS-services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic. + Note that Lambda configures the comparison using the ``StringLike`` operator. type: string - pattern: ^.*$ - minLength: 1 - maxLength: 256 - PrincipalOrgID: - description: The identifier for your organization in AOlong. Use this to grant permissions to all the AWS-accounts under this organization. + maxLength: 1024 + SourceAccount: + minLength: 12 + pattern: ^\d{12}$ + description: For AWS-service, the ID of the AWS-account that owns the resource. Use this together with ``SourceArn`` to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account. type: string - pattern: ^o-[a-z0-9]{10,32}$ + maxLength: 12 + PrincipalOrgID: minLength: 12 + pattern: ^o-[a-z0-9]{10,32}$ + description: The identifier for your organization in AOlong. Use this to grant permissions to all the AWS-accounts under this organization. + type: string maxLength: 34 - SourceAccount: - description: For AWS-service, the ID of the AWS-account that owns the resource. Use this together with ``SourceArn`` to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account. + Id: + minLength: 1 + pattern: ^.*$ + description: '' type: string - pattern: ^\d{12}$ - minLength: 12 - maxLength: 12 - SourceArn: - description: |- - For AWS-services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic. - Note that Lambda configures the comparison using the ``StringLike`` operator. + maxLength: 256 + Principal: + minLength: 1 + pattern: ^.*$ + description: The AWS-service, AWS-account, IAM user, or IAM role that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service. type: string - pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.*)$ - minLength: 12 - maxLength: 1024 + maxLength: 256 required: - FunctionName - Action @@ -1613,14 +1826,14 @@ components: tagUpdatable: false cloudFormationSystemTags: false x-required-permissions: + read: + - lambda:GetPolicy create: - lambda:AddPermission - read: + list: - lambda:GetPolicy delete: - lambda:RemovePermission - list: - - lambda:GetPolicy AllowHeaders: items: type: string @@ -1750,16 +1963,6 @@ components: - lambda:ListFunctionUrlConfigs delete: - lambda:DeleteFunctionUrlConfig - ProvisionedConcurrencyConfiguration: - type: object - description: A provisioned concurrency configuration for a function's version. - additionalProperties: false - properties: - ProvisionedConcurrentExecutions: - type: integer - description: The amount of provisioned concurrency to allocate for the version. - required: - - ProvisionedConcurrentExecutions RuntimePolicy: type: object description: Runtime Management Config of a function. @@ -1800,16 +2003,6 @@ components: minLength: 1 maxLength: 140 pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ - anyOf: - - relationshipRef: - typeName: AWS::Lambda::Function - propertyPath: /properties/FunctionName - - relationshipRef: - typeName: AWS::Lambda::Function - propertyPath: /properties/Arn - Policy: - description: The resource policy of your function - type: object ProvisionedConcurrencyConfig: description: Specifies a provisioned concurrency configuration for a function's version. Updates are not supported for this property. $ref: '#/components/schemas/ProvisionedConcurrencyConfiguration' @@ -1856,6 +2049,44 @@ components: - lambda:DeleteFunction list: - lambda:ListVersionsByFunction + CreateAliasRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + FunctionName: + description: The name of the Lambda function. + type: string + AliasArn: + description: Lambda Alias ARN generated by the service. + type: string + ProvisionedConcurrencyConfig: + description: Specifies a provisioned concurrency configuration for a function's alias. + $ref: '#/components/schemas/ProvisionedConcurrencyConfiguration' + Description: + description: A description of the alias. + type: string + FunctionVersion: + description: The function version that the alias invokes. + type: string + RoutingConfig: + description: The routing configuration of the alias. + $ref: '#/components/schemas/AliasRoutingConfiguration' + Name: + description: The name of the alias. + type: string + x-stackQL-stringOnly: true + x-title: CreateAliasRequest + type: object + required: [] CreateCodeSigningConfigRequest: properties: ClientToken: @@ -1888,6 +2119,13 @@ components: description: A unique Arn for CodeSigningConfig resource type: string pattern: arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:code-signing-config:csc-[a-z0-9]{17} + Tags: + description: A list of tags to apply to CodeSigningConfig resource + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true x-title: CreateCodeSigningConfigRequest type: object @@ -1910,7 +2148,7 @@ components: FunctionName: description: The name of the Lambda function. type: string - pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ + pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ MaximumEventAgeInSeconds: description: The maximum age of a request that Lambda sends to a function for processing. type: integer @@ -1942,64 +2180,12 @@ components: DesiredState: type: object properties: - StartingPosition: - minLength: 6 - pattern: (LATEST|TRIM_HORIZON|AT_TIMESTAMP)+ - description: |- - The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB. - + *LATEST* - Read only new records. - + *TRIM_HORIZON* - Process all available records. - + *AT_TIMESTAMP* - Specify a time from which to start reading records. - type: string - maxLength: 12 - SelfManagedEventSource: - description: The self-managed Apache Kafka cluster for your event source. - $ref: '#/components/schemas/SelfManagedEventSource' - ParallelizationFactor: - description: (Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1. - maximum: 10 - type: integer - minimum: 1 - FilterCriteria: - description: An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html). - $ref: '#/components/schemas/FilterCriteria' - FunctionName: - minLength: 1 - pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))? - description: |- - The name or ARN of the Lambda function. - **Name formats** - + *Function name* – ``MyFunction``. - + *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction``. - + *Version or Alias ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD``. - + *Partial ARN* – ``123456789012:function:MyFunction``. - - The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length. + Id: + description: '' type: string - maxLength: 140 - DestinationConfig: - description: (Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it. - $ref: '#/components/schemas/DestinationConfig' - AmazonManagedKafkaEventSourceConfig: - description: Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source. - $ref: '#/components/schemas/AmazonManagedKafkaEventSourceConfig' - SourceAccessConfigurations: - minItems: 1 - maxItems: 22 - uniqueItems: true - description: An array of the authentication protocol, VPC components, or virtual host to secure and define your event source. - type: array - items: - $ref: '#/components/schemas/SourceAccessConfiguration' - MaximumBatchingWindowInSeconds: - description: |- - The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function. - *Default (, , event sources)*: 0 - *Default (, Kafka, , event sources)*: 500 ms - *Related setting:* For SQS event sources, when you set ``BatchSize`` to a value greater than 10, you must set ``MaximumBatchingWindowInSeconds`` to at least 1. - maximum: 300 - type: integer - minimum: 0 + pattern: '[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}' + minLength: 36 + maxLength: 36 BatchSize: description: |- The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB). @@ -2010,36 +2196,21 @@ components: + *Self-managed Apache Kafka* – Default 100. Max 10,000. + *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000. + *DocumentDB* – Default 100. Max 10,000. - maximum: 10000 type: integer minimum: 1 - MaximumRetryAttempts: - description: (Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source. maximum: 10000 - type: integer - minimum: -1 - Topics: - minItems: 1 - maxItems: 1 - uniqueItems: true - description: The name of the Kafka topic. - type: array - items: - minLength: 1 - pattern: ^[^.]([a-zA-Z0-9\-_.]+) - type: string - maxLength: 249 - ScalingConfig: - description: (Amazon SQS only) The scaling configuration for the event source. For more information, see [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency). - $ref: '#/components/schemas/ScalingConfig' + BisectBatchOnFunctionError: + description: (Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false. + type: boolean + DestinationConfig: + description: (Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it. + $ref: '#/components/schemas/DestinationConfig' Enabled: description: |- When true, the event source mapping is active. When false, Lambda pauses polling and invocation. Default: True type: boolean EventSourceArn: - minLength: 12 - pattern: arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1})?:(\d{12})?:(.*) description: |- The Amazon Resource Name (ARN) of the event source. + *Amazon Kinesis* – The ARN of the data stream or a stream consumer. @@ -2049,60 +2220,154 @@ components: + *Amazon MQ* – The ARN of the broker. + *Amazon DocumentDB* – The ARN of the DocumentDB change stream. type: string + pattern: arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1})?:(\d{12})?:(.*) + minLength: 12 maxLength: 1024 - SelfManagedKafkaEventSourceConfig: - description: Specific configuration settings for a self-managed Apache Kafka event source. - $ref: '#/components/schemas/SelfManagedKafkaEventSourceConfig' - DocumentDBEventSourceConfig: - description: Specific configuration settings for a DocumentDB event source. - $ref: '#/components/schemas/DocumentDBEventSourceConfig' - TumblingWindowInSeconds: - description: (Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window. - maximum: 900 + EventSourceMappingArn: + description: '' + type: string + pattern: arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:\d{12}:event-source-mapping:[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12} + minLength: 85 + maxLength: 120 + FilterCriteria: + description: An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html). + $ref: '#/components/schemas/FilterCriteria' + KmsKeyArn: + description: The ARN of the KMSlong (KMS) customer managed key that Lambda uses to encrypt your function's [filter criteria](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics). + type: string + pattern: (arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|() + minLength: 12 + maxLength: 2048 + FunctionName: + description: |- + The name or ARN of the Lambda function. + **Name formats** + + *Function name* – ``MyFunction``. + + *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction``. + + *Version or Alias ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD``. + + *Partial ARN* – ``123456789012:function:MyFunction``. + + The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length. + type: string + pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))? + minLength: 1 + maxLength: 140 + MaximumBatchingWindowInSeconds: + description: |- + The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function. + *Default (, , event sources)*: 0 + *Default (, Kafka, , event sources)*: 500 ms + *Related setting:* For SQS event sources, when you set ``BatchSize`` to a value greater than 10, you must set ``MaximumBatchingWindowInSeconds`` to at least 1. type: integer minimum: 0 - BisectBatchOnFunctionError: - description: (Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false. - type: boolean + maximum: 300 MaximumRecordAgeInSeconds: description: |- (Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records. The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed + type: integer + minimum: -1 maximum: 604800 + MaximumRetryAttempts: + description: (Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source. type: integer minimum: -1 + maximum: 10000 + ParallelizationFactor: + description: (Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1. + type: integer + minimum: 1 + maximum: 10 + StartingPosition: + description: |- + The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB. + + *LATEST* - Read only new records. + + *TRIM_HORIZON* - Process all available records. + + *AT_TIMESTAMP* - Specify a time from which to start reading records. + type: string + pattern: (LATEST|TRIM_HORIZON|AT_TIMESTAMP)+ + minLength: 6 + maxLength: 12 StartingPositionTimestamp: description: With ``StartingPosition`` set to ``AT_TIMESTAMP``, the time from which to start reading, in Unix time seconds. ``StartingPositionTimestamp`` cannot be in the future. type: number - Queues: + Tags: + description: |- + A list of tags to add to the event source mapping. + You must have the ``lambda:TagResource``, ``lambda:UntagResource``, and ``lambda:ListTags`` permissions for your [principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the CFN stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Topics: + description: The name of the Kafka topic. + type: array + uniqueItems: true + items: + type: string + pattern: ^[^.]([a-zA-Z0-9\-_.]+) + minLength: 1 + maxLength: 249 minItems: 1 maxItems: 1 - uniqueItems: true + Queues: description: (Amazon MQ) The name of the Amazon MQ broker destination queue to consume. type: array + uniqueItems: true items: - minLength: 1 - pattern: '[\s\S]*' type: string + pattern: '[\s\S]*' + minLength: 1 maxLength: 1000 - Id: - minLength: 36 - pattern: '[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}' - description: '' - type: string - maxLength: 36 - FunctionResponseTypes: + minItems: 1 + maxItems: 1 + SourceAccessConfigurations: + description: An array of the authentication protocol, VPC components, or virtual host to secure and define your event source. + type: array uniqueItems: true - minLength: 0 + items: + $ref: '#/components/schemas/SourceAccessConfiguration' + minItems: 1 + maxItems: 22 + TumblingWindowInSeconds: + description: (Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window. + type: integer + minimum: 0 + maximum: 900 + FunctionResponseTypes: description: |- - (Streams and SQS) A list of current response type enums applied to the event source mapping. + (Kinesis, DynamoDB Streams, and SQS) A list of current response type enums applied to the event source mapping. Valid Values: ``ReportBatchItemFailures`` type: array + uniqueItems: true items: type: string enum: - ReportBatchItemFailures + minLength: 0 maxLength: 1 + SelfManagedEventSource: + description: The self-managed Apache Kafka cluster for your event source. + $ref: '#/components/schemas/SelfManagedEventSource' + AmazonManagedKafkaEventSourceConfig: + description: Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source. + $ref: '#/components/schemas/AmazonManagedKafkaEventSourceConfig' + SelfManagedKafkaEventSourceConfig: + description: Specific configuration settings for a self-managed Apache Kafka event source. + $ref: '#/components/schemas/SelfManagedKafkaEventSourceConfig' + ScalingConfig: + description: (Amazon SQS only) The scaling configuration for the event source. For more information, see [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency). + $ref: '#/components/schemas/ScalingConfig' + DocumentDBEventSourceConfig: + description: Specific configuration settings for a DocumentDB event source. + $ref: '#/components/schemas/DocumentDBEventSourceConfig' + ProvisionedPollerConfig: + description: (Amazon MSK and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see [provisioned mode](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#invocation-eventsourcemapping-provisioned-mode). + $ref: '#/components/schemas/ProvisionedPollerConfig' + MetricsConfig: + description: The metrics configuration for your event source. For more information, see [Event source mapping metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-metrics-types.html#event-source-mapping-metrics). + $ref: '#/components/schemas/MetricsConfig' x-stackQL-stringOnly: true x-title: CreateEventSourceMappingRequest type: object @@ -2156,14 +2421,15 @@ components: type: string Runtime: description: |- - The identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). Runtime is required if the deployment package is a .zip file archive. - The following list includes deprecated runtimes. For more information, see [Runtime deprecation policy](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). + The identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image. + The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see [Runtime use after deprecation](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-deprecation-levels). + For a list of all currently supported runtimes, see [Supported runtimes](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-supported). type: string KmsKeyArn: pattern: ^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$ description: >- - The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption). When [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt - your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key. + The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption). When [SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, LAM also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, LAM also uses this key to encrypt your function + when it's deployed. Note that this is not the same key that's used to protect your container image in the ECRlong (ECR). If you don't provide a customer managed key, LAM uses a default service key. type: string PackageType: description: The type of deployment package. Set to ``Image`` for container image and set ``Zip`` for .zip file archive. @@ -2172,7 +2438,7 @@ components: - Image - Zip CodeSigningConfigArn: - pattern: arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:code-signing-config:csc-[a-z0-9]{17} + pattern: arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:\d{12}:code-signing-config:csc-[a-z0-9]{17} description: To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. type: string Layers: @@ -2183,7 +2449,9 @@ components: type: string Tags: uniqueItems: true - description: A list of [tags](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function. + description: |- + A list of [tags](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function. + You must have the ``lambda:TagResource``, ``lambda:UntagResource``, and ``lambda:ListTags`` permissions for your [principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the CFN stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update. x-insertionOrder: false type: array items: @@ -2210,7 +2478,11 @@ components: description: '' $ref: '#/components/schemas/SnapStartResponse' Code: - description: The code for the function. + description: |- + The code for the function. You can define your function code in multiple ways: + + For .zip deployment packages, you can specify the S3 location of the .zip file in the ``S3Bucket``, ``S3Key``, and ``S3ObjectVersion`` properties. + + For .zip deployment packages, you can alternatively define the function code inline in the ``ZipFile`` property. This method works only for Node.js and Python functions. + + For container images, specify the URI of your container image in the ECR registry in the ``ImageUri`` property. $ref: '#/components/schemas/Code' Role: pattern: ^arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ @@ -2219,6 +2491,12 @@ components: LoggingConfig: description: The function's Amazon CloudWatch Logs configuration settings. $ref: '#/components/schemas/LoggingConfig' + RecursiveLoop: + description: |- + The status of your function's recursive loop detection configuration. + When this value is set to ``Allow``and Lambda detects your function being invoked as part of a recursive loop, it doesn't take any action. + When this value is set to ``Terminate`` and Lambda detects your function being invoked as part of a recursive loop, it stops your function being invoked and notifies you. + $ref: '#/components/schemas/RecursiveLoop' Environment: description: Environment variables that are accessible from function code during execution. $ref: '#/components/schemas/Environment' @@ -2333,25 +2611,9 @@ components: DesiredState: type: object properties: - Id: - description: '' - type: string - pattern: ^.*$ - minLength: 1 - maxLength: 256 - Action: - description: The action that the principal can use on the function. For example, ``lambda:InvokeFunction`` or ``lambda:GetFunction``. - type: string - pattern: ^(lambda:[*]|lambda:[a-zA-Z]+|[*])$ - minLength: 1 - maxLength: 256 - EventSourceToken: - description: For Alexa Smart Home functions, a token that the invoker must supply. - type: string - pattern: ^[a-zA-Z0-9._\-]+$ - minLength: 1 - maxLength: 256 FunctionName: + minLength: 1 + pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ description: |- The name or ARN of the Lambda function, version, or alias. **Name formats** @@ -2361,41 +2623,57 @@ components: You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length. type: string - pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ - minLength: 1 maxLength: 140 + Action: + minLength: 1 + pattern: ^(lambda:[*]|lambda:[a-zA-Z]+|[*])$ + description: The action that the principal can use on the function. For example, ``lambda:InvokeFunction`` or ``lambda:GetFunction``. + type: string + maxLength: 256 + EventSourceToken: + minLength: 1 + pattern: ^[a-zA-Z0-9._\-]+$ + description: For Alexa Smart Home functions, a token that the invoker must supply. + type: string + maxLength: 256 FunctionUrlAuthType: description: The type of authentication that your function URL uses. Set to ``AWS_IAM`` if you want to restrict access to authenticated users only. Set to ``NONE`` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). type: string enum: - AWS_IAM - NONE - Principal: - description: The AWS-service or AWS-account that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service. + SourceArn: + minLength: 12 + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.*)$ + description: |- + For AWS-services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic. + Note that Lambda configures the comparison using the ``StringLike`` operator. type: string - pattern: ^.*$ - minLength: 1 - maxLength: 256 + maxLength: 1024 + SourceAccount: + minLength: 12 + pattern: ^\d{12}$ + description: For AWS-service, the ID of the AWS-account that owns the resource. Use this together with ``SourceArn`` to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account. + type: string + maxLength: 12 PrincipalOrgID: + minLength: 12 + pattern: ^o-[a-z0-9]{10,32}$ description: The identifier for your organization in AOlong. Use this to grant permissions to all the AWS-accounts under this organization. type: string - pattern: ^o-[a-z0-9]{10,32}$ - minLength: 12 maxLength: 34 - SourceAccount: - description: For AWS-service, the ID of the AWS-account that owns the resource. Use this together with ``SourceArn`` to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account. + Id: + minLength: 1 + pattern: ^.*$ + description: '' type: string - pattern: ^\d{12}$ - minLength: 12 - maxLength: 12 - SourceArn: - description: |- - For AWS-services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic. - Note that Lambda configures the comparison using the ``StringLike`` operator. + maxLength: 256 + Principal: + minLength: 1 + pattern: ^.*$ + description: The AWS-service, AWS-account, IAM user, or IAM role that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service. type: string - pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.*)$ - minLength: 12 - maxLength: 1024 + maxLength: 256 x-stackQL-stringOnly: true x-title: CreatePermissionRequest type: object @@ -2482,16 +2760,6 @@ components: minLength: 1 maxLength: 140 pattern: ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$ - anyOf: - - relationshipRef: - typeName: AWS::Lambda::Function - propertyPath: /properties/FunctionName - - relationshipRef: - typeName: AWS::Lambda::Function - propertyPath: /properties/Arn - Policy: - description: The resource policy of your function - type: object ProvisionedConcurrencyConfig: description: Specifies a provisioned concurrency configuration for a function's version. Updates are not supported for this property. $ref: '#/components/schemas/ProvisionedConcurrencyConfiguration' @@ -2510,6 +2778,164 @@ components: description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: + aliases: + name: aliases + id: aws.lambda.aliases + x-cfn-schema-name: Alias + x-cfn-type-name: AWS::Lambda::Alias + x-identifiers: + - AliasArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Alias&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Lambda::Alias" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Lambda::Alias" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Lambda::Alias" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/aliases/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/aliases/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/aliases/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.FunctionName') as function_name, + JSON_EXTRACT(Properties, '$.AliasArn') as alias_arn, + JSON_EXTRACT(Properties, '$.ProvisionedConcurrencyConfig') as provisioned_concurrency_config, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.FunctionVersion') as function_version, + JSON_EXTRACT(Properties, '$.RoutingConfig') as routing_config, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Alias' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.FunctionName') as function_name, + JSON_EXTRACT(detail.Properties, '$.AliasArn') as alias_arn, + JSON_EXTRACT(detail.Properties, '$.ProvisionedConcurrencyConfig') as provisioned_concurrency_config, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.FunctionVersion') as function_version, + JSON_EXTRACT(detail.Properties, '$.RoutingConfig') as routing_config, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Lambda::Alias' + AND detail.data__TypeName = 'AWS::Lambda::Alias' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'FunctionName') as function_name, + json_extract_path_text(Properties, 'AliasArn') as alias_arn, + json_extract_path_text(Properties, 'ProvisionedConcurrencyConfig') as provisioned_concurrency_config, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'FunctionVersion') as function_version, + json_extract_path_text(Properties, 'RoutingConfig') as routing_config, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Alias' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'FunctionName') as function_name, + json_extract_path_text(detail.Properties, 'AliasArn') as alias_arn, + json_extract_path_text(detail.Properties, 'ProvisionedConcurrencyConfig') as provisioned_concurrency_config, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'FunctionVersion') as function_version, + json_extract_path_text(detail.Properties, 'RoutingConfig') as routing_config, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Lambda::Alias' + AND detail.data__TypeName = 'AWS::Lambda::Alias' + AND listing.region = 'us-east-1' + aliases_list_only: + name: aliases_list_only + id: aws.lambda.aliases_list_only + x-cfn-schema-name: Alias + x-cfn-type-name: AWS::Lambda::Alias + x-identifiers: + - AliasArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AliasArn') as alias_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::Alias' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AliasArn') as alias_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::Alias' + AND region = 'us-east-1' code_signing_configs: name: code_signing_configs id: aws.lambda.code_signing_configs @@ -2577,7 +3003,8 @@ components: JSON_EXTRACT(Properties, '$.AllowedPublishers') as allowed_publishers, JSON_EXTRACT(Properties, '$.CodeSigningPolicies') as code_signing_policies, JSON_EXTRACT(Properties, '$.CodeSigningConfigId') as code_signing_config_id, - JSON_EXTRACT(Properties, '$.CodeSigningConfigArn') as code_signing_config_arn + JSON_EXTRACT(Properties, '$.CodeSigningConfigArn') as code_signing_config_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::CodeSigningConfig' AND data__Identifier = '' AND region = 'us-east-1' @@ -2590,7 +3017,8 @@ components: JSON_EXTRACT(detail.Properties, '$.AllowedPublishers') as allowed_publishers, JSON_EXTRACT(detail.Properties, '$.CodeSigningPolicies') as code_signing_policies, JSON_EXTRACT(detail.Properties, '$.CodeSigningConfigId') as code_signing_config_id, - JSON_EXTRACT(detail.Properties, '$.CodeSigningConfigArn') as code_signing_config_arn + JSON_EXTRACT(detail.Properties, '$.CodeSigningConfigArn') as code_signing_config_arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2608,7 +3036,8 @@ components: json_extract_path_text(Properties, 'AllowedPublishers') as allowed_publishers, json_extract_path_text(Properties, 'CodeSigningPolicies') as code_signing_policies, json_extract_path_text(Properties, 'CodeSigningConfigId') as code_signing_config_id, - json_extract_path_text(Properties, 'CodeSigningConfigArn') as code_signing_config_arn + json_extract_path_text(Properties, 'CodeSigningConfigArn') as code_signing_config_arn, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::CodeSigningConfig' AND data__Identifier = '' AND region = 'us-east-1' @@ -2621,7 +3050,8 @@ components: json_extract_path_text(detail.Properties, 'AllowedPublishers') as allowed_publishers, json_extract_path_text(detail.Properties, 'CodeSigningPolicies') as code_signing_policies, json_extract_path_text(detail.Properties, 'CodeSigningConfigId') as code_signing_config_id, - json_extract_path_text(detail.Properties, 'CodeSigningConfigArn') as code_signing_config_arn + json_extract_path_text(detail.Properties, 'CodeSigningConfigArn') as code_signing_config_arn, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2660,6 +3090,59 @@ components: json_extract_path_text(Properties, 'CodeSigningConfigArn') as code_signing_config_arn FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::CodeSigningConfig' AND region = 'us-east-1' + code_signing_config_tags: + name: code_signing_config_tags + id: aws.lambda.code_signing_config_tags + x-cfn-schema-name: CodeSigningConfig + x-cfn-type-name: AWS::Lambda::CodeSigningConfig + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.AllowedPublishers') as allowed_publishers, + JSON_EXTRACT(detail.Properties, '$.CodeSigningPolicies') as code_signing_policies, + JSON_EXTRACT(detail.Properties, '$.CodeSigningConfigId') as code_signing_config_id, + JSON_EXTRACT(detail.Properties, '$.CodeSigningConfigArn') as code_signing_config_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Lambda::CodeSigningConfig' + AND detail.data__TypeName = 'AWS::Lambda::CodeSigningConfig' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'AllowedPublishers') as allowed_publishers, + json_extract_path_text(detail.Properties, 'CodeSigningPolicies') as code_signing_policies, + json_extract_path_text(detail.Properties, 'CodeSigningConfigId') as code_signing_config_id, + json_extract_path_text(detail.Properties, 'CodeSigningConfigArn') as code_signing_config_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Lambda::CodeSigningConfig' + AND detail.data__TypeName = 'AWS::Lambda::CodeSigningConfig' + AND listing.region = 'us-east-1' event_invoke_configs: name: event_invoke_configs id: aws.lambda.event_invoke_configs @@ -2877,30 +3360,35 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.StartingPosition') as starting_position, - JSON_EXTRACT(Properties, '$.SelfManagedEventSource') as self_managed_event_source, - JSON_EXTRACT(Properties, '$.ParallelizationFactor') as parallelization_factor, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.BatchSize') as batch_size, + JSON_EXTRACT(Properties, '$.BisectBatchOnFunctionError') as bisect_batch_on_function_error, + JSON_EXTRACT(Properties, '$.DestinationConfig') as destination_config, + JSON_EXTRACT(Properties, '$.Enabled') as enabled, + JSON_EXTRACT(Properties, '$.EventSourceArn') as event_source_arn, + JSON_EXTRACT(Properties, '$.EventSourceMappingArn') as event_source_mapping_arn, JSON_EXTRACT(Properties, '$.FilterCriteria') as filter_criteria, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, JSON_EXTRACT(Properties, '$.FunctionName') as function_name, - JSON_EXTRACT(Properties, '$.DestinationConfig') as destination_config, - JSON_EXTRACT(Properties, '$.AmazonManagedKafkaEventSourceConfig') as amazon_managed_kafka_event_source_config, - JSON_EXTRACT(Properties, '$.SourceAccessConfigurations') as source_access_configurations, JSON_EXTRACT(Properties, '$.MaximumBatchingWindowInSeconds') as maximum_batching_window_in_seconds, - JSON_EXTRACT(Properties, '$.BatchSize') as batch_size, + JSON_EXTRACT(Properties, '$.MaximumRecordAgeInSeconds') as maximum_record_age_in_seconds, JSON_EXTRACT(Properties, '$.MaximumRetryAttempts') as maximum_retry_attempts, + JSON_EXTRACT(Properties, '$.ParallelizationFactor') as parallelization_factor, + JSON_EXTRACT(Properties, '$.StartingPosition') as starting_position, + JSON_EXTRACT(Properties, '$.StartingPositionTimestamp') as starting_position_timestamp, + JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.Topics') as topics, - JSON_EXTRACT(Properties, '$.ScalingConfig') as scaling_config, - JSON_EXTRACT(Properties, '$.Enabled') as enabled, - JSON_EXTRACT(Properties, '$.EventSourceArn') as event_source_arn, + JSON_EXTRACT(Properties, '$.Queues') as queues, + JSON_EXTRACT(Properties, '$.SourceAccessConfigurations') as source_access_configurations, + JSON_EXTRACT(Properties, '$.TumblingWindowInSeconds') as tumbling_window_in_seconds, + JSON_EXTRACT(Properties, '$.FunctionResponseTypes') as function_response_types, + JSON_EXTRACT(Properties, '$.SelfManagedEventSource') as self_managed_event_source, + JSON_EXTRACT(Properties, '$.AmazonManagedKafkaEventSourceConfig') as amazon_managed_kafka_event_source_config, JSON_EXTRACT(Properties, '$.SelfManagedKafkaEventSourceConfig') as self_managed_kafka_event_source_config, + JSON_EXTRACT(Properties, '$.ScalingConfig') as scaling_config, JSON_EXTRACT(Properties, '$.DocumentDBEventSourceConfig') as document_db_event_source_config, - JSON_EXTRACT(Properties, '$.TumblingWindowInSeconds') as tumbling_window_in_seconds, - JSON_EXTRACT(Properties, '$.BisectBatchOnFunctionError') as bisect_batch_on_function_error, - JSON_EXTRACT(Properties, '$.MaximumRecordAgeInSeconds') as maximum_record_age_in_seconds, - JSON_EXTRACT(Properties, '$.StartingPositionTimestamp') as starting_position_timestamp, - JSON_EXTRACT(Properties, '$.Queues') as queues, - JSON_EXTRACT(Properties, '$.Id') as id, - JSON_EXTRACT(Properties, '$.FunctionResponseTypes') as function_response_types + JSON_EXTRACT(Properties, '$.ProvisionedPollerConfig') as provisioned_poller_config, + JSON_EXTRACT(Properties, '$.MetricsConfig') as metrics_config FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::EventSourceMapping' AND data__Identifier = '' AND region = 'us-east-1' @@ -2909,30 +3397,35 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.StartingPosition') as starting_position, - JSON_EXTRACT(detail.Properties, '$.SelfManagedEventSource') as self_managed_event_source, - JSON_EXTRACT(detail.Properties, '$.ParallelizationFactor') as parallelization_factor, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.BatchSize') as batch_size, + JSON_EXTRACT(detail.Properties, '$.BisectBatchOnFunctionError') as bisect_batch_on_function_error, + JSON_EXTRACT(detail.Properties, '$.DestinationConfig') as destination_config, + JSON_EXTRACT(detail.Properties, '$.Enabled') as enabled, + JSON_EXTRACT(detail.Properties, '$.EventSourceArn') as event_source_arn, + JSON_EXTRACT(detail.Properties, '$.EventSourceMappingArn') as event_source_mapping_arn, JSON_EXTRACT(detail.Properties, '$.FilterCriteria') as filter_criteria, + JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, JSON_EXTRACT(detail.Properties, '$.FunctionName') as function_name, - JSON_EXTRACT(detail.Properties, '$.DestinationConfig') as destination_config, - JSON_EXTRACT(detail.Properties, '$.AmazonManagedKafkaEventSourceConfig') as amazon_managed_kafka_event_source_config, - JSON_EXTRACT(detail.Properties, '$.SourceAccessConfigurations') as source_access_configurations, JSON_EXTRACT(detail.Properties, '$.MaximumBatchingWindowInSeconds') as maximum_batching_window_in_seconds, - JSON_EXTRACT(detail.Properties, '$.BatchSize') as batch_size, + JSON_EXTRACT(detail.Properties, '$.MaximumRecordAgeInSeconds') as maximum_record_age_in_seconds, JSON_EXTRACT(detail.Properties, '$.MaximumRetryAttempts') as maximum_retry_attempts, + JSON_EXTRACT(detail.Properties, '$.ParallelizationFactor') as parallelization_factor, + JSON_EXTRACT(detail.Properties, '$.StartingPosition') as starting_position, + JSON_EXTRACT(detail.Properties, '$.StartingPositionTimestamp') as starting_position_timestamp, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.Topics') as topics, - JSON_EXTRACT(detail.Properties, '$.ScalingConfig') as scaling_config, - JSON_EXTRACT(detail.Properties, '$.Enabled') as enabled, - JSON_EXTRACT(detail.Properties, '$.EventSourceArn') as event_source_arn, + JSON_EXTRACT(detail.Properties, '$.Queues') as queues, + JSON_EXTRACT(detail.Properties, '$.SourceAccessConfigurations') as source_access_configurations, + JSON_EXTRACT(detail.Properties, '$.TumblingWindowInSeconds') as tumbling_window_in_seconds, + JSON_EXTRACT(detail.Properties, '$.FunctionResponseTypes') as function_response_types, + JSON_EXTRACT(detail.Properties, '$.SelfManagedEventSource') as self_managed_event_source, + JSON_EXTRACT(detail.Properties, '$.AmazonManagedKafkaEventSourceConfig') as amazon_managed_kafka_event_source_config, JSON_EXTRACT(detail.Properties, '$.SelfManagedKafkaEventSourceConfig') as self_managed_kafka_event_source_config, + JSON_EXTRACT(detail.Properties, '$.ScalingConfig') as scaling_config, JSON_EXTRACT(detail.Properties, '$.DocumentDBEventSourceConfig') as document_db_event_source_config, - JSON_EXTRACT(detail.Properties, '$.TumblingWindowInSeconds') as tumbling_window_in_seconds, - JSON_EXTRACT(detail.Properties, '$.BisectBatchOnFunctionError') as bisect_batch_on_function_error, - JSON_EXTRACT(detail.Properties, '$.MaximumRecordAgeInSeconds') as maximum_record_age_in_seconds, - JSON_EXTRACT(detail.Properties, '$.StartingPositionTimestamp') as starting_position_timestamp, - JSON_EXTRACT(detail.Properties, '$.Queues') as queues, - JSON_EXTRACT(detail.Properties, '$.Id') as id, - JSON_EXTRACT(detail.Properties, '$.FunctionResponseTypes') as function_response_types + JSON_EXTRACT(detail.Properties, '$.ProvisionedPollerConfig') as provisioned_poller_config, + JSON_EXTRACT(detail.Properties, '$.MetricsConfig') as metrics_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2946,30 +3439,35 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'StartingPosition') as starting_position, - json_extract_path_text(Properties, 'SelfManagedEventSource') as self_managed_event_source, - json_extract_path_text(Properties, 'ParallelizationFactor') as parallelization_factor, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'BatchSize') as batch_size, + json_extract_path_text(Properties, 'BisectBatchOnFunctionError') as bisect_batch_on_function_error, + json_extract_path_text(Properties, 'DestinationConfig') as destination_config, + json_extract_path_text(Properties, 'Enabled') as enabled, + json_extract_path_text(Properties, 'EventSourceArn') as event_source_arn, + json_extract_path_text(Properties, 'EventSourceMappingArn') as event_source_mapping_arn, json_extract_path_text(Properties, 'FilterCriteria') as filter_criteria, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, json_extract_path_text(Properties, 'FunctionName') as function_name, - json_extract_path_text(Properties, 'DestinationConfig') as destination_config, - json_extract_path_text(Properties, 'AmazonManagedKafkaEventSourceConfig') as amazon_managed_kafka_event_source_config, - json_extract_path_text(Properties, 'SourceAccessConfigurations') as source_access_configurations, json_extract_path_text(Properties, 'MaximumBatchingWindowInSeconds') as maximum_batching_window_in_seconds, - json_extract_path_text(Properties, 'BatchSize') as batch_size, + json_extract_path_text(Properties, 'MaximumRecordAgeInSeconds') as maximum_record_age_in_seconds, json_extract_path_text(Properties, 'MaximumRetryAttempts') as maximum_retry_attempts, + json_extract_path_text(Properties, 'ParallelizationFactor') as parallelization_factor, + json_extract_path_text(Properties, 'StartingPosition') as starting_position, + json_extract_path_text(Properties, 'StartingPositionTimestamp') as starting_position_timestamp, + json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'Topics') as topics, - json_extract_path_text(Properties, 'ScalingConfig') as scaling_config, - json_extract_path_text(Properties, 'Enabled') as enabled, - json_extract_path_text(Properties, 'EventSourceArn') as event_source_arn, + json_extract_path_text(Properties, 'Queues') as queues, + json_extract_path_text(Properties, 'SourceAccessConfigurations') as source_access_configurations, + json_extract_path_text(Properties, 'TumblingWindowInSeconds') as tumbling_window_in_seconds, + json_extract_path_text(Properties, 'FunctionResponseTypes') as function_response_types, + json_extract_path_text(Properties, 'SelfManagedEventSource') as self_managed_event_source, + json_extract_path_text(Properties, 'AmazonManagedKafkaEventSourceConfig') as amazon_managed_kafka_event_source_config, json_extract_path_text(Properties, 'SelfManagedKafkaEventSourceConfig') as self_managed_kafka_event_source_config, + json_extract_path_text(Properties, 'ScalingConfig') as scaling_config, json_extract_path_text(Properties, 'DocumentDBEventSourceConfig') as document_db_event_source_config, - json_extract_path_text(Properties, 'TumblingWindowInSeconds') as tumbling_window_in_seconds, - json_extract_path_text(Properties, 'BisectBatchOnFunctionError') as bisect_batch_on_function_error, - json_extract_path_text(Properties, 'MaximumRecordAgeInSeconds') as maximum_record_age_in_seconds, - json_extract_path_text(Properties, 'StartingPositionTimestamp') as starting_position_timestamp, - json_extract_path_text(Properties, 'Queues') as queues, - json_extract_path_text(Properties, 'Id') as id, - json_extract_path_text(Properties, 'FunctionResponseTypes') as function_response_types + json_extract_path_text(Properties, 'ProvisionedPollerConfig') as provisioned_poller_config, + json_extract_path_text(Properties, 'MetricsConfig') as metrics_config FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::EventSourceMapping' AND data__Identifier = '' AND region = 'us-east-1' @@ -2978,30 +3476,35 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'StartingPosition') as starting_position, - json_extract_path_text(detail.Properties, 'SelfManagedEventSource') as self_managed_event_source, - json_extract_path_text(detail.Properties, 'ParallelizationFactor') as parallelization_factor, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'BatchSize') as batch_size, + json_extract_path_text(detail.Properties, 'BisectBatchOnFunctionError') as bisect_batch_on_function_error, + json_extract_path_text(detail.Properties, 'DestinationConfig') as destination_config, + json_extract_path_text(detail.Properties, 'Enabled') as enabled, + json_extract_path_text(detail.Properties, 'EventSourceArn') as event_source_arn, + json_extract_path_text(detail.Properties, 'EventSourceMappingArn') as event_source_mapping_arn, json_extract_path_text(detail.Properties, 'FilterCriteria') as filter_criteria, + json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, json_extract_path_text(detail.Properties, 'FunctionName') as function_name, - json_extract_path_text(detail.Properties, 'DestinationConfig') as destination_config, - json_extract_path_text(detail.Properties, 'AmazonManagedKafkaEventSourceConfig') as amazon_managed_kafka_event_source_config, - json_extract_path_text(detail.Properties, 'SourceAccessConfigurations') as source_access_configurations, json_extract_path_text(detail.Properties, 'MaximumBatchingWindowInSeconds') as maximum_batching_window_in_seconds, - json_extract_path_text(detail.Properties, 'BatchSize') as batch_size, + json_extract_path_text(detail.Properties, 'MaximumRecordAgeInSeconds') as maximum_record_age_in_seconds, json_extract_path_text(detail.Properties, 'MaximumRetryAttempts') as maximum_retry_attempts, + json_extract_path_text(detail.Properties, 'ParallelizationFactor') as parallelization_factor, + json_extract_path_text(detail.Properties, 'StartingPosition') as starting_position, + json_extract_path_text(detail.Properties, 'StartingPositionTimestamp') as starting_position_timestamp, + json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'Topics') as topics, - json_extract_path_text(detail.Properties, 'ScalingConfig') as scaling_config, - json_extract_path_text(detail.Properties, 'Enabled') as enabled, - json_extract_path_text(detail.Properties, 'EventSourceArn') as event_source_arn, + json_extract_path_text(detail.Properties, 'Queues') as queues, + json_extract_path_text(detail.Properties, 'SourceAccessConfigurations') as source_access_configurations, + json_extract_path_text(detail.Properties, 'TumblingWindowInSeconds') as tumbling_window_in_seconds, + json_extract_path_text(detail.Properties, 'FunctionResponseTypes') as function_response_types, + json_extract_path_text(detail.Properties, 'SelfManagedEventSource') as self_managed_event_source, + json_extract_path_text(detail.Properties, 'AmazonManagedKafkaEventSourceConfig') as amazon_managed_kafka_event_source_config, json_extract_path_text(detail.Properties, 'SelfManagedKafkaEventSourceConfig') as self_managed_kafka_event_source_config, + json_extract_path_text(detail.Properties, 'ScalingConfig') as scaling_config, json_extract_path_text(detail.Properties, 'DocumentDBEventSourceConfig') as document_db_event_source_config, - json_extract_path_text(detail.Properties, 'TumblingWindowInSeconds') as tumbling_window_in_seconds, - json_extract_path_text(detail.Properties, 'BisectBatchOnFunctionError') as bisect_batch_on_function_error, - json_extract_path_text(detail.Properties, 'MaximumRecordAgeInSeconds') as maximum_record_age_in_seconds, - json_extract_path_text(detail.Properties, 'StartingPositionTimestamp') as starting_position_timestamp, - json_extract_path_text(detail.Properties, 'Queues') as queues, - json_extract_path_text(detail.Properties, 'Id') as id, - json_extract_path_text(detail.Properties, 'FunctionResponseTypes') as function_response_types + json_extract_path_text(detail.Properties, 'ProvisionedPollerConfig') as provisioned_poller_config, + json_extract_path_text(detail.Properties, 'MetricsConfig') as metrics_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3040,6 +3543,105 @@ components: json_extract_path_text(Properties, 'Id') as id FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Lambda::EventSourceMapping' AND region = 'us-east-1' + event_source_mapping_tags: + name: event_source_mapping_tags + id: aws.lambda.event_source_mapping_tags + x-cfn-schema-name: EventSourceMapping + x-cfn-type-name: AWS::Lambda::EventSourceMapping + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.BatchSize') as batch_size, + JSON_EXTRACT(detail.Properties, '$.BisectBatchOnFunctionError') as bisect_batch_on_function_error, + JSON_EXTRACT(detail.Properties, '$.DestinationConfig') as destination_config, + JSON_EXTRACT(detail.Properties, '$.Enabled') as enabled, + JSON_EXTRACT(detail.Properties, '$.EventSourceArn') as event_source_arn, + JSON_EXTRACT(detail.Properties, '$.EventSourceMappingArn') as event_source_mapping_arn, + JSON_EXTRACT(detail.Properties, '$.FilterCriteria') as filter_criteria, + JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(detail.Properties, '$.FunctionName') as function_name, + JSON_EXTRACT(detail.Properties, '$.MaximumBatchingWindowInSeconds') as maximum_batching_window_in_seconds, + JSON_EXTRACT(detail.Properties, '$.MaximumRecordAgeInSeconds') as maximum_record_age_in_seconds, + JSON_EXTRACT(detail.Properties, '$.MaximumRetryAttempts') as maximum_retry_attempts, + JSON_EXTRACT(detail.Properties, '$.ParallelizationFactor') as parallelization_factor, + JSON_EXTRACT(detail.Properties, '$.StartingPosition') as starting_position, + JSON_EXTRACT(detail.Properties, '$.StartingPositionTimestamp') as starting_position_timestamp, + JSON_EXTRACT(detail.Properties, '$.Topics') as topics, + JSON_EXTRACT(detail.Properties, '$.Queues') as queues, + JSON_EXTRACT(detail.Properties, '$.SourceAccessConfigurations') as source_access_configurations, + JSON_EXTRACT(detail.Properties, '$.TumblingWindowInSeconds') as tumbling_window_in_seconds, + JSON_EXTRACT(detail.Properties, '$.FunctionResponseTypes') as function_response_types, + JSON_EXTRACT(detail.Properties, '$.SelfManagedEventSource') as self_managed_event_source, + JSON_EXTRACT(detail.Properties, '$.AmazonManagedKafkaEventSourceConfig') as amazon_managed_kafka_event_source_config, + JSON_EXTRACT(detail.Properties, '$.SelfManagedKafkaEventSourceConfig') as self_managed_kafka_event_source_config, + JSON_EXTRACT(detail.Properties, '$.ScalingConfig') as scaling_config, + JSON_EXTRACT(detail.Properties, '$.DocumentDBEventSourceConfig') as document_db_event_source_config, + JSON_EXTRACT(detail.Properties, '$.ProvisionedPollerConfig') as provisioned_poller_config, + JSON_EXTRACT(detail.Properties, '$.MetricsConfig') as metrics_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Lambda::EventSourceMapping' + AND detail.data__TypeName = 'AWS::Lambda::EventSourceMapping' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'BatchSize') as batch_size, + json_extract_path_text(detail.Properties, 'BisectBatchOnFunctionError') as bisect_batch_on_function_error, + json_extract_path_text(detail.Properties, 'DestinationConfig') as destination_config, + json_extract_path_text(detail.Properties, 'Enabled') as enabled, + json_extract_path_text(detail.Properties, 'EventSourceArn') as event_source_arn, + json_extract_path_text(detail.Properties, 'EventSourceMappingArn') as event_source_mapping_arn, + json_extract_path_text(detail.Properties, 'FilterCriteria') as filter_criteria, + json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(detail.Properties, 'FunctionName') as function_name, + json_extract_path_text(detail.Properties, 'MaximumBatchingWindowInSeconds') as maximum_batching_window_in_seconds, + json_extract_path_text(detail.Properties, 'MaximumRecordAgeInSeconds') as maximum_record_age_in_seconds, + json_extract_path_text(detail.Properties, 'MaximumRetryAttempts') as maximum_retry_attempts, + json_extract_path_text(detail.Properties, 'ParallelizationFactor') as parallelization_factor, + json_extract_path_text(detail.Properties, 'StartingPosition') as starting_position, + json_extract_path_text(detail.Properties, 'StartingPositionTimestamp') as starting_position_timestamp, + json_extract_path_text(detail.Properties, 'Topics') as topics, + json_extract_path_text(detail.Properties, 'Queues') as queues, + json_extract_path_text(detail.Properties, 'SourceAccessConfigurations') as source_access_configurations, + json_extract_path_text(detail.Properties, 'TumblingWindowInSeconds') as tumbling_window_in_seconds, + json_extract_path_text(detail.Properties, 'FunctionResponseTypes') as function_response_types, + json_extract_path_text(detail.Properties, 'SelfManagedEventSource') as self_managed_event_source, + json_extract_path_text(detail.Properties, 'AmazonManagedKafkaEventSourceConfig') as amazon_managed_kafka_event_source_config, + json_extract_path_text(detail.Properties, 'SelfManagedKafkaEventSourceConfig') as self_managed_kafka_event_source_config, + json_extract_path_text(detail.Properties, 'ScalingConfig') as scaling_config, + json_extract_path_text(detail.Properties, 'DocumentDBEventSourceConfig') as document_db_event_source_config, + json_extract_path_text(detail.Properties, 'ProvisionedPollerConfig') as provisioned_poller_config, + json_extract_path_text(detail.Properties, 'MetricsConfig') as metrics_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Lambda::EventSourceMapping' + AND detail.data__TypeName = 'AWS::Lambda::EventSourceMapping' + AND listing.region = 'us-east-1' functions: name: functions id: aws.lambda.functions @@ -3126,6 +3728,7 @@ components: JSON_EXTRACT(Properties, '$.Code') as code, JSON_EXTRACT(Properties, '$.Role') as role, JSON_EXTRACT(Properties, '$.LoggingConfig') as logging_config, + JSON_EXTRACT(Properties, '$.RecursiveLoop') as recursive_loop, JSON_EXTRACT(Properties, '$.Environment') as environment, JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.EphemeralStorage') as ephemeral_storage, @@ -3161,6 +3764,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Code') as code, JSON_EXTRACT(detail.Properties, '$.Role') as role, JSON_EXTRACT(detail.Properties, '$.LoggingConfig') as logging_config, + JSON_EXTRACT(detail.Properties, '$.RecursiveLoop') as recursive_loop, JSON_EXTRACT(detail.Properties, '$.Environment') as environment, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.EphemeralStorage') as ephemeral_storage, @@ -3201,6 +3805,7 @@ components: json_extract_path_text(Properties, 'Code') as code, json_extract_path_text(Properties, 'Role') as role, json_extract_path_text(Properties, 'LoggingConfig') as logging_config, + json_extract_path_text(Properties, 'RecursiveLoop') as recursive_loop, json_extract_path_text(Properties, 'Environment') as environment, json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'EphemeralStorage') as ephemeral_storage, @@ -3236,6 +3841,7 @@ components: json_extract_path_text(detail.Properties, 'Code') as code, json_extract_path_text(detail.Properties, 'Role') as role, json_extract_path_text(detail.Properties, 'LoggingConfig') as logging_config, + json_extract_path_text(detail.Properties, 'RecursiveLoop') as recursive_loop, json_extract_path_text(detail.Properties, 'Environment') as environment, json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'EphemeralStorage') as ephemeral_storage, @@ -3320,6 +3926,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Code') as code, JSON_EXTRACT(detail.Properties, '$.Role') as role, JSON_EXTRACT(detail.Properties, '$.LoggingConfig') as logging_config, + JSON_EXTRACT(detail.Properties, '$.RecursiveLoop') as recursive_loop, JSON_EXTRACT(detail.Properties, '$.Environment') as environment, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.EphemeralStorage') as ephemeral_storage, @@ -3361,6 +3968,7 @@ components: json_extract_path_text(detail.Properties, 'Code') as code, json_extract_path_text(detail.Properties, 'Role') as role, json_extract_path_text(detail.Properties, 'LoggingConfig') as logging_config, + json_extract_path_text(detail.Properties, 'RecursiveLoop') as recursive_loop, json_extract_path_text(detail.Properties, 'Environment') as environment, json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'EphemeralStorage') as ephemeral_storage, @@ -3706,15 +4314,15 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.FunctionName') as function_name, JSON_EXTRACT(Properties, '$.Action') as action, JSON_EXTRACT(Properties, '$.EventSourceToken') as event_source_token, - JSON_EXTRACT(Properties, '$.FunctionName') as function_name, JSON_EXTRACT(Properties, '$.FunctionUrlAuthType') as function_url_auth_type, - JSON_EXTRACT(Properties, '$.Principal') as principal, - JSON_EXTRACT(Properties, '$.PrincipalOrgID') as principal_org_id, + JSON_EXTRACT(Properties, '$.SourceArn') as source_arn, JSON_EXTRACT(Properties, '$.SourceAccount') as source_account, - JSON_EXTRACT(Properties, '$.SourceArn') as source_arn + JSON_EXTRACT(Properties, '$.PrincipalOrgID') as principal_org_id, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Principal') as principal FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Permission' AND data__Identifier = '|' AND region = 'us-east-1' @@ -3723,15 +4331,15 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.FunctionName') as function_name, JSON_EXTRACT(detail.Properties, '$.Action') as action, JSON_EXTRACT(detail.Properties, '$.EventSourceToken') as event_source_token, - JSON_EXTRACT(detail.Properties, '$.FunctionName') as function_name, JSON_EXTRACT(detail.Properties, '$.FunctionUrlAuthType') as function_url_auth_type, - JSON_EXTRACT(detail.Properties, '$.Principal') as principal, - JSON_EXTRACT(detail.Properties, '$.PrincipalOrgID') as principal_org_id, + JSON_EXTRACT(detail.Properties, '$.SourceArn') as source_arn, JSON_EXTRACT(detail.Properties, '$.SourceAccount') as source_account, - JSON_EXTRACT(detail.Properties, '$.SourceArn') as source_arn + JSON_EXTRACT(detail.Properties, '$.PrincipalOrgID') as principal_org_id, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Principal') as principal FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3745,15 +4353,15 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'FunctionName') as function_name, json_extract_path_text(Properties, 'Action') as action, json_extract_path_text(Properties, 'EventSourceToken') as event_source_token, - json_extract_path_text(Properties, 'FunctionName') as function_name, json_extract_path_text(Properties, 'FunctionUrlAuthType') as function_url_auth_type, - json_extract_path_text(Properties, 'Principal') as principal, - json_extract_path_text(Properties, 'PrincipalOrgID') as principal_org_id, + json_extract_path_text(Properties, 'SourceArn') as source_arn, json_extract_path_text(Properties, 'SourceAccount') as source_account, - json_extract_path_text(Properties, 'SourceArn') as source_arn + json_extract_path_text(Properties, 'PrincipalOrgID') as principal_org_id, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Principal') as principal FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Permission' AND data__Identifier = '|' AND region = 'us-east-1' @@ -3762,15 +4370,15 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'FunctionName') as function_name, json_extract_path_text(detail.Properties, 'Action') as action, json_extract_path_text(detail.Properties, 'EventSourceToken') as event_source_token, - json_extract_path_text(detail.Properties, 'FunctionName') as function_name, json_extract_path_text(detail.Properties, 'FunctionUrlAuthType') as function_url_auth_type, - json_extract_path_text(detail.Properties, 'Principal') as principal, - json_extract_path_text(detail.Properties, 'PrincipalOrgID') as principal_org_id, + json_extract_path_text(detail.Properties, 'SourceArn') as source_arn, json_extract_path_text(detail.Properties, 'SourceAccount') as source_account, - json_extract_path_text(detail.Properties, 'SourceArn') as source_arn + json_extract_path_text(detail.Properties, 'PrincipalOrgID') as principal_org_id, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Principal') as principal FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -4025,7 +4633,6 @@ components: JSON_EXTRACT(Properties, '$.CodeSha256') as code_sha256, JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.FunctionName') as function_name, - JSON_EXTRACT(Properties, '$.Policy') as policy, JSON_EXTRACT(Properties, '$.ProvisionedConcurrencyConfig') as provisioned_concurrency_config, JSON_EXTRACT(Properties, '$.RuntimePolicy') as runtime_policy FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Version' @@ -4041,7 +4648,6 @@ components: JSON_EXTRACT(detail.Properties, '$.CodeSha256') as code_sha256, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.FunctionName') as function_name, - JSON_EXTRACT(detail.Properties, '$.Policy') as policy, JSON_EXTRACT(detail.Properties, '$.ProvisionedConcurrencyConfig') as provisioned_concurrency_config, JSON_EXTRACT(detail.Properties, '$.RuntimePolicy') as runtime_policy FROM aws.cloud_control.resources listing @@ -4062,7 +4668,6 @@ components: json_extract_path_text(Properties, 'CodeSha256') as code_sha256, json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'FunctionName') as function_name, - json_extract_path_text(Properties, 'Policy') as policy, json_extract_path_text(Properties, 'ProvisionedConcurrencyConfig') as provisioned_concurrency_config, json_extract_path_text(Properties, 'RuntimePolicy') as runtime_policy FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lambda::Version' @@ -4078,7 +4683,6 @@ components: json_extract_path_text(detail.Properties, 'CodeSha256') as code_sha256, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'FunctionName') as function_name, - json_extract_path_text(detail.Properties, 'Policy') as policy, json_extract_path_text(detail.Properties, 'ProvisionedConcurrencyConfig') as provisioned_concurrency_config, json_extract_path_text(detail.Properties, 'RuntimePolicy') as runtime_policy FROM aws.cloud_control.resources listing @@ -4262,6 +4866,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' description: Success + /?Action=CreateResource&Version=2021-09-30&__Alias&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateAlias + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateAliasRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__CodeSigningConfig&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/launchwizard.yaml b/providers/src/aws/v00.00.00000/services/launchwizard.yaml new file mode 100644 index 00000000..32df2577 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/launchwizard.yaml @@ -0,0 +1,1101 @@ +openapi: 3.0.0 +info: + title: LaunchWizard + version: 2.0.0 + x-serviceName: cloudcontrolapi +servers: + - url: https://cloudcontrolapi.{region}.amazonaws.com + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The CloudControlApi multi-region endpoint + - url: https://cloudcontrolapi.{region}.amazonaws.com.cn + variables: + region: + description: The AWS region + enum: + - cn-north-1 + - cn-northwest-1 + default: cn-north-1 + description: The CloudControlApi endpoint for China (Beijing) and China (Ningxia) +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + x-cloud-control-schemas: + AlreadyExistsException: {} + CancelResourceRequestInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: CancelResourceRequestInput + type: object + CancelResourceRequestOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + ClientToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + ClientTokenConflictException: {} + ConcurrentModificationException: {} + ConcurrentOperationException: {} + CreateResourceInput: + properties: + ClientToken: + type: string + DesiredState: + allOf: + - $ref: '#/components/x-cloud-control-schemas/Properties' + - description: >- +

Structured data format representing the desired state of the resource, consisting of that resource's properties and their desired values.

Cloud Control API currently supports JSON as a structured data format.

 
 <p>Specify the desired state as one of the following:</p> <ul> <li> <p>A JSON blob</p> </li> <li> <p>A local path containing the desired state in JSON data format</p>
+                </li> </ul> <p>For more information, see <a href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-create.html#resource-operations-create-desiredstate">Composing the desired state of the resource</a> in the <i>Amazon Web Services Cloud Control API User Guide</i>.</p> <p>For more information about the properties of a specific resource, refer to the related topic for the resource in the
+                <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Resource and property types reference</a> in the <i>CloudFormation Users Guide</i>.</p>
+ RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - DesiredState + title: CreateResourceInput + type: object + CreateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + DeleteResourceInput: + properties: + ClientToken: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - Identifier + title: DeleteResourceInput + type: object + DeleteResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + GeneralServiceException: {} + GetResourceInput: + properties: + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + required: + - TypeName + - Identifier + title: GetResourceInput + type: object + GetResourceOutput: + properties: + ResourceDescription: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + TypeName: + type: string + type: object + GetResourceRequestStatusInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: GetResourceRequestStatusInput + type: object + GetResourceRequestStatusOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + HandlerErrorCode: + enum: + - NotUpdatable + - InvalidRequest + - AccessDenied + - InvalidCredentials + - AlreadyExists + - NotFound + - ResourceConflict + - Throttling + - ServiceLimitExceeded + - NotStabilized + - GeneralServiceException + - ServiceInternalError + - ServiceTimeout + - NetworkFailure + - InternalFailure + type: string + HandlerFailureException: {} + HandlerInternalFailureException: {} + HandlerNextToken: + maxLength: 2048 + minLength: 1 + pattern: .+ + type: string + Identifier: + maxLength: 1024 + minLength: 1 + pattern: .+ + type: string + InvalidCredentialsException: {} + InvalidRequestException: {} + MaxResults: + maximum: 100 + minimum: 1 + type: integer + NetworkFailureException: {} + NextToken: + maxLength: 2048 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + NotStabilizedException: {} + NotUpdatableException: {} + Operation: + enum: + - CREATE + - DELETE + - UPDATE + type: string + OperationStatus: + enum: + - PENDING + - IN_PROGRESS + - SUCCESS + - FAILED + - CANCEL_IN_PROGRESS + - CANCEL_COMPLETE + type: string + OperationStatuses: + items: + $ref: '#/components/x-cloud-control-schemas/OperationStatus' + type: array + Operations: + items: + $ref: '#/components/x-cloud-control-schemas/Operation' + type: array + PatchDocument: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + PrivateTypeException: {} + ProgressEvent: + example: + ErrorCode: string + EventTime: number + Identifier: string + Operation: string + OperationStatus: string + RequestToken: string + ResourceModel: string + RetryAfter: number + StatusMessage: string + TypeName: string + properties: + ErrorCode: + type: string + EventTime: + type: number + Identifier: + type: string + Operation: + type: string + OperationStatus: + type: string + RequestToken: + type: string + ResourceModel: + type: string + RetryAfter: + type: number + StatusMessage: + type: string + TypeName: + type: string + type: object + Properties: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + RequestToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + RequestTokenNotFoundException: {} + ResourceConflictException: {} + ResourceDescription: + description: Represents information about a provisioned resource. + properties: + Identifier: + type: string + Properties: + type: string + type: object + ResourceDescriptions: + items: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + type: array + ResourceNotFoundException: {} + ResourceRequestStatusFilter: + description: The filter criteria to use in determining the requests returned. + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/OperationStatuses' + - description: >- +

The operation statuses to include in the filter.

  • PENDING: The operation has been requested, but not yet initiated.

  • IN_PROGRESS: The operation is in progress.

  • SUCCESS: The operation completed.

  • FAILED: The operation failed.

  • CANCEL_IN_PROGRESS: The operation is in the process of being canceled.

  • + CANCEL_COMPLETE: The operation has been canceled.

+ type: object + ResourceRequestStatusSummaries: + items: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: array + RoleArn: + maxLength: 2048 + minLength: 20 + pattern: arn:.+:iam::[0-9]{12}:role/.+ + type: string + ServiceInternalErrorException: {} + ServiceLimitExceededException: {} + StatusMessage: + maxLength: 1024 + minLength: 0 + pattern: '[\s\S]*' + type: string + ThrottlingException: {} + Timestamp: + format: date-time + type: string + TypeName: + maxLength: 196 + minLength: 10 + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}' + type: string + TypeNotFoundException: {} + TypeVersionId: + maxLength: 128 + minLength: 1 + pattern: '[A-Za-z0-9-]+' + type: string + UnsupportedActionException: {} + UpdateResourceInput: + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/PatchDocument' + required: + - Identifier + - PatchDocument + title: UpdateResourceInput + type: object + UpdateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + schemas: + DeploymentSpecifications: + type: object + maxProperties: 100 + minProperties: 1 + x-patternProperties: + ^[a-zA-Z0-9-:]{3,256}$: + type: string + maxLength: 1500 + minLength: 1 + additionalProperties: false + DeploymentStatus: + type: string + enum: + - COMPLETED + - CREATING + - DELETE_IN_PROGRESS + - DELETE_INITIATING + - DELETE_FAILED + - DELETED + - FAILED + - IN_PROGRESS + - VALIDATING + Tags: + type: object + properties: + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + type: string + minLength: 1 + maxLength: 128 + pattern: ^[a-zA-Z+-=._:/]+$ + Value: + description: 'The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + type: string + minLength: 0 + maxLength: 256 + required: + - Key + additionalProperties: false + Deployment: + type: object + properties: + Arn: + description: ARN of the LaunchWizard deployment + type: string + pattern: ^arn:aws(-cn|-us-gov)?:launchwizard:[a-z0-9-]+:[0-9]{12}:deployment/([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})$ + CreatedAt: + description: Timestamp of LaunchWizard deployment creation + type: string + format: date-time + DeletedAt: + description: Timestamp of LaunchWizard deployment deletion + type: string + format: date-time + DeploymentId: + description: Deployment ID of the LaunchWizard deployment + type: string + maxLength: 128 + minLength: 2 + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + DeploymentPatternName: + description: Workload deployment pattern name + type: string + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9][a-zA-Z0-9-]*$ + Name: + description: Name of LaunchWizard deployment + type: string + maxLength: 50 + minLength: 1 + pattern: ^[A-Za-z0-9_\s\.-]+$ + ResourceGroup: + description: Resource Group Name created for LaunchWizard deployment + type: string + Specifications: + description: LaunchWizard deployment specifications + $ref: '#/components/schemas/DeploymentSpecifications' + Status: + description: Status of LaunchWizard deployment + $ref: '#/components/schemas/DeploymentStatus' + Tags: + description: Tags for LaunchWizard deployment + type: array + items: + $ref: '#/components/schemas/Tags' + x-insertionOrder: false + WorkloadName: + description: Workload Name for LaunchWizard deployment + type: string + maxLength: 100 + minLength: 1 + pattern: ^[A-Za-z][a-zA-Z0-9-_]*$ + required: + - DeploymentPatternName + - Name + - Specifications + - WorkloadName + x-stackql-resource-name: deployment + description: Definition of AWS::LaunchWizard::Deployment Resource Type + x-type-name: AWS::LaunchWizard::Deployment + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - DeploymentPatternName + - Name + - WorkloadName + x-write-only-properties: + - Specifications + x-read-only-properties: + - Arn + - CreatedAt + - DeletedAt + - DeploymentId + - ResourceGroup + - Status + x-required-properties: + - DeploymentPatternName + - Name + - Specifications + - WorkloadName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - launchwizard:CreateDeployment + - launchwizard:GetDeployment + - launchwizard:ListDeploymentEvents + - launchwizard:ListTagsForResource + - launchwizard:TagResource + - ssm:GetParameter + - ssm:PutParameter + - ssm:DescribeParameters + - ssm:AddTagsToResource + - ssm:DeleteParameter + - secretsmanager:DescribeSecret + - secretsmanager:PutSecretValue + - secretsmanager:CreateSecret + - secretsmanager:TagResource + - secretsmanager:UpdateSecret + - resource-groups:CreateGroup + - resource-groups:DeleteGroup + - cloudformation:DeleteStack + - cloudformation:DescribeStackResources + - cloudformation:DescribeStackResource + - cloudformation:DescribeStacks + - cloudformation:DescribeStackEvents + - cloudformation:CreateStack + - cloudformation:TagResource + - s3:PutObject + - s3:GetObject + - s3:CreateBucket + - sns:ListSubscriptionsByTopic + - sns:Publish + - sns:ListSubscriptions + - sns:ListTopics + - sns:CreateTopic + - sns:Subscribe + - sns:Unsubscribe + - sqs:TagQueue + - sqs:GetQueueUrl + - sqs:AddPermission + - sqs:ListQueues + - sqs:GetQueueAttributes + - sqs:ListQueueTags + - sqs:CreateQueue + - sqs:SetQueueAttributes + read: + - launchwizard:GetDeployment + - launchwizard:ListDeploymentEvents + - launchwizard:ListTagsForResource + delete: + - launchwizard:GetDeployment + - launchwizard:DeleteDeployment + - launchwizard:UntagResource + - ssm:DeleteParameter + - secretsmanager:DeleteSecret + - resource-groups:DeleteGroup + - cloudformation:DeleteStack + - cloudformation:DescribeStacks + - ssm:GetParameter + - sns:ListSubscriptionsByTopic + - sns:Publish + - sns:ListSubscriptions + - sns:ListTopics + - sns:CreateTopic + - sns:DeleteTopic + - sns:Subscribe + - sns:Unsubscribe + - sqs:GetQueueUrl + - sqs:ListQueues + - sqs:DeleteQueue + - sqs:GetQueueAttributes + - sqs:ListQueueTags + update: + - launchwizard:GetDeployment + - launchwizard:ListTagsForResource + - launchwizard:TagResource + - launchwizard:UntagResource + list: + - launchwizard:ListDeployments + - launchwizard:ListTagsForResource + CreateDeploymentRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + description: ARN of the LaunchWizard deployment + type: string + pattern: ^arn:aws(-cn|-us-gov)?:launchwizard:[a-z0-9-]+:[0-9]{12}:deployment/([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})$ + CreatedAt: + description: Timestamp of LaunchWizard deployment creation + type: string + format: date-time + DeletedAt: + description: Timestamp of LaunchWizard deployment deletion + type: string + format: date-time + DeploymentId: + description: Deployment ID of the LaunchWizard deployment + type: string + maxLength: 128 + minLength: 2 + pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ + DeploymentPatternName: + description: Workload deployment pattern name + type: string + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9][a-zA-Z0-9-]*$ + Name: + description: Name of LaunchWizard deployment + type: string + maxLength: 50 + minLength: 1 + pattern: ^[A-Za-z0-9_\s\.-]+$ + ResourceGroup: + description: Resource Group Name created for LaunchWizard deployment + type: string + Specifications: + description: LaunchWizard deployment specifications + $ref: '#/components/schemas/DeploymentSpecifications' + Status: + description: Status of LaunchWizard deployment + $ref: '#/components/schemas/DeploymentStatus' + Tags: + description: Tags for LaunchWizard deployment + type: array + items: + $ref: '#/components/schemas/Tags' + x-insertionOrder: false + WorkloadName: + description: Workload Name for LaunchWizard deployment + type: string + maxLength: 100 + minLength: 1 + pattern: ^[A-Za-z][a-zA-Z0-9-_]*$ + x-stackQL-stringOnly: true + x-title: CreateDeploymentRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + deployments: + name: deployments + id: aws.launchwizard.deployments + x-cfn-schema-name: Deployment + x-cfn-type-name: AWS::LaunchWizard::Deployment + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Deployment&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::LaunchWizard::Deployment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::LaunchWizard::Deployment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::LaunchWizard::Deployment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/deployments/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/deployments/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/deployments/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.DeletedAt') as deleted_at, + JSON_EXTRACT(Properties, '$.DeploymentId') as deployment_id, + JSON_EXTRACT(Properties, '$.DeploymentPatternName') as deployment_pattern_name, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ResourceGroup') as resource_group, + JSON_EXTRACT(Properties, '$.Specifications') as specifications, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.WorkloadName') as workload_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LaunchWizard::Deployment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.DeletedAt') as deleted_at, + JSON_EXTRACT(detail.Properties, '$.DeploymentId') as deployment_id, + JSON_EXTRACT(detail.Properties, '$.DeploymentPatternName') as deployment_pattern_name, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ResourceGroup') as resource_group, + JSON_EXTRACT(detail.Properties, '$.Specifications') as specifications, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.WorkloadName') as workload_name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::LaunchWizard::Deployment' + AND detail.data__TypeName = 'AWS::LaunchWizard::Deployment' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'DeletedAt') as deleted_at, + json_extract_path_text(Properties, 'DeploymentId') as deployment_id, + json_extract_path_text(Properties, 'DeploymentPatternName') as deployment_pattern_name, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ResourceGroup') as resource_group, + json_extract_path_text(Properties, 'Specifications') as specifications, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'WorkloadName') as workload_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::LaunchWizard::Deployment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'DeletedAt') as deleted_at, + json_extract_path_text(detail.Properties, 'DeploymentId') as deployment_id, + json_extract_path_text(detail.Properties, 'DeploymentPatternName') as deployment_pattern_name, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ResourceGroup') as resource_group, + json_extract_path_text(detail.Properties, 'Specifications') as specifications, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'WorkloadName') as workload_name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::LaunchWizard::Deployment' + AND detail.data__TypeName = 'AWS::LaunchWizard::Deployment' + AND listing.region = 'us-east-1' + deployments_list_only: + name: deployments_list_only + id: aws.launchwizard.deployments_list_only + x-cfn-schema-name: Deployment + x-cfn-type-name: AWS::LaunchWizard::Deployment + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LaunchWizard::Deployment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::LaunchWizard::Deployment' + AND region = 'us-east-1' + deployment_tags: + name: deployment_tags + id: aws.launchwizard.deployment_tags + x-cfn-schema-name: Deployment + x-cfn-type-name: AWS::LaunchWizard::Deployment + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.DeletedAt') as deleted_at, + JSON_EXTRACT(detail.Properties, '$.DeploymentId') as deployment_id, + JSON_EXTRACT(detail.Properties, '$.DeploymentPatternName') as deployment_pattern_name, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ResourceGroup') as resource_group, + JSON_EXTRACT(detail.Properties, '$.Specifications') as specifications, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.WorkloadName') as workload_name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::LaunchWizard::Deployment' + AND detail.data__TypeName = 'AWS::LaunchWizard::Deployment' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'DeletedAt') as deleted_at, + json_extract_path_text(detail.Properties, 'DeploymentId') as deployment_id, + json_extract_path_text(detail.Properties, 'DeploymentPatternName') as deployment_pattern_name, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ResourceGroup') as resource_group, + json_extract_path_text(detail.Properties, 'Specifications') as specifications, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'WorkloadName') as workload_name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::LaunchWizard::Deployment' + AND detail.data__TypeName = 'AWS::LaunchWizard::Deployment' + AND listing.region = 'us-east-1' +paths: + /?Action=CreateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Deployment&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDeployment + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDeploymentRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success +x-stackQL-config: + requestTranslate: + algorithm: drop_double_underscore_params + pagination: + requestToken: + key: NextToken + location: body + responseToken: + key: NextToken + location: body diff --git a/providers/src/aws/v00.00.00000/services/lex.yaml b/providers/src/aws/v00.00.00000/services/lex.yaml index d4b8b5df..228eabc9 100644 --- a/providers/src/aws/v00.00.00000/services/lex.yaml +++ b/providers/src/aws/v00.00.00000/services/lex.yaml @@ -385,6 +385,27 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + ReplicaRegion: + description: The secondary region that will be used in the replication of the source bot. + type: string + minLength: 2 + maxLength: 25 + Replication: + description: Parameter used to create a replication of the source bot in the secondary region. + type: object + properties: + ReplicaRegions: + description: List of secondary regions for bot replication. + type: array + uniqueItems: true + maxItems: 1 + minItems: 1 + x-insertionOrder: false + items: + $ref: '#/components/schemas/ReplicaRegion' + required: + - ReplicaRegions + additionalProperties: false BotAliasLocaleSettingsList: description: A list of bot alias locale settings to add to the bot alias. type: array @@ -2031,6 +2052,8 @@ components: type: boolean TestBotAliasSettings: $ref: '#/components/schemas/TestBotAliasSettings' + Replication: + $ref: '#/components/schemas/Replication' required: - Name - RoleArn @@ -2047,6 +2070,7 @@ components: - AutoBuildBotLocales - BotTags - TestBotAliasTags + - Replication x-read-only-properties: - Id - Arn @@ -2088,9 +2112,15 @@ components: - lex:DeleteCustomVocabulary - s3:GetObject - lex:UpdateBotAlias + - iam:CreateServiceLinkedRole + - iam:GetRole + - lex:CreateBotReplica + - lex:DescribeBotReplica + - lex:DeleteBotReplica read: - lex:DescribeBot - lex:ListTagsForResource + - lex:DescribeBotReplica update: - iam:PassRole - lex:DescribeBot @@ -2123,6 +2153,9 @@ components: - lex:DeleteCustomVocabulary - s3:GetObject - lex:UpdateBotAlias + - lex:CreateBotReplica + - lex:DescribeBotReplica + - lex:DeleteBotReplica delete: - lex:DeleteBot - lex:DescribeBot @@ -2134,8 +2167,10 @@ components: - lex:DeleteBotChannel - lex:DeleteBotAlias - lex:DeleteCustomVocabulary + - lex:DeleteBotReplica list: - lex:ListBots + - lex:ListBotReplicas BotAliasStatus: type: string enum: @@ -2417,6 +2452,8 @@ components: type: boolean TestBotAliasSettings: $ref: '#/components/schemas/TestBotAliasSettings' + Replication: + $ref: '#/components/schemas/Replication' x-stackQL-stringOnly: true x-title: CreateBotRequest type: object @@ -2607,7 +2644,8 @@ components: JSON_EXTRACT(Properties, '$.BotTags') as bot_tags, JSON_EXTRACT(Properties, '$.TestBotAliasTags') as test_bot_alias_tags, JSON_EXTRACT(Properties, '$.AutoBuildBotLocales') as auto_build_bot_locales, - JSON_EXTRACT(Properties, '$.TestBotAliasSettings') as test_bot_alias_settings + JSON_EXTRACT(Properties, '$.TestBotAliasSettings') as test_bot_alias_settings, + JSON_EXTRACT(Properties, '$.Replication') as replication FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lex::Bot' AND data__Identifier = '' AND region = 'us-east-1' @@ -2628,7 +2666,8 @@ components: JSON_EXTRACT(detail.Properties, '$.BotTags') as bot_tags, JSON_EXTRACT(detail.Properties, '$.TestBotAliasTags') as test_bot_alias_tags, JSON_EXTRACT(detail.Properties, '$.AutoBuildBotLocales') as auto_build_bot_locales, - JSON_EXTRACT(detail.Properties, '$.TestBotAliasSettings') as test_bot_alias_settings + JSON_EXTRACT(detail.Properties, '$.TestBotAliasSettings') as test_bot_alias_settings, + JSON_EXTRACT(detail.Properties, '$.Replication') as replication FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2654,7 +2693,8 @@ components: json_extract_path_text(Properties, 'BotTags') as bot_tags, json_extract_path_text(Properties, 'TestBotAliasTags') as test_bot_alias_tags, json_extract_path_text(Properties, 'AutoBuildBotLocales') as auto_build_bot_locales, - json_extract_path_text(Properties, 'TestBotAliasSettings') as test_bot_alias_settings + json_extract_path_text(Properties, 'TestBotAliasSettings') as test_bot_alias_settings, + json_extract_path_text(Properties, 'Replication') as replication FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Lex::Bot' AND data__Identifier = '' AND region = 'us-east-1' @@ -2675,7 +2715,8 @@ components: json_extract_path_text(detail.Properties, 'BotTags') as bot_tags, json_extract_path_text(detail.Properties, 'TestBotAliasTags') as test_bot_alias_tags, json_extract_path_text(detail.Properties, 'AutoBuildBotLocales') as auto_build_bot_locales, - json_extract_path_text(detail.Properties, 'TestBotAliasSettings') as test_bot_alias_settings + json_extract_path_text(detail.Properties, 'TestBotAliasSettings') as test_bot_alias_settings, + json_extract_path_text(detail.Properties, 'Replication') as replication FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/lightsail.yaml b/providers/src/aws/v00.00.00000/services/lightsail.yaml index 6a9e156e..338b0cdd 100644 --- a/providers/src/aws/v00.00.00000/services/lightsail.yaml +++ b/providers/src/aws/v00.00.00000/services/lightsail.yaml @@ -393,7 +393,7 @@ components: type: string pattern: \w[\w\-]*\w MonitoredResourceName: - description: The validation status of the SSL/TLS certificate. + description: The name of the Lightsail resource that the alarm monitors. type: string MetricName: description: The name of the metric to associate with the alarm. @@ -567,7 +567,15 @@ components: x-required-properties: - BucketName - BundleId - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - lightsail:TagResource + - lightsail:UntagResource x-required-permissions: create: - lightsail:CreateBucket @@ -625,7 +633,7 @@ components: - CertificateName - DomainName x-stackql-resource-name: certificate - description: An example resource schema demonstrating some basic constructs and validation rules. + description: Resource Type definition for AWS::Lightsail::Certificate. x-type-name: AWS::Lightsail::Certificate x-stackql-primary-identifier: - CertificateName @@ -639,7 +647,15 @@ components: x-required-properties: - CertificateName - DomainName - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - lightsail:TagResource + - lightsail:UntagResource x-required-permissions: create: - lightsail:CreateCertificate @@ -778,7 +794,15 @@ components: - ServiceName - Power - Scale - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - lightsail:TagResource + - lightsail:UntagResource x-required-permissions: create: - lightsail:CreateContainerService @@ -977,7 +1001,15 @@ components: - RelationalDatabaseBundleId - MasterDatabaseName - MasterUsername - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - lightsail:TagResource + - lightsail:UntagResource x-required-permissions: create: - lightsail:CreateRelationalDatabase @@ -1263,7 +1295,15 @@ components: - BundleId - DefaultCacheBehavior - Origin - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - lightsail:TagResource + - lightsail:UntagResource x-required-permissions: create: - lightsail:AttachCertificateToDistribution @@ -1513,7 +1553,15 @@ components: - InstanceName - BlueprintId - BundleId - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - lightsail:TagResource + - lightsail:UntagResource x-required-permissions: create: - lightsail:CreateInstances @@ -1611,7 +1659,15 @@ components: x-required-properties: - LoadBalancerName - InstancePort - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - lightsail:TagResource + - lightsail:UntagResource x-required-permissions: create: - lightsail:CreateLoadBalancer @@ -1791,7 +1847,7 @@ components: type: string pattern: \w[\w\-]*\w MonitoredResourceName: - description: The validation status of the SSL/TLS certificate. + description: The name of the Lightsail resource that the alarm monitors. type: string MetricName: description: The name of the metric to associate with the alarm. diff --git a/providers/src/aws/v00.00.00000/services/location.yaml b/providers/src/aws/v00.00.00000/services/location.yaml index 729541e9..fd9ddd7d 100644 --- a/providers/src/aws/v00.00.00000/services/location.yaml +++ b/providers/src/aws/v00.00.00000/services/location.yaml @@ -394,8 +394,8 @@ components: type: string maxLength: 200 minLength: 5 - pattern: ^geo:\w*\*?$ - maxItems: 7 + pattern: ^(geo|geo-routes|geo-places|geo-maps):\w*\*?$ + maxItems: 24 minItems: 1 x-insertionOrder: false AllowResources: @@ -404,7 +404,7 @@ components: type: string maxLength: 1600 pattern: (^arn(:[a-z0-9]+([.-][a-z0-9]+)*):geo(:([a-z0-9]+([.-][a-z0-9]+)*))(:[0-9]+):((\*)|([-a-z]+[/][*-._\w]+))$)|(^arn(:[a-z0-9]+([.-][a-z0-9]+)*):(geo-routes|geo-places|geo-maps)(:((\*)|([a-z0-9]+([.-][a-z0-9]+)*)))::((provider[\/][*-._\w]+))$) - maxItems: 5 + maxItems: 8 minItems: 1 x-insertionOrder: false AllowReferers: @@ -424,11 +424,11 @@ components: type: object maxProperties: 50 x-patternProperties: - ^[a-zA-Z+-=._:/]+$: + ^([\p{L}\p{Z}\p{N}_.,:/=+\-@]*)$: type: string maxLength: 256 minLength: 0 - pattern: ^[A-Za-z0-9 _=@:.+-/]*$ + pattern: ^([\p{L}\p{Z}\p{N}_.,:/=+\-@]*)$ additionalProperties: false Tag: description: A key-value pair to associate with a resource. @@ -525,6 +525,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - geo:TagResource + - geo:UntagResource x-required-permissions: create: - geo:CreateKey @@ -541,6 +544,20 @@ components: - geo:GetPlace - geo:CalculateRoute - geo:CalculateRouteMatrix + - geo-maps:GetTile + - geo-maps:GetStaticMap + - geo-places:Autocomplete + - geo-places:Geocode + - geo-places:GetPlace + - geo-places:ReverseGeocode + - geo-places:SearchNearby + - geo-places:SearchText + - geo-places:Suggest + - geo-routes:CalculateIsolines + - geo-routes:CalculateRouteMatrix + - geo-routes:CalculateRoutes + - geo-routes:OptimizeWaypoints + - geo-routes:SnapToRoads read: - geo:DescribeKey update: @@ -558,6 +575,20 @@ components: - geo:GetPlace - geo:CalculateRoute - geo:CalculateRouteMatrix + - geo-maps:GetTile + - geo-maps:GetStaticMap + - geo-places:Autocomplete + - geo-places:Geocode + - geo-places:GetPlace + - geo-places:ReverseGeocode + - geo-places:SearchNearby + - geo-places:SearchText + - geo-places:Suggest + - geo-routes:CalculateIsolines + - geo-routes:CalculateRouteMatrix + - geo-routes:CalculateRoutes + - geo-routes:OptimizeWaypoints + - geo-routes:SnapToRoads - geo:UpdateKey delete: - geo:DeleteKey @@ -633,6 +664,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - geo:TagResource + - geo:UntagResource x-required-permissions: create: - geo:CreateGeofenceCollection @@ -743,6 +777,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - geo:TagResource + - geo:UntagResource x-required-permissions: create: - geo:CreateMap @@ -837,6 +874,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - geo:TagResource + - geo:UntagResource x-required-permissions: create: - geo:CreatePlaceIndex @@ -918,6 +958,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - geo:TagResource + - geo:UntagResource x-required-permissions: create: - geo:CreateRouteCalculator @@ -1014,6 +1057,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - geo:TagResource + - geo:UntagResource x-required-permissions: create: - geo:CreateTracker diff --git a/providers/src/aws/v00.00.00000/services/logs.yaml b/providers/src/aws/v00.00.00000/services/logs.yaml index 3b64c276..3c1687cb 100644 --- a/providers/src/aws/v00.00.00000/services/logs.yaml +++ b/providers/src/aws/v00.00.00000/services/logs.yaml @@ -416,6 +416,8 @@ components: enum: - DATA_PROTECTION_POLICY - SUBSCRIPTION_FILTER_POLICY + - FIELD_INDEX_POLICY + - TRANSFORMER_POLICY Scope: description: Scope for policy application type: string @@ -453,6 +455,7 @@ components: x-required-permissions: create: - logs:PutAccountPolicy + - logs:PutIndexPolicy - logs:PutDataProtectionPolicy - logs:DescribeAccountPolicies - logs:CreateLogDelivery @@ -460,31 +463,40 @@ components: - firehose:TagDeliveryStream - logs:PutSubscriptionFilter - logs:DeleteSubscriptionFilter + - logs:PutTransformer - iam:PassRole read: - logs:DescribeAccountPolicies + - logs:GetTransformer update: - logs:PutAccountPolicy + - logs:PutIndexPolicy - logs:PutDataProtectionPolicy - logs:DescribeAccountPolicies - logs:DeleteAccountPolicy + - logs:DeleteIndexPolicy - logs:DeleteDataProtectionPolicy - logs:CreateLogDelivery - logs:PutSubscriptionFilter - logs:DeleteSubscriptionFilter + - logs:PutTransformer + - logs:DeleteTransformer - s3:REST.PUT.OBJECT - firehose:TagDeliveryStream - iam:PassRole delete: - logs:DeleteAccountPolicy + - logs:DeleteIndexPolicy - logs:DeleteDataProtectionPolicy - logs:DescribeAccountPolicies - logs:DeleteSubscriptionFilter + - logs:DeleteTransformer - iam:PassRole list: - logs:DescribeAccountPolicies + - logs:GetTransformer Tag: - description: '' + description: The value of this key-value pair. type: object additionalProperties: false properties: @@ -495,18 +507,22 @@ components: maxLength: 128 Value: type: string - description: '' + description: The value of this key-value pair. minLength: 0 maxLength: 256 required: - Key - Value Arn: - description: The Amazon Resource Name (ARN) that uniquely identifies this delivery source. type: string - minLength: 16 + minLength: 20 maxLength: 2048 - pattern: ^arn:(aws[a-zA-Z-]*)?:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + pattern: '[\w#+=/:,.@-]*\*?' + FieldHeader: + description: A single record field to be delivered to the destination. + type: string + minLength: 1 + maxLength: 50 Delivery: type: object properties: @@ -541,6 +557,24 @@ components: x-insertionOrder: false items: $ref: '#/components/schemas/Tag' + RecordFields: + description: The list of record fields to be delivered to the destination, in order. If the delivery's log source has mandatory fields, they must be included in this list. + type: array + items: + $ref: '#/components/schemas/FieldHeader' + FieldDelimiter: + description: The field delimiter to use between record fields when the final output format of a delivery is in Plain , W3C , or Raw format. + type: string + minLength: 1 + maxLength: 5 + S3SuffixPath: + description: This string allows re-configuring the S3 object prefix to contain either static or variable sections. The valid variables to use in the suffix path will vary by each log source. See ConfigurationTemplate$allowedSuffixPathFields for more info on what values are supported in the suffix path for each log source. + type: string + minLength: 0 + maxLength: 256 + S3EnableHiveCompatiblePath: + description: This parameter causes the S3 objects that contain delivered logs to use a prefix structure that allows for integration with Apache Hive. + type: boolean required: - DeliverySourceName - DeliveryDestinationArn @@ -624,7 +658,7 @@ components: description: The Amazon Resource Name (ARN) that uniquely identifies this delivery destination. $ref: '#/components/schemas/Arn' DestinationResourceArn: - description: The ARN of the AWS resource that will receive the logs. + description: The ARN of the Amazon Web Services destination that this delivery destination represents. That Amazon Web Services destination can be a log group in CloudWatch Logs, an Amazon S3 bucket, or a delivery stream in Firehose. $ref: '#/components/schemas/Arn' Tags: description: The tags that have been assigned to this delivery destination. @@ -649,6 +683,12 @@ components: type: object items: $ref: '#/components/schemas/DestinationPolicy' + OutputFormat: + description: The format of the logs that are sent to this delivery destination. + type: string + minLength: 1 + maxLength: 12 + pattern: ^[0-9A-Za-z]+$ required: - Name x-stackql-resource-name: delivery_destination @@ -661,6 +701,7 @@ components: - Name x-create-only-properties: - Name + - OutputFormat - DestinationResourceArn x-read-only-properties: - Arn @@ -850,6 +891,130 @@ components: - logs:DeleteDestination list: - logs:DescribeDestinations + OpenSearchResourceConfig: + type: object + properties: + KmsKeyArn: + $ref: '#/components/schemas/Arn' + DataSourceRoleArn: + $ref: '#/components/schemas/Arn' + DashboardViewerPrincipals: + type: array + items: + $ref: '#/components/schemas/Arn' + ApplicationARN: + $ref: '#/components/schemas/Arn' + RetentionDays: + type: integer + minimum: 1 + maximum: 3650 + required: + - DataSourceRoleArn + - DashboardViewerPrincipals + additionalProperties: false + Integration: + type: object + properties: + IntegrationName: + description: User provided identifier for integration, unique to the user account. + type: string + pattern: '[\.\-_/#A-Za-z0-9]+' + minLength: 1 + maxLength: 50 + IntegrationType: + description: The type of the Integration. + type: string + enum: + - OPENSEARCH + ResourceConfig: + description: OpenSearchResourceConfig for the given Integration + type: object + properties: + OpenSearchResourceConfig: + $ref: '#/components/schemas/OpenSearchResourceConfig' + additionalProperties: false + IntegrationStatus: + description: Status of creation for the Integration and its resources + type: string + enum: + - PROVISIONING + - ACTIVE + - FAILED + required: + - IntegrationName + - IntegrationType + - ResourceConfig + x-stackql-resource-name: integration + description: Resource Schema for Logs Integration Resource + x-type-name: AWS::Logs::Integration + x-stackql-primary-identifier: + - IntegrationName + x-create-only-properties: + - IntegrationName + - IntegrationType + - ResourceConfig + x-write-only-properties: + - ResourceConfig + x-read-only-properties: + - IntegrationStatus + x-required-properties: + - IntegrationName + - IntegrationType + - ResourceConfig + x-replacement-strategy: delete_then_create + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - logs:PutIntegration + - logs:GetIntegration + - aoss:CreateCollection + - aoss:CreateSecurityPolicy + - aoss:CreateAccessPolicy + - aoss:CreateLifeCyclePolicy + - aoss:BatchGetCollection + - aoss:DeleteCollection + - aoss:DeleteSecurityPolicy + - aoss:DeleteAccessPolicy + - aoss:DeleteLifeCyclePolicy + - aoss:GetAccessPolicy + - aoss:GetSecurityPolicy + - aoss:BatchGetLifecyclePolicy + - aoss:TagResource + - aoss:APIAccessAll + - opensearch:AddDirectQueryDataSource + - opensearch:DeleteDirectQueryDataSource + - opensearch:GetDirectQueryDataSource + - opensearch:CreateApplication + - opensearch:GetApplication + - opensearch:UpdateApplication + - opensearch:DeleteApplication + - opensearch:ApplicationAccessAll + - opensearch:DashboardsAccessAll + - opensearch:StartDirectQuery + - opensearch:GetDirectQuery + - iam:PassRole + - iam:CreateServiceLinkedRole + - iam:AttachRolePolicy + - iam:AttachUserPolicy + - es:AddDirectQueryDataSource + - es:CreateApplication + - es:UpdateApplication + - es:GetApplication + - es:DeleteApplication + - es:DeleteDirectQueryDataSource + - es:GetDirectQueryDataSource + - es:AddTags + - es:ListApplications + read: + - logs:GetIntegration + delete: + - logs:DeleteIntegration + list: + - logs:ListIntegrations LogAnomalyDetector: type: object properties: @@ -1088,6 +1253,11 @@ components: description: The name of an existing log group that you want to associate with this metric filter. type: string maxLength: 512 + ApplyOnTransformedLogs: + description: |- + This parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see [PutTransformer](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html). + If this value is ``true``, the metric filter is applied on the transformed version of the log events instead of the original ingested log events. + type: boolean FilterName: minLength: 1 pattern: ^[^:*]{1,512} @@ -1154,6 +1324,14 @@ components: type: string minLength: 0 maxLength: 256 + QueryLanguage: + description: Query language of the query string. Possible values are CWLI, SQL, PPL, with CWLI being the default. + type: string + enum: + - CWLI + - SQL + - PPL + default: CWLI required: - Name - QueryString @@ -1248,6 +1426,11 @@ components: enum: - Random - ByLogStream + ApplyOnTransformedLogs: + description: |- + This parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see [PutTransformer](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html). + If this value is ``true``, the subscription filter is applied on the transformed version of the log events instead of the original ingested log events. + type: boolean required: - DestinationArn - FilterPattern @@ -1293,6 +1476,470 @@ components: - logs:DeleteSubscriptionFilter list: - logs:DescribeSubscriptionFilters + Processor: + description: Individual processor configuration + type: object + properties: + ParseCloudfront: + $ref: '#/components/schemas/ParseCloudfront' + ParseVPC: + $ref: '#/components/schemas/ParseVPC' + ParseWAF: + $ref: '#/components/schemas/ParseWAF' + ParseJSON: + type: object + properties: + Source: + type: string + Destination: + $ref: '#/components/schemas/NonEmptyAndMaxLengthString' + additionalProperties: false + ParseRoute53: + $ref: '#/components/schemas/ParseRoute53' + ParsePostgres: + $ref: '#/components/schemas/ParsePostgres' + ParseKeyValue: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + Destination: + $ref: '#/components/schemas/NonEmptyString' + FieldDelimiter: + type: string + KeyValueDelimiter: + type: string + KeyPrefix: + $ref: '#/components/schemas/NonEmptyString' + NonMatchValue: + $ref: '#/components/schemas/NonEmptyString' + OverwriteIfExists: + type: boolean + additionalProperties: false + CopyValue: + type: object + properties: + Entries: + type: array + items: + $ref: '#/components/schemas/CopyValueEntry' + minItems: 1 + maxItems: 5 + x-insertionOrder: false + required: + - Entries + additionalProperties: false + Csv: + type: object + properties: + QuoteCharacter: + type: string + maxLength: 1 + Delimiter: + type: string + maxLength: 1 + Source: + type: string + Columns: + type: array + items: + $ref: '#/components/schemas/Column' + minItems: 1 + maxItems: 100 + x-insertionOrder: false + additionalProperties: false + DateTimeConverter: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + Target: + $ref: '#/components/schemas/NonEmptyAndMaxLengthString' + TargetFormat: + type: string + MatchPatterns: + type: array + items: + $ref: '#/components/schemas/MatchPattern' + minItems: 1 + maxItems: 5 + uniqueItems: true + x-insertionOrder: false + SourceTimezone: + type: string + TargetTimezone: + type: string + Locale: + type: string + required: + - Source + - Target + - MatchPatterns + additionalProperties: false + DeleteKeys: + type: object + properties: + WithKeys: + type: array + items: + $ref: '#/components/schemas/WithKey' + minItems: 1 + maxItems: 5 + uniqueItems: true + x-insertionOrder: false + required: + - WithKeys + additionalProperties: false + Grok: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + Match: + type: string + maxLength: 128 + required: + - Match + additionalProperties: false + ListToMap: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + Key: + $ref: '#/components/schemas/NonEmptyString' + ValueKey: + $ref: '#/components/schemas/NonEmptyString' + Target: + $ref: '#/components/schemas/NonEmptyAndMaxLengthString' + Flatten: + type: boolean + FlattenedElement: + type: string + enum: + - first + - last + required: + - Source + - Key + additionalProperties: false + AddKeys: + type: object + properties: + Entries: + type: array + items: + $ref: '#/components/schemas/AddKeyEntry' + minItems: 1 + maxItems: 5 + uniqueItems: true + x-insertionOrder: false + required: + - Entries + additionalProperties: false + MoveKeys: + type: object + properties: + Entries: + type: array + items: + $ref: '#/components/schemas/MoveKeyEntry' + minItems: 1 + maxItems: 5 + x-insertionOrder: false + required: + - Entries + additionalProperties: false + RenameKeys: + type: object + properties: + Entries: + type: array + items: + $ref: '#/components/schemas/RenameKeyEntry' + minItems: 1 + maxItems: 5 + x-insertionOrder: false + required: + - Entries + additionalProperties: false + LowerCaseString: + type: object + properties: + WithKeys: + type: array + items: + $ref: '#/components/schemas/WithKey' + minItems: 1 + maxItems: 10 + uniqueItems: true + x-insertionOrder: false + required: + - WithKeys + additionalProperties: false + SplitString: + type: object + properties: + Entries: + type: array + items: + $ref: '#/components/schemas/SplitStringEntry' + minItems: 1 + maxItems: 10 + x-insertionOrder: false + required: + - Entries + additionalProperties: false + SubstituteString: + type: object + properties: + Entries: + type: array + items: + $ref: '#/components/schemas/SubstituteStringEntry' + minItems: 1 + maxItems: 10 + x-insertionOrder: false + required: + - Entries + additionalProperties: false + TrimString: + type: object + properties: + WithKeys: + type: array + items: + $ref: '#/components/schemas/WithKey' + minItems: 1 + maxItems: 10 + uniqueItems: true + x-insertionOrder: false + required: + - WithKeys + additionalProperties: false + UpperCaseString: + type: object + properties: + WithKeys: + type: array + items: + $ref: '#/components/schemas/WithKey' + minItems: 1 + maxItems: 10 + uniqueItems: true + x-insertionOrder: false + required: + - WithKeys + additionalProperties: false + TypeConverter: + type: object + properties: + Entries: + type: array + items: + $ref: '#/components/schemas/TypeConverterEntry' + minItems: 1 + maxItems: 5 + x-insertionOrder: false + required: + - Entries + additionalProperties: false + additionalProperties: false + minProperties: 1 + maxProperties: 1 + ParseCloudfront: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + additionalProperties: false + ParseVPC: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + additionalProperties: false + ParseWAF: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + additionalProperties: false + ParseRoute53: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + additionalProperties: false + ParsePostgres: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + additionalProperties: false + AddKeyEntry: + type: object + properties: + Key: + $ref: '#/components/schemas/NonEmptyAndMaxLengthString' + Value: + type: string + minLength: 1 + maxLength: 256 + OverwriteIfExists: + type: boolean + additionalProperties: false + required: + - Key + - Value + CopyValueEntry: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + Target: + $ref: '#/components/schemas/NonEmptyAndMaxLengthString' + OverwriteIfExists: + type: boolean + required: + - Source + - Target + additionalProperties: false + Column: + $ref: '#/components/schemas/NonEmptyAndMaxLengthString' + WithKey: + type: string + minLength: 1 + maxLength: 128 + MatchPattern: + $ref: '#/components/schemas/NonEmptyString' + MoveKeyEntry: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + Target: + $ref: '#/components/schemas/NonEmptyString' + OverwriteIfExists: + type: boolean + required: + - Source + - Target + additionalProperties: false + RenameKeyEntry: + type: object + properties: + Key: + $ref: '#/components/schemas/NonEmptyString' + RenameTo: + $ref: '#/components/schemas/NonEmptyString' + OverwriteIfExists: + type: boolean + required: + - Key + - RenameTo + additionalProperties: false + SplitStringEntry: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + Delimiter: + type: string + maxLength: 1 + required: + - Source + - Delimiter + additionalProperties: false + SubstituteStringEntry: + type: object + properties: + Source: + $ref: '#/components/schemas/NonEmptyString' + From: + $ref: '#/components/schemas/NonEmptyAndMaxLengthString' + To: + $ref: '#/components/schemas/NonEmptyAndMaxLengthString' + required: + - Source + - From + - To + additionalProperties: false + TypeConverterEntry: + type: object + properties: + Key: + $ref: '#/components/schemas/NonEmptyString' + Type: + type: string + enum: + - boolean + - integer + - double + - string + required: + - Key + - Type + additionalProperties: false + NonEmptyAndMaxLengthString: + type: string + maxLength: 128 + pattern: ^.*[a-zA-Z0-9]+.*$ + NonEmptyString: + type: string + pattern: ^.*[a-zA-Z0-9]+.*$ + MaxLengthString: + type: string + maxLength: 128 + Transformer: + type: object + properties: + LogGroupIdentifier: + description: Existing log group that you want to associate with this transformer. + type: string + minLength: 1 + maxLength: 2048 + pattern: '[\w#+=/:,.@-]*' + TransformerConfig: + description: List of processors in a transformer + type: array + items: + $ref: '#/components/schemas/Processor' + minItems: 1 + maxItems: 20 + x-insertionOrder: false + required: + - LogGroupIdentifier + - TransformerConfig + x-stackql-resource-name: transformer + description: Specifies a transformer on the log group to transform logs into consistent structured and information rich format. + x-type-name: AWS::Logs::Transformer + x-stackql-primary-identifier: + - LogGroupIdentifier + x-create-only-properties: + - LogGroupIdentifier + x-required-properties: + - LogGroupIdentifier + - TransformerConfig + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - logs:PutTransformer + - logs:GetTransformer + read: + - logs:GetTransformer + update: + - logs:GetTransformer + - logs:PutTransformer + delete: + - logs:DeleteTransformer + list: + - logs:DescribeLogGroups + - logs:GetTransformer CreateAccountPolicyRequest: properties: ClientToken: @@ -1334,6 +1981,8 @@ components: enum: - DATA_PROTECTION_POLICY - SUBSCRIPTION_FILTER_POLICY + - FIELD_INDEX_POLICY + - TRANSFORMER_POLICY Scope: description: Scope for policy application type: string @@ -1390,6 +2039,24 @@ components: x-insertionOrder: false items: $ref: '#/components/schemas/Tag' + RecordFields: + description: The list of record fields to be delivered to the destination, in order. If the delivery's log source has mandatory fields, they must be included in this list. + type: array + items: + $ref: '#/components/schemas/FieldHeader' + FieldDelimiter: + description: The field delimiter to use between record fields when the final output format of a delivery is in Plain , W3C , or Raw format. + type: string + minLength: 1 + maxLength: 5 + S3SuffixPath: + description: This string allows re-configuring the S3 object prefix to contain either static or variable sections. The valid variables to use in the suffix path will vary by each log source. See ConfigurationTemplate$allowedSuffixPathFields for more info on what values are supported in the suffix path for each log source. + type: string + minLength: 0 + maxLength: 256 + S3EnableHiveCompatiblePath: + description: This parameter causes the S3 objects that contain delivered logs to use a prefix structure that allows for integration with Apache Hive. + type: boolean x-stackQL-stringOnly: true x-title: CreateDeliveryRequest type: object @@ -1417,7 +2084,7 @@ components: description: The Amazon Resource Name (ARN) that uniquely identifies this delivery destination. $ref: '#/components/schemas/Arn' DestinationResourceArn: - description: The ARN of the AWS resource that will receive the logs. + description: The ARN of the Amazon Web Services destination that this delivery destination represents. That Amazon Web Services destination can be a log group in CloudWatch Logs, an Amazon S3 bucket, or a delivery stream in Firehose. $ref: '#/components/schemas/Arn' Tags: description: The tags that have been assigned to this delivery destination. @@ -1442,6 +2109,12 @@ components: type: object items: $ref: '#/components/schemas/DestinationPolicy' + OutputFormat: + description: The format of the logs that are sent to this delivery destination. + type: string + minLength: 1 + maxLength: 12 + pattern: ^[0-9A-Za-z]+$ x-stackQL-stringOnly: true x-title: CreateDeliveryDestinationRequest type: object @@ -1538,6 +2211,48 @@ components: x-title: CreateDestinationRequest type: object required: [] + CreateIntegrationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + IntegrationName: + description: User provided identifier for integration, unique to the user account. + type: string + pattern: '[\.\-_/#A-Za-z0-9]+' + minLength: 1 + maxLength: 50 + IntegrationType: + description: The type of the Integration. + type: string + enum: + - OPENSEARCH + ResourceConfig: + description: OpenSearchResourceConfig for the given Integration + type: object + properties: + OpenSearchResourceConfig: + $ref: '#/components/schemas/OpenSearchResourceConfig' + additionalProperties: false + IntegrationStatus: + description: Status of creation for the Integration and its resources + type: string + enum: + - PROVISIONING + - ACTIVE + - FAILED + x-stackQL-stringOnly: true + x-title: CreateIntegrationRequest + type: object + required: [] CreateLogAnomalyDetectorRequest: properties: ClientToken: @@ -1656,6 +2371,11 @@ components: description: The name of an existing log group that you want to associate with this metric filter. type: string maxLength: 512 + ApplyOnTransformedLogs: + description: |- + This parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see [PutTransformer](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html). + If this value is ``true``, the metric filter is applied on the transformed version of the log events instead of the original ingested log events. + type: boolean FilterName: minLength: 1 pattern: ^[^:*]{1,512} @@ -1701,6 +2421,14 @@ components: type: string minLength: 0 maxLength: 256 + QueryLanguage: + description: Query language of the query string. Possible values are CWLI, SQL, PPL, with CWLI being the default. + type: string + enum: + - CWLI + - SQL + - PPL + default: CWLI x-stackQL-stringOnly: true x-title: CreateQueryDefinitionRequest type: object @@ -1768,10 +2496,46 @@ components: enum: - Random - ByLogStream + ApplyOnTransformedLogs: + description: |- + This parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see [PutTransformer](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html). + If this value is ``true``, the subscription filter is applied on the transformed version of the log events instead of the original ingested log events. + type: boolean x-stackQL-stringOnly: true x-title: CreateSubscriptionFilterRequest type: object required: [] + CreateTransformerRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + LogGroupIdentifier: + description: Existing log group that you want to associate with this transformer. + type: string + minLength: 1 + maxLength: 2048 + pattern: '[\w#+=/:,.@-]*' + TransformerConfig: + description: List of processors in a transformer + type: array + items: + $ref: '#/components/schemas/Processor' + minItems: 1 + maxItems: 20 + x-insertionOrder: false + x-stackQL-stringOnly: true + x-title: CreateTransformerRequest + type: object + required: [] securitySchemes: hmac: type: apiKey @@ -2010,7 +2774,11 @@ components: JSON_EXTRACT(Properties, '$.DeliverySourceName') as delivery_source_name, JSON_EXTRACT(Properties, '$.DeliveryDestinationArn') as delivery_destination_arn, JSON_EXTRACT(Properties, '$.DeliveryDestinationType') as delivery_destination_type, - JSON_EXTRACT(Properties, '$.Tags') as tags + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.RecordFields') as record_fields, + JSON_EXTRACT(Properties, '$.FieldDelimiter') as field_delimiter, + JSON_EXTRACT(Properties, '$.S3SuffixPath') as s3_suffix_path, + JSON_EXTRACT(Properties, '$.S3EnableHiveCompatiblePath') as s3_enable_hive_compatible_path FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Delivery' AND data__Identifier = '' AND region = 'us-east-1' @@ -2024,7 +2792,11 @@ components: JSON_EXTRACT(detail.Properties, '$.DeliverySourceName') as delivery_source_name, JSON_EXTRACT(detail.Properties, '$.DeliveryDestinationArn') as delivery_destination_arn, JSON_EXTRACT(detail.Properties, '$.DeliveryDestinationType') as delivery_destination_type, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.RecordFields') as record_fields, + JSON_EXTRACT(detail.Properties, '$.FieldDelimiter') as field_delimiter, + JSON_EXTRACT(detail.Properties, '$.S3SuffixPath') as s3_suffix_path, + JSON_EXTRACT(detail.Properties, '$.S3EnableHiveCompatiblePath') as s3_enable_hive_compatible_path FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2043,7 +2815,11 @@ components: json_extract_path_text(Properties, 'DeliverySourceName') as delivery_source_name, json_extract_path_text(Properties, 'DeliveryDestinationArn') as delivery_destination_arn, json_extract_path_text(Properties, 'DeliveryDestinationType') as delivery_destination_type, - json_extract_path_text(Properties, 'Tags') as tags + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'RecordFields') as record_fields, + json_extract_path_text(Properties, 'FieldDelimiter') as field_delimiter, + json_extract_path_text(Properties, 'S3SuffixPath') as s3_suffix_path, + json_extract_path_text(Properties, 'S3EnableHiveCompatiblePath') as s3_enable_hive_compatible_path FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Delivery' AND data__Identifier = '' AND region = 'us-east-1' @@ -2057,7 +2833,11 @@ components: json_extract_path_text(detail.Properties, 'DeliverySourceName') as delivery_source_name, json_extract_path_text(detail.Properties, 'DeliveryDestinationArn') as delivery_destination_arn, json_extract_path_text(detail.Properties, 'DeliveryDestinationType') as delivery_destination_type, - json_extract_path_text(detail.Properties, 'Tags') as tags + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'RecordFields') as record_fields, + json_extract_path_text(detail.Properties, 'FieldDelimiter') as field_delimiter, + json_extract_path_text(detail.Properties, 'S3SuffixPath') as s3_suffix_path, + json_extract_path_text(detail.Properties, 'S3EnableHiveCompatiblePath') as s3_enable_hive_compatible_path FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2120,7 +2900,11 @@ components: JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.DeliverySourceName') as delivery_source_name, JSON_EXTRACT(detail.Properties, '$.DeliveryDestinationArn') as delivery_destination_arn, - JSON_EXTRACT(detail.Properties, '$.DeliveryDestinationType') as delivery_destination_type + JSON_EXTRACT(detail.Properties, '$.DeliveryDestinationType') as delivery_destination_type, + JSON_EXTRACT(detail.Properties, '$.RecordFields') as record_fields, + JSON_EXTRACT(detail.Properties, '$.FieldDelimiter') as field_delimiter, + JSON_EXTRACT(detail.Properties, '$.S3SuffixPath') as s3_suffix_path, + JSON_EXTRACT(detail.Properties, '$.S3EnableHiveCompatiblePath') as s3_enable_hive_compatible_path FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2140,7 +2924,11 @@ components: json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'DeliverySourceName') as delivery_source_name, json_extract_path_text(detail.Properties, 'DeliveryDestinationArn') as delivery_destination_arn, - json_extract_path_text(detail.Properties, 'DeliveryDestinationType') as delivery_destination_type + json_extract_path_text(detail.Properties, 'DeliveryDestinationType') as delivery_destination_type, + json_extract_path_text(detail.Properties, 'RecordFields') as record_fields, + json_extract_path_text(detail.Properties, 'FieldDelimiter') as field_delimiter, + json_extract_path_text(detail.Properties, 'S3SuffixPath') as s3_suffix_path, + json_extract_path_text(detail.Properties, 'S3EnableHiveCompatiblePath') as s3_enable_hive_compatible_path FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2217,7 +3005,8 @@ components: JSON_EXTRACT(Properties, '$.DestinationResourceArn') as destination_resource_arn, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.DeliveryDestinationType') as delivery_destination_type, - JSON_EXTRACT(Properties, '$.DeliveryDestinationPolicy') as delivery_destination_policy + JSON_EXTRACT(Properties, '$.DeliveryDestinationPolicy') as delivery_destination_policy, + JSON_EXTRACT(Properties, '$.OutputFormat') as output_format FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::DeliveryDestination' AND data__Identifier = '' AND region = 'us-east-1' @@ -2231,7 +3020,8 @@ components: JSON_EXTRACT(detail.Properties, '$.DestinationResourceArn') as destination_resource_arn, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.DeliveryDestinationType') as delivery_destination_type, - JSON_EXTRACT(detail.Properties, '$.DeliveryDestinationPolicy') as delivery_destination_policy + JSON_EXTRACT(detail.Properties, '$.DeliveryDestinationPolicy') as delivery_destination_policy, + JSON_EXTRACT(detail.Properties, '$.OutputFormat') as output_format FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2250,7 +3040,8 @@ components: json_extract_path_text(Properties, 'DestinationResourceArn') as destination_resource_arn, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'DeliveryDestinationType') as delivery_destination_type, - json_extract_path_text(Properties, 'DeliveryDestinationPolicy') as delivery_destination_policy + json_extract_path_text(Properties, 'DeliveryDestinationPolicy') as delivery_destination_policy, + json_extract_path_text(Properties, 'OutputFormat') as output_format FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::DeliveryDestination' AND data__Identifier = '' AND region = 'us-east-1' @@ -2264,7 +3055,8 @@ components: json_extract_path_text(detail.Properties, 'DestinationResourceArn') as destination_resource_arn, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'DeliveryDestinationType') as delivery_destination_type, - json_extract_path_text(detail.Properties, 'DeliveryDestinationPolicy') as delivery_destination_policy + json_extract_path_text(detail.Properties, 'DeliveryDestinationPolicy') as delivery_destination_policy, + json_extract_path_text(detail.Properties, 'OutputFormat') as output_format FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2327,7 +3119,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.DestinationResourceArn') as destination_resource_arn, JSON_EXTRACT(detail.Properties, '$.DeliveryDestinationType') as delivery_destination_type, - JSON_EXTRACT(detail.Properties, '$.DeliveryDestinationPolicy') as delivery_destination_policy + JSON_EXTRACT(detail.Properties, '$.DeliveryDestinationPolicy') as delivery_destination_policy, + JSON_EXTRACT(detail.Properties, '$.OutputFormat') as output_format FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2347,7 +3140,8 @@ components: json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'DestinationResourceArn') as destination_resource_arn, json_extract_path_text(detail.Properties, 'DeliveryDestinationType') as delivery_destination_type, - json_extract_path_text(detail.Properties, 'DeliveryDestinationPolicy') as delivery_destination_policy + json_extract_path_text(detail.Properties, 'DeliveryDestinationPolicy') as delivery_destination_policy, + json_extract_path_text(detail.Properties, 'OutputFormat') as output_format FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2575,7 +3369,157 @@ components: x-cfn-schema-name: Destination x-cfn-type-name: AWS::Logs::Destination x-identifiers: - - DestinationName + - DestinationName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Destination&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Logs::Destination" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Logs::Destination" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Logs::Destination" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/destinations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/destinations/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/destinations/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.DestinationName') as destination_name, + JSON_EXTRACT(Properties, '$.DestinationPolicy') as destination_policy, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.TargetArn') as target_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Destination' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.DestinationName') as destination_name, + JSON_EXTRACT(detail.Properties, '$.DestinationPolicy') as destination_policy, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.TargetArn') as target_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Logs::Destination' + AND detail.data__TypeName = 'AWS::Logs::Destination' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'DestinationName') as destination_name, + json_extract_path_text(Properties, 'DestinationPolicy') as destination_policy, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'TargetArn') as target_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Destination' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'DestinationName') as destination_name, + json_extract_path_text(detail.Properties, 'DestinationPolicy') as destination_policy, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'TargetArn') as target_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Logs::Destination' + AND detail.data__TypeName = 'AWS::Logs::Destination' + AND listing.region = 'us-east-1' + destinations_list_only: + name: destinations_list_only + id: aws.logs.destinations_list_only + x-cfn-schema-name: Destination + x-cfn-type-name: AWS::Logs::Destination + x-identifiers: + - DestinationName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DestinationName') as destination_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::Destination' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DestinationName') as destination_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::Destination' + AND region = 'us-east-1' + integrations: + name: integrations + id: aws.logs.integrations + x-cfn-schema-name: Integration + x-cfn-type-name: AWS::Logs::Integration + x-identifiers: + - IntegrationName x-type: cloud_control methods: create_resource: @@ -2583,24 +3527,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Destination&__detailTransformed=true/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::Logs::Destination" - } - response: - mediaType: application/json - openAPIDocKey: '200' - update_resource: - operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Integration&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Logs::Destination" + "TypeName": "AWS::Logs::Integration" } response: mediaType: application/json @@ -2612,18 +3544,17 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Logs::Destination" + "TypeName": "AWS::Logs::Integration" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/destinations/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/integrations/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/destinations/methods/delete_resource' - update: - - $ref: '#/components/x-stackQL-resources/destinations/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/integrations/methods/delete_resource' + update: [] config: views: select: @@ -2632,30 +3563,28 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Arn') as arn, - JSON_EXTRACT(Properties, '$.DestinationName') as destination_name, - JSON_EXTRACT(Properties, '$.DestinationPolicy') as destination_policy, - JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(Properties, '$.TargetArn') as target_arn - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Destination' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.IntegrationName') as integration_name, + JSON_EXTRACT(Properties, '$.IntegrationType') as integration_type, + JSON_EXTRACT(Properties, '$.ResourceConfig') as resource_config, + JSON_EXTRACT(Properties, '$.IntegrationStatus') as integration_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Integration' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.DestinationName') as destination_name, - JSON_EXTRACT(detail.Properties, '$.DestinationPolicy') as destination_policy, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(detail.Properties, '$.TargetArn') as target_arn + JSON_EXTRACT(detail.Properties, '$.IntegrationName') as integration_name, + JSON_EXTRACT(detail.Properties, '$.IntegrationType') as integration_type, + JSON_EXTRACT(detail.Properties, '$.ResourceConfig') as resource_config, + JSON_EXTRACT(detail.Properties, '$.IntegrationStatus') as integration_status FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Logs::Destination' - AND detail.data__TypeName = 'AWS::Logs::Destination' + WHERE listing.data__TypeName = 'AWS::Logs::Integration' + AND detail.data__TypeName = 'AWS::Logs::Integration' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -2663,38 +3592,36 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Arn') as arn, - json_extract_path_text(Properties, 'DestinationName') as destination_name, - json_extract_path_text(Properties, 'DestinationPolicy') as destination_policy, - json_extract_path_text(Properties, 'RoleArn') as role_arn, - json_extract_path_text(Properties, 'TargetArn') as target_arn - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Destination' - AND data__Identifier = '' + json_extract_path_text(Properties, 'IntegrationName') as integration_name, + json_extract_path_text(Properties, 'IntegrationType') as integration_type, + json_extract_path_text(Properties, 'ResourceConfig') as resource_config, + json_extract_path_text(Properties, 'IntegrationStatus') as integration_status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Integration' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'DestinationName') as destination_name, - json_extract_path_text(detail.Properties, 'DestinationPolicy') as destination_policy, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, - json_extract_path_text(detail.Properties, 'TargetArn') as target_arn + json_extract_path_text(detail.Properties, 'IntegrationName') as integration_name, + json_extract_path_text(detail.Properties, 'IntegrationType') as integration_type, + json_extract_path_text(detail.Properties, 'ResourceConfig') as resource_config, + json_extract_path_text(detail.Properties, 'IntegrationStatus') as integration_status FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Logs::Destination' - AND detail.data__TypeName = 'AWS::Logs::Destination' + WHERE listing.data__TypeName = 'AWS::Logs::Integration' + AND detail.data__TypeName = 'AWS::Logs::Integration' AND listing.region = 'us-east-1' - destinations_list_only: - name: destinations_list_only - id: aws.logs.destinations_list_only - x-cfn-schema-name: Destination - x-cfn-type-name: AWS::Logs::Destination + integrations_list_only: + name: integrations_list_only + id: aws.logs.integrations_list_only + x-cfn-schema-name: Integration + x-cfn-type-name: AWS::Logs::Integration x-identifiers: - - DestinationName + - IntegrationName x-type: cloud_control_view methods: {} sqlVerbs: @@ -2708,16 +3635,16 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.DestinationName') as destination_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::Destination' + JSON_EXTRACT(Properties, '$.IntegrationName') as integration_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::Integration' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'DestinationName') as destination_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::Destination' + json_extract_path_text(Properties, 'IntegrationName') as integration_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::Integration' AND region = 'us-east-1' log_anomaly_detectors: name: log_anomaly_detectors @@ -3089,6 +4016,7 @@ components: JSON_EXTRACT(Properties, '$.MetricTransformations') as metric_transformations, JSON_EXTRACT(Properties, '$.FilterPattern') as filter_pattern, JSON_EXTRACT(Properties, '$.LogGroupName') as log_group_name, + JSON_EXTRACT(Properties, '$.ApplyOnTransformedLogs') as apply_on_transformed_logs, JSON_EXTRACT(Properties, '$.FilterName') as filter_name FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::MetricFilter' AND data__Identifier = '|' @@ -3101,6 +4029,7 @@ components: JSON_EXTRACT(detail.Properties, '$.MetricTransformations') as metric_transformations, JSON_EXTRACT(detail.Properties, '$.FilterPattern') as filter_pattern, JSON_EXTRACT(detail.Properties, '$.LogGroupName') as log_group_name, + JSON_EXTRACT(detail.Properties, '$.ApplyOnTransformedLogs') as apply_on_transformed_logs, JSON_EXTRACT(detail.Properties, '$.FilterName') as filter_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -3118,6 +4047,7 @@ components: json_extract_path_text(Properties, 'MetricTransformations') as metric_transformations, json_extract_path_text(Properties, 'FilterPattern') as filter_pattern, json_extract_path_text(Properties, 'LogGroupName') as log_group_name, + json_extract_path_text(Properties, 'ApplyOnTransformedLogs') as apply_on_transformed_logs, json_extract_path_text(Properties, 'FilterName') as filter_name FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::MetricFilter' AND data__Identifier = '|' @@ -3130,6 +4060,7 @@ components: json_extract_path_text(detail.Properties, 'MetricTransformations') as metric_transformations, json_extract_path_text(detail.Properties, 'FilterPattern') as filter_pattern, json_extract_path_text(detail.Properties, 'LogGroupName') as log_group_name, + json_extract_path_text(detail.Properties, 'ApplyOnTransformedLogs') as apply_on_transformed_logs, json_extract_path_text(detail.Properties, 'FilterName') as filter_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -3238,7 +4169,8 @@ components: JSON_EXTRACT(Properties, '$.Name') as name, JSON_EXTRACT(Properties, '$.QueryString') as query_string, JSON_EXTRACT(Properties, '$.LogGroupNames') as log_group_names, - JSON_EXTRACT(Properties, '$.QueryDefinitionId') as query_definition_id + JSON_EXTRACT(Properties, '$.QueryDefinitionId') as query_definition_id, + JSON_EXTRACT(Properties, '$.QueryLanguage') as query_language FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::QueryDefinition' AND data__Identifier = '' AND region = 'us-east-1' @@ -3250,7 +4182,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.QueryString') as query_string, JSON_EXTRACT(detail.Properties, '$.LogGroupNames') as log_group_names, - JSON_EXTRACT(detail.Properties, '$.QueryDefinitionId') as query_definition_id + JSON_EXTRACT(detail.Properties, '$.QueryDefinitionId') as query_definition_id, + JSON_EXTRACT(detail.Properties, '$.QueryLanguage') as query_language FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3267,7 +4200,8 @@ components: json_extract_path_text(Properties, 'Name') as name, json_extract_path_text(Properties, 'QueryString') as query_string, json_extract_path_text(Properties, 'LogGroupNames') as log_group_names, - json_extract_path_text(Properties, 'QueryDefinitionId') as query_definition_id + json_extract_path_text(Properties, 'QueryDefinitionId') as query_definition_id, + json_extract_path_text(Properties, 'QueryLanguage') as query_language FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::QueryDefinition' AND data__Identifier = '' AND region = 'us-east-1' @@ -3279,7 +4213,8 @@ components: json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'QueryString') as query_string, json_extract_path_text(detail.Properties, 'LogGroupNames') as log_group_names, - json_extract_path_text(detail.Properties, 'QueryDefinitionId') as query_definition_id + json_extract_path_text(detail.Properties, 'QueryDefinitionId') as query_definition_id, + json_extract_path_text(detail.Properties, 'QueryLanguage') as query_language FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3525,7 +4460,8 @@ components: JSON_EXTRACT(Properties, '$.FilterPattern') as filter_pattern, JSON_EXTRACT(Properties, '$.LogGroupName') as log_group_name, JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(Properties, '$.Distribution') as distribution + JSON_EXTRACT(Properties, '$.Distribution') as distribution, + JSON_EXTRACT(Properties, '$.ApplyOnTransformedLogs') as apply_on_transformed_logs FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::SubscriptionFilter' AND data__Identifier = '|' AND region = 'us-east-1' @@ -3539,7 +4475,8 @@ components: JSON_EXTRACT(detail.Properties, '$.FilterPattern') as filter_pattern, JSON_EXTRACT(detail.Properties, '$.LogGroupName') as log_group_name, JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(detail.Properties, '$.Distribution') as distribution + JSON_EXTRACT(detail.Properties, '$.Distribution') as distribution, + JSON_EXTRACT(detail.Properties, '$.ApplyOnTransformedLogs') as apply_on_transformed_logs FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3558,7 +4495,8 @@ components: json_extract_path_text(Properties, 'FilterPattern') as filter_pattern, json_extract_path_text(Properties, 'LogGroupName') as log_group_name, json_extract_path_text(Properties, 'RoleArn') as role_arn, - json_extract_path_text(Properties, 'Distribution') as distribution + json_extract_path_text(Properties, 'Distribution') as distribution, + json_extract_path_text(Properties, 'ApplyOnTransformedLogs') as apply_on_transformed_logs FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::SubscriptionFilter' AND data__Identifier = '|' AND region = 'us-east-1' @@ -3572,7 +4510,8 @@ components: json_extract_path_text(detail.Properties, 'FilterPattern') as filter_pattern, json_extract_path_text(detail.Properties, 'LogGroupName') as log_group_name, json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, - json_extract_path_text(detail.Properties, 'Distribution') as distribution + json_extract_path_text(detail.Properties, 'Distribution') as distribution, + json_extract_path_text(detail.Properties, 'ApplyOnTransformedLogs') as apply_on_transformed_logs FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3614,6 +4553,144 @@ components: json_extract_path_text(Properties, 'LogGroupName') as log_group_name FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::SubscriptionFilter' AND region = 'us-east-1' + transformers: + name: transformers + id: aws.logs.transformers + x-cfn-schema-name: Transformer + x-cfn-type-name: AWS::Logs::Transformer + x-identifiers: + - LogGroupIdentifier + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Transformer&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Logs::Transformer" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Logs::Transformer" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Logs::Transformer" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/transformers/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/transformers/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/transformers/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.LogGroupIdentifier') as log_group_identifier, + JSON_EXTRACT(Properties, '$.TransformerConfig') as transformer_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Transformer' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.LogGroupIdentifier') as log_group_identifier, + JSON_EXTRACT(detail.Properties, '$.TransformerConfig') as transformer_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Logs::Transformer' + AND detail.data__TypeName = 'AWS::Logs::Transformer' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'LogGroupIdentifier') as log_group_identifier, + json_extract_path_text(Properties, 'TransformerConfig') as transformer_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Logs::Transformer' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'LogGroupIdentifier') as log_group_identifier, + json_extract_path_text(detail.Properties, 'TransformerConfig') as transformer_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Logs::Transformer' + AND detail.data__TypeName = 'AWS::Logs::Transformer' + AND listing.region = 'us-east-1' + transformers_list_only: + name: transformers_list_only + id: aws.logs.transformers_list_only + x-cfn-schema-name: Transformer + x-cfn-type-name: AWS::Logs::Transformer + x-identifiers: + - LogGroupIdentifier + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.LogGroupIdentifier') as log_group_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::Transformer' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'LogGroupIdentifier') as log_group_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Logs::Transformer' + AND region = 'us-east-1' paths: /?Action=CreateResource&Version=2021-09-30: parameters: @@ -3967,6 +5044,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Integration&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateIntegration + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateIntegrationRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__LogAnomalyDetector&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -4219,6 +5338,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Transformer&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateTransformer + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateTransformerRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params diff --git a/providers/src/aws/v00.00.00000/services/m2.yaml b/providers/src/aws/v00.00.00000/services/m2.yaml index 29b70741..8da09521 100644 --- a/providers/src/aws/v00.00.00000/services/m2.yaml +++ b/providers/src/aws/v00.00.00000/services/m2.yaml @@ -453,7 +453,6 @@ components: Tags: $ref: '#/components/schemas/TagMap' required: - - Definition - EngineType - Name x-stackql-resource-name: application @@ -472,7 +471,6 @@ components: - ApplicationArn - ApplicationId x-required-properties: - - Definition - EngineType - Name x-tagging: @@ -510,6 +508,100 @@ components: - m2:DeleteApplication list: - m2:ListApplications + Deployment: + type: object + properties: + EnvironmentId: + type: string + description: The environment ID. + pattern: ^\S{1,80}$ + ApplicationId: + type: string + description: The application ID. + pattern: ^\S{1,80}$ + ApplicationVersion: + type: integer + description: The version number of the application to deploy + DeploymentId: + type: string + description: The deployment ID. + pattern: ^\S{1,80}$ + Status: + type: string + description: The status of the deployment. + required: + - EnvironmentId + - ApplicationId + - ApplicationVersion + x-stackql-resource-name: deployment + description: Represents a deployment resource of an AWS Mainframe Modernization (M2) application to a specified environment + x-type-name: AWS::M2::Deployment + x-stackql-primary-identifier: + - ApplicationId + x-create-only-properties: + - EnvironmentId + - ApplicationId + x-read-only-properties: + - DeploymentId + - Status + x-required-properties: + - EnvironmentId + - ApplicationId + - ApplicationVersion + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - m2:CreateDeployment + - m2:ListDeployments + - m2:GetDeployment + - iam:PassRole + - ec2:DescribeNetworkInterfaces + - elasticloadbalancing:CreateListener + - elasticloadbalancing:CreateLoadBalancer + - elasticloadbalancing:CreateTargetGroup + - elasticloadbalancing:AddTags + - elasticloadbalancing:RegisterTargets + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:CreateLogGroup + - logs:PutResourcePolicy + read: + - m2:ListDeployments + - m2:GetDeployment + update: + - m2:CreateDeployment + - m2:ListDeployments + - m2:GetDeployment + - elasticloadbalancing:CreateListener + - elasticloadbalancing:CreateLoadBalancer + - elasticloadbalancing:CreateTargetGroup + - elasticloadbalancing:DeleteListener + - elasticloadbalancing:DeleteTargetGroup + - elasticloadbalancing:DeregisterTargets + - elasticloadbalancing:DeleteLoadBalancer + - elasticloadbalancing:AddTags + - elasticloadbalancing:RegisterTargets + - ec2:DescribeNetworkInterfaces + delete: + - elasticloadbalancing:DeleteListener + - elasticloadbalancing:DeleteTargetGroup + - elasticloadbalancing:DeregisterTargets + - elasticloadbalancing:DeleteLoadBalancer + - logs:DeleteLogDelivery + - m2:ListDeployments + - m2:GetDeployment + - m2:DeleteApplicationFromEnvironment + list: + - m2:ListDeployments EfsStorageConfiguration: type: object description: Defines the storage configuration for an Amazon EFS file system. @@ -553,6 +645,11 @@ components: required: - DesiredCapacity additionalProperties: false + NetworkType: + type: string + enum: + - ipv4 + - dual StorageConfiguration: type: object description: Defines the storage configuration for an environment. @@ -605,6 +702,8 @@ components: type: string description: The name of the environment. pattern: ^[A-Za-z0-9][A-Za-z0-9_\-]{1,59}$ + NetworkType: + $ref: '#/components/schemas/NetworkType' PreferredMaintenanceWindow: type: string description: Configures a desired maintenance window for the environment. If you do not provide a value, a random system-generated value will be assigned. @@ -649,6 +748,7 @@ components: - EngineType - KmsKeyId - Name + - NetworkType - PubliclyAccessible - SecurityGroupIds - StorageConfigurations @@ -746,6 +846,41 @@ components: x-title: CreateApplicationRequest type: object required: [] + CreateDeploymentRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + EnvironmentId: + type: string + description: The environment ID. + pattern: ^\S{1,80}$ + ApplicationId: + type: string + description: The application ID. + pattern: ^\S{1,80}$ + ApplicationVersion: + type: integer + description: The version number of the application to deploy + DeploymentId: + type: string + description: The deployment ID. + pattern: ^\S{1,80}$ + Status: + type: string + description: The status of the deployment. + x-stackQL-stringOnly: true + x-title: CreateDeploymentRequest + type: object + required: [] CreateEnvironmentRequest: properties: ClientToken: @@ -792,6 +927,8 @@ components: type: string description: The name of the environment. pattern: ^[A-Za-z0-9][A-Za-z0-9_\-]{1,59}$ + NetworkType: + $ref: '#/components/schemas/NetworkType' PreferredMaintenanceWindow: type: string description: Configures a desired maintenance window for the environment. If you do not provide a value, a random system-generated value will be assigned. @@ -1059,6 +1196,156 @@ components: WHERE listing.data__TypeName = 'AWS::M2::Application' AND detail.data__TypeName = 'AWS::M2::Application' AND listing.region = 'us-east-1' + deployments: + name: deployments + id: aws.m2.deployments + x-cfn-schema-name: Deployment + x-cfn-type-name: AWS::M2::Deployment + x-identifiers: + - ApplicationId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Deployment&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::M2::Deployment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::M2::Deployment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::M2::Deployment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/deployments/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/deployments/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/deployments/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.ApplicationVersion') as application_version, + JSON_EXTRACT(Properties, '$.DeploymentId') as deployment_id, + JSON_EXTRACT(Properties, '$.Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::M2::Deployment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.EnvironmentId') as environment_id, + JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(detail.Properties, '$.ApplicationVersion') as application_version, + JSON_EXTRACT(detail.Properties, '$.DeploymentId') as deployment_id, + JSON_EXTRACT(detail.Properties, '$.Status') as status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::M2::Deployment' + AND detail.data__TypeName = 'AWS::M2::Deployment' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'ApplicationVersion') as application_version, + json_extract_path_text(Properties, 'DeploymentId') as deployment_id, + json_extract_path_text(Properties, 'Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::M2::Deployment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'EnvironmentId') as environment_id, + json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, + json_extract_path_text(detail.Properties, 'ApplicationVersion') as application_version, + json_extract_path_text(detail.Properties, 'DeploymentId') as deployment_id, + json_extract_path_text(detail.Properties, 'Status') as status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::M2::Deployment' + AND detail.data__TypeName = 'AWS::M2::Deployment' + AND listing.region = 'us-east-1' + deployments_list_only: + name: deployments_list_only + id: aws.m2.deployments_list_only + x-cfn-schema-name: Deployment + x-cfn-type-name: AWS::M2::Deployment + x-identifiers: + - ApplicationId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::M2::Deployment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationId') as application_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::M2::Deployment' + AND region = 'us-east-1' environments: name: environments id: aws.m2.environments @@ -1131,6 +1418,7 @@ components: JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.NetworkType') as network_type, JSON_EXTRACT(Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, @@ -1154,6 +1442,7 @@ components: JSON_EXTRACT(detail.Properties, '$.InstanceType') as instance_type, JSON_EXTRACT(detail.Properties, '$.KmsKeyId') as kms_key_id, JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.NetworkType') as network_type, JSON_EXTRACT(detail.Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, JSON_EXTRACT(detail.Properties, '$.SecurityGroupIds') as security_group_ids, @@ -1182,6 +1471,7 @@ components: json_extract_path_text(Properties, 'InstanceType') as instance_type, json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'NetworkType') as network_type, json_extract_path_text(Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, @@ -1205,6 +1495,7 @@ components: json_extract_path_text(detail.Properties, 'InstanceType') as instance_type, json_extract_path_text(detail.Properties, 'KmsKeyId') as kms_key_id, json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'NetworkType') as network_type, json_extract_path_text(detail.Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, json_extract_path_text(detail.Properties, 'SecurityGroupIds') as security_group_ids, @@ -1278,6 +1569,7 @@ components: JSON_EXTRACT(detail.Properties, '$.InstanceType') as instance_type, JSON_EXTRACT(detail.Properties, '$.KmsKeyId') as kms_key_id, JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.NetworkType') as network_type, JSON_EXTRACT(detail.Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, JSON_EXTRACT(detail.Properties, '$.SecurityGroupIds') as security_group_ids, @@ -1307,6 +1599,7 @@ components: json_extract_path_text(detail.Properties, 'InstanceType') as instance_type, json_extract_path_text(detail.Properties, 'KmsKeyId') as kms_key_id, json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'NetworkType') as network_type, json_extract_path_text(detail.Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, json_extract_path_text(detail.Properties, 'SecurityGroupIds') as security_group_ids, @@ -1505,6 +1798,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Deployment&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDeployment + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDeploymentRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Environment&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/macie.yaml b/providers/src/aws/v00.00.00000/services/macie.yaml index a4bf364f..b698df2e 100644 --- a/providers/src/aws/v00.00.00000/services/macie.yaml +++ b/providers/src/aws/v00.00.00000/services/macie.yaml @@ -492,6 +492,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - macie2:TagResource + - macie2:UntagResource x-required-permissions: create: - macie2:CreateAllowList @@ -574,6 +577,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - macie2:TagResource + - macie2:UntagResource x-required-permissions: create: - macie2:CreateCustomDataIdentifier @@ -588,6 +594,7 @@ components: update: - macie2:TagResource - macie2:UntagResource + - macie2:GetCustomDataIdentifier CriterionAdditionalProperties: type: object properties: @@ -691,6 +698,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - macie2:TagResource + - macie2:UntagResource x-required-permissions: create: - macie2:GetFindingsFilter diff --git a/providers/src/aws/v00.00.00000/services/mediaconnect.yaml b/providers/src/aws/v00.00.00000/services/mediaconnect.yaml index f9e808df..68e13e8b 100644 --- a/providers/src/aws/v00.00.00000/services/mediaconnect.yaml +++ b/providers/src/aws/v00.00.00000/services/mediaconnect.yaml @@ -589,6 +589,9 @@ components: MulticastIp: description: The network source multicast IP. type: string + MulticastSourceSettings: + description: The settings related to the multicast source. + $ref: '#/components/schemas/MulticastSourceSettings' Port: description: The network source port. type: integer @@ -601,6 +604,14 @@ components: - Port - NetworkName additionalProperties: false + MulticastSourceSettings: + type: object + description: The settings related to the multicast source. + properties: + MulticastSourceIp: + description: The IP address of the source for source-specific multicast (SSM). + type: string + additionalProperties: false ProtocolEnum: type: string enum: @@ -1049,6 +1060,19 @@ components: additionalProperties: false required: - Name + SourceMonitoringConfig: + type: object + description: The settings for source monitoring. + properties: + ThumbnailState: + type: string + description: The state of thumbnail monitoring. + enum: + - ENABLED + - DISABLED + additionalProperties: false + required: + - ThumbnailState Flow: type: object properties: @@ -1084,8 +1108,11 @@ components: items: $ref: '#/components/schemas/MediaStream' Maintenance: - description: 'The maintenance settings you want to use for the flow. ' + description: The maintenance settings you want to use for the flow. $ref: '#/components/schemas/Maintenance' + SourceMonitoringConfig: + description: The source monitoring config of the flow. + $ref: '#/components/schemas/SourceMonitoringConfig' required: - Name - Source @@ -1324,6 +1351,12 @@ components: description: The definition for each media stream that is associated with the output. items: $ref: '#/components/schemas/MediaStreamOutputConfiguration' + OutputStatus: + type: string + enum: + - ENABLED + - DISABLED + description: An indication of whether the output should transmit data or not. required: - FlowArn - Protocol @@ -1386,11 +1419,9 @@ components: MaxLatency: type: integer description: The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams. - default: 2000 MinLatency: type: integer description: The minimum latency in milliseconds. - default: 2000 Name: type: string description: The name of the source. @@ -1585,8 +1616,6 @@ components: - Name - EgressCidrBlocks - Networks - - Networks/*/Name - - Networks/*/CidrBlock x-read-only-properties: - GatewayArn - GatewayState @@ -1759,8 +1788,11 @@ components: items: $ref: '#/components/schemas/MediaStream' Maintenance: - description: 'The maintenance settings you want to use for the flow. ' + description: The maintenance settings you want to use for the flow. $ref: '#/components/schemas/Maintenance' + SourceMonitoringConfig: + description: The source monitoring config of the flow. + $ref: '#/components/schemas/SourceMonitoringConfig' x-stackQL-stringOnly: true x-title: CreateFlowRequest type: object @@ -1888,6 +1920,12 @@ components: description: The definition for each media stream that is associated with the output. items: $ref: '#/components/schemas/MediaStreamOutputConfiguration' + OutputStatus: + type: string + enum: + - ENABLED + - DISABLED + description: An indication of whether the output should transmit data or not. x-stackQL-stringOnly: true x-title: CreateFlowOutputRequest type: object @@ -1935,11 +1973,9 @@ components: MaxLatency: type: integer description: The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams. - default: 2000 MinLatency: type: integer description: The minimum latency in milliseconds. - default: 2000 Name: type: string description: The name of the source. @@ -2479,7 +2515,8 @@ components: JSON_EXTRACT(Properties, '$.SourceFailoverConfig') as source_failover_config, JSON_EXTRACT(Properties, '$.VpcInterfaces') as vpc_interfaces, JSON_EXTRACT(Properties, '$.MediaStreams') as media_streams, - JSON_EXTRACT(Properties, '$.Maintenance') as maintenance + JSON_EXTRACT(Properties, '$.Maintenance') as maintenance, + JSON_EXTRACT(Properties, '$.SourceMonitoringConfig') as source_monitoring_config FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::Flow' AND data__Identifier = '' AND region = 'us-east-1' @@ -2497,7 +2534,8 @@ components: JSON_EXTRACT(detail.Properties, '$.SourceFailoverConfig') as source_failover_config, JSON_EXTRACT(detail.Properties, '$.VpcInterfaces') as vpc_interfaces, JSON_EXTRACT(detail.Properties, '$.MediaStreams') as media_streams, - JSON_EXTRACT(detail.Properties, '$.Maintenance') as maintenance + JSON_EXTRACT(detail.Properties, '$.Maintenance') as maintenance, + JSON_EXTRACT(detail.Properties, '$.SourceMonitoringConfig') as source_monitoring_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2520,7 +2558,8 @@ components: json_extract_path_text(Properties, 'SourceFailoverConfig') as source_failover_config, json_extract_path_text(Properties, 'VpcInterfaces') as vpc_interfaces, json_extract_path_text(Properties, 'MediaStreams') as media_streams, - json_extract_path_text(Properties, 'Maintenance') as maintenance + json_extract_path_text(Properties, 'Maintenance') as maintenance, + json_extract_path_text(Properties, 'SourceMonitoringConfig') as source_monitoring_config FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::Flow' AND data__Identifier = '' AND region = 'us-east-1' @@ -2538,7 +2577,8 @@ components: json_extract_path_text(detail.Properties, 'SourceFailoverConfig') as source_failover_config, json_extract_path_text(detail.Properties, 'VpcInterfaces') as vpc_interfaces, json_extract_path_text(detail.Properties, 'MediaStreams') as media_streams, - json_extract_path_text(detail.Properties, 'Maintenance') as maintenance + json_extract_path_text(detail.Properties, 'Maintenance') as maintenance, + json_extract_path_text(detail.Properties, 'SourceMonitoringConfig') as source_monitoring_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2817,7 +2857,8 @@ components: JSON_EXTRACT(Properties, '$.SmoothingLatency') as smoothing_latency, JSON_EXTRACT(Properties, '$.StreamId') as stream_id, JSON_EXTRACT(Properties, '$.VpcInterfaceAttachment') as vpc_interface_attachment, - JSON_EXTRACT(Properties, '$.MediaStreamOutputConfigurations') as media_stream_output_configurations + JSON_EXTRACT(Properties, '$.MediaStreamOutputConfigurations') as media_stream_output_configurations, + JSON_EXTRACT(Properties, '$.OutputStatus') as output_status FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::FlowOutput' AND data__Identifier = '' AND region = 'us-east-1' @@ -2841,7 +2882,8 @@ components: JSON_EXTRACT(detail.Properties, '$.SmoothingLatency') as smoothing_latency, JSON_EXTRACT(detail.Properties, '$.StreamId') as stream_id, JSON_EXTRACT(detail.Properties, '$.VpcInterfaceAttachment') as vpc_interface_attachment, - JSON_EXTRACT(detail.Properties, '$.MediaStreamOutputConfigurations') as media_stream_output_configurations + JSON_EXTRACT(detail.Properties, '$.MediaStreamOutputConfigurations') as media_stream_output_configurations, + JSON_EXTRACT(detail.Properties, '$.OutputStatus') as output_status FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2870,7 +2912,8 @@ components: json_extract_path_text(Properties, 'SmoothingLatency') as smoothing_latency, json_extract_path_text(Properties, 'StreamId') as stream_id, json_extract_path_text(Properties, 'VpcInterfaceAttachment') as vpc_interface_attachment, - json_extract_path_text(Properties, 'MediaStreamOutputConfigurations') as media_stream_output_configurations + json_extract_path_text(Properties, 'MediaStreamOutputConfigurations') as media_stream_output_configurations, + json_extract_path_text(Properties, 'OutputStatus') as output_status FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaConnect::FlowOutput' AND data__Identifier = '' AND region = 'us-east-1' @@ -2894,7 +2937,8 @@ components: json_extract_path_text(detail.Properties, 'SmoothingLatency') as smoothing_latency, json_extract_path_text(detail.Properties, 'StreamId') as stream_id, json_extract_path_text(detail.Properties, 'VpcInterfaceAttachment') as vpc_interface_attachment, - json_extract_path_text(detail.Properties, 'MediaStreamOutputConfigurations') as media_stream_output_configurations + json_extract_path_text(detail.Properties, 'MediaStreamOutputConfigurations') as media_stream_output_configurations, + json_extract_path_text(detail.Properties, 'OutputStatus') as output_status FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/medialive.yaml b/providers/src/aws/v00.00.00000/services/medialive.yaml index 5c2bcec8..27d39ce2 100644 --- a/providers/src/aws/v00.00.00000/services/medialive.yaml +++ b/providers/src/aws/v00.00.00000/services/medialive.yaml @@ -385,47 +385,16 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: - MultiplexOutputDestination: - description: Multiplex MediaConnect output destination settings. - type: object - properties: - MultiplexMediaConnectOutputDestinationSettings: - description: Multiplex MediaConnect output destination settings. - properties: - EntitlementArn: - type: string - description: The MediaConnect entitlement ARN available as a Flow source. - minLength: 1 - additionalProperties: false - additionalProperties: false - MultiplexSettings: - type: object - description: A key-value pair to associate with a resource. - properties: - MaximumVideoBufferDelayMilliseconds: - type: integer - description: Maximum video buffer delay in milliseconds. - minimum: 800 - maximum: 3000 - TransportStreamBitrate: - type: integer - description: Transport stream bit rate. - minimum: 1000000 - maximum: 100000000 - TransportStreamId: - type: integer - description: Transport stream ID. - minimum: 0 - maximum: 65535 - TransportStreamReservedBitrate: - type: integer - description: Transport stream reserved bit rate. - minimum: 0 - maximum: 100000000 - required: - - TransportStreamBitrate - - TransportStreamId - additionalProperties: false + ChannelPlacementGroupState: + type: string + description: The current state of the ChannelPlacementGroupState + enum: + - UNASSIGNED + - ASSIGNING + - ASSIGNED + - DELETING + - DELETED + - UNASSIGNING Tags: description: A key-value pair to associate with a resource. type: object @@ -435,425 +404,4056 @@ components: Value: type: string additionalProperties: false - Multiplex: + ChannelPlacementGroup: type: object properties: Arn: type: string - description: The unique arn of the multiplex. - AvailabilityZones: - description: A list of availability zones for the multiplex. + description: The ARN of the channel placement group. + Channels: type: array x-insertionOrder: false + description: List of channel IDs added to the channel placement group. items: type: string - Destinations: - description: A list of the multiplex output destinations. - type: array - x-insertionOrder: false - items: - $ref: '#/components/schemas/MultiplexOutputDestination' + ClusterId: + type: string + description: The ID of the cluster the node is on. Id: type: string - description: The unique id of the multiplex. - MultiplexSettings: - $ref: '#/components/schemas/MultiplexSettings' - description: Configuration for a multiplex event. + description: Unique internal identifier. Name: type: string - description: Name of multiplex. - PipelinesRunningCount: - type: integer - description: The number of currently healthy pipelines. - ProgramCount: - type: integer - description: The number of programs in the multiplex. + description: The name of the channel placement group. + Nodes: + type: array + x-insertionOrder: false + description: List of nodes added to the channel placement group + items: + type: string State: - type: string - enum: - - CREATING - - CREATE_FAILED - - IDLE - - STARTING - - RUNNING - - RECOVERING - - STOPPING - - DELETING - - DELETED + $ref: '#/components/schemas/ChannelPlacementGroupState' Tags: description: A collection of key-value pairs. type: array x-insertionOrder: false items: $ref: '#/components/schemas/Tags' - required: - - AvailabilityZones - - MultiplexSettings - - Name - x-stackql-resource-name: multiplex - description: Resource schema for AWS::MediaLive::Multiplex - x-type-name: AWS::MediaLive::Multiplex + x-stackql-resource-name: channel_placement_group + description: Definition of AWS::MediaLive::ChannelPlacementGroup Resource Type + x-type-name: AWS::MediaLive::ChannelPlacementGroup x-stackql-primary-identifier: - Id + - ClusterId x-create-only-properties: - - AvailabilityZones + - ClusterId x-read-only-properties: - Arn + - Channels - Id - - PipelinesRunningCount - - ProgramCount - State + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - medialive:CreateTags + - medialive:DeleteTags + x-required-permissions: + create: + - medialive:CreateChannelPlacementGroup + - medialive:DescribeChannelPlacementGroup + - medialive:CreateTags + - medialive:ListTagsForResource + read: + - medialive:DescribeChannelPlacementGroup + - medialive:ListTagsForResource + update: + - medialive:UpdateChannelPlacementGroup + - medialive:DescribeChannelPlacementGroup + - medialive:CreateTags + - medialive:DeleteTags + - medialive:ListTagsForResource + delete: + - medialive:DeleteChannelPlacementGroup + - medialive:DescribeChannelPlacementGroup + list: + - medialive:ListChannelPlacementGroups + CloudWatchAlarmTemplateComparisonOperator: + type: string + description: The comparison operator used to compare the specified statistic and the threshold. + enum: + - GreaterThanOrEqualToThreshold + - GreaterThanThreshold + - LessThanThreshold + - LessThanOrEqualToThreshold + CloudWatchAlarmTemplateStatistic: + type: string + description: The statistic to apply to the alarm's metric data. + enum: + - SampleCount + - Average + - Sum + - Minimum + - Maximum + CloudWatchAlarmTemplateTargetResourceType: + type: string + description: The resource type this template should dynamically generate cloudwatch metric alarms for. + enum: + - CLOUDFRONT_DISTRIBUTION + - MEDIALIVE_MULTIPLEX + - MEDIALIVE_CHANNEL + - MEDIALIVE_INPUT_DEVICE + - MEDIAPACKAGE_CHANNEL + - MEDIAPACKAGE_ORIGIN_ENDPOINT + - MEDIACONNECT_FLOW + - S3_BUCKET + CloudWatchAlarmTemplateTreatMissingData: + type: string + description: Specifies how missing data points are treated when evaluating the alarm's condition. + enum: + - notBreaching + - breaching + - ignore + - missing + TagMap: + type: object + description: Represents the tags associated with a resource. + x-patternProperties: + .+: + type: string + additionalProperties: false + CloudWatchAlarmTemplate: + type: object + properties: + Arn: + type: string + pattern: ^arn:.+:medialive:.+:cloudwatch-alarm-template:.+$ + description: A cloudwatch alarm template's ARN (Amazon Resource Name) + ComparisonOperator: + $ref: '#/components/schemas/CloudWatchAlarmTemplateComparisonOperator' + CreatedAt: + type: string + format: date-time + DatapointsToAlarm: + type: number + default: 0 + minimum: 1 + description: The number of datapoints within the evaluation period that must be breaching to trigger the alarm. + Description: + type: string + maxLength: 1024 + minLength: 0 + description: A resource's optional description. + EvaluationPeriods: + type: number + default: 0 + minimum: 1 + description: The number of periods over which data is compared to the specified threshold. + GroupId: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: A cloudwatch alarm template group's id. AWS provided template groups have ids that start with `aws-` + GroupIdentifier: + type: string + pattern: ^[^\s]+$ + description: A cloudwatch alarm template group's identifier. Can be either be its id or current name. + Id: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: A cloudwatch alarm template's id. AWS provided templates have ids that start with `aws-` + Identifier: + type: string + MetricName: + type: string + maxLength: 64 + minLength: 0 + description: The name of the metric associated with the alarm. Must be compatible with targetResourceType. + ModifiedAt: + type: string + format: date-time + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[^\s]+$ + description: A resource's name. Names must be unique within the scope of a resource type in a specific region. + Period: + type: number + default: 0 + maximum: 86400 + minimum: 10 + description: The period, in seconds, over which the specified statistic is applied. + Statistic: + $ref: '#/components/schemas/CloudWatchAlarmTemplateStatistic' + Tags: + $ref: '#/components/schemas/TagMap' + TargetResourceType: + $ref: '#/components/schemas/CloudWatchAlarmTemplateTargetResourceType' + Threshold: + type: number + default: 0 + description: The threshold value to compare with the specified statistic. + TreatMissingData: + $ref: '#/components/schemas/CloudWatchAlarmTemplateTreatMissingData' + required: + - ComparisonOperator + - EvaluationPeriods + - GroupIdentifier + - MetricName + - Name + - Period + - Statistic + - TargetResourceType + - Threshold + - TreatMissingData + x-stackql-resource-name: cloud_watch_alarm_template + description: Definition of AWS::MediaLive::CloudWatchAlarmTemplate Resource Type + x-type-name: AWS::MediaLive::CloudWatchAlarmTemplate + x-stackql-primary-identifier: + - Identifier + x-create-only-properties: + - Tags + x-write-only-properties: + - GroupIdentifier + x-read-only-properties: + - Arn + - CreatedAt + - Id + - GroupId + - Identifier + - ModifiedAt x-required-properties: - - AvailabilityZones - - MultiplexSettings + - ComparisonOperator + - EvaluationPeriods + - GroupIdentifier + - MetricName - Name + - Period + - Statistic + - TargetResourceType + - Threshold + - TreatMissingData x-tagging: taggable: true tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - medialive:CreateTags + - medialive:DeleteTags x-required-permissions: create: - - medialive:CreateMultiplex - - medialive:DescribeMultiplex + - medialive:CreateCloudWatchAlarmTemplate + - medialive:GetCloudWatchAlarmTemplate - medialive:CreateTags read: - - medialive:DescribeMultiplex + - medialive:GetCloudWatchAlarmTemplate update: - - medialive:UpdateMultiplex - - medialive:DescribeMultiplex + - medialive:UpdateCloudWatchAlarmTemplate + - medialive:GetCloudWatchAlarmTemplate - medialive:CreateTags - medialive:DeleteTags delete: - - medialive:DeleteMultiplex - - medialive:DescribeMultiplex + - medialive:DeleteCloudWatchAlarmTemplate list: - - medialive:ListMultiplexes - MultiplexProgramSettings: - description: Multiplex Program settings configuration. + - medialive:ListCloudWatchAlarmTemplates + CloudWatchAlarmTemplateGroup: type: object properties: - PreferredChannelPipeline: + Arn: type: string - $ref: '#/components/schemas/PreferredChannelPipeline' - ProgramNumber: - type: integer - description: Unique program number. - minimum: 0 - maximum: 65535 - ServiceDescriptor: - $ref: '#/components/schemas/MultiplexProgramServiceDescriptor' - description: Transport stream service descriptor configuration for the Multiplex program. - VideoSettings: - $ref: '#/components/schemas/MultiplexVideoSettings' - description: Program video settings configuration. + pattern: ^arn:.+:medialive:.+:cloudwatch-alarm-template-group:.+$ + description: A cloudwatch alarm template group's ARN (Amazon Resource Name) + CreatedAt: + type: string + format: date-time + Description: + type: string + maxLength: 1024 + minLength: 0 + description: A resource's optional description. + Id: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: A cloudwatch alarm template group's id. AWS provided template groups have ids that start with `aws-` + Identifier: + type: string + ModifiedAt: + type: string + format: date-time + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[^\s]+$ + description: A resource's name. Names must be unique within the scope of a resource type in a specific region. + Tags: + $ref: '#/components/schemas/TagMap' required: - - ProgramNumber + - Name + x-stackql-resource-name: cloud_watch_alarm_template_group + description: Definition of AWS::MediaLive::CloudWatchAlarmTemplateGroup Resource Type + x-type-name: AWS::MediaLive::CloudWatchAlarmTemplateGroup + x-stackql-primary-identifier: + - Identifier + x-create-only-properties: + - Name + - Tags + x-read-only-properties: + - Arn + - CreatedAt + - Id + - Identifier + - ModifiedAt + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - medialive:CreateTags + - medialive:DeleteTags + x-required-permissions: + create: + - medialive:CreateCloudWatchAlarmTemplateGroup + - medialive:GetCloudWatchAlarmTemplateGroup + - medialive:CreateTags + read: + - medialive:GetCloudWatchAlarmTemplateGroup + update: + - medialive:UpdateCloudWatchAlarmTemplateGroup + - medialive:GetCloudWatchAlarmTemplateGroup + - medialive:CreateTags + - medialive:DeleteTags + delete: + - medialive:DeleteCloudWatchAlarmTemplateGroup + list: + - medialive:ListCloudWatchAlarmTemplateGroups + ClusterNetworkSettings: + type: object + description: On premises settings which will have the interface network mappings and default Output logical interface + properties: + DefaultRoute: + type: string + description: Default value if the customer does not define it in channel Output API + InterfaceMappings: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/InterfaceMapping' + description: Network mappings for the cluster additionalProperties: false - PreferredChannelPipeline: + ClusterState: type: string - description: | - Indicates which pipeline is preferred by the multiplex for program ingest. - If set to \"PIPELINE_0\" or \"PIPELINE_1\" and an unhealthy ingest causes the multiplex to switch to the non-preferred pipeline, - it will switch back once that ingest is healthy again. If set to \"CURRENTLY_ACTIVE\", - it will not switch back to the other pipeline based on it recovering to a healthy state, - it will only switch if the active pipeline becomes unhealthy. + description: The current state of the Cluster. enum: - - CURRENTLY_ACTIVE - - PIPELINE_0 - - PIPELINE_1 - MultiplexProgramServiceDescriptor: - description: Transport stream service descriptor configuration for the Multiplex program. + - CREATING + - CREATE_FAILED + - ACTIVE + - DELETING + - DELETED + ClusterType: + type: string + description: The hardware type for the cluster. + enum: + - ON_PREMISES + - OUTPOSTS_RACK + - OUTPOSTS_SERVER + - EC2 + InterfaceMapping: type: object + description: Network mappings for the cluster properties: - ProviderName: + LogicalInterfaceName: type: string - description: Name of the provider. - minLength: 1 - maxLength: 256 - ServiceName: + description: logical interface name, unique in the list + NetworkId: type: string - description: Name of the service. - minLength: 1 - maxLength: 256 - required: - - ProviderName - - ServiceName + description: Network Id to be associated with the logical interface name, can be duplicated in list additionalProperties: false - MultiplexVideoSettings: - description: The video configuration for each program in a multiplex. - type: object - oneOf: - - type: object - properties: - ConstantBitrate: - type: integer - description: |- - The constant bitrate configuration for the video encode. - When this field is defined, StatmuxSettings must be undefined. - minimum: 100000 - maximum: 100000000 - required: - - ConstantBitrate - additionalProperties: false - - type: object - properties: - StatmuxSettings: - description: |- - Statmux rate control settings. - When this field is defined, ConstantBitrate must be undefined. - $ref: '#/components/schemas/MultiplexStatmuxVideoSettings' - required: - - StatmuxSettings - additionalProperties: false - MultiplexStatmuxVideoSettings: - description: Statmux rate control settings + InterfaceNetworkMapping: type: object + description: Network mappings for the cluster properties: - MaximumBitrate: - type: integer - description: Maximum statmux bitrate. - minimum: 100000 - maximum: 100000000 - MinimumBitrate: - type: integer - description: Minimum statmux bitrate. - minimum: 100000 - maximum: 100000000 - Priority: - type: integer - description: The purpose of the priority is to use a combination of the\nmultiplex rate control algorithm and the QVBR capability of the\nencoder to prioritize the video quality of some channels in a\nmultiplex over others. Channels that have a higher priority will\nget higher video quality at the expense of the video quality of\nother channels in the multiplex with lower priority. - minimum: -5 - maximum: 5 + LogicalInterfaceName: + type: string + description: logical interface name, unique in the list + NetworkId: + type: string + description: Network Id to be associated with the logical interface name, can be duplicated in list additionalProperties: false - MultiplexProgramPacketIdentifiersMap: - description: Packet identifiers map for a given Multiplex program. + Cluster: type: object properties: - AudioPids: - type: array - items: - type: integer - x-insertionOrder: true - DvbSubPids: - type: array - items: - type: integer - x-insertionOrder: true - DvbTeletextPid: - type: integer - EtvPlatformPid: - type: integer - EtvSignalPid: - type: integer - KlvDataPids: + Arn: + type: string + pattern: ^arn:.+:medialive:.+:cluster:.+$ + description: The ARN of the Cluster. + ChannelIds: type: array + x-insertionOrder: false items: - type: integer - x-insertionOrder: true - PcrPid: - type: integer - PmtPid: - type: integer - PrivateMetadataPid: - type: integer - Scte27Pids: + type: string + description: MediaLive Channel Ids + description: The MediaLive Channels that are currently running on Nodes in this Cluster. + ClusterType: + $ref: '#/components/schemas/ClusterType' + Id: + type: string + description: The unique ID of the Cluster. + InstanceRoleArn: + type: string + pattern: ^arn:.+:iam:.+:role/.+$ + description: The IAM role your nodes will use. + Name: + type: string + description: The user-specified name of the Cluster to be created. + NetworkSettings: + $ref: '#/components/schemas/ClusterNetworkSettings' + State: + $ref: '#/components/schemas/ClusterState' + Tags: + description: A collection of key-value pairs. type: array + x-insertionOrder: false items: - type: integer - x-insertionOrder: true - Scte35Pid: - type: integer - TimedMetadataPid: - type: integer - VideoPid: - type: integer - additionalProperties: false - MultiplexProgramPipelineDetail: - description: The current source for one of the pipelines in the multiplex. + $ref: '#/components/schemas/Tags' + x-stackql-resource-name: cluster + description: Definition of AWS::MediaLive::Cluster Resource Type + x-type-name: AWS::MediaLive::Cluster + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - ClusterType + - InstanceRoleArn + x-read-only-properties: + - Arn + - ChannelIds + - Id + - State + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - medialive:CreateTags + - medialive:DeleteTags + x-required-permissions: + create: + - medialive:CreateCluster + - medialive:DescribeCluster + - medialive:CreateTags + - ecs:CreateCluster + - ecs:RegisterTaskDefinition + - ecs:TagResource + - ecs:CreateService + - iam:PassRole + - medialive:ListTagsForResource + read: + - medialive:DescribeCluster + - medialive:ListTagsForResource + update: + - medialive:UpdateCluster + - medialive:DescribeCluster + - medialive:CreateTags + - medialive:DeleteTags + - medialive:ListTagsForResource + delete: + - medialive:DeleteCluster + - medialive:DescribeCluster + - ecs:DeleteService + list: + - medialive:ListClusters + EventBridgeRuleTemplateEventType: + type: string + description: The type of event to match with the rule. + enum: + - MEDIALIVE_MULTIPLEX_ALERT + - MEDIALIVE_MULTIPLEX_STATE_CHANGE + - MEDIALIVE_CHANNEL_ALERT + - MEDIALIVE_CHANNEL_INPUT_CHANGE + - MEDIALIVE_CHANNEL_STATE_CHANGE + - MEDIAPACKAGE_INPUT_NOTIFICATION + - MEDIAPACKAGE_KEY_PROVIDER_NOTIFICATION + - MEDIAPACKAGE_HARVEST_JOB_NOTIFICATION + - SIGNAL_MAP_ACTIVE_ALARM + - MEDIACONNECT_ALERT + - MEDIACONNECT_SOURCE_HEALTH + - MEDIACONNECT_OUTPUT_HEALTH + - MEDIACONNECT_FLOW_STATUS_CHANGE + EventBridgeRuleTemplateTarget: type: object + description: The target to which to send matching events. properties: - ActiveChannelPipeline: - type: string - description: Identifies the channel pipeline that is currently active for the pipeline (identified by PipelineId) in the multiplex. - PipelineId: + Arn: type: string - description: Identifies a specific pipeline in the multiplex. + maxLength: 2048 + minLength: 1 + pattern: ^arn.+$ + description: Target ARNs must be either an SNS topic or CloudWatch log group. + required: + - Arn additionalProperties: false - Multiplexprogram: + EventBridgeRuleTemplate: type: object properties: - ChannelId: + Arn: type: string - description: The MediaLive channel associated with the program. - MultiplexId: + pattern: ^arn:.+:medialive:.+:eventbridge-rule-template:.+$ + description: An eventbridge rule template's ARN (Amazon Resource Name) + CreatedAt: type: string - description: The ID of the multiplex that the program belongs to. - MultiplexProgramSettings: - description: The settings for this multiplex program. - $ref: '#/components/schemas/MultiplexProgramSettings' - PreferredChannelPipeline: - description: The settings for this multiplex program. - $ref: '#/components/schemas/PreferredChannelPipeline' - PacketIdentifiersMap: - $ref: '#/components/schemas/MultiplexProgramPacketIdentifiersMap' - description: The packet identifier map for this multiplex program. - PipelineDetails: - description: Contains information about the current sources for the specified program in the specified multiplex. Keep in mind that each multiplex pipeline connects to both pipelines in a given source channel (the channel identified by the program). But only one of those channel pipelines is ever active at one time. + description: Placeholder documentation for __timestampIso8601 + format: date-time + Description: + type: string + maxLength: 1024 + minLength: 0 + description: A resource's optional description. + EventTargets: type: array items: - $ref: '#/components/schemas/MultiplexProgramPipelineDetail' - x-insertionOrder: true - ProgramName: + $ref: '#/components/schemas/EventBridgeRuleTemplateTarget' + description: Placeholder documentation for __listOfEventBridgeRuleTemplateTarget + EventType: + $ref: '#/components/schemas/EventBridgeRuleTemplateEventType' + GroupId: type: string - description: The name of the multiplex program. - x-stackql-resource-name: multiplexprogram - description: Resource schema for AWS::MediaLive::Multiplexprogram - x-type-name: AWS::MediaLive::Multiplexprogram + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: An eventbridge rule template group's id. AWS provided template groups have ids that start with `aws-` + GroupIdentifier: + type: string + pattern: ^[^\s]+$ + description: An eventbridge rule template group's identifier. Can be either be its id or current name. + Id: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: An eventbridge rule template's id. AWS provided templates have ids that start with `aws-` + Identifier: + type: string + description: Placeholder documentation for __string + ModifiedAt: + type: string + description: Placeholder documentation for __timestampIso8601 + format: date-time + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[^\s]+$ + description: A resource's name. Names must be unique within the scope of a resource type in a specific region. + Tags: + $ref: '#/components/schemas/TagMap' + required: + - EventType + - GroupIdentifier + - Name + x-stackql-resource-name: event_bridge_rule_template + description: Definition of AWS::MediaLive::EventBridgeRuleTemplate Resource Type + x-type-name: AWS::MediaLive::EventBridgeRuleTemplate x-stackql-primary-identifier: - - ProgramName - - MultiplexId + - Identifier x-create-only-properties: - - ProgramName - - MultiplexId + - Tags x-write-only-properties: - - PreferredChannelPipeline + - GroupIdentifier + x-read-only-properties: + - Arn + - CreatedAt + - GroupId + - Id + - Identifier + - ModifiedAt + x-required-properties: + - EventType + - GroupIdentifier + - Name x-tagging: - taggable: false + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - medialive:CreateTags + - medialive:DeleteTags x-required-permissions: create: - - medialive:CreateMultiplexProgram - - medialive:DescribeMultiplexProgram + - medialive:CreateEventBridgeRuleTemplate + - medialive:GetEventBridgeRuleTemplate + - medialive:CreateTags read: - - medialive:DescribeMultiplexProgram + - medialive:GetEventBridgeRuleTemplate update: - - medialive:UpdateMultiplexProgram - - medialive:DescribeMultiplexProgram + - medialive:UpdateEventBridgeRuleTemplate + - medialive:GetEventBridgeRuleTemplate + - medialive:CreateTags + - medialive:DeleteTags delete: - - medialive:DeleteMultiplexProgram - - medialive:DescribeMultiplexProgram + - medialive:DeleteEventBridgeRuleTemplate list: - - medialive:ListMultiplexPrograms - CreateMultiplexRequest: + - medialive:ListEventBridgeRuleTemplates + EventBridgeRuleTemplateGroup: + type: object properties: - ClientToken: + Arn: type: string - RoleArn: + pattern: ^arn:.+:medialive:.+:eventbridge-rule-template-group:.+$ + description: An eventbridge rule template group's ARN (Amazon Resource Name) + CreatedAt: type: string - TypeName: + format: date-time + Description: type: string - TypeVersionId: + maxLength: 1024 + minLength: 0 + description: A resource's optional description. + Id: type: string - DesiredState: - type: object + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: An eventbridge rule template group's id. AWS provided template groups have ids that start with `aws-` + Identifier: + type: string + ModifiedAt: + type: string + format: date-time + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[^\s]+$ + description: A resource's name. Names must be unique within the scope of a resource type in a specific region. + Tags: + $ref: '#/components/schemas/TagMap' + required: + - Name + x-stackql-resource-name: event_bridge_rule_template_group + description: Definition of AWS::MediaLive::EventBridgeRuleTemplateGroup Resource Type + x-type-name: AWS::MediaLive::EventBridgeRuleTemplateGroup + x-stackql-primary-identifier: + - Identifier + x-create-only-properties: + - Name + - Tags + x-read-only-properties: + - Arn + - CreatedAt + - Id + - Identifier + - ModifiedAt + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - medialive:CreateTags + - medialive:DeleteTags + x-required-permissions: + create: + - medialive:CreateEventBridgeRuleTemplateGroup + - medialive:GetEventBridgeRuleTemplateGroup + - medialive:CreateTags + read: + - medialive:GetEventBridgeRuleTemplateGroup + update: + - medialive:UpdateEventBridgeRuleTemplateGroup + - medialive:GetEventBridgeRuleTemplateGroup + - medialive:CreateTags + - medialive:DeleteTags + delete: + - medialive:DeleteEventBridgeRuleTemplateGroup + list: + - medialive:ListEventBridgeRuleTemplateGroups + MultiplexOutputDestination: + description: Multiplex MediaConnect output destination settings. + type: object + properties: + MultiplexMediaConnectOutputDestinationSettings: + description: Multiplex MediaConnect output destination settings. properties: - Arn: + EntitlementArn: type: string - description: The unique arn of the multiplex. - AvailabilityZones: - description: A list of availability zones for the multiplex. - type: array - x-insertionOrder: false - items: - type: string - Destinations: - description: A list of the multiplex output destinations. - type: array - x-insertionOrder: false - items: - $ref: '#/components/schemas/MultiplexOutputDestination' - Id: - type: string - description: The unique id of the multiplex. - MultiplexSettings: - $ref: '#/components/schemas/MultiplexSettings' - description: Configuration for a multiplex event. - Name: - type: string - description: Name of multiplex. - PipelinesRunningCount: - type: integer - description: The number of currently healthy pipelines. - ProgramCount: - type: integer - description: The number of programs in the multiplex. - State: - type: string - enum: - - CREATING - - CREATE_FAILED - - IDLE - - STARTING - - RUNNING - - RECOVERING - - STOPPING - - DELETING - - DELETED - Tags: - description: A collection of key-value pairs. - type: array - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tags' - x-stackQL-stringOnly: true - x-title: CreateMultiplexRequest + description: The MediaConnect entitlement ARN available as a Flow source. + minLength: 1 + additionalProperties: false + additionalProperties: false + MultiplexSettings: type: object - required: [] - CreateMultiplexprogramRequest: + description: A key-value pair to associate with a resource. properties: - ClientToken: + MaximumVideoBufferDelayMilliseconds: + type: integer + description: Maximum video buffer delay in milliseconds. + minimum: 800 + maximum: 3000 + TransportStreamBitrate: + type: integer + description: Transport stream bit rate. + minimum: 1000000 + maximum: 100000000 + TransportStreamId: + type: integer + description: Transport stream ID. + minimum: 0 + maximum: 65535 + TransportStreamReservedBitrate: + type: integer + description: Transport stream reserved bit rate. + minimum: 0 + maximum: 100000000 + required: + - TransportStreamBitrate + - TransportStreamId + additionalProperties: false + Multiplex: + type: object + properties: + Arn: type: string - RoleArn: + description: The unique arn of the multiplex. + AvailabilityZones: + description: A list of availability zones for the multiplex. + type: array + x-insertionOrder: false + items: + type: string + Destinations: + description: A list of the multiplex output destinations. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/MultiplexOutputDestination' + Id: type: string - TypeName: + description: The unique id of the multiplex. + MultiplexSettings: + $ref: '#/components/schemas/MultiplexSettings' + description: Configuration for a multiplex event. + Name: type: string - TypeVersionId: + description: Name of multiplex. + PipelinesRunningCount: + type: integer + description: The number of currently healthy pipelines. + ProgramCount: + type: integer + description: The number of programs in the multiplex. + State: type: string - DesiredState: - type: object - properties: - ChannelId: - type: string - description: The MediaLive channel associated with the program. - MultiplexId: - type: string - description: The ID of the multiplex that the program belongs to. - MultiplexProgramSettings: - description: The settings for this multiplex program. - $ref: '#/components/schemas/MultiplexProgramSettings' - PreferredChannelPipeline: - description: The settings for this multiplex program. - $ref: '#/components/schemas/PreferredChannelPipeline' - PacketIdentifiersMap: - $ref: '#/components/schemas/MultiplexProgramPacketIdentifiersMap' - description: The packet identifier map for this multiplex program. - PipelineDetails: - description: Contains information about the current sources for the specified program in the specified multiplex. Keep in mind that each multiplex pipeline connects to both pipelines in a given source channel (the channel identified by the program). But only one of those channel pipelines is ever active at one time. - type: array - items: - $ref: '#/components/schemas/MultiplexProgramPipelineDetail' - x-insertionOrder: true - ProgramName: - type: string - description: The name of the multiplex program. - x-stackQL-stringOnly: true - x-title: CreateMultiplexprogramRequest + enum: + - CREATING + - CREATE_FAILED + - IDLE + - STARTING + - RUNNING + - RECOVERING + - STOPPING + - DELETING + - DELETED + Tags: + description: A collection of key-value pairs. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tags' + required: + - AvailabilityZones + - MultiplexSettings + - Name + x-stackql-resource-name: multiplex + description: Resource schema for AWS::MediaLive::Multiplex + x-type-name: AWS::MediaLive::Multiplex + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - AvailabilityZones + x-read-only-properties: + - Arn + - Id + - PipelinesRunningCount + - ProgramCount + - State + x-required-properties: + - AvailabilityZones + - MultiplexSettings + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - medialive:CreateTags + - medialive:DeleteTags + x-required-permissions: + create: + - medialive:CreateMultiplex + - medialive:DescribeMultiplex + - medialive:CreateTags + read: + - medialive:DescribeMultiplex + update: + - medialive:UpdateMultiplex + - medialive:DescribeMultiplex + - medialive:CreateTags + - medialive:DeleteTags + delete: + - medialive:DeleteMultiplex + - medialive:DescribeMultiplex + list: + - medialive:ListMultiplexes + MultiplexProgramSettings: + description: Multiplex Program settings configuration. type: object - required: [] - securitySchemes: - hmac: - type: apiKey - name: Authorization - in: header - description: Amazon Signature authorization v4 - x-amazon-apigateway-authtype: awsSigv4 - x-stackQL-resources: - multiplexes: - name: multiplexes - id: aws.medialive.multiplexes - x-cfn-schema-name: Multiplex - x-cfn-type-name: AWS::MediaLive::Multiplex + properties: + PreferredChannelPipeline: + type: string + $ref: '#/components/schemas/PreferredChannelPipeline' + ProgramNumber: + type: integer + description: Unique program number. + minimum: 0 + maximum: 65535 + ServiceDescriptor: + $ref: '#/components/schemas/MultiplexProgramServiceDescriptor' + description: Transport stream service descriptor configuration for the Multiplex program. + VideoSettings: + $ref: '#/components/schemas/MultiplexVideoSettings' + description: Program video settings configuration. + required: + - ProgramNumber + additionalProperties: false + PreferredChannelPipeline: + type: string + description: | + Indicates which pipeline is preferred by the multiplex for program ingest. + If set to \"PIPELINE_0\" or \"PIPELINE_1\" and an unhealthy ingest causes the multiplex to switch to the non-preferred pipeline, + it will switch back once that ingest is healthy again. If set to \"CURRENTLY_ACTIVE\", + it will not switch back to the other pipeline based on it recovering to a healthy state, + it will only switch if the active pipeline becomes unhealthy. + enum: + - CURRENTLY_ACTIVE + - PIPELINE_0 + - PIPELINE_1 + MultiplexProgramServiceDescriptor: + description: Transport stream service descriptor configuration for the Multiplex program. + type: object + properties: + ProviderName: + type: string + description: Name of the provider. + minLength: 1 + maxLength: 256 + ServiceName: + type: string + description: Name of the service. + minLength: 1 + maxLength: 256 + required: + - ProviderName + - ServiceName + additionalProperties: false + MultiplexVideoSettings: + description: The video configuration for each program in a multiplex. + type: object + oneOf: + - type: object + properties: + ConstantBitrate: + type: integer + description: |- + The constant bitrate configuration for the video encode. + When this field is defined, StatmuxSettings must be undefined. + minimum: 100000 + maximum: 100000000 + required: + - ConstantBitrate + additionalProperties: false + - type: object + properties: + StatmuxSettings: + description: |- + Statmux rate control settings. + When this field is defined, ConstantBitrate must be undefined. + $ref: '#/components/schemas/MultiplexStatmuxVideoSettings' + required: + - StatmuxSettings + additionalProperties: false + MultiplexStatmuxVideoSettings: + description: Statmux rate control settings + type: object + properties: + MaximumBitrate: + type: integer + description: Maximum statmux bitrate. + minimum: 100000 + maximum: 100000000 + MinimumBitrate: + type: integer + description: Minimum statmux bitrate. + minimum: 100000 + maximum: 100000000 + Priority: + type: integer + description: The purpose of the priority is to use a combination of the\nmultiplex rate control algorithm and the QVBR capability of the\nencoder to prioritize the video quality of some channels in a\nmultiplex over others. Channels that have a higher priority will\nget higher video quality at the expense of the video quality of\nother channels in the multiplex with lower priority. + minimum: -5 + maximum: 5 + additionalProperties: false + MultiplexProgramPacketIdentifiersMap: + description: Packet identifiers map for a given Multiplex program. + type: object + properties: + AudioPids: + type: array + items: + type: integer + x-insertionOrder: true + DvbSubPids: + type: array + items: + type: integer + x-insertionOrder: true + DvbTeletextPid: + type: integer + EtvPlatformPid: + type: integer + EtvSignalPid: + type: integer + KlvDataPids: + type: array + items: + type: integer + x-insertionOrder: true + PcrPid: + type: integer + PmtPid: + type: integer + PrivateMetadataPid: + type: integer + Scte27Pids: + type: array + items: + type: integer + x-insertionOrder: true + Scte35Pid: + type: integer + TimedMetadataPid: + type: integer + VideoPid: + type: integer + additionalProperties: false + MultiplexProgramPipelineDetail: + description: The current source for one of the pipelines in the multiplex. + type: object + properties: + ActiveChannelPipeline: + type: string + description: Identifies the channel pipeline that is currently active for the pipeline (identified by PipelineId) in the multiplex. + PipelineId: + type: string + description: Identifies a specific pipeline in the multiplex. + additionalProperties: false + Multiplexprogram: + type: object + properties: + ChannelId: + type: string + description: The MediaLive channel associated with the program. + MultiplexId: + type: string + description: The ID of the multiplex that the program belongs to. + MultiplexProgramSettings: + description: The settings for this multiplex program. + $ref: '#/components/schemas/MultiplexProgramSettings' + PreferredChannelPipeline: + description: The settings for this multiplex program. + $ref: '#/components/schemas/PreferredChannelPipeline' + PacketIdentifiersMap: + $ref: '#/components/schemas/MultiplexProgramPacketIdentifiersMap' + description: The packet identifier map for this multiplex program. + PipelineDetails: + description: Contains information about the current sources for the specified program in the specified multiplex. Keep in mind that each multiplex pipeline connects to both pipelines in a given source channel (the channel identified by the program). But only one of those channel pipelines is ever active at one time. + type: array + items: + $ref: '#/components/schemas/MultiplexProgramPipelineDetail' + x-insertionOrder: true + ProgramName: + type: string + description: The name of the multiplex program. + x-stackql-resource-name: multiplexprogram + description: Resource schema for AWS::MediaLive::Multiplexprogram + x-type-name: AWS::MediaLive::Multiplexprogram + x-stackql-primary-identifier: + - ProgramName + - MultiplexId + x-create-only-properties: + - ProgramName + - MultiplexId + x-write-only-properties: + - PreferredChannelPipeline + x-read-only-properties: + - ChannelId + x-tagging: + taggable: false + x-required-permissions: + create: + - medialive:CreateMultiplexProgram + - medialive:DescribeMultiplexProgram + read: + - medialive:DescribeMultiplexProgram + update: + - medialive:UpdateMultiplexProgram + - medialive:DescribeMultiplexProgram + delete: + - medialive:DeleteMultiplexProgram + - medialive:DescribeMultiplexProgram + list: + - medialive:ListMultiplexPrograms + IpPool: + type: object + description: IP address cidr pool + properties: + Cidr: + type: string + description: IP address cidr pool + additionalProperties: false + NetworkState: + type: string + enum: + - CREATING + - CREATE_FAILED + - ACTIVE + - DELETING + - IDLE + - IN_USE + - UPDATING + - DELETED + - DELETE_FAILED + Route: + type: object + properties: + Cidr: + type: string + description: Ip address cidr + Gateway: + type: string + description: IP address for the route packet paths + additionalProperties: false + Network: + type: object + properties: + Arn: + type: string + description: The ARN of the Network. + AssociatedClusterIds: + type: array + x-insertionOrder: false + items: + type: string + description: Cluster Ids which have this network ID in their Interface Network Mappings + Id: + type: string + description: The unique ID of the Network. + IpPools: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/IpPool' + description: The list of IP address cidr pools for the network + Name: + type: string + description: The user-specified name of the Network to be created. + Routes: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Route' + description: The routes for the network + State: + $ref: '#/components/schemas/NetworkState' + description: The current state of the Network. + Tags: + description: A collection of key-value pairs. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tags' + required: + - Name + - IpPools + x-stackql-resource-name: network + description: Resource schema for AWS::MediaLive::Network. + x-type-name: AWS::MediaLive::Network + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Arn + - Id + - State + - AssociatedClusterIds + x-required-properties: + - Name + - IpPools + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - medialive:CreateTags + - medialive:DeleteTags + x-required-permissions: + create: + - medialive:CreateNetwork + - medialive:CreateTags + - medialive:DescribeNetwork + - medialive:ListTagsForResource + read: + - medialive:DescribeNetwork + - medialive:ListTagsForResource + update: + - medialive:UpdateNetwork + - medialive:CreateTags + - medialive:DeleteTags + - medialive:DescribeNetwork + - medialive:ListTagsForResource + delete: + - medialive:DeleteNetwork + - medialive:DescribeNetwork + list: + - medialive:ListNetworks + SdiSourceMode: + type: string + description: The current state of the SdiSource. + enum: + - QUADRANT + - INTERLEAVE + SdiSourceState: + type: string + description: The current state of the SdiSource. + enum: + - IDLE + - IN_USE + - DELETED + SdiSourceType: + type: string + description: The interface mode of the SdiSource. + enum: + - SINGLE + - QUAD + SdiSource: + type: object + properties: + Arn: + type: string + description: The unique arn of the SdiSource. + Id: + type: string + description: The unique identifier of the SdiSource. + Mode: + $ref: '#/components/schemas/SdiSourceMode' + Name: + type: string + description: The name of the SdiSource. + State: + $ref: '#/components/schemas/SdiSourceState' + Type: + $ref: '#/components/schemas/SdiSourceType' + Inputs: + description: The list of inputs currently using this SDI source. + type: array + x-insertionOrder: false + items: + type: string + Tags: + description: A collection of key-value pairs. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tags' + required: + - Name + - Type + x-stackql-resource-name: sdi_source + description: Definition of AWS::MediaLive::SdiSource Resource Type + x-type-name: AWS::MediaLive::SdiSource + x-stackql-primary-identifier: + - Id + x-read-only-properties: + - Id + - State + - Arn + - Inputs + x-required-properties: + - Name + - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - medialive:CreateTags + - medialive:DeleteTags + x-required-permissions: + create: + - medialive:CreateSdiSource + - medialive:CreateTags + - medialive:DescribeSdiSource + - medialive:ListTagsForResource + read: + - medialive:DescribeSdiSource + - medialive:ListTagsForResource + update: + - medialive:UpdateSdiSource + - medialive:DescribeSdiSource + - medialive:CreateTags + - medialive:DeleteTags + - medialive:ListTagsForResource + delete: + - medialive:DeleteSdiSource + - medialive:DescribeSdiSource + list: + - medialive:ListSdiSources + FailedMediaResourceMap: + type: object + description: A map representing an incomplete AWS media workflow as a graph. + x-patternProperties: + .+: + $ref: '#/components/schemas/MediaResource' + additionalProperties: false + MediaResource: + type: object + description: An AWS resource used in media workflows. + properties: + Destinations: + type: array + items: + $ref: '#/components/schemas/MediaResourceNeighbor' + Name: + type: string + maxLength: 256 + minLength: 1 + description: The logical name of an AWS media resource. + Sources: + type: array + items: + $ref: '#/components/schemas/MediaResourceNeighbor' + additionalProperties: false + MediaResourceMap: + type: object + description: A map representing an AWS media workflow as a graph. + x-patternProperties: + .+: + $ref: '#/components/schemas/MediaResource' + additionalProperties: false + MediaResourceNeighbor: + type: object + description: A direct source or destination neighbor to an AWS media resource. + properties: + Arn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn.+$ + description: The ARN of a resource used in AWS media workflows. + Name: + type: string + maxLength: 256 + minLength: 1 + description: The logical name of an AWS media resource. + required: + - Arn + additionalProperties: false + MonitorDeployment: + type: object + description: Represents the latest monitor deployment of a signal map. + properties: + DetailsUri: + type: string + maxLength: 2048 + minLength: 1 + description: URI associated with a signal map's monitor deployment. + ErrorMessage: + type: string + maxLength: 2048 + minLength: 1 + description: Error message associated with a failed monitor deployment of a signal map. + Status: + $ref: '#/components/schemas/SignalMapMonitorDeploymentStatus' + required: + - Status + additionalProperties: false + SignalMapMonitorDeploymentStatus: + type: string + description: A signal map's monitor deployment status. + enum: + - NOT_DEPLOYED + - DRY_RUN_DEPLOYMENT_COMPLETE + - DRY_RUN_DEPLOYMENT_FAILED + - DRY_RUN_DEPLOYMENT_IN_PROGRESS + - DEPLOYMENT_COMPLETE + - DEPLOYMENT_FAILED + - DEPLOYMENT_IN_PROGRESS + - DELETE_COMPLETE + - DELETE_FAILED + - DELETE_IN_PROGRESS + SignalMapStatus: + type: string + description: A signal map's current status which is dependent on its lifecycle actions or associated jobs. + enum: + - CREATE_IN_PROGRESS + - CREATE_COMPLETE + - CREATE_FAILED + - UPDATE_IN_PROGRESS + - UPDATE_COMPLETE + - UPDATE_REVERTED + - UPDATE_FAILED + - READY + - NOT_READY + SuccessfulMonitorDeployment: + type: object + description: Represents the latest successful monitor deployment of a signal map. + properties: + DetailsUri: + type: string + maxLength: 2048 + minLength: 1 + description: URI associated with a signal map's monitor deployment. + Status: + $ref: '#/components/schemas/SignalMapMonitorDeploymentStatus' + required: + - DetailsUri + - Status + additionalProperties: false + Unit: + type: object + additionalProperties: false + SignalMap: + type: object + properties: + Arn: + type: string + pattern: ^arn:.+:medialive:.+:signal-map:.+$ + description: A signal map's ARN (Amazon Resource Name) + CloudWatchAlarmTemplateGroupIdentifiers: + type: array + items: + type: string + pattern: ^[^\s]+$ + CloudWatchAlarmTemplateGroupIds: + type: array + items: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + CreatedAt: + type: string + format: date-time + Description: + type: string + maxLength: 1024 + minLength: 0 + description: A resource's optional description. + DiscoveryEntryPointArn: + type: string + maxLength: 2048 + minLength: 1 + description: A top-level supported AWS resource ARN to discovery a signal map from. + ErrorMessage: + type: string + maxLength: 2048 + minLength: 1 + description: Error message associated with a failed creation or failed update attempt of a signal map. + EventBridgeRuleTemplateGroupIdentifiers: + type: array + items: + type: string + pattern: ^[^\s]+$ + EventBridgeRuleTemplateGroupIds: + type: array + items: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + FailedMediaResourceMap: + $ref: '#/components/schemas/FailedMediaResourceMap' + ForceRediscovery: + type: boolean + default: false + description: If true, will force a rediscovery of a signal map if an unchanged discoveryEntryPointArn is provided. + Id: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: A signal map's id. + Identifier: + type: string + LastDiscoveredAt: + type: string + format: date-time + LastSuccessfulMonitorDeployment: + $ref: '#/components/schemas/SuccessfulMonitorDeployment' + MediaResourceMap: + $ref: '#/components/schemas/MediaResourceMap' + ModifiedAt: + type: string + format: date-time + MonitorChangesPendingDeployment: + type: boolean + default: false + description: If true, there are pending monitor changes for this signal map that can be deployed. + MonitorDeployment: + $ref: '#/components/schemas/MonitorDeployment' + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[^\s]+$ + description: A resource's name. Names must be unique within the scope of a resource type in a specific region. + Status: + $ref: '#/components/schemas/SignalMapStatus' + Tags: + $ref: '#/components/schemas/TagMap' + required: + - DiscoveryEntryPointArn + - Name + x-stackql-resource-name: signal_map + description: Definition of AWS::MediaLive::SignalMap Resource Type + x-type-name: AWS::MediaLive::SignalMap + x-stackql-primary-identifier: + - Identifier + x-create-only-properties: + - Tags + x-write-only-properties: + - CloudWatchAlarmTemplateGroupIdentifiers + - EventBridgeRuleTemplateGroupIdentifiers + - ForceRediscovery + x-read-only-properties: + - Arn + - CloudWatchAlarmTemplateGroupIds + - CreatedAt + - ErrorMessage + - EventBridgeRuleTemplateGroupIds + - FailedMediaResourceMap + - Id + - Identifier + - LastDiscoveredAt + - LastSuccessfulMonitorDeployment + - MediaResourceMap + - ModifiedAt + - MonitorChangesPendingDeployment + - MonitorDeployment + - Status + x-required-properties: + - DiscoveryEntryPointArn + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - medialive:CreateTags + - medialive:DeleteTags + x-required-permissions: + create: + - medialive:CreateSignalMap + - medialive:GetSignalMap + - medialive:CreateTags + - medialive:DescribeChannel + - medialive:DescribeInput + - medialive:DescribeInputDevice + - medialive:DescribeInputSecurityGroup + - medialive:DescribeMultiplex + - medialive:DescribeMultiplexProgram + - medialive:ListChannels + - medialive:ListInputDevices + - medialive:ListInputSecurityGroups + - medialive:ListInputs + - medialive:ListMultiplexPrograms + - medialive:ListMultiplexes + - medialive:ListOfferings + - medialive:ListReservations + - medialive:ListTagsForResource + - cloudfront:ListDistributions + - cloudfront:GetDistribution + - ec2:DescribeNetworkInterfaces + - mediaconnect:ListEntitlements + - mediaconnect:ListFlows + - mediaconnect:ListOfferings + - mediaconnect:ListReservations + - mediaconnect:DescribeFlow + - mediapackage:ListChannels + - mediapackage:ListOriginEndpoints + - mediapackage:DescribeChannel + - mediapackage:DescribeOriginEndpoint + - mediapackagev2:ListChannelGroups + - mediapackagev2:ListChannels + - mediapackagev2:ListOriginEndpoints + - mediapackagev2:GetChannelGroup + - mediapackagev2:GetChannel + - mediapackagev2:GetOriginEndpoint + - tag:GetResources + read: + - medialive:GetSignalMap + - tag:GetResources + update: + - medialive:StartUpdateSignalMap + - medialive:GetSignalMap + - medialive:CreateTags + - medialive:DeleteTags + - medialive:DescribeChannel + - medialive:DescribeInput + - medialive:DescribeInputDevice + - medialive:DescribeInputSecurityGroup + - medialive:DescribeMultiplex + - medialive:DescribeMultiplexProgram + - medialive:ListChannels + - medialive:ListInputDevices + - medialive:ListInputSecurityGroups + - medialive:ListInputs + - medialive:ListMultiplexPrograms + - medialive:ListMultiplexes + - medialive:ListOfferings + - medialive:ListReservations + - medialive:ListTagsForResource + - cloudfront:ListDistributions + - cloudfront:GetDistribution + - ec2:DescribeNetworkInterfaces + - mediaconnect:ListEntitlements + - mediaconnect:ListFlows + - mediaconnect:ListOfferings + - mediaconnect:ListReservations + - mediaconnect:DescribeFlow + - mediapackage:ListChannels + - mediapackage:ListOriginEndpoints + - mediapackage:DescribeChannel + - mediapackage:DescribeOriginEndpoint + - mediapackagev2:ListChannelGroups + - mediapackagev2:ListChannels + - mediapackagev2:ListOriginEndpoints + - mediapackagev2:GetChannelGroup + - mediapackagev2:GetChannel + - mediapackagev2:GetOriginEndpoint + - tag:GetResources + delete: + - medialive:GetSignalMap + - medialive:DeleteSignalMap + list: + - medialive:ListSignalMaps + CreateChannelPlacementGroupRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + description: The ARN of the channel placement group. + Channels: + type: array + x-insertionOrder: false + description: List of channel IDs added to the channel placement group. + items: + type: string + ClusterId: + type: string + description: The ID of the cluster the node is on. + Id: + type: string + description: Unique internal identifier. + Name: + type: string + description: The name of the channel placement group. + Nodes: + type: array + x-insertionOrder: false + description: List of nodes added to the channel placement group + items: + type: string + State: + $ref: '#/components/schemas/ChannelPlacementGroupState' + Tags: + description: A collection of key-value pairs. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateChannelPlacementGroupRequest + type: object + required: [] + CreateCloudWatchAlarmTemplateRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + pattern: ^arn:.+:medialive:.+:cloudwatch-alarm-template:.+$ + description: A cloudwatch alarm template's ARN (Amazon Resource Name) + ComparisonOperator: + $ref: '#/components/schemas/CloudWatchAlarmTemplateComparisonOperator' + CreatedAt: + type: string + format: date-time + DatapointsToAlarm: + type: number + default: 0 + minimum: 1 + description: The number of datapoints within the evaluation period that must be breaching to trigger the alarm. + Description: + type: string + maxLength: 1024 + minLength: 0 + description: A resource's optional description. + EvaluationPeriods: + type: number + default: 0 + minimum: 1 + description: The number of periods over which data is compared to the specified threshold. + GroupId: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: A cloudwatch alarm template group's id. AWS provided template groups have ids that start with `aws-` + GroupIdentifier: + type: string + pattern: ^[^\s]+$ + description: A cloudwatch alarm template group's identifier. Can be either be its id or current name. + Id: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: A cloudwatch alarm template's id. AWS provided templates have ids that start with `aws-` + Identifier: + type: string + MetricName: + type: string + maxLength: 64 + minLength: 0 + description: The name of the metric associated with the alarm. Must be compatible with targetResourceType. + ModifiedAt: + type: string + format: date-time + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[^\s]+$ + description: A resource's name. Names must be unique within the scope of a resource type in a specific region. + Period: + type: number + default: 0 + maximum: 86400 + minimum: 10 + description: The period, in seconds, over which the specified statistic is applied. + Statistic: + $ref: '#/components/schemas/CloudWatchAlarmTemplateStatistic' + Tags: + $ref: '#/components/schemas/TagMap' + TargetResourceType: + $ref: '#/components/schemas/CloudWatchAlarmTemplateTargetResourceType' + Threshold: + type: number + default: 0 + description: The threshold value to compare with the specified statistic. + TreatMissingData: + $ref: '#/components/schemas/CloudWatchAlarmTemplateTreatMissingData' + x-stackQL-stringOnly: true + x-title: CreateCloudWatchAlarmTemplateRequest + type: object + required: [] + CreateCloudWatchAlarmTemplateGroupRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + pattern: ^arn:.+:medialive:.+:cloudwatch-alarm-template-group:.+$ + description: A cloudwatch alarm template group's ARN (Amazon Resource Name) + CreatedAt: + type: string + format: date-time + Description: + type: string + maxLength: 1024 + minLength: 0 + description: A resource's optional description. + Id: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: A cloudwatch alarm template group's id. AWS provided template groups have ids that start with `aws-` + Identifier: + type: string + ModifiedAt: + type: string + format: date-time + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[^\s]+$ + description: A resource's name. Names must be unique within the scope of a resource type in a specific region. + Tags: + $ref: '#/components/schemas/TagMap' + x-stackQL-stringOnly: true + x-title: CreateCloudWatchAlarmTemplateGroupRequest + type: object + required: [] + CreateClusterRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + pattern: ^arn:.+:medialive:.+:cluster:.+$ + description: The ARN of the Cluster. + ChannelIds: + type: array + x-insertionOrder: false + items: + type: string + description: MediaLive Channel Ids + description: The MediaLive Channels that are currently running on Nodes in this Cluster. + ClusterType: + $ref: '#/components/schemas/ClusterType' + Id: + type: string + description: The unique ID of the Cluster. + InstanceRoleArn: + type: string + pattern: ^arn:.+:iam:.+:role/.+$ + description: The IAM role your nodes will use. + Name: + type: string + description: The user-specified name of the Cluster to be created. + NetworkSettings: + $ref: '#/components/schemas/ClusterNetworkSettings' + State: + $ref: '#/components/schemas/ClusterState' + Tags: + description: A collection of key-value pairs. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateClusterRequest + type: object + required: [] + CreateEventBridgeRuleTemplateRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + pattern: ^arn:.+:medialive:.+:eventbridge-rule-template:.+$ + description: An eventbridge rule template's ARN (Amazon Resource Name) + CreatedAt: + type: string + description: Placeholder documentation for __timestampIso8601 + format: date-time + Description: + type: string + maxLength: 1024 + minLength: 0 + description: A resource's optional description. + EventTargets: + type: array + items: + $ref: '#/components/schemas/EventBridgeRuleTemplateTarget' + description: Placeholder documentation for __listOfEventBridgeRuleTemplateTarget + EventType: + $ref: '#/components/schemas/EventBridgeRuleTemplateEventType' + GroupId: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: An eventbridge rule template group's id. AWS provided template groups have ids that start with `aws-` + GroupIdentifier: + type: string + pattern: ^[^\s]+$ + description: An eventbridge rule template group's identifier. Can be either be its id or current name. + Id: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: An eventbridge rule template's id. AWS provided templates have ids that start with `aws-` + Identifier: + type: string + description: Placeholder documentation for __string + ModifiedAt: + type: string + description: Placeholder documentation for __timestampIso8601 + format: date-time + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[^\s]+$ + description: A resource's name. Names must be unique within the scope of a resource type in a specific region. + Tags: + $ref: '#/components/schemas/TagMap' + x-stackQL-stringOnly: true + x-title: CreateEventBridgeRuleTemplateRequest + type: object + required: [] + CreateEventBridgeRuleTemplateGroupRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + pattern: ^arn:.+:medialive:.+:eventbridge-rule-template-group:.+$ + description: An eventbridge rule template group's ARN (Amazon Resource Name) + CreatedAt: + type: string + format: date-time + Description: + type: string + maxLength: 1024 + minLength: 0 + description: A resource's optional description. + Id: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: An eventbridge rule template group's id. AWS provided template groups have ids that start with `aws-` + Identifier: + type: string + ModifiedAt: + type: string + format: date-time + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[^\s]+$ + description: A resource's name. Names must be unique within the scope of a resource type in a specific region. + Tags: + $ref: '#/components/schemas/TagMap' + x-stackQL-stringOnly: true + x-title: CreateEventBridgeRuleTemplateGroupRequest + type: object + required: [] + CreateMultiplexRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + description: The unique arn of the multiplex. + AvailabilityZones: + description: A list of availability zones for the multiplex. + type: array + x-insertionOrder: false + items: + type: string + Destinations: + description: A list of the multiplex output destinations. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/MultiplexOutputDestination' + Id: + type: string + description: The unique id of the multiplex. + MultiplexSettings: + $ref: '#/components/schemas/MultiplexSettings' + description: Configuration for a multiplex event. + Name: + type: string + description: Name of multiplex. + PipelinesRunningCount: + type: integer + description: The number of currently healthy pipelines. + ProgramCount: + type: integer + description: The number of programs in the multiplex. + State: + type: string + enum: + - CREATING + - CREATE_FAILED + - IDLE + - STARTING + - RUNNING + - RECOVERING + - STOPPING + - DELETING + - DELETED + Tags: + description: A collection of key-value pairs. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateMultiplexRequest + type: object + required: [] + CreateMultiplexprogramRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ChannelId: + type: string + description: The MediaLive channel associated with the program. + MultiplexId: + type: string + description: The ID of the multiplex that the program belongs to. + MultiplexProgramSettings: + description: The settings for this multiplex program. + $ref: '#/components/schemas/MultiplexProgramSettings' + PreferredChannelPipeline: + description: The settings for this multiplex program. + $ref: '#/components/schemas/PreferredChannelPipeline' + PacketIdentifiersMap: + $ref: '#/components/schemas/MultiplexProgramPacketIdentifiersMap' + description: The packet identifier map for this multiplex program. + PipelineDetails: + description: Contains information about the current sources for the specified program in the specified multiplex. Keep in mind that each multiplex pipeline connects to both pipelines in a given source channel (the channel identified by the program). But only one of those channel pipelines is ever active at one time. + type: array + items: + $ref: '#/components/schemas/MultiplexProgramPipelineDetail' + x-insertionOrder: true + ProgramName: + type: string + description: The name of the multiplex program. + x-stackQL-stringOnly: true + x-title: CreateMultiplexprogramRequest + type: object + required: [] + CreateNetworkRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + description: The ARN of the Network. + AssociatedClusterIds: + type: array + x-insertionOrder: false + items: + type: string + description: Cluster Ids which have this network ID in their Interface Network Mappings + Id: + type: string + description: The unique ID of the Network. + IpPools: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/IpPool' + description: The list of IP address cidr pools for the network + Name: + type: string + description: The user-specified name of the Network to be created. + Routes: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Route' + description: The routes for the network + State: + $ref: '#/components/schemas/NetworkState' + description: The current state of the Network. + Tags: + description: A collection of key-value pairs. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateNetworkRequest + type: object + required: [] + CreateSdiSourceRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + description: The unique arn of the SdiSource. + Id: + type: string + description: The unique identifier of the SdiSource. + Mode: + $ref: '#/components/schemas/SdiSourceMode' + Name: + type: string + description: The name of the SdiSource. + State: + $ref: '#/components/schemas/SdiSourceState' + Type: + $ref: '#/components/schemas/SdiSourceType' + Inputs: + description: The list of inputs currently using this SDI source. + type: array + x-insertionOrder: false + items: + type: string + Tags: + description: A collection of key-value pairs. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateSdiSourceRequest + type: object + required: [] + CreateSignalMapRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + pattern: ^arn:.+:medialive:.+:signal-map:.+$ + description: A signal map's ARN (Amazon Resource Name) + CloudWatchAlarmTemplateGroupIdentifiers: + type: array + items: + type: string + pattern: ^[^\s]+$ + CloudWatchAlarmTemplateGroupIds: + type: array + items: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + CreatedAt: + type: string + format: date-time + Description: + type: string + maxLength: 1024 + minLength: 0 + description: A resource's optional description. + DiscoveryEntryPointArn: + type: string + maxLength: 2048 + minLength: 1 + description: A top-level supported AWS resource ARN to discovery a signal map from. + ErrorMessage: + type: string + maxLength: 2048 + minLength: 1 + description: Error message associated with a failed creation or failed update attempt of a signal map. + EventBridgeRuleTemplateGroupIdentifiers: + type: array + items: + type: string + pattern: ^[^\s]+$ + EventBridgeRuleTemplateGroupIds: + type: array + items: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + FailedMediaResourceMap: + $ref: '#/components/schemas/FailedMediaResourceMap' + ForceRediscovery: + type: boolean + default: false + description: If true, will force a rediscovery of a signal map if an unchanged discoveryEntryPointArn is provided. + Id: + type: string + maxLength: 11 + minLength: 7 + pattern: ^(aws-)?[0-9]{7}$ + description: A signal map's id. + Identifier: + type: string + LastDiscoveredAt: + type: string + format: date-time + LastSuccessfulMonitorDeployment: + $ref: '#/components/schemas/SuccessfulMonitorDeployment' + MediaResourceMap: + $ref: '#/components/schemas/MediaResourceMap' + ModifiedAt: + type: string + format: date-time + MonitorChangesPendingDeployment: + type: boolean + default: false + description: If true, there are pending monitor changes for this signal map that can be deployed. + MonitorDeployment: + $ref: '#/components/schemas/MonitorDeployment' + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[^\s]+$ + description: A resource's name. Names must be unique within the scope of a resource type in a specific region. + Status: + $ref: '#/components/schemas/SignalMapStatus' + Tags: + $ref: '#/components/schemas/TagMap' + x-stackQL-stringOnly: true + x-title: CreateSignalMapRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + channel_placement_groups: + name: channel_placement_groups + id: aws.medialive.channel_placement_groups + x-cfn-schema-name: ChannelPlacementGroup + x-cfn-type-name: AWS::MediaLive::ChannelPlacementGroup + x-identifiers: + - Id + - ClusterId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ChannelPlacementGroup&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::ChannelPlacementGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::ChannelPlacementGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::ChannelPlacementGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/channel_placement_groups/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/channel_placement_groups/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/channel_placement_groups/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Channels') as channels, + JSON_EXTRACT(Properties, '$.ClusterId') as cluster_id, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Nodes') as nodes, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::ChannelPlacementGroup' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Channels') as channels, + JSON_EXTRACT(detail.Properties, '$.ClusterId') as cluster_id, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Nodes') as nodes, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::ChannelPlacementGroup' + AND detail.data__TypeName = 'AWS::MediaLive::ChannelPlacementGroup' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Channels') as channels, + json_extract_path_text(Properties, 'ClusterId') as cluster_id, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Nodes') as nodes, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::ChannelPlacementGroup' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Channels') as channels, + json_extract_path_text(detail.Properties, 'ClusterId') as cluster_id, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Nodes') as nodes, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::ChannelPlacementGroup' + AND detail.data__TypeName = 'AWS::MediaLive::ChannelPlacementGroup' + AND listing.region = 'us-east-1' + channel_placement_groups_list_only: + name: channel_placement_groups_list_only + id: aws.medialive.channel_placement_groups_list_only + x-cfn-schema-name: ChannelPlacementGroup + x-cfn-type-name: AWS::MediaLive::ChannelPlacementGroup + x-identifiers: + - Id + - ClusterId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ClusterId') as cluster_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::ChannelPlacementGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ClusterId') as cluster_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::ChannelPlacementGroup' + AND region = 'us-east-1' + channel_placement_group_tags: + name: channel_placement_group_tags + id: aws.medialive.channel_placement_group_tags + x-cfn-schema-name: ChannelPlacementGroup + x-cfn-type-name: AWS::MediaLive::ChannelPlacementGroup + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Channels') as channels, + JSON_EXTRACT(detail.Properties, '$.ClusterId') as cluster_id, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Nodes') as nodes, + JSON_EXTRACT(detail.Properties, '$.State') as state + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::ChannelPlacementGroup' + AND detail.data__TypeName = 'AWS::MediaLive::ChannelPlacementGroup' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Channels') as channels, + json_extract_path_text(detail.Properties, 'ClusterId') as cluster_id, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Nodes') as nodes, + json_extract_path_text(detail.Properties, 'State') as state + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::ChannelPlacementGroup' + AND detail.data__TypeName = 'AWS::MediaLive::ChannelPlacementGroup' + AND listing.region = 'us-east-1' + cloud_watch_alarm_templates: + name: cloud_watch_alarm_templates + id: aws.medialive.cloud_watch_alarm_templates + x-cfn-schema-name: CloudWatchAlarmTemplate + x-cfn-type-name: AWS::MediaLive::CloudWatchAlarmTemplate + x-identifiers: + - Identifier + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__CloudWatchAlarmTemplate&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::CloudWatchAlarmTemplate" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::CloudWatchAlarmTemplate" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::CloudWatchAlarmTemplate" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/cloud_watch_alarm_templates/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/cloud_watch_alarm_templates/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/cloud_watch_alarm_templates/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ComparisonOperator') as comparison_operator, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.DatapointsToAlarm') as datapoints_to_alarm, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EvaluationPeriods') as evaluation_periods, + JSON_EXTRACT(Properties, '$.GroupId') as group_id, + JSON_EXTRACT(Properties, '$.GroupIdentifier') as group_identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Identifier') as identifier, + JSON_EXTRACT(Properties, '$.MetricName') as metric_name, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Period') as period, + JSON_EXTRACT(Properties, '$.Statistic') as statistic, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TargetResourceType') as target_resource_type, + JSON_EXTRACT(Properties, '$.Threshold') as threshold, + JSON_EXTRACT(Properties, '$.TreatMissingData') as treat_missing_data + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ComparisonOperator') as comparison_operator, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.DatapointsToAlarm') as datapoints_to_alarm, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.EvaluationPeriods') as evaluation_periods, + JSON_EXTRACT(detail.Properties, '$.GroupId') as group_id, + JSON_EXTRACT(detail.Properties, '$.GroupIdentifier') as group_identifier, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.MetricName') as metric_name, + JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Period') as period, + JSON_EXTRACT(detail.Properties, '$.Statistic') as statistic, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.TargetResourceType') as target_resource_type, + JSON_EXTRACT(detail.Properties, '$.Threshold') as threshold, + JSON_EXTRACT(detail.Properties, '$.TreatMissingData') as treat_missing_data + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplate' + AND detail.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplate' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ComparisonOperator') as comparison_operator, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'DatapointsToAlarm') as datapoints_to_alarm, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EvaluationPeriods') as evaluation_periods, + json_extract_path_text(Properties, 'GroupId') as group_id, + json_extract_path_text(Properties, 'GroupIdentifier') as group_identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Identifier') as identifier, + json_extract_path_text(Properties, 'MetricName') as metric_name, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Period') as period, + json_extract_path_text(Properties, 'Statistic') as statistic, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TargetResourceType') as target_resource_type, + json_extract_path_text(Properties, 'Threshold') as threshold, + json_extract_path_text(Properties, 'TreatMissingData') as treat_missing_data + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ComparisonOperator') as comparison_operator, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'DatapointsToAlarm') as datapoints_to_alarm, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'EvaluationPeriods') as evaluation_periods, + json_extract_path_text(detail.Properties, 'GroupId') as group_id, + json_extract_path_text(detail.Properties, 'GroupIdentifier') as group_identifier, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'MetricName') as metric_name, + json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Period') as period, + json_extract_path_text(detail.Properties, 'Statistic') as statistic, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'TargetResourceType') as target_resource_type, + json_extract_path_text(detail.Properties, 'Threshold') as threshold, + json_extract_path_text(detail.Properties, 'TreatMissingData') as treat_missing_data + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplate' + AND detail.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplate' + AND listing.region = 'us-east-1' + cloud_watch_alarm_templates_list_only: + name: cloud_watch_alarm_templates_list_only + id: aws.medialive.cloud_watch_alarm_templates_list_only + x-cfn-schema-name: CloudWatchAlarmTemplate + x-cfn-type-name: AWS::MediaLive::CloudWatchAlarmTemplate + x-identifiers: + - Identifier + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Identifier') as identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Identifier') as identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplate' + AND region = 'us-east-1' + cloud_watch_alarm_template_tags: + name: cloud_watch_alarm_template_tags + id: aws.medialive.cloud_watch_alarm_template_tags + x-cfn-schema-name: CloudWatchAlarmTemplate + x-cfn-type-name: AWS::MediaLive::CloudWatchAlarmTemplate + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ComparisonOperator') as comparison_operator, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.DatapointsToAlarm') as datapoints_to_alarm, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.EvaluationPeriods') as evaluation_periods, + JSON_EXTRACT(detail.Properties, '$.GroupId') as group_id, + JSON_EXTRACT(detail.Properties, '$.GroupIdentifier') as group_identifier, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.MetricName') as metric_name, + JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Period') as period, + JSON_EXTRACT(detail.Properties, '$.Statistic') as statistic, + JSON_EXTRACT(detail.Properties, '$.TargetResourceType') as target_resource_type, + JSON_EXTRACT(detail.Properties, '$.Threshold') as threshold, + JSON_EXTRACT(detail.Properties, '$.TreatMissingData') as treat_missing_data + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplate' + AND detail.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplate' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ComparisonOperator') as comparison_operator, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'DatapointsToAlarm') as datapoints_to_alarm, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'EvaluationPeriods') as evaluation_periods, + json_extract_path_text(detail.Properties, 'GroupId') as group_id, + json_extract_path_text(detail.Properties, 'GroupIdentifier') as group_identifier, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'MetricName') as metric_name, + json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Period') as period, + json_extract_path_text(detail.Properties, 'Statistic') as statistic, + json_extract_path_text(detail.Properties, 'TargetResourceType') as target_resource_type, + json_extract_path_text(detail.Properties, 'Threshold') as threshold, + json_extract_path_text(detail.Properties, 'TreatMissingData') as treat_missing_data + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplate' + AND detail.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplate' + AND listing.region = 'us-east-1' + cloud_watch_alarm_template_groups: + name: cloud_watch_alarm_template_groups + id: aws.medialive.cloud_watch_alarm_template_groups + x-cfn-schema-name: CloudWatchAlarmTemplateGroup + x-cfn-type-name: AWS::MediaLive::CloudWatchAlarmTemplateGroup + x-identifiers: + - Identifier + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__CloudWatchAlarmTemplateGroup&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::CloudWatchAlarmTemplateGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::CloudWatchAlarmTemplateGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::CloudWatchAlarmTemplateGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/cloud_watch_alarm_template_groups/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/cloud_watch_alarm_template_groups/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/cloud_watch_alarm_template_groups/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Identifier') as identifier, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplateGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplateGroup' + AND detail.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplateGroup' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Identifier') as identifier, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplateGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplateGroup' + AND detail.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplateGroup' + AND listing.region = 'us-east-1' + cloud_watch_alarm_template_groups_list_only: + name: cloud_watch_alarm_template_groups_list_only + id: aws.medialive.cloud_watch_alarm_template_groups_list_only + x-cfn-schema-name: CloudWatchAlarmTemplateGroup + x-cfn-type-name: AWS::MediaLive::CloudWatchAlarmTemplateGroup + x-identifiers: + - Identifier + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Identifier') as identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplateGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Identifier') as identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplateGroup' + AND region = 'us-east-1' + cloud_watch_alarm_template_group_tags: + name: cloud_watch_alarm_template_group_tags + id: aws.medialive.cloud_watch_alarm_template_group_tags + x-cfn-schema-name: CloudWatchAlarmTemplateGroup + x-cfn-type-name: AWS::MediaLive::CloudWatchAlarmTemplateGroup + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplateGroup' + AND detail.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplateGroup' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplateGroup' + AND detail.data__TypeName = 'AWS::MediaLive::CloudWatchAlarmTemplateGroup' + AND listing.region = 'us-east-1' + clusters: + name: clusters + id: aws.medialive.clusters + x-cfn-schema-name: Cluster + x-cfn-type-name: AWS::MediaLive::Cluster + x-identifiers: + - Id + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Cluster&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::Cluster" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::Cluster" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::Cluster" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/clusters/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/clusters/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/clusters/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ChannelIds') as channel_ids, + JSON_EXTRACT(Properties, '$.ClusterType') as cluster_type, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.InstanceRoleArn') as instance_role_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.NetworkSettings') as network_settings, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ChannelIds') as channel_ids, + JSON_EXTRACT(detail.Properties, '$.ClusterType') as cluster_type, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.InstanceRoleArn') as instance_role_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.NetworkSettings') as network_settings, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::Cluster' + AND detail.data__TypeName = 'AWS::MediaLive::Cluster' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ChannelIds') as channel_ids, + json_extract_path_text(Properties, 'ClusterType') as cluster_type, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'InstanceRoleArn') as instance_role_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'NetworkSettings') as network_settings, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ChannelIds') as channel_ids, + json_extract_path_text(detail.Properties, 'ClusterType') as cluster_type, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'InstanceRoleArn') as instance_role_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'NetworkSettings') as network_settings, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::Cluster' + AND detail.data__TypeName = 'AWS::MediaLive::Cluster' + AND listing.region = 'us-east-1' + clusters_list_only: + name: clusters_list_only + id: aws.medialive.clusters_list_only + x-cfn-schema-name: Cluster + x-cfn-type-name: AWS::MediaLive::Cluster + x-identifiers: + - Id + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Cluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Cluster' + AND region = 'us-east-1' + cluster_tags: + name: cluster_tags + id: aws.medialive.cluster_tags + x-cfn-schema-name: Cluster + x-cfn-type-name: AWS::MediaLive::Cluster + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ChannelIds') as channel_ids, + JSON_EXTRACT(detail.Properties, '$.ClusterType') as cluster_type, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.InstanceRoleArn') as instance_role_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.NetworkSettings') as network_settings, + JSON_EXTRACT(detail.Properties, '$.State') as state + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::Cluster' + AND detail.data__TypeName = 'AWS::MediaLive::Cluster' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ChannelIds') as channel_ids, + json_extract_path_text(detail.Properties, 'ClusterType') as cluster_type, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'InstanceRoleArn') as instance_role_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'NetworkSettings') as network_settings, + json_extract_path_text(detail.Properties, 'State') as state + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::Cluster' + AND detail.data__TypeName = 'AWS::MediaLive::Cluster' + AND listing.region = 'us-east-1' + event_bridge_rule_templates: + name: event_bridge_rule_templates + id: aws.medialive.event_bridge_rule_templates + x-cfn-schema-name: EventBridgeRuleTemplate + x-cfn-type-name: AWS::MediaLive::EventBridgeRuleTemplate + x-identifiers: + - Identifier + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__EventBridgeRuleTemplate&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::EventBridgeRuleTemplate" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::EventBridgeRuleTemplate" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::EventBridgeRuleTemplate" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/event_bridge_rule_templates/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/event_bridge_rule_templates/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/event_bridge_rule_templates/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.EventTargets') as event_targets, + JSON_EXTRACT(Properties, '$.EventType') as event_type, + JSON_EXTRACT(Properties, '$.GroupId') as group_id, + JSON_EXTRACT(Properties, '$.GroupIdentifier') as group_identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Identifier') as identifier, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.EventTargets') as event_targets, + JSON_EXTRACT(detail.Properties, '$.EventType') as event_type, + JSON_EXTRACT(detail.Properties, '$.GroupId') as group_id, + JSON_EXTRACT(detail.Properties, '$.GroupIdentifier') as group_identifier, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplate' + AND detail.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplate' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'EventTargets') as event_targets, + json_extract_path_text(Properties, 'EventType') as event_type, + json_extract_path_text(Properties, 'GroupId') as group_id, + json_extract_path_text(Properties, 'GroupIdentifier') as group_identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Identifier') as identifier, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplate' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'EventTargets') as event_targets, + json_extract_path_text(detail.Properties, 'EventType') as event_type, + json_extract_path_text(detail.Properties, 'GroupId') as group_id, + json_extract_path_text(detail.Properties, 'GroupIdentifier') as group_identifier, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplate' + AND detail.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplate' + AND listing.region = 'us-east-1' + event_bridge_rule_templates_list_only: + name: event_bridge_rule_templates_list_only + id: aws.medialive.event_bridge_rule_templates_list_only + x-cfn-schema-name: EventBridgeRuleTemplate + x-cfn-type-name: AWS::MediaLive::EventBridgeRuleTemplate + x-identifiers: + - Identifier + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Identifier') as identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplate' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Identifier') as identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplate' + AND region = 'us-east-1' + event_bridge_rule_template_tags: + name: event_bridge_rule_template_tags + id: aws.medialive.event_bridge_rule_template_tags + x-cfn-schema-name: EventBridgeRuleTemplate + x-cfn-type-name: AWS::MediaLive::EventBridgeRuleTemplate + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.EventTargets') as event_targets, + JSON_EXTRACT(detail.Properties, '$.EventType') as event_type, + JSON_EXTRACT(detail.Properties, '$.GroupId') as group_id, + JSON_EXTRACT(detail.Properties, '$.GroupIdentifier') as group_identifier, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplate' + AND detail.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplate' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'EventTargets') as event_targets, + json_extract_path_text(detail.Properties, 'EventType') as event_type, + json_extract_path_text(detail.Properties, 'GroupId') as group_id, + json_extract_path_text(detail.Properties, 'GroupIdentifier') as group_identifier, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplate' + AND detail.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplate' + AND listing.region = 'us-east-1' + event_bridge_rule_template_groups: + name: event_bridge_rule_template_groups + id: aws.medialive.event_bridge_rule_template_groups + x-cfn-schema-name: EventBridgeRuleTemplateGroup + x-cfn-type-name: AWS::MediaLive::EventBridgeRuleTemplateGroup + x-identifiers: + - Identifier + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__EventBridgeRuleTemplateGroup&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::EventBridgeRuleTemplateGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::EventBridgeRuleTemplateGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::EventBridgeRuleTemplateGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/event_bridge_rule_template_groups/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/event_bridge_rule_template_groups/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/event_bridge_rule_template_groups/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Identifier') as identifier, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplateGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplateGroup' + AND detail.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplateGroup' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Identifier') as identifier, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplateGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplateGroup' + AND detail.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplateGroup' + AND listing.region = 'us-east-1' + event_bridge_rule_template_groups_list_only: + name: event_bridge_rule_template_groups_list_only + id: aws.medialive.event_bridge_rule_template_groups_list_only + x-cfn-schema-name: EventBridgeRuleTemplateGroup + x-cfn-type-name: AWS::MediaLive::EventBridgeRuleTemplateGroup + x-identifiers: + - Identifier + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Identifier') as identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplateGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Identifier') as identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplateGroup' + AND region = 'us-east-1' + event_bridge_rule_template_group_tags: + name: event_bridge_rule_template_group_tags + id: aws.medialive.event_bridge_rule_template_group_tags + x-cfn-schema-name: EventBridgeRuleTemplateGroup + x-cfn-type-name: AWS::MediaLive::EventBridgeRuleTemplateGroup + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplateGroup' + AND detail.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplateGroup' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplateGroup' + AND detail.data__TypeName = 'AWS::MediaLive::EventBridgeRuleTemplateGroup' + AND listing.region = 'us-east-1' + multiplexes: + name: multiplexes + id: aws.medialive.multiplexes + x-cfn-schema-name: Multiplex + x-cfn-type-name: AWS::MediaLive::Multiplex + x-identifiers: + - Id + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Multiplex&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::Multiplex" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::Multiplex" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::Multiplex" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/multiplexes/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/multiplexes/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/multiplexes/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AvailabilityZones') as availability_zones, + JSON_EXTRACT(Properties, '$.Destinations') as destinations, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.MultiplexSettings') as multiplex_settings, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PipelinesRunningCount') as pipelines_running_count, + JSON_EXTRACT(Properties, '$.ProgramCount') as program_count, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Multiplex' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZones') as availability_zones, + JSON_EXTRACT(detail.Properties, '$.Destinations') as destinations, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.MultiplexSettings') as multiplex_settings, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.PipelinesRunningCount') as pipelines_running_count, + JSON_EXTRACT(detail.Properties, '$.ProgramCount') as program_count, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::Multiplex' + AND detail.data__TypeName = 'AWS::MediaLive::Multiplex' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AvailabilityZones') as availability_zones, + json_extract_path_text(Properties, 'Destinations') as destinations, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'MultiplexSettings') as multiplex_settings, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PipelinesRunningCount') as pipelines_running_count, + json_extract_path_text(Properties, 'ProgramCount') as program_count, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Multiplex' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'AvailabilityZones') as availability_zones, + json_extract_path_text(detail.Properties, 'Destinations') as destinations, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'MultiplexSettings') as multiplex_settings, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'PipelinesRunningCount') as pipelines_running_count, + json_extract_path_text(detail.Properties, 'ProgramCount') as program_count, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::Multiplex' + AND detail.data__TypeName = 'AWS::MediaLive::Multiplex' + AND listing.region = 'us-east-1' + multiplexes_list_only: + name: multiplexes_list_only + id: aws.medialive.multiplexes_list_only + x-cfn-schema-name: Multiplex + x-cfn-type-name: AWS::MediaLive::Multiplex + x-identifiers: + - Id + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Multiplex' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Multiplex' + AND region = 'us-east-1' + multiplex_tags: + name: multiplex_tags + id: aws.medialive.multiplex_tags + x-cfn-schema-name: Multiplex + x-cfn-type-name: AWS::MediaLive::Multiplex + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZones') as availability_zones, + JSON_EXTRACT(detail.Properties, '$.Destinations') as destinations, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.MultiplexSettings') as multiplex_settings, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.PipelinesRunningCount') as pipelines_running_count, + JSON_EXTRACT(detail.Properties, '$.ProgramCount') as program_count, + JSON_EXTRACT(detail.Properties, '$.State') as state + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::Multiplex' + AND detail.data__TypeName = 'AWS::MediaLive::Multiplex' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'AvailabilityZones') as availability_zones, + json_extract_path_text(detail.Properties, 'Destinations') as destinations, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'MultiplexSettings') as multiplex_settings, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'PipelinesRunningCount') as pipelines_running_count, + json_extract_path_text(detail.Properties, 'ProgramCount') as program_count, + json_extract_path_text(detail.Properties, 'State') as state + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::Multiplex' + AND detail.data__TypeName = 'AWS::MediaLive::Multiplex' + AND listing.region = 'us-east-1' + multiplexprograms: + name: multiplexprograms + id: aws.medialive.multiplexprograms + x-cfn-schema-name: Multiplexprogram + x-cfn-type-name: AWS::MediaLive::Multiplexprogram + x-identifiers: + - ProgramName + - MultiplexId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Multiplexprogram&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::Multiplexprogram" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::Multiplexprogram" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::Multiplexprogram" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/multiplexprograms/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/multiplexprograms/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/multiplexprograms/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ChannelId') as channel_id, + JSON_EXTRACT(Properties, '$.MultiplexId') as multiplex_id, + JSON_EXTRACT(Properties, '$.MultiplexProgramSettings') as multiplex_program_settings, + JSON_EXTRACT(Properties, '$.PreferredChannelPipeline') as preferred_channel_pipeline, + JSON_EXTRACT(Properties, '$.PacketIdentifiersMap') as packet_identifiers_map, + JSON_EXTRACT(Properties, '$.PipelineDetails') as pipeline_details, + JSON_EXTRACT(Properties, '$.ProgramName') as program_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Multiplexprogram' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ChannelId') as channel_id, + JSON_EXTRACT(detail.Properties, '$.MultiplexId') as multiplex_id, + JSON_EXTRACT(detail.Properties, '$.MultiplexProgramSettings') as multiplex_program_settings, + JSON_EXTRACT(detail.Properties, '$.PreferredChannelPipeline') as preferred_channel_pipeline, + JSON_EXTRACT(detail.Properties, '$.PacketIdentifiersMap') as packet_identifiers_map, + JSON_EXTRACT(detail.Properties, '$.PipelineDetails') as pipeline_details, + JSON_EXTRACT(detail.Properties, '$.ProgramName') as program_name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::Multiplexprogram' + AND detail.data__TypeName = 'AWS::MediaLive::Multiplexprogram' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ChannelId') as channel_id, + json_extract_path_text(Properties, 'MultiplexId') as multiplex_id, + json_extract_path_text(Properties, 'MultiplexProgramSettings') as multiplex_program_settings, + json_extract_path_text(Properties, 'PreferredChannelPipeline') as preferred_channel_pipeline, + json_extract_path_text(Properties, 'PacketIdentifiersMap') as packet_identifiers_map, + json_extract_path_text(Properties, 'PipelineDetails') as pipeline_details, + json_extract_path_text(Properties, 'ProgramName') as program_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Multiplexprogram' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ChannelId') as channel_id, + json_extract_path_text(detail.Properties, 'MultiplexId') as multiplex_id, + json_extract_path_text(detail.Properties, 'MultiplexProgramSettings') as multiplex_program_settings, + json_extract_path_text(detail.Properties, 'PreferredChannelPipeline') as preferred_channel_pipeline, + json_extract_path_text(detail.Properties, 'PacketIdentifiersMap') as packet_identifiers_map, + json_extract_path_text(detail.Properties, 'PipelineDetails') as pipeline_details, + json_extract_path_text(detail.Properties, 'ProgramName') as program_name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::Multiplexprogram' + AND detail.data__TypeName = 'AWS::MediaLive::Multiplexprogram' + AND listing.region = 'us-east-1' + multiplexprograms_list_only: + name: multiplexprograms_list_only + id: aws.medialive.multiplexprograms_list_only + x-cfn-schema-name: Multiplexprogram + x-cfn-type-name: AWS::MediaLive::Multiplexprogram + x-identifiers: + - ProgramName + - MultiplexId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ProgramName') as program_name, + JSON_EXTRACT(Properties, '$.MultiplexId') as multiplex_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Multiplexprogram' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ProgramName') as program_name, + json_extract_path_text(Properties, 'MultiplexId') as multiplex_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Multiplexprogram' + AND region = 'us-east-1' + networks: + name: networks + id: aws.medialive.networks + x-cfn-schema-name: Network + x-cfn-type-name: AWS::MediaLive::Network x-identifiers: - Id x-type: cloud_control @@ -863,12 +4463,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Multiplex&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Network&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::MediaLive::Multiplex" + "TypeName": "AWS::MediaLive::Network" } response: mediaType: application/json @@ -880,7 +4480,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::MediaLive::Multiplex" + "TypeName": "AWS::MediaLive::Network" } response: mediaType: application/json @@ -892,18 +4492,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::MediaLive::Multiplex" + "TypeName": "AWS::MediaLive::Network" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/multiplexes/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/networks/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/multiplexes/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/networks/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/multiplexes/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/networks/methods/update_resource' config: views: select: @@ -913,16 +4513,14 @@ components: region, data__Identifier, JSON_EXTRACT(Properties, '$.Arn') as arn, - JSON_EXTRACT(Properties, '$.AvailabilityZones') as availability_zones, - JSON_EXTRACT(Properties, '$.Destinations') as destinations, + JSON_EXTRACT(Properties, '$.AssociatedClusterIds') as associated_cluster_ids, JSON_EXTRACT(Properties, '$.Id') as id, - JSON_EXTRACT(Properties, '$.MultiplexSettings') as multiplex_settings, + JSON_EXTRACT(Properties, '$.IpPools') as ip_pools, JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.PipelinesRunningCount') as pipelines_running_count, - JSON_EXTRACT(Properties, '$.ProgramCount') as program_count, + JSON_EXTRACT(Properties, '$.Routes') as routes, JSON_EXTRACT(Properties, '$.State') as state, JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Multiplex' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Network' AND data__Identifier = '' AND region = 'us-east-1' fallback: @@ -931,21 +4529,19 @@ components: SELECT detail.region, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.AvailabilityZones') as availability_zones, - JSON_EXTRACT(detail.Properties, '$.Destinations') as destinations, + JSON_EXTRACT(detail.Properties, '$.AssociatedClusterIds') as associated_cluster_ids, JSON_EXTRACT(detail.Properties, '$.Id') as id, - JSON_EXTRACT(detail.Properties, '$.MultiplexSettings') as multiplex_settings, + JSON_EXTRACT(detail.Properties, '$.IpPools') as ip_pools, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.PipelinesRunningCount') as pipelines_running_count, - JSON_EXTRACT(detail.Properties, '$.ProgramCount') as program_count, + JSON_EXTRACT(detail.Properties, '$.Routes') as routes, JSON_EXTRACT(detail.Properties, '$.State') as state, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::MediaLive::Multiplex' - AND detail.data__TypeName = 'AWS::MediaLive::Multiplex' + WHERE listing.data__TypeName = 'AWS::MediaLive::Network' + AND detail.data__TypeName = 'AWS::MediaLive::Network' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -954,16 +4550,14 @@ components: region, data__Identifier, json_extract_path_text(Properties, 'Arn') as arn, - json_extract_path_text(Properties, 'AvailabilityZones') as availability_zones, - json_extract_path_text(Properties, 'Destinations') as destinations, + json_extract_path_text(Properties, 'AssociatedClusterIds') as associated_cluster_ids, json_extract_path_text(Properties, 'Id') as id, - json_extract_path_text(Properties, 'MultiplexSettings') as multiplex_settings, + json_extract_path_text(Properties, 'IpPools') as ip_pools, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'PipelinesRunningCount') as pipelines_running_count, - json_extract_path_text(Properties, 'ProgramCount') as program_count, + json_extract_path_text(Properties, 'Routes') as routes, json_extract_path_text(Properties, 'State') as state, json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Multiplex' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Network' AND data__Identifier = '' AND region = 'us-east-1' fallback: @@ -972,27 +4566,25 @@ components: SELECT detail.region, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'AvailabilityZones') as availability_zones, - json_extract_path_text(detail.Properties, 'Destinations') as destinations, + json_extract_path_text(detail.Properties, 'AssociatedClusterIds') as associated_cluster_ids, json_extract_path_text(detail.Properties, 'Id') as id, - json_extract_path_text(detail.Properties, 'MultiplexSettings') as multiplex_settings, + json_extract_path_text(detail.Properties, 'IpPools') as ip_pools, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'PipelinesRunningCount') as pipelines_running_count, - json_extract_path_text(detail.Properties, 'ProgramCount') as program_count, + json_extract_path_text(detail.Properties, 'Routes') as routes, json_extract_path_text(detail.Properties, 'State') as state, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::MediaLive::Multiplex' - AND detail.data__TypeName = 'AWS::MediaLive::Multiplex' + WHERE listing.data__TypeName = 'AWS::MediaLive::Network' + AND detail.data__TypeName = 'AWS::MediaLive::Network' AND listing.region = 'us-east-1' - multiplexes_list_only: - name: multiplexes_list_only - id: aws.medialive.multiplexes_list_only - x-cfn-schema-name: Multiplex - x-cfn-type-name: AWS::MediaLive::Multiplex + networks_list_only: + name: networks_list_only + id: aws.medialive.networks_list_only + x-cfn-schema-name: Network + x-cfn-type-name: AWS::MediaLive::Network x-identifiers: - Id x-type: cloud_control_view @@ -1009,7 +4601,7 @@ components: SELECT region, JSON_EXTRACT(Properties, '$.Id') as id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Multiplex' + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Network' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -1017,13 +4609,13 @@ components: SELECT region, json_extract_path_text(Properties, 'Id') as id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Multiplex' + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Network' AND region = 'us-east-1' - multiplex_tags: - name: multiplex_tags - id: aws.medialive.multiplex_tags - x-cfn-schema-name: Multiplex - x-cfn-type-name: AWS::MediaLive::Multiplex + network_tags: + name: network_tags + id: aws.medialive.network_tags + x-cfn-schema-name: Network + x-cfn-type-name: AWS::MediaLive::Network x-type: cloud_control_view methods: {} sqlVerbs: @@ -1040,21 +4632,19 @@ components: JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.AvailabilityZones') as availability_zones, - JSON_EXTRACT(detail.Properties, '$.Destinations') as destinations, + JSON_EXTRACT(detail.Properties, '$.AssociatedClusterIds') as associated_cluster_ids, JSON_EXTRACT(detail.Properties, '$.Id') as id, - JSON_EXTRACT(detail.Properties, '$.MultiplexSettings') as multiplex_settings, + JSON_EXTRACT(detail.Properties, '$.IpPools') as ip_pools, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.PipelinesRunningCount') as pipelines_running_count, - JSON_EXTRACT(detail.Properties, '$.ProgramCount') as program_count, + JSON_EXTRACT(detail.Properties, '$.Routes') as routes, JSON_EXTRACT(detail.Properties, '$.State') as state FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::MediaLive::Multiplex' - AND detail.data__TypeName = 'AWS::MediaLive::Multiplex' + WHERE listing.data__TypeName = 'AWS::MediaLive::Network' + AND detail.data__TypeName = 'AWS::MediaLive::Network' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -1064,30 +4654,27 @@ components: json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'AvailabilityZones') as availability_zones, - json_extract_path_text(detail.Properties, 'Destinations') as destinations, + json_extract_path_text(detail.Properties, 'AssociatedClusterIds') as associated_cluster_ids, json_extract_path_text(detail.Properties, 'Id') as id, - json_extract_path_text(detail.Properties, 'MultiplexSettings') as multiplex_settings, + json_extract_path_text(detail.Properties, 'IpPools') as ip_pools, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'PipelinesRunningCount') as pipelines_running_count, - json_extract_path_text(detail.Properties, 'ProgramCount') as program_count, + json_extract_path_text(detail.Properties, 'Routes') as routes, json_extract_path_text(detail.Properties, 'State') as state FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::MediaLive::Multiplex' - AND detail.data__TypeName = 'AWS::MediaLive::Multiplex' + WHERE listing.data__TypeName = 'AWS::MediaLive::Network' + AND detail.data__TypeName = 'AWS::MediaLive::Network' AND listing.region = 'us-east-1' - multiplexprograms: - name: multiplexprograms - id: aws.medialive.multiplexprograms - x-cfn-schema-name: Multiplexprogram - x-cfn-type-name: AWS::MediaLive::Multiplexprogram + sdi_sources: + name: sdi_sources + id: aws.medialive.sdi_sources + x-cfn-schema-name: SdiSource + x-cfn-type-name: AWS::MediaLive::SdiSource x-identifiers: - - ProgramName - - MultiplexId + - Id x-type: cloud_control methods: create_resource: @@ -1095,12 +4682,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Multiplexprogram&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__SdiSource&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::MediaLive::Multiplexprogram" + "TypeName": "AWS::MediaLive::SdiSource" } response: mediaType: application/json @@ -1112,7 +4699,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::MediaLive::Multiplexprogram" + "TypeName": "AWS::MediaLive::SdiSource" } response: mediaType: application/json @@ -1124,18 +4711,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::MediaLive::Multiplexprogram" + "TypeName": "AWS::MediaLive::SdiSource" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/multiplexprograms/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/sdi_sources/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/multiplexprograms/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/sdi_sources/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/multiplexprograms/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/sdi_sources/methods/update_resource' config: views: select: @@ -1144,34 +4731,283 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.ChannelId') as channel_id, - JSON_EXTRACT(Properties, '$.MultiplexId') as multiplex_id, - JSON_EXTRACT(Properties, '$.MultiplexProgramSettings') as multiplex_program_settings, - JSON_EXTRACT(Properties, '$.PreferredChannelPipeline') as preferred_channel_pipeline, - JSON_EXTRACT(Properties, '$.PacketIdentifiersMap') as packet_identifiers_map, - JSON_EXTRACT(Properties, '$.PipelineDetails') as pipeline_details, - JSON_EXTRACT(Properties, '$.ProgramName') as program_name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Multiplexprogram' - AND data__Identifier = '|' + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Mode') as mode, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Inputs') as inputs, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::SdiSource' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Mode') as mode, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.Inputs') as inputs, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::SdiSource' + AND detail.data__TypeName = 'AWS::MediaLive::SdiSource' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Mode') as mode, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Inputs') as inputs, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::SdiSource' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Mode') as mode, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'Inputs') as inputs, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MediaLive::SdiSource' + AND detail.data__TypeName = 'AWS::MediaLive::SdiSource' + AND listing.region = 'us-east-1' + sdi_sources_list_only: + name: sdi_sources_list_only + id: aws.medialive.sdi_sources_list_only + x-cfn-schema-name: SdiSource + x-cfn-type-name: AWS::MediaLive::SdiSource + x-identifiers: + - Id + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::SdiSource' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::SdiSource' + AND region = 'us-east-1' + sdi_source_tags: + name: sdi_source_tags + id: aws.medialive.sdi_source_tags + x-cfn-schema-name: SdiSource + x-cfn-type-name: AWS::MediaLive::SdiSource + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Mode') as mode, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.Inputs') as inputs + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::SdiSource' + AND detail.data__TypeName = 'AWS::MediaLive::SdiSource' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Mode') as mode, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'Inputs') as inputs + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::SdiSource' + AND detail.data__TypeName = 'AWS::MediaLive::SdiSource' + AND listing.region = 'us-east-1' + signal_maps: + name: signal_maps + id: aws.medialive.signal_maps + x-cfn-schema-name: SignalMap + x-cfn-type-name: AWS::MediaLive::SignalMap + x-identifiers: + - Identifier + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__SignalMap&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::SignalMap" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::SignalMap" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MediaLive::SignalMap" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/signal_maps/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/signal_maps/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/signal_maps/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CloudWatchAlarmTemplateGroupIdentifiers') as cloud_watch_alarm_template_group_identifiers, + JSON_EXTRACT(Properties, '$.CloudWatchAlarmTemplateGroupIds') as cloud_watch_alarm_template_group_ids, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DiscoveryEntryPointArn') as discovery_entry_point_arn, + JSON_EXTRACT(Properties, '$.ErrorMessage') as error_message, + JSON_EXTRACT(Properties, '$.EventBridgeRuleTemplateGroupIdentifiers') as event_bridge_rule_template_group_identifiers, + JSON_EXTRACT(Properties, '$.EventBridgeRuleTemplateGroupIds') as event_bridge_rule_template_group_ids, + JSON_EXTRACT(Properties, '$.FailedMediaResourceMap') as failed_media_resource_map, + JSON_EXTRACT(Properties, '$.ForceRediscovery') as force_rediscovery, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Identifier') as identifier, + JSON_EXTRACT(Properties, '$.LastDiscoveredAt') as last_discovered_at, + JSON_EXTRACT(Properties, '$.LastSuccessfulMonitorDeployment') as last_successful_monitor_deployment, + JSON_EXTRACT(Properties, '$.MediaResourceMap') as media_resource_map, + JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.MonitorChangesPendingDeployment') as monitor_changes_pending_deployment, + JSON_EXTRACT(Properties, '$.MonitorDeployment') as monitor_deployment, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::SignalMap' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.ChannelId') as channel_id, - JSON_EXTRACT(detail.Properties, '$.MultiplexId') as multiplex_id, - JSON_EXTRACT(detail.Properties, '$.MultiplexProgramSettings') as multiplex_program_settings, - JSON_EXTRACT(detail.Properties, '$.PreferredChannelPipeline') as preferred_channel_pipeline, - JSON_EXTRACT(detail.Properties, '$.PacketIdentifiersMap') as packet_identifiers_map, - JSON_EXTRACT(detail.Properties, '$.PipelineDetails') as pipeline_details, - JSON_EXTRACT(detail.Properties, '$.ProgramName') as program_name + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CloudWatchAlarmTemplateGroupIdentifiers') as cloud_watch_alarm_template_group_identifiers, + JSON_EXTRACT(detail.Properties, '$.CloudWatchAlarmTemplateGroupIds') as cloud_watch_alarm_template_group_ids, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DiscoveryEntryPointArn') as discovery_entry_point_arn, + JSON_EXTRACT(detail.Properties, '$.ErrorMessage') as error_message, + JSON_EXTRACT(detail.Properties, '$.EventBridgeRuleTemplateGroupIdentifiers') as event_bridge_rule_template_group_identifiers, + JSON_EXTRACT(detail.Properties, '$.EventBridgeRuleTemplateGroupIds') as event_bridge_rule_template_group_ids, + JSON_EXTRACT(detail.Properties, '$.FailedMediaResourceMap') as failed_media_resource_map, + JSON_EXTRACT(detail.Properties, '$.ForceRediscovery') as force_rediscovery, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.LastDiscoveredAt') as last_discovered_at, + JSON_EXTRACT(detail.Properties, '$.LastSuccessfulMonitorDeployment') as last_successful_monitor_deployment, + JSON_EXTRACT(detail.Properties, '$.MediaResourceMap') as media_resource_map, + JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(detail.Properties, '$.MonitorChangesPendingDeployment') as monitor_changes_pending_deployment, + JSON_EXTRACT(detail.Properties, '$.MonitorDeployment') as monitor_deployment, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::MediaLive::Multiplexprogram' - AND detail.data__TypeName = 'AWS::MediaLive::Multiplexprogram' + WHERE listing.data__TypeName = 'AWS::MediaLive::SignalMap' + AND detail.data__TypeName = 'AWS::MediaLive::SignalMap' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -1179,43 +5015,72 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'ChannelId') as channel_id, - json_extract_path_text(Properties, 'MultiplexId') as multiplex_id, - json_extract_path_text(Properties, 'MultiplexProgramSettings') as multiplex_program_settings, - json_extract_path_text(Properties, 'PreferredChannelPipeline') as preferred_channel_pipeline, - json_extract_path_text(Properties, 'PacketIdentifiersMap') as packet_identifiers_map, - json_extract_path_text(Properties, 'PipelineDetails') as pipeline_details, - json_extract_path_text(Properties, 'ProgramName') as program_name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::Multiplexprogram' - AND data__Identifier = '|' + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'CloudWatchAlarmTemplateGroupIdentifiers') as cloud_watch_alarm_template_group_identifiers, + json_extract_path_text(Properties, 'CloudWatchAlarmTemplateGroupIds') as cloud_watch_alarm_template_group_ids, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DiscoveryEntryPointArn') as discovery_entry_point_arn, + json_extract_path_text(Properties, 'ErrorMessage') as error_message, + json_extract_path_text(Properties, 'EventBridgeRuleTemplateGroupIdentifiers') as event_bridge_rule_template_group_identifiers, + json_extract_path_text(Properties, 'EventBridgeRuleTemplateGroupIds') as event_bridge_rule_template_group_ids, + json_extract_path_text(Properties, 'FailedMediaResourceMap') as failed_media_resource_map, + json_extract_path_text(Properties, 'ForceRediscovery') as force_rediscovery, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Identifier') as identifier, + json_extract_path_text(Properties, 'LastDiscoveredAt') as last_discovered_at, + json_extract_path_text(Properties, 'LastSuccessfulMonitorDeployment') as last_successful_monitor_deployment, + json_extract_path_text(Properties, 'MediaResourceMap') as media_resource_map, + json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'MonitorChangesPendingDeployment') as monitor_changes_pending_deployment, + json_extract_path_text(Properties, 'MonitorDeployment') as monitor_deployment, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaLive::SignalMap' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'ChannelId') as channel_id, - json_extract_path_text(detail.Properties, 'MultiplexId') as multiplex_id, - json_extract_path_text(detail.Properties, 'MultiplexProgramSettings') as multiplex_program_settings, - json_extract_path_text(detail.Properties, 'PreferredChannelPipeline') as preferred_channel_pipeline, - json_extract_path_text(detail.Properties, 'PacketIdentifiersMap') as packet_identifiers_map, - json_extract_path_text(detail.Properties, 'PipelineDetails') as pipeline_details, - json_extract_path_text(detail.Properties, 'ProgramName') as program_name + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CloudWatchAlarmTemplateGroupIdentifiers') as cloud_watch_alarm_template_group_identifiers, + json_extract_path_text(detail.Properties, 'CloudWatchAlarmTemplateGroupIds') as cloud_watch_alarm_template_group_ids, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DiscoveryEntryPointArn') as discovery_entry_point_arn, + json_extract_path_text(detail.Properties, 'ErrorMessage') as error_message, + json_extract_path_text(detail.Properties, 'EventBridgeRuleTemplateGroupIdentifiers') as event_bridge_rule_template_group_identifiers, + json_extract_path_text(detail.Properties, 'EventBridgeRuleTemplateGroupIds') as event_bridge_rule_template_group_ids, + json_extract_path_text(detail.Properties, 'FailedMediaResourceMap') as failed_media_resource_map, + json_extract_path_text(detail.Properties, 'ForceRediscovery') as force_rediscovery, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'LastDiscoveredAt') as last_discovered_at, + json_extract_path_text(detail.Properties, 'LastSuccessfulMonitorDeployment') as last_successful_monitor_deployment, + json_extract_path_text(detail.Properties, 'MediaResourceMap') as media_resource_map, + json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(detail.Properties, 'MonitorChangesPendingDeployment') as monitor_changes_pending_deployment, + json_extract_path_text(detail.Properties, 'MonitorDeployment') as monitor_deployment, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::MediaLive::Multiplexprogram' - AND detail.data__TypeName = 'AWS::MediaLive::Multiplexprogram' + WHERE listing.data__TypeName = 'AWS::MediaLive::SignalMap' + AND detail.data__TypeName = 'AWS::MediaLive::SignalMap' AND listing.region = 'us-east-1' - multiplexprograms_list_only: - name: multiplexprograms_list_only - id: aws.medialive.multiplexprograms_list_only - x-cfn-schema-name: Multiplexprogram - x-cfn-type-name: AWS::MediaLive::Multiplexprogram + signal_maps_list_only: + name: signal_maps_list_only + id: aws.medialive.signal_maps_list_only + x-cfn-schema-name: SignalMap + x-cfn-type-name: AWS::MediaLive::SignalMap x-identifiers: - - ProgramName - - MultiplexId + - Identifier x-type: cloud_control_view methods: {} sqlVerbs: @@ -1229,19 +5094,102 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.ProgramName') as program_name, - JSON_EXTRACT(Properties, '$.MultiplexId') as multiplex_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Multiplexprogram' + JSON_EXTRACT(Properties, '$.Identifier') as identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::SignalMap' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'ProgramName') as program_name, - json_extract_path_text(Properties, 'MultiplexId') as multiplex_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::Multiplexprogram' + json_extract_path_text(Properties, 'Identifier') as identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MediaLive::SignalMap' AND region = 'us-east-1' + signal_map_tags: + name: signal_map_tags + id: aws.medialive.signal_map_tags + x-cfn-schema-name: SignalMap + x-cfn-type-name: AWS::MediaLive::SignalMap + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CloudWatchAlarmTemplateGroupIdentifiers') as cloud_watch_alarm_template_group_identifiers, + JSON_EXTRACT(detail.Properties, '$.CloudWatchAlarmTemplateGroupIds') as cloud_watch_alarm_template_group_ids, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DiscoveryEntryPointArn') as discovery_entry_point_arn, + JSON_EXTRACT(detail.Properties, '$.ErrorMessage') as error_message, + JSON_EXTRACT(detail.Properties, '$.EventBridgeRuleTemplateGroupIdentifiers') as event_bridge_rule_template_group_identifiers, + JSON_EXTRACT(detail.Properties, '$.EventBridgeRuleTemplateGroupIds') as event_bridge_rule_template_group_ids, + JSON_EXTRACT(detail.Properties, '$.FailedMediaResourceMap') as failed_media_resource_map, + JSON_EXTRACT(detail.Properties, '$.ForceRediscovery') as force_rediscovery, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.LastDiscoveredAt') as last_discovered_at, + JSON_EXTRACT(detail.Properties, '$.LastSuccessfulMonitorDeployment') as last_successful_monitor_deployment, + JSON_EXTRACT(detail.Properties, '$.MediaResourceMap') as media_resource_map, + JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(detail.Properties, '$.MonitorChangesPendingDeployment') as monitor_changes_pending_deployment, + JSON_EXTRACT(detail.Properties, '$.MonitorDeployment') as monitor_deployment, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Status') as status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::SignalMap' + AND detail.data__TypeName = 'AWS::MediaLive::SignalMap' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'CloudWatchAlarmTemplateGroupIdentifiers') as cloud_watch_alarm_template_group_identifiers, + json_extract_path_text(detail.Properties, 'CloudWatchAlarmTemplateGroupIds') as cloud_watch_alarm_template_group_ids, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DiscoveryEntryPointArn') as discovery_entry_point_arn, + json_extract_path_text(detail.Properties, 'ErrorMessage') as error_message, + json_extract_path_text(detail.Properties, 'EventBridgeRuleTemplateGroupIdentifiers') as event_bridge_rule_template_group_identifiers, + json_extract_path_text(detail.Properties, 'EventBridgeRuleTemplateGroupIds') as event_bridge_rule_template_group_ids, + json_extract_path_text(detail.Properties, 'FailedMediaResourceMap') as failed_media_resource_map, + json_extract_path_text(detail.Properties, 'ForceRediscovery') as force_rediscovery, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'LastDiscoveredAt') as last_discovered_at, + json_extract_path_text(detail.Properties, 'LastSuccessfulMonitorDeployment') as last_successful_monitor_deployment, + json_extract_path_text(detail.Properties, 'MediaResourceMap') as media_resource_map, + json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(detail.Properties, 'MonitorChangesPendingDeployment') as monitor_changes_pending_deployment, + json_extract_path_text(detail.Properties, 'MonitorDeployment') as monitor_deployment, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Status') as status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::MediaLive::SignalMap' + AND detail.data__TypeName = 'AWS::MediaLive::SignalMap' + AND listing.region = 'us-east-1' paths: /?Action=CreateResource&Version=2021-09-30: parameters: @@ -1253,7 +5201,191 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateResource + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__ChannelPlacementGroup&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateChannelPlacementGroup + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateChannelPlacementGroupRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__CloudWatchAlarmTemplate&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateCloudWatchAlarmTemplate parameters: - description: Action Header in: header @@ -1276,7 +5408,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + $ref: '#/components/schemas/CreateCloudWatchAlarmTemplateRequest' required: true responses: '200': @@ -1285,7 +5417,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=DeleteResource&Version=2021-09-30: + /?Action=CreateResource&Version=2021-09-30&__CloudWatchAlarmTemplateGroup&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -1295,16 +5427,16 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: DeleteResource + operationId: CreateCloudWatchAlarmTemplateGroup parameters: - description: Action Header in: header name: X-Amz-Target required: false schema: - default: CloudApiService.DeleteResource + default: CloudApiService.CreateResource enum: - - CloudApiService.DeleteResource + - CloudApiService.CreateResource type: string - in: header name: Content-Type @@ -1318,16 +5450,16 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + $ref: '#/components/schemas/CreateCloudWatchAlarmTemplateGroupRequest' required: true responses: '200': content: application/json: schema: - $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=UpdateResource&Version=2021-09-30: + /?Action=CreateResource&Version=2021-09-30&__Cluster&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -1337,16 +5469,16 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: UpdateResource + operationId: CreateCluster parameters: - description: Action Header in: header name: X-Amz-Target required: false schema: - default: CloudApiService.UpdateResource + default: CloudApiService.CreateResource enum: - - CloudApiService.UpdateResource + - CloudApiService.CreateResource type: string - in: header name: Content-Type @@ -1360,30 +5492,98 @@ paths: content: application/x-amz-json-1.0: schema: - properties: - ClientName: - type: string - Identifier: - $ref: '#/components/x-cloud-control-schemas/Identifier' - PatchDocument: - type: string - RoleArn: - $ref: '#/components/x-cloud-control-schemas/RoleArn' - TypeName: - $ref: '#/components/x-cloud-control-schemas/TypeName' - TypeVersionId: - $ref: '#/components/x-cloud-control-schemas/TypeVersionId' - required: - - Identifier - - PatchDocument - type: object + $ref: '#/components/schemas/CreateClusterRequest' required: true responses: '200': content: application/json: schema: - $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__EventBridgeRuleTemplate&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateEventBridgeRuleTemplate + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateEventBridgeRuleTemplateRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__EventBridgeRuleTemplateGroup&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateEventBridgeRuleTemplateGroup + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateEventBridgeRuleTemplateGroupRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success /?Action=CreateResource&Version=2021-09-30&__Multiplex&__detailTransformed=true: parameters: @@ -1469,6 +5669,132 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Network&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateNetwork + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateNetworkRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__SdiSource&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateSdiSource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateSdiSourceRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__SignalMap&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateSignalMap + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateSignalMapRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params diff --git a/providers/src/aws/v00.00.00000/services/mediapackage.yaml b/providers/src/aws/v00.00.00000/services/mediapackage.yaml index 469d2c23..7ba57b33 100644 --- a/providers/src/aws/v00.00.00000/services/mediapackage.yaml +++ b/providers/src/aws/v00.00.00000/services/mediapackage.yaml @@ -933,9 +933,12 @@ components: x-tagging: taggable: true tagOnCreate: true - tagUpdatable: false + tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - mediapackage:TagResource + - mediapackage:UntagResource x-required-permissions: create: - mediapackage:CreateOriginEndpoint @@ -948,6 +951,10 @@ components: - mediapackage:DescribeOriginEndpoint update: - mediapackage:UpdateOriginEndpoint + - mediapackage:TagResource + - mediapackage:ListTagsForResource + - mediapackage:UntagResource + - mediapackage:DescribeOriginEndpoint - iam:PassRole delete: - mediapackage:DeleteOriginEndpoint diff --git a/providers/src/aws/v00.00.00000/services/mediapackagev2.yaml b/providers/src/aws/v00.00.00000/services/mediapackagev2.yaml index 4c475fe4..1f117d40 100644 --- a/providers/src/aws/v00.00.00000/services/mediapackagev2.yaml +++ b/providers/src/aws/v00.00.00000/services/mediapackagev2.yaml @@ -396,6 +396,11 @@ components: type: string description:

The ingest domain URL where the source stream should be sent.

additionalProperties: false + InputType: + type: string + enum: + - HLS + - CMAF Tag: type: object properties: @@ -434,10 +439,16 @@ components: items: $ref: '#/components/schemas/IngestEndpoint' description:

The list of ingest endpoints.

+ InputType: + $ref: '#/components/schemas/InputType' ModifiedAt: type: string description:

The date and time the channel was modified.

format: date-time + IngestEndpointUrls: + type: array + items: + type: string Tags: type: array x-insertionOrder: false @@ -457,10 +468,12 @@ components: x-create-only-properties: - ChannelGroupName - ChannelName + - InputType x-read-only-properties: - Arn - CreatedAt - IngestEndpoints + - IngestEndpointUrls - ModifiedAt x-required-properties: - ChannelGroupName @@ -471,6 +484,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - mediapackagev2:TagResource + - mediapackagev2:UntagResource + - mediapackagev2:ListTagsForResource x-required-permissions: create: - mediapackagev2:TagResource @@ -543,6 +560,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - mediapackagev2:TagResource + - mediapackagev2:UntagResource + - mediapackagev2:ListTagsForResource x-required-permissions: create: - mediapackagev2:TagResource @@ -670,6 +691,7 @@ components: - FAIRPLAY - PLAYREADY - WIDEVINE + - IRDETO Encryption: type: object description:

The parameters for encrypting content.

@@ -717,6 +739,13 @@ components: CmafEncryptionMethod: $ref: '#/components/schemas/CmafEncryptionMethod' additionalProperties: false + EndpointErrorCondition: + type: string + enum: + - STALE_MANIFEST + - INCOMPLETE_MANIFEST + - MISSING_DRM_KEY + - SLATE_INPUT FilterConfiguration: type: object description:

Filter configuration includes settings for manifest filtering, start and end times, and time delay that apply to all of your egress requests for this manifest.

@@ -739,6 +768,35 @@ components: maximum: 1209600 minimum: 0 description:

Optionally specify the time delay for all of your manifest egress requests. Enter a value that is smaller than your endpoint's startover window. When you include time delay, note that you cannot use time delay query parameters for this manifest's endpoint URL.

+ ClipStartTime: + type: string + description:

Optionally specify the clip start time for all of your manifest egress requests. When you include clip start time, note that you cannot use clip start time query parameters for this manifest's endpoint URL.

+ format: date-time + additionalProperties: false + ForceEndpointErrorConfiguration: + type: object + description:

The failover settings for the endpoint.

+ properties: + EndpointErrorConditions: + type: array + items: + $ref: '#/components/schemas/EndpointErrorCondition' + description: |- +

The failover settings for the endpoint. The options are:

+
    +
  • +

    + STALE_MANIFEST - The manifest stalled and there a no new segments or parts.

    +
    • +
  • +

    + INCOMPLETE_MANIFEST - There is a gap in the manifest.

    +
    • +
  • +

    + MISSING_DRM_KEY - Key rotation is enabled but we're unable to fetch the key for the current key period.

    +
    • +
additionalProperties: false DashManifestConfiguration: type: object @@ -818,6 +876,8 @@ components: $ref: '#/components/schemas/ScteHls' FilterConfiguration: $ref: '#/components/schemas/FilterConfiguration' + StartTag: + $ref: '#/components/schemas/StartTag' required: - ManifestName additionalProperties: false @@ -855,6 +915,8 @@ components: $ref: '#/components/schemas/ScteHls' FilterConfiguration: $ref: '#/components/schemas/FilterConfiguration' + StartTag: + $ref: '#/components/schemas/StartTag' required: - ManifestName additionalProperties: false @@ -991,6 +1053,19 @@ components: - RoleArn - Url additionalProperties: false + StartTag: + type: object + description:

To insert an EXT-X-START tag in your HLS playlist, specify a StartTag configuration object with a valid TimeOffset. When you do, you can also optionally specify whether to include a PRECISE value in the EXT-X-START tag.

+ properties: + TimeOffset: + type: number + description:

Specify the value for TIME-OFFSET within your EXT-X-START tag. Enter a signed floating point value which, if positive, must be less than the configured manifest duration minus three times the configured segment target duration. If negative, the absolute value must be larger than three times the configured segment target duration, and the absolute value must be smaller than the configured manifest duration.

+ Precise: + type: boolean + description:

Specify the value for PRECISE within your EXT-X-START tag. Leave blank, or choose false, to use the default value NO. Choose yes to use the value YES.

+ required: + - TimeOffset + additionalProperties: false TsEncryptionMethod: type: string enum: @@ -1028,6 +1103,8 @@ components: maxLength: 1024 minLength: 0 description:

Enter any descriptive text that helps you to identify the origin endpoint.

+ ForceEndpointErrorConfiguration: + $ref: '#/components/schemas/ForceEndpointErrorConfiguration' HlsManifests: type: array items: @@ -1054,6 +1131,18 @@ components: maximum: 1209600 minimum: 60 description:

The size of the window (in seconds) to create a window of the live stream that's available for on-demand viewing. Viewers can start-over or catch-up on content that falls within the window. The maximum startover window is 1,209,600 seconds (14 days).

+ DashManifestUrls: + type: array + items: + type: string + HlsManifestUrls: + type: array + items: + type: string + LowLatencyHlsManifestUrls: + type: array + items: + type: string Tags: type: array x-insertionOrder: false @@ -1063,6 +1152,7 @@ components: - ChannelGroupName - ChannelName - OriginEndpointName + - ContainerType x-stackql-resource-name: origin_endpoint description:

Represents an origin endpoint that is associated with a channel, offering a dynamically repackaged version of its content through various streaming media protocols. The content can be efficiently disseminated to end-users via a Content Delivery Network (CDN), like Amazon CloudFront.

x-type-name: AWS::MediaPackageV2::OriginEndpoint @@ -1079,6 +1169,9 @@ components: x-read-only-properties: - Arn - CreatedAt + - DashManifestUrls + - HlsManifestUrls + - LowLatencyHlsManifestUrls - ModifiedAt - LowLatencyHlsManifests/*/Url - HlsManifests/*/Url @@ -1086,12 +1179,17 @@ components: - ChannelGroupName - ChannelName - OriginEndpointName + - ContainerType x-tagging: taggable: true tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - mediapackagev2:TagResource + - mediapackagev2:UntagResource + - mediapackagev2:ListTagsForResource x-required-permissions: create: - mediapackagev2:TagResource @@ -1208,10 +1306,16 @@ components: items: $ref: '#/components/schemas/IngestEndpoint' description:

The list of ingest endpoints.

+ InputType: + $ref: '#/components/schemas/InputType' ModifiedAt: type: string description:

The date and time the channel was modified.

format: date-time + IngestEndpointUrls: + type: array + items: + type: string Tags: type: array x-insertionOrder: false @@ -1338,6 +1442,8 @@ components: maxLength: 1024 minLength: 0 description:

Enter any descriptive text that helps you to identify the origin endpoint.

+ ForceEndpointErrorConfiguration: + $ref: '#/components/schemas/ForceEndpointErrorConfiguration' HlsManifests: type: array items: @@ -1364,6 +1470,18 @@ components: maximum: 1209600 minimum: 60 description:

The size of the window (in seconds) to create a window of the live stream that's available for on-demand viewing. Viewers can start-over or catch-up on content that falls within the window. The maximum startover window is 1,209,600 seconds (14 days).

+ DashManifestUrls: + type: array + items: + type: string + HlsManifestUrls: + type: array + items: + type: string + LowLatencyHlsManifestUrls: + type: array + items: + type: string Tags: type: array x-insertionOrder: false @@ -1484,7 +1602,9 @@ components: JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.IngestEndpoints') as ingest_endpoints, + JSON_EXTRACT(Properties, '$.InputType') as input_type, JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(Properties, '$.IngestEndpointUrls') as ingest_endpoint_urls, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::Channel' AND data__Identifier = '' @@ -1500,7 +1620,9 @@ components: JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.IngestEndpoints') as ingest_endpoints, + JSON_EXTRACT(detail.Properties, '$.InputType') as input_type, JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(detail.Properties, '$.IngestEndpointUrls') as ingest_endpoint_urls, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -1521,7 +1643,9 @@ components: json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'IngestEndpoints') as ingest_endpoints, + json_extract_path_text(Properties, 'InputType') as input_type, json_extract_path_text(Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(Properties, 'IngestEndpointUrls') as ingest_endpoint_urls, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::Channel' AND data__Identifier = '' @@ -1537,7 +1661,9 @@ components: json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'IngestEndpoints') as ingest_endpoints, + json_extract_path_text(detail.Properties, 'InputType') as input_type, json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(detail.Properties, 'IngestEndpointUrls') as ingest_endpoint_urls, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -1603,7 +1729,9 @@ components: JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.IngestEndpoints') as ingest_endpoints, - JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at + JSON_EXTRACT(detail.Properties, '$.InputType') as input_type, + JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, + JSON_EXTRACT(detail.Properties, '$.IngestEndpointUrls') as ingest_endpoint_urls FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1625,7 +1753,9 @@ components: json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'IngestEndpoints') as ingest_endpoints, - json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at + json_extract_path_text(detail.Properties, 'InputType') as input_type, + json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, + json_extract_path_text(detail.Properties, 'IngestEndpointUrls') as ingest_endpoint_urls FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1999,12 +2129,16 @@ components: JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.DashManifests') as dash_manifests, JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ForceEndpointErrorConfiguration') as force_endpoint_error_configuration, JSON_EXTRACT(Properties, '$.HlsManifests') as hls_manifests, JSON_EXTRACT(Properties, '$.LowLatencyHlsManifests') as low_latency_hls_manifests, JSON_EXTRACT(Properties, '$.ModifiedAt') as modified_at, JSON_EXTRACT(Properties, '$.OriginEndpointName') as origin_endpoint_name, JSON_EXTRACT(Properties, '$.Segment') as segment, JSON_EXTRACT(Properties, '$.StartoverWindowSeconds') as startover_window_seconds, + JSON_EXTRACT(Properties, '$.DashManifestUrls') as dash_manifest_urls, + JSON_EXTRACT(Properties, '$.HlsManifestUrls') as hls_manifest_urls, + JSON_EXTRACT(Properties, '$.LowLatencyHlsManifestUrls') as low_latency_hls_manifest_urls, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::OriginEndpoint' AND data__Identifier = '' @@ -2021,12 +2155,16 @@ components: JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.DashManifests') as dash_manifests, JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.ForceEndpointErrorConfiguration') as force_endpoint_error_configuration, JSON_EXTRACT(detail.Properties, '$.HlsManifests') as hls_manifests, JSON_EXTRACT(detail.Properties, '$.LowLatencyHlsManifests') as low_latency_hls_manifests, JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, JSON_EXTRACT(detail.Properties, '$.OriginEndpointName') as origin_endpoint_name, JSON_EXTRACT(detail.Properties, '$.Segment') as segment, JSON_EXTRACT(detail.Properties, '$.StartoverWindowSeconds') as startover_window_seconds, + JSON_EXTRACT(detail.Properties, '$.DashManifestUrls') as dash_manifest_urls, + JSON_EXTRACT(detail.Properties, '$.HlsManifestUrls') as hls_manifest_urls, + JSON_EXTRACT(detail.Properties, '$.LowLatencyHlsManifestUrls') as low_latency_hls_manifest_urls, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -2048,12 +2186,16 @@ components: json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'DashManifests') as dash_manifests, json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ForceEndpointErrorConfiguration') as force_endpoint_error_configuration, json_extract_path_text(Properties, 'HlsManifests') as hls_manifests, json_extract_path_text(Properties, 'LowLatencyHlsManifests') as low_latency_hls_manifests, json_extract_path_text(Properties, 'ModifiedAt') as modified_at, json_extract_path_text(Properties, 'OriginEndpointName') as origin_endpoint_name, json_extract_path_text(Properties, 'Segment') as segment, json_extract_path_text(Properties, 'StartoverWindowSeconds') as startover_window_seconds, + json_extract_path_text(Properties, 'DashManifestUrls') as dash_manifest_urls, + json_extract_path_text(Properties, 'HlsManifestUrls') as hls_manifest_urls, + json_extract_path_text(Properties, 'LowLatencyHlsManifestUrls') as low_latency_hls_manifest_urls, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MediaPackageV2::OriginEndpoint' AND data__Identifier = '' @@ -2070,12 +2212,16 @@ components: json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'DashManifests') as dash_manifests, json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'ForceEndpointErrorConfiguration') as force_endpoint_error_configuration, json_extract_path_text(detail.Properties, 'HlsManifests') as hls_manifests, json_extract_path_text(detail.Properties, 'LowLatencyHlsManifests') as low_latency_hls_manifests, json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, json_extract_path_text(detail.Properties, 'OriginEndpointName') as origin_endpoint_name, json_extract_path_text(detail.Properties, 'Segment') as segment, json_extract_path_text(detail.Properties, 'StartoverWindowSeconds') as startover_window_seconds, + json_extract_path_text(detail.Properties, 'DashManifestUrls') as dash_manifest_urls, + json_extract_path_text(detail.Properties, 'HlsManifestUrls') as hls_manifest_urls, + json_extract_path_text(detail.Properties, 'LowLatencyHlsManifestUrls') as low_latency_hls_manifest_urls, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -2142,12 +2288,16 @@ components: JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.DashManifests') as dash_manifests, JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.ForceEndpointErrorConfiguration') as force_endpoint_error_configuration, JSON_EXTRACT(detail.Properties, '$.HlsManifests') as hls_manifests, JSON_EXTRACT(detail.Properties, '$.LowLatencyHlsManifests') as low_latency_hls_manifests, JSON_EXTRACT(detail.Properties, '$.ModifiedAt') as modified_at, JSON_EXTRACT(detail.Properties, '$.OriginEndpointName') as origin_endpoint_name, JSON_EXTRACT(detail.Properties, '$.Segment') as segment, - JSON_EXTRACT(detail.Properties, '$.StartoverWindowSeconds') as startover_window_seconds + JSON_EXTRACT(detail.Properties, '$.StartoverWindowSeconds') as startover_window_seconds, + JSON_EXTRACT(detail.Properties, '$.DashManifestUrls') as dash_manifest_urls, + JSON_EXTRACT(detail.Properties, '$.HlsManifestUrls') as hls_manifest_urls, + JSON_EXTRACT(detail.Properties, '$.LowLatencyHlsManifestUrls') as low_latency_hls_manifest_urls FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2170,12 +2320,16 @@ components: json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'DashManifests') as dash_manifests, json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'ForceEndpointErrorConfiguration') as force_endpoint_error_configuration, json_extract_path_text(detail.Properties, 'HlsManifests') as hls_manifests, json_extract_path_text(detail.Properties, 'LowLatencyHlsManifests') as low_latency_hls_manifests, json_extract_path_text(detail.Properties, 'ModifiedAt') as modified_at, json_extract_path_text(detail.Properties, 'OriginEndpointName') as origin_endpoint_name, json_extract_path_text(detail.Properties, 'Segment') as segment, - json_extract_path_text(detail.Properties, 'StartoverWindowSeconds') as startover_window_seconds + json_extract_path_text(detail.Properties, 'StartoverWindowSeconds') as startover_window_seconds, + json_extract_path_text(detail.Properties, 'DashManifestUrls') as dash_manifest_urls, + json_extract_path_text(detail.Properties, 'HlsManifestUrls') as hls_manifest_urls, + json_extract_path_text(detail.Properties, 'LowLatencyHlsManifestUrls') as low_latency_hls_manifest_urls FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/memorydb.yaml b/providers/src/aws/v00.00.00000/services/memorydb.yaml index 9fc8e1b2..eb57262f 100644 --- a/providers/src/aws/v00.00.00000/services/memorydb.yaml +++ b/providers/src/aws/v00.00.00000/services/memorydb.yaml @@ -447,7 +447,16 @@ components: - Arn x-required-properties: - ACLName - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - memorydb:TagResource + - memorydb:ListTags + - memorydb:UntagResource x-required-permissions: create: - memorydb:CreateACL @@ -495,6 +504,9 @@ components: Description: description: An optional description of the cluster. type: string + MultiRegionClusterName: + description: The name of the Global Datastore, it is generated by MemoryDB adding a prefix to MultiRegionClusterNameSuffix. + type: string Status: description: The status of the cluster. For example, Available, Updating, Creating. type: string @@ -574,6 +586,9 @@ components: ARN: description: The Amazon Resource Name (ARN) of the cluster. type: string + Engine: + description: The engine type used by the cluster. + type: string EngineVersion: description: The Redis engine version used by the cluster. type: string @@ -611,10 +626,12 @@ components: - Port - SubnetGroupName - SnapshotArns + - MultiRegionClusterName - SnapshotName x-write-only-properties: - SnapshotArns - SnapshotName + - MultiRegionClusterName - FinalSnapshotName x-read-only-properties: - Status @@ -626,11 +643,23 @@ components: - ClusterName - NodeType - ACLName - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - memorydb:TagResource + - memorydb:ListTags + - memorydb:UntagResource x-required-permissions: create: + - kms:DescribeKey + - kms:CreateGrant - memorydb:CreateCluster - memorydb:DescribeClusters + - memorydb:TagResource - memorydb:ListTags read: - memorydb:DescribeClusters @@ -646,6 +675,111 @@ components: - memorydb:DescribeClusters list: - memorydb:DescribeClusters + MultiRegionCluster: + type: object + properties: + MultiRegionClusterNameSuffix: + description: The name of the Multi Region cluster. This value must be unique as it also serves as the multi region cluster identifier. + pattern: '[a-z][a-z0-9\-]*' + type: string + Description: + description: Description of the multi region cluster. + type: string + MultiRegionClusterName: + description: The name of the Global Datastore, it is generated by MemoryDB adding a prefix to MultiRegionClusterNameSuffix. + type: string + Status: + description: The status of the multi region cluster. For example, Available, Updating, Creating. + type: string + NodeType: + description: The compute and memory capacity of the nodes in the multi region cluster. + type: string + NumShards: + description: The number of shards the multi region cluster will contain. + type: integer + MultiRegionParameterGroupName: + description: The name of the parameter group associated with the multi region cluster. + type: string + TLSEnabled: + description: |- + A flag that enables in-transit encryption when set to true. + + You cannot modify the value of TransitEncryptionEnabled after the cluster is created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabled to true when you create a cluster. + type: boolean + ARN: + description: The Amazon Resource Name (ARN) of the multi region cluster. + type: string + Engine: + description: The engine type used by the multi region cluster. + type: string + EngineVersion: + description: The Redis engine version used by the multi region cluster. + type: string + Tags: + description: An array of key-value pairs to apply to this multi region cluster. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + UpdateStrategy: + description: An enum string value that determines the update strategy for scaling. Possible values are 'COORDINATED' and 'UNCOORDINATED'. Default is 'COORDINATED'. + type: string + enum: + - COORDINATED + - UNCOORDINATED + required: + - NodeType + x-stackql-resource-name: multi_region_cluster + description: The AWS::MemoryDB::Multi Region Cluster resource creates an Amazon MemoryDB Multi Region Cluster. + x-type-name: AWS::MemoryDB::MultiRegionCluster + x-stackql-primary-identifier: + - MultiRegionClusterName + x-create-only-properties: + - MultiRegionClusterNameSuffix + - EngineVersion + - MultiRegionParameterGroupName + - TLSEnabled + x-write-only-properties: + - MultiRegionClusterNameSuffix + - UpdateStrategy + x-read-only-properties: + - MultiRegionClusterName + - Status + - ARN + x-required-properties: + - NodeType + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - memorydb:TagResource + - memorydb:ListTags + - memorydb:UntagResource + x-required-permissions: + create: + - memorydb:CreateMultiRegionCluster + - memorydb:DescribeMultiRegionClusters + - memorydb:TagResource + - memorydb:ListTags + read: + - memorydb:DescribeMultiRegionClusters + - memorydb:ListTags + update: + - memorydb:UpdateMultiRegionCluster + - memorydb:DescribeMultiRegionClusters + - memorydb:ListTags + - memorydb:TagResource + - memorydb:UntagResource + delete: + - memorydb:DeleteMultiRegionCluster + - memorydb:DescribeMultiRegionClusters + list: + - memorydb:DescribeMultiRegionClusters ParameterGroup: type: object properties: @@ -691,7 +825,16 @@ components: x-required-properties: - ParameterGroupName - Family - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - memorydb:TagResource + - memorydb:ListTags + - memorydb:UntagResource x-required-permissions: create: - memorydb:CreateParameterGroup @@ -756,7 +899,16 @@ components: x-required-properties: - SubnetGroupName - SubnetIds - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - memorydb:TagResource + - memorydb:ListTags + - memorydb:UntagResource x-required-permissions: create: - memorydb:CreateSubnetGroup @@ -838,7 +990,16 @@ components: - Arn x-required-properties: - UserName - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - memorydb:TagResource + - memorydb:ListTags + - memorydb:UntagResource x-required-permissions: create: - memorydb:CreateUser @@ -923,6 +1084,9 @@ components: Description: description: An optional description of the cluster. type: string + MultiRegionClusterName: + description: The name of the Global Datastore, it is generated by MemoryDB adding a prefix to MultiRegionClusterNameSuffix. + type: string Status: description: The status of the cluster. For example, Available, Updating, Creating. type: string @@ -1002,6 +1166,9 @@ components: ARN: description: The Amazon Resource Name (ARN) of the cluster. type: string + Engine: + description: The engine type used by the cluster. + type: string EngineVersion: description: The Redis engine version used by the cluster. type: string @@ -1026,6 +1193,74 @@ components: x-title: CreateClusterRequest type: object required: [] + CreateMultiRegionClusterRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + MultiRegionClusterNameSuffix: + description: The name of the Multi Region cluster. This value must be unique as it also serves as the multi region cluster identifier. + pattern: '[a-z][a-z0-9\-]*' + type: string + Description: + description: Description of the multi region cluster. + type: string + MultiRegionClusterName: + description: The name of the Global Datastore, it is generated by MemoryDB adding a prefix to MultiRegionClusterNameSuffix. + type: string + Status: + description: The status of the multi region cluster. For example, Available, Updating, Creating. + type: string + NodeType: + description: The compute and memory capacity of the nodes in the multi region cluster. + type: string + NumShards: + description: The number of shards the multi region cluster will contain. + type: integer + MultiRegionParameterGroupName: + description: The name of the parameter group associated with the multi region cluster. + type: string + TLSEnabled: + description: |- + A flag that enables in-transit encryption when set to true. + + You cannot modify the value of TransitEncryptionEnabled after the cluster is created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabled to true when you create a cluster. + type: boolean + ARN: + description: The Amazon Resource Name (ARN) of the multi region cluster. + type: string + Engine: + description: The engine type used by the multi region cluster. + type: string + EngineVersion: + description: The Redis engine version used by the multi region cluster. + type: string + Tags: + description: An array of key-value pairs to apply to this multi region cluster. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + UpdateStrategy: + description: An enum string value that determines the update strategy for scaling. Possible values are 'COORDINATED' and 'UNCOORDINATED'. Default is 'COORDINATED'. + type: string + enum: + - COORDINATED + - UNCOORDINATED + x-stackQL-stringOnly: true + x-title: CreateMultiRegionClusterRequest + type: object + required: [] CreateParameterGroupRequest: properties: ClientToken: @@ -1440,6 +1675,7 @@ components: data__Identifier, JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.MultiRegionClusterName') as multi_region_cluster_name, JSON_EXTRACT(Properties, '$.Status') as status, JSON_EXTRACT(Properties, '$.NodeType') as node_type, JSON_EXTRACT(Properties, '$.NumShards') as num_shards, @@ -1462,6 +1698,7 @@ components: JSON_EXTRACT(Properties, '$.SnapshotName') as snapshot_name, JSON_EXTRACT(Properties, '$.FinalSnapshotName') as final_snapshot_name, JSON_EXTRACT(Properties, '$.ARN') as arn, + JSON_EXTRACT(Properties, '$.Engine') as engine, JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, JSON_EXTRACT(Properties, '$.ClusterEndpoint') as cluster_endpoint, JSON_EXTRACT(Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, @@ -1476,6 +1713,7 @@ components: detail.region, JSON_EXTRACT(detail.Properties, '$.ClusterName') as cluster_name, JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.MultiRegionClusterName') as multi_region_cluster_name, JSON_EXTRACT(detail.Properties, '$.Status') as status, JSON_EXTRACT(detail.Properties, '$.NodeType') as node_type, JSON_EXTRACT(detail.Properties, '$.NumShards') as num_shards, @@ -1498,6 +1736,7 @@ components: JSON_EXTRACT(detail.Properties, '$.SnapshotName') as snapshot_name, JSON_EXTRACT(detail.Properties, '$.FinalSnapshotName') as final_snapshot_name, JSON_EXTRACT(detail.Properties, '$.ARN') as arn, + JSON_EXTRACT(detail.Properties, '$.Engine') as engine, JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, JSON_EXTRACT(detail.Properties, '$.ClusterEndpoint') as cluster_endpoint, JSON_EXTRACT(detail.Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, @@ -1517,6 +1756,7 @@ components: data__Identifier, json_extract_path_text(Properties, 'ClusterName') as cluster_name, json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'MultiRegionClusterName') as multi_region_cluster_name, json_extract_path_text(Properties, 'Status') as status, json_extract_path_text(Properties, 'NodeType') as node_type, json_extract_path_text(Properties, 'NumShards') as num_shards, @@ -1539,6 +1779,7 @@ components: json_extract_path_text(Properties, 'SnapshotName') as snapshot_name, json_extract_path_text(Properties, 'FinalSnapshotName') as final_snapshot_name, json_extract_path_text(Properties, 'ARN') as arn, + json_extract_path_text(Properties, 'Engine') as engine, json_extract_path_text(Properties, 'EngineVersion') as engine_version, json_extract_path_text(Properties, 'ClusterEndpoint') as cluster_endpoint, json_extract_path_text(Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, @@ -1553,6 +1794,7 @@ components: detail.region, json_extract_path_text(detail.Properties, 'ClusterName') as cluster_name, json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'MultiRegionClusterName') as multi_region_cluster_name, json_extract_path_text(detail.Properties, 'Status') as status, json_extract_path_text(detail.Properties, 'NodeType') as node_type, json_extract_path_text(detail.Properties, 'NumShards') as num_shards, @@ -1575,6 +1817,7 @@ components: json_extract_path_text(detail.Properties, 'SnapshotName') as snapshot_name, json_extract_path_text(detail.Properties, 'FinalSnapshotName') as final_snapshot_name, json_extract_path_text(detail.Properties, 'ARN') as arn, + json_extract_path_text(detail.Properties, 'Engine') as engine, json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, json_extract_path_text(detail.Properties, 'ClusterEndpoint') as cluster_endpoint, json_extract_path_text(detail.Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, @@ -1639,6 +1882,7 @@ components: JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.ClusterName') as cluster_name, JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.MultiRegionClusterName') as multi_region_cluster_name, JSON_EXTRACT(detail.Properties, '$.Status') as status, JSON_EXTRACT(detail.Properties, '$.NodeType') as node_type, JSON_EXTRACT(detail.Properties, '$.NumShards') as num_shards, @@ -1661,6 +1905,7 @@ components: JSON_EXTRACT(detail.Properties, '$.SnapshotName') as snapshot_name, JSON_EXTRACT(detail.Properties, '$.FinalSnapshotName') as final_snapshot_name, JSON_EXTRACT(detail.Properties, '$.ARN') as arn, + JSON_EXTRACT(detail.Properties, '$.Engine') as engine, JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, JSON_EXTRACT(detail.Properties, '$.ClusterEndpoint') as cluster_endpoint, JSON_EXTRACT(detail.Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade @@ -1681,6 +1926,7 @@ components: json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'ClusterName') as cluster_name, json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'MultiRegionClusterName') as multi_region_cluster_name, json_extract_path_text(detail.Properties, 'Status') as status, json_extract_path_text(detail.Properties, 'NodeType') as node_type, json_extract_path_text(detail.Properties, 'NumShards') as num_shards, @@ -1703,6 +1949,7 @@ components: json_extract_path_text(detail.Properties, 'SnapshotName') as snapshot_name, json_extract_path_text(detail.Properties, 'FinalSnapshotName') as final_snapshot_name, json_extract_path_text(detail.Properties, 'ARN') as arn, + json_extract_path_text(detail.Properties, 'Engine') as engine, json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, json_extract_path_text(detail.Properties, 'ClusterEndpoint') as cluster_endpoint, json_extract_path_text(detail.Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade @@ -1714,6 +1961,255 @@ components: WHERE listing.data__TypeName = 'AWS::MemoryDB::Cluster' AND detail.data__TypeName = 'AWS::MemoryDB::Cluster' AND listing.region = 'us-east-1' + multi_region_clusters: + name: multi_region_clusters + id: aws.memorydb.multi_region_clusters + x-cfn-schema-name: MultiRegionCluster + x-cfn-type-name: AWS::MemoryDB::MultiRegionCluster + x-identifiers: + - MultiRegionClusterName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__MultiRegionCluster&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MemoryDB::MultiRegionCluster" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MemoryDB::MultiRegionCluster" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::MemoryDB::MultiRegionCluster" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/multi_region_clusters/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/multi_region_clusters/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/multi_region_clusters/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.MultiRegionClusterNameSuffix') as multi_region_cluster_name_suffix, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.MultiRegionClusterName') as multi_region_cluster_name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.NodeType') as node_type, + JSON_EXTRACT(Properties, '$.NumShards') as num_shards, + JSON_EXTRACT(Properties, '$.MultiRegionParameterGroupName') as multi_region_parameter_group_name, + JSON_EXTRACT(Properties, '$.TLSEnabled') as tls_enabled, + JSON_EXTRACT(Properties, '$.ARN') as arn, + JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UpdateStrategy') as update_strategy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MemoryDB::MultiRegionCluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.MultiRegionClusterNameSuffix') as multi_region_cluster_name_suffix, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.MultiRegionClusterName') as multi_region_cluster_name, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.NodeType') as node_type, + JSON_EXTRACT(detail.Properties, '$.NumShards') as num_shards, + JSON_EXTRACT(detail.Properties, '$.MultiRegionParameterGroupName') as multi_region_parameter_group_name, + JSON_EXTRACT(detail.Properties, '$.TLSEnabled') as tls_enabled, + JSON_EXTRACT(detail.Properties, '$.ARN') as arn, + JSON_EXTRACT(detail.Properties, '$.Engine') as engine, + JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.UpdateStrategy') as update_strategy + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MemoryDB::MultiRegionCluster' + AND detail.data__TypeName = 'AWS::MemoryDB::MultiRegionCluster' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'MultiRegionClusterNameSuffix') as multi_region_cluster_name_suffix, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'MultiRegionClusterName') as multi_region_cluster_name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'NodeType') as node_type, + json_extract_path_text(Properties, 'NumShards') as num_shards, + json_extract_path_text(Properties, 'MultiRegionParameterGroupName') as multi_region_parameter_group_name, + json_extract_path_text(Properties, 'TLSEnabled') as tls_enabled, + json_extract_path_text(Properties, 'ARN') as arn, + json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UpdateStrategy') as update_strategy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::MemoryDB::MultiRegionCluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'MultiRegionClusterNameSuffix') as multi_region_cluster_name_suffix, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'MultiRegionClusterName') as multi_region_cluster_name, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'NodeType') as node_type, + json_extract_path_text(detail.Properties, 'NumShards') as num_shards, + json_extract_path_text(detail.Properties, 'MultiRegionParameterGroupName') as multi_region_parameter_group_name, + json_extract_path_text(detail.Properties, 'TLSEnabled') as tls_enabled, + json_extract_path_text(detail.Properties, 'ARN') as arn, + json_extract_path_text(detail.Properties, 'Engine') as engine, + json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'UpdateStrategy') as update_strategy + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::MemoryDB::MultiRegionCluster' + AND detail.data__TypeName = 'AWS::MemoryDB::MultiRegionCluster' + AND listing.region = 'us-east-1' + multi_region_clusters_list_only: + name: multi_region_clusters_list_only + id: aws.memorydb.multi_region_clusters_list_only + x-cfn-schema-name: MultiRegionCluster + x-cfn-type-name: AWS::MemoryDB::MultiRegionCluster + x-identifiers: + - MultiRegionClusterName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.MultiRegionClusterName') as multi_region_cluster_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MemoryDB::MultiRegionCluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'MultiRegionClusterName') as multi_region_cluster_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::MemoryDB::MultiRegionCluster' + AND region = 'us-east-1' + multi_region_cluster_tags: + name: multi_region_cluster_tags + id: aws.memorydb.multi_region_cluster_tags + x-cfn-schema-name: MultiRegionCluster + x-cfn-type-name: AWS::MemoryDB::MultiRegionCluster + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.MultiRegionClusterNameSuffix') as multi_region_cluster_name_suffix, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.MultiRegionClusterName') as multi_region_cluster_name, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.NodeType') as node_type, + JSON_EXTRACT(detail.Properties, '$.NumShards') as num_shards, + JSON_EXTRACT(detail.Properties, '$.MultiRegionParameterGroupName') as multi_region_parameter_group_name, + JSON_EXTRACT(detail.Properties, '$.TLSEnabled') as tls_enabled, + JSON_EXTRACT(detail.Properties, '$.ARN') as arn, + JSON_EXTRACT(detail.Properties, '$.Engine') as engine, + JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(detail.Properties, '$.UpdateStrategy') as update_strategy + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::MemoryDB::MultiRegionCluster' + AND detail.data__TypeName = 'AWS::MemoryDB::MultiRegionCluster' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'MultiRegionClusterNameSuffix') as multi_region_cluster_name_suffix, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'MultiRegionClusterName') as multi_region_cluster_name, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'NodeType') as node_type, + json_extract_path_text(detail.Properties, 'NumShards') as num_shards, + json_extract_path_text(detail.Properties, 'MultiRegionParameterGroupName') as multi_region_parameter_group_name, + json_extract_path_text(detail.Properties, 'TLSEnabled') as tls_enabled, + json_extract_path_text(detail.Properties, 'ARN') as arn, + json_extract_path_text(detail.Properties, 'Engine') as engine, + json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, + json_extract_path_text(detail.Properties, 'UpdateStrategy') as update_strategy + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::MemoryDB::MultiRegionCluster' + AND detail.data__TypeName = 'AWS::MemoryDB::MultiRegionCluster' + AND listing.region = 'us-east-1' parameter_groups: name: parameter_groups id: aws.memorydb.parameter_groups @@ -2556,6 +3052,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__MultiRegionCluster&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateMultiRegionCluster + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateMultiRegionClusterRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__ParameterGroup&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/msk.yaml b/providers/src/aws/v00.00.00000/services/msk.yaml index 3421e7fa..a0369c83 100644 --- a/providers/src/aws/v00.00.00000/services/msk.yaml +++ b/providers/src/aws/v00.00.00000/services/msk.yaml @@ -815,6 +815,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - kafka:TagResource + - kafka:UntagResource + - kafka:ListTagsForResource x-required-permissions: create: - ec2:DescribeSecurityGroups @@ -1045,6 +1049,9 @@ components: StartingPosition: description: Configuration for specifying the position in the topics to start replicating from. $ref: '#/components/schemas/ReplicationStartingPosition' + TopicNameConfiguration: + description: Configuration for specifying replicated topic names should be the same as their corresponding upstream topics or prefixed with source cluster alias. + $ref: '#/components/schemas/ReplicationTopicNameConfiguration' required: - TopicsToReplicate ReplicationStartingPosition: @@ -1061,6 +1068,20 @@ components: enum: - LATEST - EARLIEST + ReplicationTopicNameConfiguration: + description: Configuration for specifying replicated topic names should be the same as their corresponding upstream topics or prefixed with source cluster alias. + type: object + additionalProperties: false + properties: + Type: + $ref: '#/components/schemas/ReplicationTopicNameConfigurationType' + required: [] + ReplicationTopicNameConfigurationType: + description: The type of replicated topic name. + type: string + enum: + - PREFIXED_WITH_SOURCE_CLUSTER_ALIAS + - IDENTICAL ConsumerGroupReplication: description: Configuration relating to consumer group replication. type: object @@ -1244,7 +1265,11 @@ components: - Description - KafkaClusters - ServiceExecutionRoleArn - - ReplicationInfoList/-/TopicReplication/StartingPosition/Type + - ReplicationInfoList/*/SourceKafkaClusterArn + - ReplicationInfoList/*/TargetKafkaClusterArn + - ReplicationInfoList/*/TargetCompressionType + - ReplicationInfoList/*/TopicReplication/StartingPosition + - ReplicationInfoList/*/TopicReplication/TopicNameConfiguration x-read-only-properties: - ReplicatorArn x-required-properties: @@ -1258,6 +1283,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - kafka:UntagResource + - kafka:ListTagsForResource + - kafka:TagResource x-required-permissions: create: - ec2:CreateNetworkInterface @@ -1460,6 +1489,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - kafka:TagResource + - kafka:UntagResource + - kafka:ListTagsForResource x-required-permissions: create: - ec2:CreateVpcEndpoint diff --git a/providers/src/aws/v00.00.00000/services/mwaa.yaml b/providers/src/aws/v00.00.00000/services/mwaa.yaml index 728ef604..cfa66c5d 100644 --- a/providers/src/aws/v00.00.00000/services/mwaa.yaml +++ b/providers/src/aws/v00.00.00000/services/mwaa.yaml @@ -542,11 +542,11 @@ components: MaxWebservers: type: integer description: Maximum webserver compute units. - minimum: 2 + minimum: 1 MinWebservers: type: integer description: Minimum webserver compute units. - minimum: 2 + minimum: 1 Schedulers: type: integer description: Scheduler compute units. @@ -774,7 +774,15 @@ components: - LoggingConfiguration/TaskLogs/CloudWatchLogGroupArn x-required-properties: - Name - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - airflow:UntagResource + - airflow:TagResource x-required-permissions: create: - airflow:CreateEnvironment diff --git a/providers/src/aws/v00.00.00000/services/neptune.yaml b/providers/src/aws/v00.00.00000/services/neptune.yaml index 33c57208..5ae2c1be 100644 --- a/providers/src/aws/v00.00.00000/services/neptune.yaml +++ b/providers/src/aws/v00.00.00000/services/neptune.yaml @@ -507,7 +507,7 @@ components: description: True if mapping of Amazon Identity and Access Management (IAM) accounts to database accounts is enabled, and otherwise false. type: boolean KmsKeyId: - description: If `StorageEncrypted` is true, the Amazon KMS key identifier for the encrypted DB cluster. + description: The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the database instances in the DB cluster, such as arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. If you enable the StorageEncrypted property but don't specify this property, the default KMS key is used. If you specify this property, you must set the StorageEncrypted property to true. type: string Port: description: 'The port number on which the DB cluster accepts connections. For example: `8182`.' @@ -558,9 +558,13 @@ components: description: |- Indicates whether the DB cluster is encrypted. - If you specify the `DBClusterIdentifier`, `DBSnapshotIdentifier`, or `SourceDBInstanceIdentifier` property, don't specify this property. The value is inherited from the cluster, snapshot, or source DB instance. If you specify the KmsKeyId property, you must enable encryption. + If you specify the KmsKeyId property, then you must enable encryption and set this property to true. - If you specify the KmsKeyId, you must enable encryption by setting StorageEncrypted to true. + If you enable the StorageEncrypted property but don't specify KmsKeyId property, then the default KMS key is used. If you specify KmsKeyId property, then that KMS Key is used to encrypt the database instances in the DB cluster. + + If you specify the SourceDBClusterIdentifier property and don't specify this property or disable it. The value is inherited from the source DB cluster, and if the DB cluster is encrypted, the KmsKeyId property from the source cluster is used. + + If you specify the DBSnapshotIdentifier and don't specify this property or disable it. The value is inherited from the snapshot, and the specified KmsKeyId property from the snapshot is used. type: boolean Tags: type: array @@ -622,6 +626,7 @@ components: x-required-permissions: create: - iam:PassRole + - iam:CreateServiceLinkedRole - rds:AddRoleToDBCluster - rds:AddTagsToResource - rds:CreateDBCluster @@ -631,11 +636,13 @@ components: - rds:ModifyDBCluster - rds:RestoreDBClusterFromSnapshot - rds:RestoreDBClusterToPointInTime - - kms:* + - kms:CreateGrant + - kms:DescribeKey read: - rds:DescribeDBClusters - rds:ListTagsForResource - - kms:* + - kms:CreateGrant + - kms:DescribeKey update: - ec2:DescribeSecurityGroups - iam:PassRole @@ -651,7 +658,8 @@ components: - rds:RemoveFromGlobalCluster - rds:RemoveRoleFromDBCluster - rds:RemoveTagsFromResource - - kms:* + - kms:CreateGrant + - kms:DescribeKey delete: - rds:DeleteDBCluster - rds:DeleteDBInstance @@ -660,11 +668,13 @@ components: - rds:ListTagsForResource - rds:RemoveFromGlobalCluster - rds:CreateDBClusterSnapshot - - kms:* + - kms:CreateGrant + - kms:DescribeKey list: - rds:DescribeDBClusters - rds:ListTagsForResource - - kms:* + - kms:CreateGrant + - kms:DescribeKey CreateDBClusterRequest: properties: ClientToken: @@ -749,7 +759,7 @@ components: description: True if mapping of Amazon Identity and Access Management (IAM) accounts to database accounts is enabled, and otherwise false. type: boolean KmsKeyId: - description: If `StorageEncrypted` is true, the Amazon KMS key identifier for the encrypted DB cluster. + description: The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the database instances in the DB cluster, such as arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. If you enable the StorageEncrypted property but don't specify this property, the default KMS key is used. If you specify this property, you must set the StorageEncrypted property to true. type: string Port: description: 'The port number on which the DB cluster accepts connections. For example: `8182`.' @@ -800,9 +810,13 @@ components: description: |- Indicates whether the DB cluster is encrypted. - If you specify the `DBClusterIdentifier`, `DBSnapshotIdentifier`, or `SourceDBInstanceIdentifier` property, don't specify this property. The value is inherited from the cluster, snapshot, or source DB instance. If you specify the KmsKeyId property, you must enable encryption. + If you specify the KmsKeyId property, then you must enable encryption and set this property to true. + + If you enable the StorageEncrypted property but don't specify KmsKeyId property, then the default KMS key is used. If you specify KmsKeyId property, then that KMS Key is used to encrypt the database instances in the DB cluster. + + If you specify the SourceDBClusterIdentifier property and don't specify this property or disable it. The value is inherited from the source DB cluster, and if the DB cluster is encrypted, the KmsKeyId property from the source cluster is used. - If you specify the KmsKeyId, you must enable encryption by setting StorageEncrypted to true. + If you specify the DBSnapshotIdentifier and don't specify this property or disable it. The value is inherited from the snapshot, and the specified KmsKeyId property from the snapshot is used. type: boolean Tags: type: array diff --git a/providers/src/aws/v00.00.00000/services/networkfirewall.yaml b/providers/src/aws/v00.00.00000/services/networkfirewall.yaml index 4b34f6e4..99bfb70d 100644 --- a/providers/src/aws/v00.00.00000/services/networkfirewall.yaml +++ b/providers/src/aws/v00.00.00000/services/networkfirewall.yaml @@ -497,6 +497,14 @@ components: - SubnetMappings x-tagging: taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - network-firewall:TagResource + - network-firewall:UntagResource + - network-firewall:ListTagsForResource x-required-permissions: create: - ec2:CreateVpcEndpoint @@ -513,7 +521,7 @@ components: - network-firewall:DescribeFirewall read: - network-firewall:DescribeFirewall - - network-firewall:ListTagsForResources + - network-firewall:ListTagsForResource update: - network-firewall:AssociateSubnets - network-firewall:DisassociateSubnets @@ -583,6 +591,14 @@ components: - FirewallPolicy x-tagging: taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - network-firewall:TagResource + - network-firewall:UntagResource + - network-firewall:ListTagsForResource x-required-permissions: create: - network-firewall:CreateFirewallPolicy @@ -723,6 +739,14 @@ components: $ref: '#/components/schemas/RuleOrder' StreamExceptionPolicy: $ref: '#/components/schemas/StreamExceptionPolicy' + FlowTimeouts: + type: object + properties: + TcpIdleTimeoutSeconds: + type: integer + minimum: 60 + maximum: 6000 + additionalProperties: false additionalProperties: false RuleOrder: type: string @@ -802,10 +826,6 @@ components: - logs:GetLogDelivery - network-firewall:UpdateLoggingConfiguration - network-firewall:DescribeLoggingConfiguration - list: - - logs:GetLogDelivery - - logs:ListLogDeliveries - - network-firewall:DescribeLoggingConfiguration LogDestinationConfig: type: object properties: @@ -814,6 +834,7 @@ components: enum: - ALERT - FLOW + - TLS LogDestinationType: type: string enum: @@ -896,6 +917,14 @@ components: - RuleGroupName x-tagging: taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - network-firewall:TagResource + - network-firewall:UntagResource + - network-firewall:ListTagsForResource x-required-permissions: create: - network-firewall:CreateRuleGroup @@ -1293,6 +1322,14 @@ components: - TLSInspectionConfiguration x-tagging: taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - network-firewall:TagResource + - network-firewall:UntagResource + - network-firewall:ListTagsForResource x-required-permissions: create: - iam:CreateServiceLinkedRole @@ -2142,77 +2179,16 @@ components: AND data__Identifier = '' AND region = 'us-east-1' fallback: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - detail.region, - JSON_EXTRACT(detail.Properties, '$.FirewallName') as firewall_name, - JSON_EXTRACT(detail.Properties, '$.FirewallArn') as firewall_arn, - JSON_EXTRACT(detail.Properties, '$.LoggingConfiguration') as logging_configuration - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::NetworkFirewall::LoggingConfiguration' - AND detail.data__TypeName = 'AWS::NetworkFirewall::LoggingConfiguration' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - json_extract_path_text(Properties, 'FirewallName') as firewall_name, - json_extract_path_text(Properties, 'FirewallArn') as firewall_arn, - json_extract_path_text(Properties, 'LoggingConfiguration') as logging_configuration - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkFirewall::LoggingConfiguration' - AND data__Identifier = '' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(detail.Properties, 'FirewallName') as firewall_name, - json_extract_path_text(detail.Properties, 'FirewallArn') as firewall_arn, - json_extract_path_text(detail.Properties, 'LoggingConfiguration') as logging_configuration - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::NetworkFirewall::LoggingConfiguration' - AND detail.data__TypeName = 'AWS::NetworkFirewall::LoggingConfiguration' - AND listing.region = 'us-east-1' - logging_configurations_list_only: - name: logging_configurations_list_only - id: aws.networkfirewall.logging_configurations_list_only - x-cfn-schema-name: LoggingConfiguration - x-cfn-type-name: AWS::NetworkFirewall::LoggingConfiguration - x-identifiers: - - FirewallArn - x-type: cloud_control_view - methods: {} - sqlVerbs: - insert: [] - delete: [] - update: [] - config: - views: - select: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - region, - JSON_EXTRACT(Properties, '$.FirewallArn') as firewall_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkFirewall::LoggingConfiguration' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] ddl: |- SELECT region, - json_extract_path_text(Properties, 'FirewallArn') as firewall_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkFirewall::LoggingConfiguration' + data__Identifier, + json_extract_path_text(Properties, 'FirewallName') as firewall_name, + json_extract_path_text(Properties, 'FirewallArn') as firewall_arn, + json_extract_path_text(Properties, 'LoggingConfiguration') as logging_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkFirewall::LoggingConfiguration' + AND data__Identifier = '' AND region = 'us-east-1' rule_groups: name: rule_groups diff --git a/providers/src/aws/v00.00.00000/services/networkmanager.yaml b/providers/src/aws/v00.00.00000/services/networkmanager.yaml index f5d11c2c..a511296c 100644 --- a/providers/src/aws/v00.00.00000/services/networkmanager.yaml +++ b/providers/src/aws/v00.00.00000/services/networkmanager.yaml @@ -403,6 +403,24 @@ components: description: The name of the segment to change. type: string additionalProperties: false + ProposedNetworkFunctionGroupChange: + description: The attachment to move from one network function group to another. + type: object + properties: + Tags: + description: The key-value tags that changed for the network function group. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + AttachmentPolicyRuleNumber: + description: The rule number in the policy document that applies to this change. + type: integer + NetworkFunctionGroupName: + description: The name of the network function group to change. + type: string + additionalProperties: false Tag: description: A key-value pair to associate with a resource. type: object @@ -461,6 +479,12 @@ components: ProposedSegmentChange: description: The attachment to move from one segment to another. $ref: '#/components/schemas/ProposedSegmentChange' + NetworkFunctionGroupName: + description: The name of the network function group attachment. + type: string + ProposedNetworkFunctionGroupChange: + description: The attachment to move from one network function group to another. + $ref: '#/components/schemas/ProposedNetworkFunctionGroupChange' Tags: description: Tags for the attachment. type: array @@ -517,6 +541,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource x-required-permissions: create: - networkmanager:GetConnectAttachment @@ -675,6 +703,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource x-required-permissions: create: - networkmanager:GetConnectPeer @@ -714,6 +746,35 @@ components: type: string description: The shared segments of a core network. additionalProperties: false + CoreNetworkNetworkFunctionGroup: + type: object + properties: + Name: + type: string + description: Name of network function group + EdgeLocations: + type: array + x-insertionOrder: false + items: + type: string + description: The Regions where the edges are located. + Segments: + type: object + properties: + SendTo: + type: array + x-insertionOrder: false + items: + type: string + description: The send-to segments. + SendVia: + type: array + x-insertionOrder: false + items: + type: string + description: The send-via segments. + additionalProperties: false + additionalProperties: false CoreNetworkEdge: type: object properties: @@ -760,6 +821,12 @@ components: x-insertionOrder: false items: $ref: '#/components/schemas/CoreNetworkSegment' + NetworkFunctionGroups: + description: The network function groups within a core network. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CoreNetworkNetworkFunctionGroup' Edges: description: The edges within a core network. type: array @@ -795,6 +862,7 @@ components: - CreatedAt - State - Segments + - NetworkFunctionGroups - Edges x-required-properties: - GlobalNetworkId @@ -804,6 +872,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource x-required-permissions: create: - networkmanager:CreateCoreNetwork @@ -980,6 +1052,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource x-required-permissions: create: - networkmanager:CreateDevice @@ -998,6 +1074,131 @@ components: - networkmanager:DeleteDevice list: - networkmanager:GetDevices + DirectConnectGatewayAttachment: + type: object + properties: + CoreNetworkId: + description: The ID of a core network for the Direct Connect Gateway attachment. + type: string + CoreNetworkArn: + description: The ARN of a core network for the Direct Connect Gateway attachment. + type: string + AttachmentId: + description: Id of the attachment. + type: string + OwnerAccountId: + description: Owner account of the attachment. + type: string + AttachmentType: + description: Attachment type. + type: string + State: + description: State of the attachment. + type: string + EdgeLocations: + description: The Regions where the edges are located. + type: array + x-insertionOrder: false + items: + type: string + DirectConnectGatewayArn: + description: The ARN of the Direct Connect Gateway. + type: string + ResourceArn: + description: The ARN of the Resource. + type: string + AttachmentPolicyRuleNumber: + description: The policy rule number associated with the attachment. + type: integer + SegmentName: + description: The name of the segment attachment.. + type: string + ProposedSegmentChange: + description: The attachment to move from one segment to another. + $ref: '#/components/schemas/ProposedSegmentChange' + NetworkFunctionGroupName: + description: The name of the network function group attachment. + type: string + ProposedNetworkFunctionGroupChange: + description: The attachment to move from one network function group to another. + $ref: '#/components/schemas/ProposedNetworkFunctionGroupChange' + Tags: + description: Tags for the attachment. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + CreatedAt: + description: Creation time of the attachment. + type: string + UpdatedAt: + description: Last update time of the attachment. + type: string + required: + - CoreNetworkId + - DirectConnectGatewayArn + - EdgeLocations + x-stackql-resource-name: direct_connect_gateway_attachment + description: AWS::NetworkManager::DirectConnectGatewayAttachment Resource Type + x-type-name: AWS::NetworkManager::DirectConnectGatewayAttachment + x-stackql-primary-identifier: + - AttachmentId + x-stackql-additional-identifiers: + - - CoreNetworkId + - DirectConnectGatewayArn + x-create-only-properties: + - CoreNetworkId + - DirectConnectGatewayArn + x-read-only-properties: + - CoreNetworkArn + - CreatedAt + - UpdatedAt + - AttachmentType + - State + - AttachmentId + - OwnerAccountId + - AttachmentPolicyRuleNumber + - SegmentName + - NetworkFunctionGroupName + - ResourceArn + x-required-properties: + - CoreNetworkId + - DirectConnectGatewayArn + - EdgeLocations + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource + x-required-permissions: + create: + - networkmanager:CreateDirectConnectGatewayAttachment + - networkmanager:GetDirectConnectGatewayAttachment + - networkmanager:TagResource + - ec2:DescribeRegions + - iam:CreateServiceLinkedRole + read: + - networkmanager:GetDirectConnectGatewayAttachment + update: + - networkmanager:UpdateDirectConnectGatewayAttachment + - networkmanager:GetDirectConnectGatewayAttachment + - networkmanager:ListTagsForResource + - networkmanager:TagResource + - networkmanager:UntagResource + - ec2:DescribeRegions + delete: + - networkmanager:DeleteAttachment + - networkmanager:GetDirectConnectGatewayAttachment + - networkmanager:UntagResource + - ec2:DescribeRegions + list: + - networkmanager:ListAttachments GlobalNetwork: type: object properties: @@ -1039,6 +1240,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource x-required-permissions: create: - networkmanager:CreateGlobalNetwork @@ -1139,6 +1344,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource x-required-permissions: create: - networkmanager:CreateLink @@ -1259,6 +1468,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource x-required-permissions: create: - networkmanager:CreateSite @@ -1313,6 +1526,12 @@ components: ProposedSegmentChange: description: The attachment to move from one segment to another. $ref: '#/components/schemas/ProposedSegmentChange' + NetworkFunctionGroupName: + description: The name of the network function group attachment. + type: string + ProposedNetworkFunctionGroupChange: + description: The attachment to move from one network function group to another. + $ref: '#/components/schemas/ProposedNetworkFunctionGroupChange' Tags: description: Tags for the attachment. type: array @@ -1364,6 +1583,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource x-required-permissions: create: - networkmanager:GetSiteToSiteVpnAttachment @@ -1457,6 +1680,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource x-required-permissions: create: - networkmanager:CreateTransitGatewayPeering @@ -1468,7 +1695,6 @@ components: - ec2:DescribeRegions read: - networkmanager:GetTransitGatewayPeering - - networkmanager:TagResource update: - networkmanager:TagResource - networkmanager:UntagResource @@ -1563,6 +1789,12 @@ components: ProposedSegmentChange: description: The attachment to move from one segment to another. $ref: '#/components/schemas/ProposedSegmentChange' + NetworkFunctionGroupName: + description: The name of the network function group attachment. + type: string + ProposedNetworkFunctionGroupChange: + description: The attachment to move from one network function group to another. + $ref: '#/components/schemas/ProposedNetworkFunctionGroupChange' CreatedAt: description: Creation time of the attachment. type: string @@ -1609,6 +1841,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource x-required-permissions: create: - networkmanager:CreateTransitGatewayRouteTableAttachment @@ -1682,6 +1918,12 @@ components: ProposedSegmentChange: description: The attachment to move from one segment to another. $ref: '#/components/schemas/ProposedSegmentChange' + NetworkFunctionGroupName: + description: The name of the network function group attachment. + type: string + ProposedNetworkFunctionGroupChange: + description: The attachment to move from one network function group to another. + $ref: '#/components/schemas/ProposedNetworkFunctionGroupChange' Tags: description: Tags for the attachment. type: array @@ -1730,6 +1972,7 @@ components: - EdgeLocation - AttachmentPolicyRuleNumber - SegmentName + - NetworkFunctionGroupName - ResourceArn x-required-properties: - CoreNetworkId @@ -1741,6 +1984,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - networkmanager:TagResource + - networkmanager:UntagResource + - networkmanager:ListTagsForResource x-required-permissions: create: - networkmanager:CreateVpcAttachment @@ -1810,6 +2057,12 @@ components: ProposedSegmentChange: description: The attachment to move from one segment to another. $ref: '#/components/schemas/ProposedSegmentChange' + NetworkFunctionGroupName: + description: The name of the network function group attachment. + type: string + ProposedNetworkFunctionGroupChange: + description: The attachment to move from one network function group to another. + $ref: '#/components/schemas/ProposedNetworkFunctionGroupChange' Tags: description: Tags for the attachment. type: array @@ -1936,6 +2189,12 @@ components: x-insertionOrder: false items: $ref: '#/components/schemas/CoreNetworkSegment' + NetworkFunctionGroups: + description: The network function groups within a core network. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CoreNetworkNetworkFunctionGroup' Edges: description: The edges within a core network. type: array @@ -2048,6 +2307,81 @@ components: x-title: CreateDeviceRequest type: object required: [] + CreateDirectConnectGatewayAttachmentRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + CoreNetworkId: + description: The ID of a core network for the Direct Connect Gateway attachment. + type: string + CoreNetworkArn: + description: The ARN of a core network for the Direct Connect Gateway attachment. + type: string + AttachmentId: + description: Id of the attachment. + type: string + OwnerAccountId: + description: Owner account of the attachment. + type: string + AttachmentType: + description: Attachment type. + type: string + State: + description: State of the attachment. + type: string + EdgeLocations: + description: The Regions where the edges are located. + type: array + x-insertionOrder: false + items: + type: string + DirectConnectGatewayArn: + description: The ARN of the Direct Connect Gateway. + type: string + ResourceArn: + description: The ARN of the Resource. + type: string + AttachmentPolicyRuleNumber: + description: The policy rule number associated with the attachment. + type: integer + SegmentName: + description: The name of the segment attachment.. + type: string + ProposedSegmentChange: + description: The attachment to move from one segment to another. + $ref: '#/components/schemas/ProposedSegmentChange' + NetworkFunctionGroupName: + description: The name of the network function group attachment. + type: string + ProposedNetworkFunctionGroupChange: + description: The attachment to move from one network function group to another. + $ref: '#/components/schemas/ProposedNetworkFunctionGroupChange' + Tags: + description: Tags for the attachment. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + CreatedAt: + description: Creation time of the attachment. + type: string + UpdatedAt: + description: Last update time of the attachment. + type: string + x-stackQL-stringOnly: true + x-title: CreateDirectConnectGatewayAttachmentRequest + type: object + required: [] CreateGlobalNetworkRequest: properties: ClientToken: @@ -2258,6 +2592,12 @@ components: ProposedSegmentChange: description: The attachment to move from one segment to another. $ref: '#/components/schemas/ProposedSegmentChange' + NetworkFunctionGroupName: + description: The name of the network function group attachment. + type: string + ProposedNetworkFunctionGroupChange: + description: The attachment to move from one network function group to another. + $ref: '#/components/schemas/ProposedNetworkFunctionGroupChange' Tags: description: Tags for the attachment. type: array @@ -2410,6 +2750,12 @@ components: ProposedSegmentChange: description: The attachment to move from one segment to another. $ref: '#/components/schemas/ProposedSegmentChange' + NetworkFunctionGroupName: + description: The name of the network function group attachment. + type: string + ProposedNetworkFunctionGroupChange: + description: The attachment to move from one network function group to another. + $ref: '#/components/schemas/ProposedNetworkFunctionGroupChange' CreatedAt: description: Creation time of the attachment. type: string @@ -2476,6 +2822,12 @@ components: ProposedSegmentChange: description: The attachment to move from one segment to another. $ref: '#/components/schemas/ProposedSegmentChange' + NetworkFunctionGroupName: + description: The name of the network function group attachment. + type: string + ProposedNetworkFunctionGroupChange: + description: The attachment to move from one network function group to another. + $ref: '#/components/schemas/ProposedNetworkFunctionGroupChange' Tags: description: Tags for the attachment. type: array @@ -2584,6 +2936,8 @@ components: JSON_EXTRACT(Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, JSON_EXTRACT(Properties, '$.SegmentName') as segment_name, JSON_EXTRACT(Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, @@ -2608,6 +2962,8 @@ components: JSON_EXTRACT(detail.Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, JSON_EXTRACT(detail.Properties, '$.SegmentName') as segment_name, JSON_EXTRACT(detail.Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(detail.Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(detail.Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, @@ -2637,6 +2993,8 @@ components: json_extract_path_text(Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, json_extract_path_text(Properties, 'SegmentName') as segment_name, json_extract_path_text(Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'UpdatedAt') as updated_at, @@ -2661,6 +3019,8 @@ components: json_extract_path_text(detail.Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, json_extract_path_text(detail.Properties, 'SegmentName') as segment_name, json_extract_path_text(detail.Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(detail.Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(detail.Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, @@ -2735,6 +3095,8 @@ components: JSON_EXTRACT(detail.Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, JSON_EXTRACT(detail.Properties, '$.SegmentName') as segment_name, JSON_EXTRACT(detail.Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(detail.Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(detail.Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, JSON_EXTRACT(detail.Properties, '$.TransportAttachmentId') as transport_attachment_id, @@ -2765,6 +3127,8 @@ components: json_extract_path_text(detail.Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, json_extract_path_text(detail.Properties, 'SegmentName') as segment_name, json_extract_path_text(detail.Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(detail.Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(detail.Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, json_extract_path_text(detail.Properties, 'TransportAttachmentId') as transport_attachment_id, @@ -3097,6 +3461,7 @@ components: JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.State') as state, JSON_EXTRACT(Properties, '$.Segments') as segments, + JSON_EXTRACT(Properties, '$.NetworkFunctionGroups') as network_function_groups, JSON_EXTRACT(Properties, '$.Edges') as edges, JSON_EXTRACT(Properties, '$.OwnerAccount') as owner_account, JSON_EXTRACT(Properties, '$.Tags') as tags @@ -3116,6 +3481,7 @@ components: JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.State') as state, JSON_EXTRACT(detail.Properties, '$.Segments') as segments, + JSON_EXTRACT(detail.Properties, '$.NetworkFunctionGroups') as network_function_groups, JSON_EXTRACT(detail.Properties, '$.Edges') as edges, JSON_EXTRACT(detail.Properties, '$.OwnerAccount') as owner_account, JSON_EXTRACT(detail.Properties, '$.Tags') as tags @@ -3140,6 +3506,7 @@ components: json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'State') as state, json_extract_path_text(Properties, 'Segments') as segments, + json_extract_path_text(Properties, 'NetworkFunctionGroups') as network_function_groups, json_extract_path_text(Properties, 'Edges') as edges, json_extract_path_text(Properties, 'OwnerAccount') as owner_account, json_extract_path_text(Properties, 'Tags') as tags @@ -3159,6 +3526,7 @@ components: json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'State') as state, json_extract_path_text(detail.Properties, 'Segments') as segments, + json_extract_path_text(detail.Properties, 'NetworkFunctionGroups') as network_function_groups, json_extract_path_text(detail.Properties, 'Edges') as edges, json_extract_path_text(detail.Properties, 'OwnerAccount') as owner_account, json_extract_path_text(detail.Properties, 'Tags') as tags @@ -3228,6 +3596,7 @@ components: JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.State') as state, JSON_EXTRACT(detail.Properties, '$.Segments') as segments, + JSON_EXTRACT(detail.Properties, '$.NetworkFunctionGroups') as network_function_groups, JSON_EXTRACT(detail.Properties, '$.Edges') as edges, JSON_EXTRACT(detail.Properties, '$.OwnerAccount') as owner_account FROM aws.cloud_control.resources listing @@ -3253,6 +3622,7 @@ components: json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'State') as state, json_extract_path_text(detail.Properties, 'Segments') as segments, + json_extract_path_text(detail.Properties, 'NetworkFunctionGroups') as network_function_groups, json_extract_path_text(detail.Properties, 'Edges') as edges, json_extract_path_text(detail.Properties, 'OwnerAccount') as owner_account FROM aws.cloud_control.resources listing @@ -3659,6 +4029,279 @@ components: WHERE listing.data__TypeName = 'AWS::NetworkManager::Device' AND detail.data__TypeName = 'AWS::NetworkManager::Device' AND listing.region = 'us-east-1' + direct_connect_gateway_attachments: + name: direct_connect_gateway_attachments + id: aws.networkmanager.direct_connect_gateway_attachments + x-cfn-schema-name: DirectConnectGatewayAttachment + x-cfn-type-name: AWS::NetworkManager::DirectConnectGatewayAttachment + x-identifiers: + - AttachmentId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DirectConnectGatewayAttachment&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::NetworkManager::DirectConnectGatewayAttachment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::NetworkManager::DirectConnectGatewayAttachment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::NetworkManager::DirectConnectGatewayAttachment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/direct_connect_gateway_attachments/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/direct_connect_gateway_attachments/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/direct_connect_gateway_attachments/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CoreNetworkId') as core_network_id, + JSON_EXTRACT(Properties, '$.CoreNetworkArn') as core_network_arn, + JSON_EXTRACT(Properties, '$.AttachmentId') as attachment_id, + JSON_EXTRACT(Properties, '$.OwnerAccountId') as owner_account_id, + JSON_EXTRACT(Properties, '$.AttachmentType') as attachment_type, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.EdgeLocations') as edge_locations, + JSON_EXTRACT(Properties, '$.DirectConnectGatewayArn') as direct_connect_gateway_arn, + JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + JSON_EXTRACT(Properties, '$.SegmentName') as segment_name, + JSON_EXTRACT(Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::DirectConnectGatewayAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.CoreNetworkId') as core_network_id, + JSON_EXTRACT(detail.Properties, '$.CoreNetworkArn') as core_network_arn, + JSON_EXTRACT(detail.Properties, '$.AttachmentId') as attachment_id, + JSON_EXTRACT(detail.Properties, '$.OwnerAccountId') as owner_account_id, + JSON_EXTRACT(detail.Properties, '$.AttachmentType') as attachment_type, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.EdgeLocations') as edge_locations, + JSON_EXTRACT(detail.Properties, '$.DirectConnectGatewayArn') as direct_connect_gateway_arn, + JSON_EXTRACT(detail.Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(detail.Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + JSON_EXTRACT(detail.Properties, '$.SegmentName') as segment_name, + JSON_EXTRACT(detail.Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(detail.Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(detail.Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::NetworkManager::DirectConnectGatewayAttachment' + AND detail.data__TypeName = 'AWS::NetworkManager::DirectConnectGatewayAttachment' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CoreNetworkId') as core_network_id, + json_extract_path_text(Properties, 'CoreNetworkArn') as core_network_arn, + json_extract_path_text(Properties, 'AttachmentId') as attachment_id, + json_extract_path_text(Properties, 'OwnerAccountId') as owner_account_id, + json_extract_path_text(Properties, 'AttachmentType') as attachment_type, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'EdgeLocations') as edge_locations, + json_extract_path_text(Properties, 'DirectConnectGatewayArn') as direct_connect_gateway_arn, + json_extract_path_text(Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + json_extract_path_text(Properties, 'SegmentName') as segment_name, + json_extract_path_text(Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NetworkManager::DirectConnectGatewayAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'CoreNetworkId') as core_network_id, + json_extract_path_text(detail.Properties, 'CoreNetworkArn') as core_network_arn, + json_extract_path_text(detail.Properties, 'AttachmentId') as attachment_id, + json_extract_path_text(detail.Properties, 'OwnerAccountId') as owner_account_id, + json_extract_path_text(detail.Properties, 'AttachmentType') as attachment_type, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'EdgeLocations') as edge_locations, + json_extract_path_text(detail.Properties, 'DirectConnectGatewayArn') as direct_connect_gateway_arn, + json_extract_path_text(detail.Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(detail.Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + json_extract_path_text(detail.Properties, 'SegmentName') as segment_name, + json_extract_path_text(detail.Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(detail.Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(detail.Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::NetworkManager::DirectConnectGatewayAttachment' + AND detail.data__TypeName = 'AWS::NetworkManager::DirectConnectGatewayAttachment' + AND listing.region = 'us-east-1' + direct_connect_gateway_attachments_list_only: + name: direct_connect_gateway_attachments_list_only + id: aws.networkmanager.direct_connect_gateway_attachments_list_only + x-cfn-schema-name: DirectConnectGatewayAttachment + x-cfn-type-name: AWS::NetworkManager::DirectConnectGatewayAttachment + x-identifiers: + - AttachmentId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AttachmentId') as attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::DirectConnectGatewayAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AttachmentId') as attachment_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NetworkManager::DirectConnectGatewayAttachment' + AND region = 'us-east-1' + direct_connect_gateway_attachment_tags: + name: direct_connect_gateway_attachment_tags + id: aws.networkmanager.direct_connect_gateway_attachment_tags + x-cfn-schema-name: DirectConnectGatewayAttachment + x-cfn-type-name: AWS::NetworkManager::DirectConnectGatewayAttachment + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.CoreNetworkId') as core_network_id, + JSON_EXTRACT(detail.Properties, '$.CoreNetworkArn') as core_network_arn, + JSON_EXTRACT(detail.Properties, '$.AttachmentId') as attachment_id, + JSON_EXTRACT(detail.Properties, '$.OwnerAccountId') as owner_account_id, + JSON_EXTRACT(detail.Properties, '$.AttachmentType') as attachment_type, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.EdgeLocations') as edge_locations, + JSON_EXTRACT(detail.Properties, '$.DirectConnectGatewayArn') as direct_connect_gateway_arn, + JSON_EXTRACT(detail.Properties, '$.ResourceArn') as resource_arn, + JSON_EXTRACT(detail.Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + JSON_EXTRACT(detail.Properties, '$.SegmentName') as segment_name, + JSON_EXTRACT(detail.Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(detail.Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(detail.Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::NetworkManager::DirectConnectGatewayAttachment' + AND detail.data__TypeName = 'AWS::NetworkManager::DirectConnectGatewayAttachment' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'CoreNetworkId') as core_network_id, + json_extract_path_text(detail.Properties, 'CoreNetworkArn') as core_network_arn, + json_extract_path_text(detail.Properties, 'AttachmentId') as attachment_id, + json_extract_path_text(detail.Properties, 'OwnerAccountId') as owner_account_id, + json_extract_path_text(detail.Properties, 'AttachmentType') as attachment_type, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'EdgeLocations') as edge_locations, + json_extract_path_text(detail.Properties, 'DirectConnectGatewayArn') as direct_connect_gateway_arn, + json_extract_path_text(detail.Properties, 'ResourceArn') as resource_arn, + json_extract_path_text(detail.Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, + json_extract_path_text(detail.Properties, 'SegmentName') as segment_name, + json_extract_path_text(detail.Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(detail.Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(detail.Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::NetworkManager::DirectConnectGatewayAttachment' + AND detail.data__TypeName = 'AWS::NetworkManager::DirectConnectGatewayAttachment' + AND listing.region = 'us-east-1' global_networks: name: global_networks id: aws.networkmanager.global_networks @@ -4541,6 +5184,8 @@ components: JSON_EXTRACT(Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, JSON_EXTRACT(Properties, '$.SegmentName') as segment_name, JSON_EXTRACT(Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, @@ -4564,6 +5209,8 @@ components: JSON_EXTRACT(detail.Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, JSON_EXTRACT(detail.Properties, '$.SegmentName') as segment_name, JSON_EXTRACT(detail.Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(detail.Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(detail.Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, @@ -4592,6 +5239,8 @@ components: json_extract_path_text(Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, json_extract_path_text(Properties, 'SegmentName') as segment_name, json_extract_path_text(Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'UpdatedAt') as updated_at, @@ -4615,6 +5264,8 @@ components: json_extract_path_text(detail.Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, json_extract_path_text(detail.Properties, 'SegmentName') as segment_name, json_extract_path_text(detail.Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(detail.Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(detail.Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, @@ -4688,6 +5339,8 @@ components: JSON_EXTRACT(detail.Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, JSON_EXTRACT(detail.Properties, '$.SegmentName') as segment_name, JSON_EXTRACT(detail.Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(detail.Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(detail.Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, JSON_EXTRACT(detail.Properties, '$.VpnConnectionArn') as vpn_connection_arn @@ -4717,6 +5370,8 @@ components: json_extract_path_text(detail.Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, json_extract_path_text(detail.Properties, 'SegmentName') as segment_name, json_extract_path_text(detail.Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(detail.Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(detail.Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, json_extract_path_text(detail.Properties, 'VpnConnectionArn') as vpn_connection_arn @@ -5176,6 +5831,8 @@ components: JSON_EXTRACT(Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, JSON_EXTRACT(Properties, '$.SegmentName') as segment_name, JSON_EXTRACT(Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, JSON_EXTRACT(Properties, '$.Tags') as tags @@ -5200,6 +5857,8 @@ components: JSON_EXTRACT(detail.Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, JSON_EXTRACT(detail.Properties, '$.SegmentName') as segment_name, JSON_EXTRACT(detail.Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(detail.Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(detail.Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, JSON_EXTRACT(detail.Properties, '$.Tags') as tags @@ -5229,6 +5888,8 @@ components: json_extract_path_text(Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, json_extract_path_text(Properties, 'SegmentName') as segment_name, json_extract_path_text(Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'UpdatedAt') as updated_at, json_extract_path_text(Properties, 'Tags') as tags @@ -5253,6 +5914,8 @@ components: json_extract_path_text(detail.Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, json_extract_path_text(detail.Properties, 'SegmentName') as segment_name, json_extract_path_text(detail.Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(detail.Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(detail.Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, json_extract_path_text(detail.Properties, 'Tags') as tags @@ -5327,6 +5990,8 @@ components: JSON_EXTRACT(detail.Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, JSON_EXTRACT(detail.Properties, '$.SegmentName') as segment_name, JSON_EXTRACT(detail.Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(detail.Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(detail.Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at FROM aws.cloud_control.resources listing @@ -5357,6 +6022,8 @@ components: json_extract_path_text(detail.Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, json_extract_path_text(detail.Properties, 'SegmentName') as segment_name, json_extract_path_text(detail.Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(detail.Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(detail.Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at FROM aws.cloud_control.resources listing @@ -5442,6 +6109,8 @@ components: JSON_EXTRACT(Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, JSON_EXTRACT(Properties, '$.SegmentName') as segment_name, JSON_EXTRACT(Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, @@ -5467,6 +6136,8 @@ components: JSON_EXTRACT(detail.Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, JSON_EXTRACT(detail.Properties, '$.SegmentName') as segment_name, JSON_EXTRACT(detail.Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(detail.Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(detail.Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, @@ -5497,6 +6168,8 @@ components: json_extract_path_text(Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, json_extract_path_text(Properties, 'SegmentName') as segment_name, json_extract_path_text(Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'UpdatedAt') as updated_at, @@ -5522,6 +6195,8 @@ components: json_extract_path_text(detail.Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, json_extract_path_text(detail.Properties, 'SegmentName') as segment_name, json_extract_path_text(detail.Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(detail.Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(detail.Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, @@ -5597,6 +6272,8 @@ components: JSON_EXTRACT(detail.Properties, '$.AttachmentPolicyRuleNumber') as attachment_policy_rule_number, JSON_EXTRACT(detail.Properties, '$.SegmentName') as segment_name, JSON_EXTRACT(detail.Properties, '$.ProposedSegmentChange') as proposed_segment_change, + JSON_EXTRACT(detail.Properties, '$.NetworkFunctionGroupName') as network_function_group_name, + JSON_EXTRACT(detail.Properties, '$.ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, JSON_EXTRACT(detail.Properties, '$.SubnetArns') as subnet_arns, @@ -5628,6 +6305,8 @@ components: json_extract_path_text(detail.Properties, 'AttachmentPolicyRuleNumber') as attachment_policy_rule_number, json_extract_path_text(detail.Properties, 'SegmentName') as segment_name, json_extract_path_text(detail.Properties, 'ProposedSegmentChange') as proposed_segment_change, + json_extract_path_text(detail.Properties, 'NetworkFunctionGroupName') as network_function_group_name, + json_extract_path_text(detail.Properties, 'ProposedNetworkFunctionGroupChange') as proposed_network_function_group_change, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, json_extract_path_text(detail.Properties, 'SubnetArns') as subnet_arns, @@ -5993,6 +6672,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__DirectConnectGatewayAttachment&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDirectConnectGatewayAttachment + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDirectConnectGatewayAttachmentRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__GlobalNetwork&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/nimblestudio.yaml b/providers/src/aws/v00.00.00000/services/nimblestudio.yaml deleted file mode 100644 index 4b5ca805..00000000 --- a/providers/src/aws/v00.00.00000/services/nimblestudio.yaml +++ /dev/null @@ -1,2747 +0,0 @@ -openapi: 3.0.0 -info: - title: NimbleStudio - version: 2.0.0 - x-serviceName: cloudcontrolapi -servers: - - url: https://cloudcontrolapi.{region}.amazonaws.com - variables: - region: - description: The AWS region - enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 - description: The CloudControlApi multi-region endpoint - - url: https://cloudcontrolapi.{region}.amazonaws.com.cn - variables: - region: - description: The AWS region - enum: - - cn-north-1 - - cn-northwest-1 - default: cn-north-1 - description: The CloudControlApi endpoint for China (Beijing) and China (Ningxia) -components: - parameters: - X-Amz-Content-Sha256: - name: X-Amz-Content-Sha256 - in: header - schema: - type: string - required: false - X-Amz-Date: - name: X-Amz-Date - in: header - schema: - type: string - required: false - X-Amz-Algorithm: - name: X-Amz-Algorithm - in: header - schema: - type: string - required: false - X-Amz-Credential: - name: X-Amz-Credential - in: header - schema: - type: string - required: false - X-Amz-Security-Token: - name: X-Amz-Security-Token - in: header - schema: - type: string - required: false - X-Amz-Signature: - name: X-Amz-Signature - in: header - schema: - type: string - required: false - X-Amz-SignedHeaders: - name: X-Amz-SignedHeaders - in: header - schema: - type: string - required: false - x-cloud-control-schemas: - AlreadyExistsException: {} - CancelResourceRequestInput: - properties: - RequestToken: - $ref: '#/components/x-cloud-control-schemas/RequestToken' - required: - - RequestToken - title: CancelResourceRequestInput - type: object - CancelResourceRequestOutput: - properties: - ProgressEvent: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - type: object - ClientToken: - maxLength: 128 - minLength: 1 - pattern: '[-A-Za-z0-9+/=]+' - type: string - ClientTokenConflictException: {} - ConcurrentModificationException: {} - ConcurrentOperationException: {} - CreateResourceInput: - properties: - ClientToken: - type: string - DesiredState: - allOf: - - $ref: '#/components/x-cloud-control-schemas/Properties' - - description: >- -

Structured data format representing the desired state of the resource, consisting of that resource's properties and their desired values.

Cloud Control API currently supports JSON as a structured data format.

 
 <p>Specify the desired state as one of the following:</p> <ul> <li> <p>A JSON blob</p> </li> <li> <p>A local path containing the desired state in JSON data format</p>
-                </li> </ul> <p>For more information, see <a href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-create.html#resource-operations-create-desiredstate">Composing the desired state of the resource</a> in the <i>Amazon Web Services Cloud Control API User Guide</i>.</p> <p>For more information about the properties of a specific resource, refer to the related topic for the resource in the
-                <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Resource and property types reference</a> in the <i>CloudFormation Users Guide</i>.</p>
- RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - required: - - DesiredState - title: CreateResourceInput - type: object - CreateResourceOutput: - properties: - ProgressEvent: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - type: object - DeleteResourceInput: - properties: - ClientToken: - type: string - Identifier: - $ref: '#/components/x-cloud-control-schemas/Identifier' - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - required: - - Identifier - title: DeleteResourceInput - type: object - DeleteResourceOutput: - properties: - ProgressEvent: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - type: object - GeneralServiceException: {} - GetResourceInput: - properties: - TypeName: - $ref: '#/components/x-cloud-control-schemas/TypeName' - Identifier: - $ref: '#/components/x-cloud-control-schemas/Identifier' - TypeVersionId: - $ref: '#/components/x-cloud-control-schemas/TypeVersionId' - RoleArn: - $ref: '#/components/x-cloud-control-schemas/RoleArn' - required: - - TypeName - - Identifier - title: GetResourceInput - type: object - GetResourceOutput: - properties: - ResourceDescription: - $ref: '#/components/x-cloud-control-schemas/ResourceDescription' - TypeName: - type: string - type: object - GetResourceRequestStatusInput: - properties: - RequestToken: - $ref: '#/components/x-cloud-control-schemas/RequestToken' - required: - - RequestToken - title: GetResourceRequestStatusInput - type: object - GetResourceRequestStatusOutput: - properties: - ProgressEvent: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - type: object - HandlerErrorCode: - enum: - - NotUpdatable - - InvalidRequest - - AccessDenied - - InvalidCredentials - - AlreadyExists - - NotFound - - ResourceConflict - - Throttling - - ServiceLimitExceeded - - NotStabilized - - GeneralServiceException - - ServiceInternalError - - ServiceTimeout - - NetworkFailure - - InternalFailure - type: string - HandlerFailureException: {} - HandlerInternalFailureException: {} - HandlerNextToken: - maxLength: 2048 - minLength: 1 - pattern: .+ - type: string - Identifier: - maxLength: 1024 - minLength: 1 - pattern: .+ - type: string - InvalidCredentialsException: {} - InvalidRequestException: {} - MaxResults: - maximum: 100 - minimum: 1 - type: integer - NetworkFailureException: {} - NextToken: - maxLength: 2048 - minLength: 1 - pattern: '[-A-Za-z0-9+/=]+' - type: string - NotStabilizedException: {} - NotUpdatableException: {} - Operation: - enum: - - CREATE - - DELETE - - UPDATE - type: string - OperationStatus: - enum: - - PENDING - - IN_PROGRESS - - SUCCESS - - FAILED - - CANCEL_IN_PROGRESS - - CANCEL_COMPLETE - type: string - OperationStatuses: - items: - $ref: '#/components/x-cloud-control-schemas/OperationStatus' - type: array - Operations: - items: - $ref: '#/components/x-cloud-control-schemas/Operation' - type: array - PatchDocument: - format: password - maxLength: 65536 - minLength: 1 - pattern: '[\s\S]*' - type: string - PrivateTypeException: {} - ProgressEvent: - example: - ErrorCode: string - EventTime: number - Identifier: string - Operation: string - OperationStatus: string - RequestToken: string - ResourceModel: string - RetryAfter: number - StatusMessage: string - TypeName: string - properties: - ErrorCode: - type: string - EventTime: - type: number - Identifier: - type: string - Operation: - type: string - OperationStatus: - type: string - RequestToken: - type: string - ResourceModel: - type: string - RetryAfter: - type: number - StatusMessage: - type: string - TypeName: - type: string - type: object - Properties: - format: password - maxLength: 65536 - minLength: 1 - pattern: '[\s\S]*' - type: string - RequestToken: - maxLength: 128 - minLength: 1 - pattern: '[-A-Za-z0-9+/=]+' - type: string - RequestTokenNotFoundException: {} - ResourceConflictException: {} - ResourceDescription: - description: Represents information about a provisioned resource. - properties: - Identifier: - type: string - Properties: - type: string - type: object - ResourceDescriptions: - items: - $ref: '#/components/x-cloud-control-schemas/ResourceDescription' - type: array - ResourceNotFoundException: {} - ResourceRequestStatusFilter: - description: The filter criteria to use in determining the requests returned. - properties: - undefined: - allOf: - - $ref: '#/components/x-cloud-control-schemas/OperationStatuses' - - description: >- -

The operation statuses to include in the filter.

  • PENDING: The operation has been requested, but not yet initiated.

  • IN_PROGRESS: The operation is in progress.

  • SUCCESS: The operation completed.

  • FAILED: The operation failed.

  • CANCEL_IN_PROGRESS: The operation is in the process of being canceled.

  • - CANCEL_COMPLETE: The operation has been canceled.

- type: object - ResourceRequestStatusSummaries: - items: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - type: array - RoleArn: - maxLength: 2048 - minLength: 20 - pattern: arn:.+:iam::[0-9]{12}:role/.+ - type: string - ServiceInternalErrorException: {} - ServiceLimitExceededException: {} - StatusMessage: - maxLength: 1024 - minLength: 0 - pattern: '[\s\S]*' - type: string - ThrottlingException: {} - Timestamp: - format: date-time - type: string - TypeName: - maxLength: 196 - minLength: 10 - pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}' - type: string - TypeNotFoundException: {} - TypeVersionId: - maxLength: 128 - minLength: 1 - pattern: '[A-Za-z0-9-]+' - type: string - UnsupportedActionException: {} - UpdateResourceInput: - properties: - undefined: - allOf: - - $ref: '#/components/x-cloud-control-schemas/PatchDocument' - required: - - Identifier - - PatchDocument - title: UpdateResourceInput - type: object - UpdateResourceOutput: - properties: - ProgressEvent: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - type: object - schemas: - AutomaticTerminationMode: - type: string - enum: - - DEACTIVATED - - ACTIVATED - SessionBackupMode: - type: string - enum: - - AUTOMATIC - - DEACTIVATED - SessionPersistenceMode: - type: string - enum: - - DEACTIVATED - - ACTIVATED - StreamConfiguration: - type: object - description:

A configuration for a streaming session.

- properties: - ClipboardMode: - $ref: '#/components/schemas/StreamingClipboardMode' - Ec2InstanceTypes: - type: array - items: - $ref: '#/components/schemas/StreamingInstanceType' - maxItems: 30 - minItems: 1 - description: |- -

The EC2 instance types that users can select from when launching a streaming session - with this launch profile.

- MaxSessionLengthInMinutes: - type: number - default: 690 - maximum: 43200 - minimum: 1 - description: |- -

The length of time, in minutes, that a streaming session can be active before it is - stopped or terminated. After this point, Nimble Studio automatically terminates or - stops the session. The default length of time is 690 minutes, and the maximum length of - time is 30 days.

- StreamingImageIds: - type: array - items: - type: string - maxLength: 22 - minLength: 0 - pattern: ^[a-zA-Z0-9-_]*$ - maxItems: 20 - minItems: 1 - description: |- -

The streaming images that users can select from when launching a streaming session - with this launch profile.

- MaxStoppedSessionLengthInMinutes: - type: number - default: 0 - maximum: 5760 - minimum: 0 - description: |- -

Integer that determines if you can start and stop your sessions and how long a session - can stay in the STOPPED state. The default value is 0. The maximum value is - 5760.

-

This field is allowed only when sessionPersistenceMode is - ACTIVATED and automaticTerminationMode is - ACTIVATED.

-

If the value is set to 0, your sessions can’t be STOPPED. If you then - call StopStreamingSession, the session fails. If the time that a session - stays in the READY state exceeds the maxSessionLengthInMinutes - value, the session will automatically be terminated (instead of - STOPPED).

-

If the value is set to a positive number, the session can be stopped. You can call - StopStreamingSession to stop sessions in the READY state. - If the time that a session stays in the READY state exceeds the - maxSessionLengthInMinutes value, the session will automatically be - stopped (instead of terminated).

- SessionStorage: - $ref: '#/components/schemas/StreamConfigurationSessionStorage' - SessionBackup: - $ref: '#/components/schemas/StreamConfigurationSessionBackup' - SessionPersistenceMode: - $ref: '#/components/schemas/SessionPersistenceMode' - VolumeConfiguration: - $ref: '#/components/schemas/VolumeConfiguration' - AutomaticTerminationMode: - $ref: '#/components/schemas/AutomaticTerminationMode' - required: - - ClipboardMode - - Ec2InstanceTypes - - StreamingImageIds - additionalProperties: false - StreamConfigurationSessionBackup: - type: object - description: |- -

Configures how streaming sessions are backed up when launched from this launch - profile.

- properties: - Mode: - $ref: '#/components/schemas/SessionBackupMode' - MaxBackupsToRetain: - type: number - default: 0 - maximum: 10 - minimum: 0 - description: |- -

The maximum number of backups that each streaming session created from this launch - profile can have.

- additionalProperties: false - StreamConfigurationSessionStorage: - type: object - description:

The configuration for a streaming session’s upload storage.

- properties: - Root: - $ref: '#/components/schemas/StreamingSessionStorageRoot' - Mode: - type: array - items: - $ref: '#/components/schemas/StreamingSessionStorageMode' - minItems: 1 - description: |- -

Allows artists to upload files to their workstations. The only valid option is - UPLOAD.

- required: - - Mode - additionalProperties: false - StreamingClipboardMode: - type: string - enum: - - ENABLED - - DISABLED - StreamingInstanceType: - type: string - enum: - - g4dn.xlarge - - g4dn.2xlarge - - g4dn.4xlarge - - g4dn.8xlarge - - g4dn.12xlarge - - g4dn.16xlarge - - g3.4xlarge - - g3s.xlarge - - g5.xlarge - - g5.2xlarge - - g5.4xlarge - - g5.8xlarge - - g5.16xlarge - StreamingSessionStorageMode: - type: string - enum: - - UPLOAD - StreamingSessionStorageRoot: - type: object - description: |- -

The upload storage root location (folder) on streaming workstations where files are - uploaded.

- properties: - Linux: - type: string - maxLength: 128 - minLength: 1 - pattern: ^(\$HOME|/)[/]?([A-Za-z0-9-_]+/)*([A-Za-z0-9_-]+)$ - description:

The folder path in Linux workstations where files are uploaded.

- Windows: - type: string - maxLength: 128 - minLength: 1 - pattern: ^((\%HOMEPATH\%)|[a-zA-Z]:)[\\/](?:[a-zA-Z0-9_-]+[\\/])*[a-zA-Z0-9_-]+$ - description:

The folder path in Windows workstations where files are uploaded.

- additionalProperties: false - Tags: - type: object - x-patternProperties: - .+: - type: string - additionalProperties: false - VolumeConfiguration: - type: object - description: |- -

Custom volume configuration for the root volumes that are attached to streaming - sessions.

-

This parameter is only allowed when sessionPersistenceMode is - ACTIVATED.

- properties: - Size: - type: number - default: 500 - maximum: 16000 - minimum: 100 - description: |- -

The size of the root volume that is attached to the streaming session. The root volume - size is measured in GiBs.

- Throughput: - type: number - default: 125 - maximum: 1000 - minimum: 125 - description: |- -

The throughput to provision for the root volume that is attached to the streaming - session. The throughput is measured in MiB/s.

- Iops: - type: number - default: 3000 - maximum: 16000 - minimum: 3000 - description: |- -

The number of I/O operations per second for the root volume that is attached to - streaming session.

- additionalProperties: false - LaunchProfile: - type: object - properties: - Description: - type: string - maxLength: 256 - minLength: 0 - description:

The description.

- Ec2SubnetIds: - type: array - items: - type: string - maxItems: 6 - minItems: 0 - description: |- -

Specifies the IDs of the EC2 subnets where streaming sessions will be accessible from. - These subnets must support the specified instance types.

- LaunchProfileId: - type: string - LaunchProfileProtocolVersions: - type: array - items: - type: string - maxLength: 10 - minLength: 0 - pattern: ^2021\-03\-31$ - description: |- -

The version number of the protocol that is used by the launch profile. The only valid - version is "2021-03-31".

- description: |- -

The version number of the protocol that is used by the launch profile. The only valid - version is "2021-03-31".

- Name: - type: string - maxLength: 64 - minLength: 1 - description:

The name for the launch profile.

- StreamConfiguration: - $ref: '#/components/schemas/StreamConfiguration' - StudioComponentIds: - type: array - items: - type: string - maxItems: 100 - minItems: 1 - description: |- -

Unique identifiers for a collection of studio components that can be used with this - launch profile.

- StudioId: - type: string - description:

The studio ID.

- Tags: - $ref: '#/components/schemas/Tags' - required: - - StudioId - - Name - - StudioComponentIds - - Ec2SubnetIds - - StreamConfiguration - - LaunchProfileProtocolVersions - x-stackql-resource-name: launch_profile - description: Represents a launch profile which delegates access to a collection of studio components to studio users - x-type-name: AWS::NimbleStudio::LaunchProfile - x-stackql-primary-identifier: - - LaunchProfileId - - StudioId - x-create-only-properties: - - Ec2SubnetIds - - StudioId - - Tags - x-read-only-properties: - - LaunchProfileId - x-required-properties: - - StudioId - - Name - - StudioComponentIds - - Ec2SubnetIds - - StreamConfiguration - - LaunchProfileProtocolVersions - x-required-permissions: - create: - - nimble:CreateLaunchProfile - - nimble:GetLaunchProfile - - nimble:TagResource - - ec2:CreateNetworkInterface - - ec2:CreateNetworkInterfacePermission - - ec2:RunInstances - - ec2:DescribeSubnets - read: - - nimble:GetLaunchProfile - update: - - nimble:UpdateLaunchProfile - - nimble:GetLaunchProfile - - ec2:CreateNetworkInterface - - ec2:CreateNetworkInterfacePermission - - ec2:DescribeSubnets - - ec2:RunInstances - delete: - - nimble:DeleteLaunchProfile - - nimble:GetLaunchProfile - - nimble:UntagResource - list: - - nimble:ListLaunchProfiles - StreamingImageEncryptionConfiguration: - type: object - description:

TODO

- properties: - KeyType: - $ref: '#/components/schemas/StreamingImageEncryptionConfigurationKeyType' - KeyArn: - type: string - minLength: 4 - pattern: ^arn:.* - description:

The ARN for a KMS key that is used to encrypt studio data.

- required: - - KeyType - additionalProperties: false - StreamingImageEncryptionConfigurationKeyType: - type: string - description:

- enum: - - CUSTOMER_MANAGED_KEY - StreamingImage: - type: object - properties: - Description: - type: string - maxLength: 256 - minLength: 0 - description:

A human-readable description of the streaming image.

- Ec2ImageId: - type: string - pattern: ^ami-[0-9A-z]+$ - description:

The ID of an EC2 machine image with which to create this streaming image.

- EncryptionConfiguration: - $ref: '#/components/schemas/StreamingImageEncryptionConfiguration' - EulaIds: - type: array - items: - type: string - description:

The list of EULAs that must be accepted before a Streaming Session can be started using this streaming image.

- Name: - type: string - maxLength: 64 - minLength: 0 - description:

A friendly name for a streaming image resource.

- Owner: - type: string - description:

The owner of the streaming image, either the studioId that contains the streaming image, or 'amazon' for images that are provided by Amazon Nimble Studio.

- Platform: - type: string - pattern: ^[a-zA-Z]*$ - description:

The platform of the streaming image, either WINDOWS or LINUX.

- StreamingImageId: - type: string - StudioId: - type: string - description:

The studioId.

- Tags: - $ref: '#/components/schemas/Tags' - required: - - StudioId - - Ec2ImageId - - Name - x-stackql-resource-name: streaming_image - description: Represents a streaming session machine image that can be used to launch a streaming session - x-type-name: AWS::NimbleStudio::StreamingImage - x-stackql-primary-identifier: - - StudioId - - StreamingImageId - x-create-only-properties: - - Ec2ImageId - - StudioId - - Tags - x-read-only-properties: - - EncryptionConfiguration - - EulaIds - - Owner - - Platform - - StreamingImageId - x-required-properties: - - StudioId - - Ec2ImageId - - Name - x-required-permissions: - create: - - nimble:CreateStreamingImage - - nimble:GetStreamingImage - - nimble:TagResource - - ec2:DescribeImages - - ec2:DescribeSnapshots - - ec2:ModifyInstanceAttribute - - ec2:ModifySnapshotAttribute - - ec2:ModifyImageAttribute - - ec2:RegisterImage - - kms:Encrypt - - kms:Decrypt - - kms:CreateGrant - - kms:ListGrants - - kms:GenerateDataKey - read: - - nimble:GetStreamingImage - update: - - nimble:UpdateStreamingImage - - nimble:GetStreamingImage - - kms:Encrypt - - kms:Decrypt - - kms:CreateGrant - - kms:ListGrants - - kms:GenerateDataKey - delete: - - nimble:DeleteStreamingImage - - nimble:GetStreamingImage - - nimble:UntagResource - - ec2:ModifyInstanceAttribute - - ec2:ModifySnapshotAttribute - - ec2:DeregisterImage - - ec2:DeleteSnapshot - - kms:ListGrants - - kms:RetireGrant - list: - - nimble:ListStreamingImages - StudioEncryptionConfiguration: - type: object - description:

Configuration of the encryption method that is used for the studio.

- properties: - KeyType: - $ref: '#/components/schemas/StudioEncryptionConfigurationKeyType' - KeyArn: - type: string - minLength: 4 - pattern: ^arn:.* - description:

The ARN for a KMS key that is used to encrypt studio data.

- required: - - KeyType - additionalProperties: false - StudioEncryptionConfigurationKeyType: - type: string - description:

The type of KMS key that is used to encrypt studio data.

- enum: - - AWS_OWNED_KEY - - CUSTOMER_MANAGED_KEY - Studio: - type: object - properties: - AdminRoleArn: - type: string - description:

The IAM role that Studio Admins will assume when logging in to the Nimble Studio portal.

- DisplayName: - type: string - maxLength: 64 - minLength: 0 - description:

A friendly name for the studio.

- HomeRegion: - type: string - maxLength: 50 - minLength: 0 - pattern: '[a-z]{2}-?(iso|gov)?-{1}[a-z]*-{1}[0-9]' - description:

The Amazon Web Services Region where the studio resource is located.

- SsoClientId: - type: string - description:

The Amazon Web Services SSO application client ID used to integrate with Amazon Web Services SSO to enable Amazon Web Services SSO users to log in to Nimble Studio portal.

- StudioEncryptionConfiguration: - $ref: '#/components/schemas/StudioEncryptionConfiguration' - StudioId: - type: string - StudioName: - type: string - maxLength: 64 - minLength: 3 - pattern: ^[a-z0-9]*$ - description:

The studio name that is used in the URL of the Nimble Studio portal when accessed by Nimble Studio users.

- StudioUrl: - type: string - description:

The address of the web page for the studio.

- Tags: - $ref: '#/components/schemas/Tags' - UserRoleArn: - type: string - description:

The IAM role that Studio Users will assume when logging in to the Nimble Studio portal.

- required: - - DisplayName - - UserRoleArn - - AdminRoleArn - - StudioName - x-stackql-resource-name: studio - description: Represents a studio that contains other Nimble Studio resources - x-type-name: AWS::NimbleStudio::Studio - x-stackql-primary-identifier: - - StudioId - x-create-only-properties: - - StudioName - - Tags - x-read-only-properties: - - HomeRegion - - SsoClientId - - StudioId - - StudioUrl - x-required-properties: - - DisplayName - - UserRoleArn - - AdminRoleArn - - StudioName - x-required-permissions: - create: - - iam:PassRole - - nimble:CreateStudio - - nimble:GetStudio - - nimble:TagResource - - sso:CreateManagedApplicationInstance - - kms:Encrypt - - kms:Decrypt - - kms:CreateGrant - - kms:ListGrants - - kms:GenerateDataKey - read: - - nimble:GetStudio - - kms:Encrypt - - kms:Decrypt - - kms:ListGrants - - kms:GenerateDataKey - update: - - iam:PassRole - - nimble:UpdateStudio - - nimble:GetStudio - - kms:Encrypt - - kms:Decrypt - - kms:CreateGrant - - kms:ListGrants - - kms:GenerateDataKey - delete: - - nimble:DeleteStudio - - nimble:GetStudio - - nimble:UntagResource - - kms:Encrypt - - kms:Decrypt - - kms:ListGrants - - kms:RetireGrant - - kms:GenerateDataKey - - sso:DeleteManagedApplicationInstance - - sso:GetManagedApplicationInstance - list: - - nimble:ListStudios - ActiveDirectoryComputerAttribute: - type: object - description: |- -

An LDAP attribute of an Active Directory computer account, in the form of a name:value - pair.

- properties: - Name: - type: string - maxLength: 40 - minLength: 1 - description:

The name for the LDAP attribute.

- Value: - type: string - maxLength: 64 - minLength: 1 - description:

The value for the LDAP attribute.

- additionalProperties: false - ActiveDirectoryConfiguration: - type: object - description: |- -

The configuration for a Microsoft Active Directory (Microsoft AD) studio - resource.

- properties: - ComputerAttributes: - type: array - items: - $ref: '#/components/schemas/ActiveDirectoryComputerAttribute' - maxItems: 50 - minItems: 0 - description:

A collection of custom attributes for an Active Directory computer.

- DirectoryId: - type: string - description: |- -

The directory ID of the Directory Service for Microsoft Active Directory to access - using this studio component.

- OrganizationalUnitDistinguishedName: - type: string - maxLength: 2000 - minLength: 1 - description: |- -

The distinguished name (DN) and organizational unit (OU) of an Active Directory - computer.

- additionalProperties: false - ComputeFarmConfiguration: - type: object - description:

The configuration for a render farm that is associated with a studio resource.

- properties: - ActiveDirectoryUser: - type: string - description: |- -

The name of an Active Directory user that is used on ComputeFarm worker - instances.

- Endpoint: - type: string - description: |- -

The endpoint of the ComputeFarm that is accessed by the studio component - resource.

- additionalProperties: false - LaunchProfilePlatform: - type: string - enum: - - LINUX - - WINDOWS - LicenseServiceConfiguration: - type: object - description: |- -

The configuration for a license service that is associated with a studio - resource.

- properties: - Endpoint: - type: string - description: |- -

The endpoint of the license service that is accessed by the studio component - resource.

- additionalProperties: false - ScriptParameterKeyValue: - type: object - description:

A parameter for a studio component script, in the form of a key:value pair.

- properties: - Key: - type: string - maxLength: 64 - minLength: 1 - pattern: ^[a-zA-Z_][a-zA-Z0-9_]+$ - description:

A script parameter key.

- Value: - type: string - maxLength: 256 - minLength: 1 - description:

A script parameter value.

- additionalProperties: false - SharedFileSystemConfiguration: - type: object - description: |- -

The configuration for a shared file storage system that is associated with a studio - resource.

- properties: - Endpoint: - type: string - description: |- -

The endpoint of the shared file system that is accessed by the studio component - resource.

- FileSystemId: - type: string - description:

The unique identifier for a file system.

- LinuxMountPoint: - type: string - maxLength: 128 - minLength: 0 - pattern: ^(/?|(\$HOME)?(/[^/\n\s\\]+)*)$ - description:

The mount location for a shared file system on a Linux virtual workstation.

- ShareName: - type: string - description:

The name of the file share.

- WindowsMountDrive: - type: string - pattern: ^[A-Z]$ - description:

The mount location for a shared file system on a Windows virtual workstation.

- additionalProperties: false - StudioComponentConfiguration: - description:

The configuration of the studio component, based on component type.

- oneOf: - - type: object - title: ActiveDirectoryConfiguration - properties: - ActiveDirectoryConfiguration: - $ref: '#/components/schemas/ActiveDirectoryConfiguration' - required: - - ActiveDirectoryConfiguration - additionalProperties: false - - type: object - title: ComputeFarmConfiguration - properties: - ComputeFarmConfiguration: - $ref: '#/components/schemas/ComputeFarmConfiguration' - required: - - ComputeFarmConfiguration - additionalProperties: false - - type: object - title: LicenseServiceConfiguration - properties: - LicenseServiceConfiguration: - $ref: '#/components/schemas/LicenseServiceConfiguration' - required: - - LicenseServiceConfiguration - additionalProperties: false - - type: object - title: SharedFileSystemConfiguration - properties: - SharedFileSystemConfiguration: - $ref: '#/components/schemas/SharedFileSystemConfiguration' - required: - - SharedFileSystemConfiguration - additionalProperties: false - StudioComponentInitializationScript: - type: object - description:

Initialization scripts for studio components.

- properties: - LaunchProfileProtocolVersion: - type: string - maxLength: 10 - minLength: 0 - pattern: ^2021\-03\-31$ - description: |- -

The version number of the protocol that is used by the launch profile. The only valid - version is "2021-03-31".

- Platform: - $ref: '#/components/schemas/LaunchProfilePlatform' - RunContext: - $ref: '#/components/schemas/StudioComponentInitializationScriptRunContext' - Script: - type: string - maxLength: 5120 - minLength: 1 - description:

The initialization script.

- additionalProperties: false - StudioComponentInitializationScriptRunContext: - type: string - enum: - - SYSTEM_INITIALIZATION - - USER_INITIALIZATION - StudioComponentSubtype: - type: string - enum: - - AWS_MANAGED_MICROSOFT_AD - - AMAZON_FSX_FOR_WINDOWS - - AMAZON_FSX_FOR_LUSTRE - - CUSTOM - StudioComponentType: - type: string - enum: - - ACTIVE_DIRECTORY - - SHARED_FILE_SYSTEM - - COMPUTE_FARM - - LICENSE_SERVICE - - CUSTOM - StudioComponent: - type: object - properties: - Configuration: - $ref: '#/components/schemas/StudioComponentConfiguration' - Description: - type: string - maxLength: 256 - minLength: 0 - description:

The description.

- Ec2SecurityGroupIds: - type: array - items: - type: string - maxItems: 30 - minItems: 0 - description:

The EC2 security groups that control access to the studio component.

- InitializationScripts: - type: array - items: - $ref: '#/components/schemas/StudioComponentInitializationScript' - description:

Initialization scripts for studio components.

- Name: - type: string - maxLength: 64 - minLength: 0 - description:

The name for the studio component.

- RuntimeRoleArn: - type: string - maxLength: 2048 - minLength: 0 - ScriptParameters: - type: array - items: - $ref: '#/components/schemas/ScriptParameterKeyValue' - maxItems: 30 - minItems: 0 - description:

Parameters for the studio component scripts.

- SecureInitializationRoleArn: - type: string - maxLength: 2048 - minLength: 0 - StudioComponentId: - type: string - StudioId: - type: string - description:

The studio ID.

- Subtype: - $ref: '#/components/schemas/StudioComponentSubtype' - Tags: - $ref: '#/components/schemas/Tags' - Type: - $ref: '#/components/schemas/StudioComponentType' - required: - - StudioId - - Name - - Type - x-stackql-resource-name: studio_component - description: Represents a studio component that connects a non-Nimble Studio resource in your account to your studio - x-type-name: AWS::NimbleStudio::StudioComponent - x-stackql-primary-identifier: - - StudioComponentId - - StudioId - x-create-only-properties: - - StudioId - - Subtype - - Tags - x-read-only-properties: - - StudioComponentId - x-required-properties: - - StudioId - - Name - - Type - x-required-permissions: - create: - - iam:PassRole - - nimble:CreateStudioComponent - - nimble:GetStudioComponent - - nimble:TagResource - - ds:AuthorizeApplication - - ec2:DescribeSecurityGroups - - fsx:DescribeFilesystems - - ds:DescribeDirectories - read: - - nimble:GetStudioComponent - update: - - iam:PassRole - - nimble:UpdateStudioComponent - - nimble:GetStudioComponent - - ds:AuthorizeApplication - - ec2:DescribeSecurityGroups - - fsx:DescribeFilesystems - - ds:DescribeDirectories - delete: - - nimble:DeleteStudioComponent - - nimble:GetStudioComponent - - nimble:UntagResource - - ds:UnauthorizeApplication - list: - - nimble:ListStudioComponents - CreateLaunchProfileRequest: - properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - Description: - type: string - maxLength: 256 - minLength: 0 - description:

The description.

- Ec2SubnetIds: - type: array - items: - type: string - maxItems: 6 - minItems: 0 - description: |- -

Specifies the IDs of the EC2 subnets where streaming sessions will be accessible from. - These subnets must support the specified instance types.

- LaunchProfileId: - type: string - LaunchProfileProtocolVersions: - type: array - items: - type: string - maxLength: 10 - minLength: 0 - pattern: ^2021\-03\-31$ - description: |- -

The version number of the protocol that is used by the launch profile. The only valid - version is "2021-03-31".

- description: |- -

The version number of the protocol that is used by the launch profile. The only valid - version is "2021-03-31".

- Name: - type: string - maxLength: 64 - minLength: 1 - description:

The name for the launch profile.

- StreamConfiguration: - $ref: '#/components/schemas/StreamConfiguration' - StudioComponentIds: - type: array - items: - type: string - maxItems: 100 - minItems: 1 - description: |- -

Unique identifiers for a collection of studio components that can be used with this - launch profile.

- StudioId: - type: string - description:

The studio ID.

- Tags: - $ref: '#/components/schemas/Tags' - x-stackQL-stringOnly: true - x-title: CreateLaunchProfileRequest - type: object - required: [] - CreateStreamingImageRequest: - properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - Description: - type: string - maxLength: 256 - minLength: 0 - description:

A human-readable description of the streaming image.

- Ec2ImageId: - type: string - pattern: ^ami-[0-9A-z]+$ - description:

The ID of an EC2 machine image with which to create this streaming image.

- EncryptionConfiguration: - $ref: '#/components/schemas/StreamingImageEncryptionConfiguration' - EulaIds: - type: array - items: - type: string - description:

The list of EULAs that must be accepted before a Streaming Session can be started using this streaming image.

- Name: - type: string - maxLength: 64 - minLength: 0 - description:

A friendly name for a streaming image resource.

- Owner: - type: string - description:

The owner of the streaming image, either the studioId that contains the streaming image, or 'amazon' for images that are provided by Amazon Nimble Studio.

- Platform: - type: string - pattern: ^[a-zA-Z]*$ - description:

The platform of the streaming image, either WINDOWS or LINUX.

- StreamingImageId: - type: string - StudioId: - type: string - description:

The studioId.

- Tags: - $ref: '#/components/schemas/Tags' - x-stackQL-stringOnly: true - x-title: CreateStreamingImageRequest - type: object - required: [] - CreateStudioRequest: - properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - AdminRoleArn: - type: string - description:

The IAM role that Studio Admins will assume when logging in to the Nimble Studio portal.

- DisplayName: - type: string - maxLength: 64 - minLength: 0 - description:

A friendly name for the studio.

- HomeRegion: - type: string - maxLength: 50 - minLength: 0 - pattern: '[a-z]{2}-?(iso|gov)?-{1}[a-z]*-{1}[0-9]' - description:

The Amazon Web Services Region where the studio resource is located.

- SsoClientId: - type: string - description:

The Amazon Web Services SSO application client ID used to integrate with Amazon Web Services SSO to enable Amazon Web Services SSO users to log in to Nimble Studio portal.

- StudioEncryptionConfiguration: - $ref: '#/components/schemas/StudioEncryptionConfiguration' - StudioId: - type: string - StudioName: - type: string - maxLength: 64 - minLength: 3 - pattern: ^[a-z0-9]*$ - description:

The studio name that is used in the URL of the Nimble Studio portal when accessed by Nimble Studio users.

- StudioUrl: - type: string - description:

The address of the web page for the studio.

- Tags: - $ref: '#/components/schemas/Tags' - UserRoleArn: - type: string - description:

The IAM role that Studio Users will assume when logging in to the Nimble Studio portal.

- x-stackQL-stringOnly: true - x-title: CreateStudioRequest - type: object - required: [] - CreateStudioComponentRequest: - properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - Configuration: - $ref: '#/components/schemas/StudioComponentConfiguration' - Description: - type: string - maxLength: 256 - minLength: 0 - description:

The description.

- Ec2SecurityGroupIds: - type: array - items: - type: string - maxItems: 30 - minItems: 0 - description:

The EC2 security groups that control access to the studio component.

- InitializationScripts: - type: array - items: - $ref: '#/components/schemas/StudioComponentInitializationScript' - description:

Initialization scripts for studio components.

- Name: - type: string - maxLength: 64 - minLength: 0 - description:

The name for the studio component.

- RuntimeRoleArn: - type: string - maxLength: 2048 - minLength: 0 - ScriptParameters: - type: array - items: - $ref: '#/components/schemas/ScriptParameterKeyValue' - maxItems: 30 - minItems: 0 - description:

Parameters for the studio component scripts.

- SecureInitializationRoleArn: - type: string - maxLength: 2048 - minLength: 0 - StudioComponentId: - type: string - StudioId: - type: string - description:

The studio ID.

- Subtype: - $ref: '#/components/schemas/StudioComponentSubtype' - Tags: - $ref: '#/components/schemas/Tags' - Type: - $ref: '#/components/schemas/StudioComponentType' - x-stackQL-stringOnly: true - x-title: CreateStudioComponentRequest - type: object - required: [] - securitySchemes: - hmac: - type: apiKey - name: Authorization - in: header - description: Amazon Signature authorization v4 - x-amazon-apigateway-authtype: awsSigv4 - x-stackQL-resources: - launch_profiles: - name: launch_profiles - id: aws.nimblestudio.launch_profiles - x-cfn-schema-name: LaunchProfile - x-cfn-type-name: AWS::NimbleStudio::LaunchProfile - x-identifiers: - - LaunchProfileId - - StudioId - x-type: cloud_control - methods: - create_resource: - config: - requestBodyTranslate: - algorithm: naive_DesiredState - operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__LaunchProfile&__detailTransformed=true/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::NimbleStudio::LaunchProfile" - } - response: - mediaType: application/json - openAPIDocKey: '200' - update_resource: - operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::NimbleStudio::LaunchProfile" - } - response: - mediaType: application/json - openAPIDocKey: '200' - delete_resource: - operation: - $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::NimbleStudio::LaunchProfile" - } - response: - mediaType: application/json - openAPIDocKey: '200' - sqlVerbs: - insert: - - $ref: '#/components/x-stackQL-resources/launch_profiles/methods/create_resource' - delete: - - $ref: '#/components/x-stackQL-resources/launch_profiles/methods/delete_resource' - update: - - $ref: '#/components/x-stackQL-resources/launch_profiles/methods/update_resource' - config: - views: - select: - predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.Ec2SubnetIds') as ec2_subnet_ids, - JSON_EXTRACT(Properties, '$.LaunchProfileId') as launch_profile_id, - JSON_EXTRACT(Properties, '$.LaunchProfileProtocolVersions') as launch_profile_protocol_versions, - JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.StreamConfiguration') as stream_configuration, - JSON_EXTRACT(Properties, '$.StudioComponentIds') as studio_component_ids, - JSON_EXTRACT(Properties, '$.StudioId') as studio_id, - JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::LaunchProfile' - AND data__Identifier = '|' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - detail.region, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.Ec2SubnetIds') as ec2_subnet_ids, - JSON_EXTRACT(detail.Properties, '$.LaunchProfileId') as launch_profile_id, - JSON_EXTRACT(detail.Properties, '$.LaunchProfileProtocolVersions') as launch_profile_protocol_versions, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.StreamConfiguration') as stream_configuration, - JSON_EXTRACT(detail.Properties, '$.StudioComponentIds') as studio_component_ids, - JSON_EXTRACT(detail.Properties, '$.StudioId') as studio_id, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::NimbleStudio::LaunchProfile' - AND detail.data__TypeName = 'AWS::NimbleStudio::LaunchProfile' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'Ec2SubnetIds') as ec2_subnet_ids, - json_extract_path_text(Properties, 'LaunchProfileId') as launch_profile_id, - json_extract_path_text(Properties, 'LaunchProfileProtocolVersions') as launch_profile_protocol_versions, - json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'StreamConfiguration') as stream_configuration, - json_extract_path_text(Properties, 'StudioComponentIds') as studio_component_ids, - json_extract_path_text(Properties, 'StudioId') as studio_id, - json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::LaunchProfile' - AND data__Identifier = '|' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'Ec2SubnetIds') as ec2_subnet_ids, - json_extract_path_text(detail.Properties, 'LaunchProfileId') as launch_profile_id, - json_extract_path_text(detail.Properties, 'LaunchProfileProtocolVersions') as launch_profile_protocol_versions, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'StreamConfiguration') as stream_configuration, - json_extract_path_text(detail.Properties, 'StudioComponentIds') as studio_component_ids, - json_extract_path_text(detail.Properties, 'StudioId') as studio_id, - json_extract_path_text(detail.Properties, 'Tags') as tags - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::NimbleStudio::LaunchProfile' - AND detail.data__TypeName = 'AWS::NimbleStudio::LaunchProfile' - AND listing.region = 'us-east-1' - launch_profiles_list_only: - name: launch_profiles_list_only - id: aws.nimblestudio.launch_profiles_list_only - x-cfn-schema-name: LaunchProfile - x-cfn-type-name: AWS::NimbleStudio::LaunchProfile - x-identifiers: - - LaunchProfileId - - StudioId - x-type: cloud_control_view - methods: {} - sqlVerbs: - insert: [] - delete: [] - update: [] - config: - views: - select: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - region, - JSON_EXTRACT(Properties, '$.LaunchProfileId') as launch_profile_id, - JSON_EXTRACT(Properties, '$.StudioId') as studio_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::LaunchProfile' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - region, - json_extract_path_text(Properties, 'LaunchProfileId') as launch_profile_id, - json_extract_path_text(Properties, 'StudioId') as studio_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::LaunchProfile' - AND region = 'us-east-1' - launch_profile_tags: - name: launch_profile_tags - id: aws.nimblestudio.launch_profile_tags - x-cfn-schema-name: LaunchProfile - x-cfn-type-name: AWS::NimbleStudio::LaunchProfile - x-type: cloud_control_view - methods: {} - sqlVerbs: - insert: [] - delete: [] - update: [] - config: - views: - select: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - detail.region, - JSON_EXTRACT(json_each.value, '$.Key') as tag_key, - JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.Ec2SubnetIds') as ec2_subnet_ids, - JSON_EXTRACT(detail.Properties, '$.LaunchProfileId') as launch_profile_id, - JSON_EXTRACT(detail.Properties, '$.LaunchProfileProtocolVersions') as launch_profile_protocol_versions, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.StreamConfiguration') as stream_configuration, - JSON_EXTRACT(detail.Properties, '$.StudioComponentIds') as studio_component_ids, - JSON_EXTRACT(detail.Properties, '$.StudioId') as studio_id - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::NimbleStudio::LaunchProfile' - AND detail.data__TypeName = 'AWS::NimbleStudio::LaunchProfile' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(json_each.value, 'Key') as tag_key, - json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'Ec2SubnetIds') as ec2_subnet_ids, - json_extract_path_text(detail.Properties, 'LaunchProfileId') as launch_profile_id, - json_extract_path_text(detail.Properties, 'LaunchProfileProtocolVersions') as launch_profile_protocol_versions, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'StreamConfiguration') as stream_configuration, - json_extract_path_text(detail.Properties, 'StudioComponentIds') as studio_component_ids, - json_extract_path_text(detail.Properties, 'StudioId') as studio_id - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::NimbleStudio::LaunchProfile' - AND detail.data__TypeName = 'AWS::NimbleStudio::LaunchProfile' - AND listing.region = 'us-east-1' - streaming_images: - name: streaming_images - id: aws.nimblestudio.streaming_images - x-cfn-schema-name: StreamingImage - x-cfn-type-name: AWS::NimbleStudio::StreamingImage - x-identifiers: - - StudioId - - StreamingImageId - x-type: cloud_control - methods: - create_resource: - config: - requestBodyTranslate: - algorithm: naive_DesiredState - operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__StreamingImage&__detailTransformed=true/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::NimbleStudio::StreamingImage" - } - response: - mediaType: application/json - openAPIDocKey: '200' - update_resource: - operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::NimbleStudio::StreamingImage" - } - response: - mediaType: application/json - openAPIDocKey: '200' - delete_resource: - operation: - $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::NimbleStudio::StreamingImage" - } - response: - mediaType: application/json - openAPIDocKey: '200' - sqlVerbs: - insert: - - $ref: '#/components/x-stackQL-resources/streaming_images/methods/create_resource' - delete: - - $ref: '#/components/x-stackQL-resources/streaming_images/methods/delete_resource' - update: - - $ref: '#/components/x-stackQL-resources/streaming_images/methods/update_resource' - config: - views: - select: - predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.Ec2ImageId') as ec2_image_id, - JSON_EXTRACT(Properties, '$.EncryptionConfiguration') as encryption_configuration, - JSON_EXTRACT(Properties, '$.EulaIds') as eula_ids, - JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.Owner') as owner, - JSON_EXTRACT(Properties, '$.Platform') as platform, - JSON_EXTRACT(Properties, '$.StreamingImageId') as streaming_image_id, - JSON_EXTRACT(Properties, '$.StudioId') as studio_id, - JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::StreamingImage' - AND data__Identifier = '|' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - detail.region, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.Ec2ImageId') as ec2_image_id, - JSON_EXTRACT(detail.Properties, '$.EncryptionConfiguration') as encryption_configuration, - JSON_EXTRACT(detail.Properties, '$.EulaIds') as eula_ids, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Owner') as owner, - JSON_EXTRACT(detail.Properties, '$.Platform') as platform, - JSON_EXTRACT(detail.Properties, '$.StreamingImageId') as streaming_image_id, - JSON_EXTRACT(detail.Properties, '$.StudioId') as studio_id, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::NimbleStudio::StreamingImage' - AND detail.data__TypeName = 'AWS::NimbleStudio::StreamingImage' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'Ec2ImageId') as ec2_image_id, - json_extract_path_text(Properties, 'EncryptionConfiguration') as encryption_configuration, - json_extract_path_text(Properties, 'EulaIds') as eula_ids, - json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'Owner') as owner, - json_extract_path_text(Properties, 'Platform') as platform, - json_extract_path_text(Properties, 'StreamingImageId') as streaming_image_id, - json_extract_path_text(Properties, 'StudioId') as studio_id, - json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::StreamingImage' - AND data__Identifier = '|' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'Ec2ImageId') as ec2_image_id, - json_extract_path_text(detail.Properties, 'EncryptionConfiguration') as encryption_configuration, - json_extract_path_text(detail.Properties, 'EulaIds') as eula_ids, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Owner') as owner, - json_extract_path_text(detail.Properties, 'Platform') as platform, - json_extract_path_text(detail.Properties, 'StreamingImageId') as streaming_image_id, - json_extract_path_text(detail.Properties, 'StudioId') as studio_id, - json_extract_path_text(detail.Properties, 'Tags') as tags - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::NimbleStudio::StreamingImage' - AND detail.data__TypeName = 'AWS::NimbleStudio::StreamingImage' - AND listing.region = 'us-east-1' - streaming_images_list_only: - name: streaming_images_list_only - id: aws.nimblestudio.streaming_images_list_only - x-cfn-schema-name: StreamingImage - x-cfn-type-name: AWS::NimbleStudio::StreamingImage - x-identifiers: - - StudioId - - StreamingImageId - x-type: cloud_control_view - methods: {} - sqlVerbs: - insert: [] - delete: [] - update: [] - config: - views: - select: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - region, - JSON_EXTRACT(Properties, '$.StudioId') as studio_id, - JSON_EXTRACT(Properties, '$.StreamingImageId') as streaming_image_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::StreamingImage' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - region, - json_extract_path_text(Properties, 'StudioId') as studio_id, - json_extract_path_text(Properties, 'StreamingImageId') as streaming_image_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::StreamingImage' - AND region = 'us-east-1' - streaming_image_tags: - name: streaming_image_tags - id: aws.nimblestudio.streaming_image_tags - x-cfn-schema-name: StreamingImage - x-cfn-type-name: AWS::NimbleStudio::StreamingImage - x-type: cloud_control_view - methods: {} - sqlVerbs: - insert: [] - delete: [] - update: [] - config: - views: - select: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - detail.region, - JSON_EXTRACT(json_each.value, '$.Key') as tag_key, - JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.Ec2ImageId') as ec2_image_id, - JSON_EXTRACT(detail.Properties, '$.EncryptionConfiguration') as encryption_configuration, - JSON_EXTRACT(detail.Properties, '$.EulaIds') as eula_ids, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Owner') as owner, - JSON_EXTRACT(detail.Properties, '$.Platform') as platform, - JSON_EXTRACT(detail.Properties, '$.StreamingImageId') as streaming_image_id, - JSON_EXTRACT(detail.Properties, '$.StudioId') as studio_id - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::NimbleStudio::StreamingImage' - AND detail.data__TypeName = 'AWS::NimbleStudio::StreamingImage' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(json_each.value, 'Key') as tag_key, - json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'Ec2ImageId') as ec2_image_id, - json_extract_path_text(detail.Properties, 'EncryptionConfiguration') as encryption_configuration, - json_extract_path_text(detail.Properties, 'EulaIds') as eula_ids, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Owner') as owner, - json_extract_path_text(detail.Properties, 'Platform') as platform, - json_extract_path_text(detail.Properties, 'StreamingImageId') as streaming_image_id, - json_extract_path_text(detail.Properties, 'StudioId') as studio_id - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::NimbleStudio::StreamingImage' - AND detail.data__TypeName = 'AWS::NimbleStudio::StreamingImage' - AND listing.region = 'us-east-1' - studios: - name: studios - id: aws.nimblestudio.studios - x-cfn-schema-name: Studio - x-cfn-type-name: AWS::NimbleStudio::Studio - x-identifiers: - - StudioId - x-type: cloud_control - methods: - create_resource: - config: - requestBodyTranslate: - algorithm: naive_DesiredState - operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Studio&__detailTransformed=true/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::NimbleStudio::Studio" - } - response: - mediaType: application/json - openAPIDocKey: '200' - update_resource: - operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::NimbleStudio::Studio" - } - response: - mediaType: application/json - openAPIDocKey: '200' - delete_resource: - operation: - $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::NimbleStudio::Studio" - } - response: - mediaType: application/json - openAPIDocKey: '200' - sqlVerbs: - insert: - - $ref: '#/components/x-stackQL-resources/studios/methods/create_resource' - delete: - - $ref: '#/components/x-stackQL-resources/studios/methods/delete_resource' - update: - - $ref: '#/components/x-stackQL-resources/studios/methods/update_resource' - config: - views: - select: - predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - JSON_EXTRACT(Properties, '$.AdminRoleArn') as admin_role_arn, - JSON_EXTRACT(Properties, '$.DisplayName') as display_name, - JSON_EXTRACT(Properties, '$.HomeRegion') as home_region, - JSON_EXTRACT(Properties, '$.SsoClientId') as sso_client_id, - JSON_EXTRACT(Properties, '$.StudioEncryptionConfiguration') as studio_encryption_configuration, - JSON_EXTRACT(Properties, '$.StudioId') as studio_id, - JSON_EXTRACT(Properties, '$.StudioName') as studio_name, - JSON_EXTRACT(Properties, '$.StudioUrl') as studio_url, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.UserRoleArn') as user_role_arn - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::Studio' - AND data__Identifier = '' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - detail.region, - JSON_EXTRACT(detail.Properties, '$.AdminRoleArn') as admin_role_arn, - JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, - JSON_EXTRACT(detail.Properties, '$.HomeRegion') as home_region, - JSON_EXTRACT(detail.Properties, '$.SsoClientId') as sso_client_id, - JSON_EXTRACT(detail.Properties, '$.StudioEncryptionConfiguration') as studio_encryption_configuration, - JSON_EXTRACT(detail.Properties, '$.StudioId') as studio_id, - JSON_EXTRACT(detail.Properties, '$.StudioName') as studio_name, - JSON_EXTRACT(detail.Properties, '$.StudioUrl') as studio_url, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.UserRoleArn') as user_role_arn - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::NimbleStudio::Studio' - AND detail.data__TypeName = 'AWS::NimbleStudio::Studio' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - json_extract_path_text(Properties, 'AdminRoleArn') as admin_role_arn, - json_extract_path_text(Properties, 'DisplayName') as display_name, - json_extract_path_text(Properties, 'HomeRegion') as home_region, - json_extract_path_text(Properties, 'SsoClientId') as sso_client_id, - json_extract_path_text(Properties, 'StudioEncryptionConfiguration') as studio_encryption_configuration, - json_extract_path_text(Properties, 'StudioId') as studio_id, - json_extract_path_text(Properties, 'StudioName') as studio_name, - json_extract_path_text(Properties, 'StudioUrl') as studio_url, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'UserRoleArn') as user_role_arn - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::Studio' - AND data__Identifier = '' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(detail.Properties, 'AdminRoleArn') as admin_role_arn, - json_extract_path_text(detail.Properties, 'DisplayName') as display_name, - json_extract_path_text(detail.Properties, 'HomeRegion') as home_region, - json_extract_path_text(detail.Properties, 'SsoClientId') as sso_client_id, - json_extract_path_text(detail.Properties, 'StudioEncryptionConfiguration') as studio_encryption_configuration, - json_extract_path_text(detail.Properties, 'StudioId') as studio_id, - json_extract_path_text(detail.Properties, 'StudioName') as studio_name, - json_extract_path_text(detail.Properties, 'StudioUrl') as studio_url, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'UserRoleArn') as user_role_arn - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::NimbleStudio::Studio' - AND detail.data__TypeName = 'AWS::NimbleStudio::Studio' - AND listing.region = 'us-east-1' - studios_list_only: - name: studios_list_only - id: aws.nimblestudio.studios_list_only - x-cfn-schema-name: Studio - x-cfn-type-name: AWS::NimbleStudio::Studio - x-identifiers: - - StudioId - x-type: cloud_control_view - methods: {} - sqlVerbs: - insert: [] - delete: [] - update: [] - config: - views: - select: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - region, - JSON_EXTRACT(Properties, '$.StudioId') as studio_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::Studio' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - region, - json_extract_path_text(Properties, 'StudioId') as studio_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::Studio' - AND region = 'us-east-1' - studio_tags: - name: studio_tags - id: aws.nimblestudio.studio_tags - x-cfn-schema-name: Studio - x-cfn-type-name: AWS::NimbleStudio::Studio - x-type: cloud_control_view - methods: {} - sqlVerbs: - insert: [] - delete: [] - update: [] - config: - views: - select: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - detail.region, - JSON_EXTRACT(json_each.value, '$.Key') as tag_key, - JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.AdminRoleArn') as admin_role_arn, - JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, - JSON_EXTRACT(detail.Properties, '$.HomeRegion') as home_region, - JSON_EXTRACT(detail.Properties, '$.SsoClientId') as sso_client_id, - JSON_EXTRACT(detail.Properties, '$.StudioEncryptionConfiguration') as studio_encryption_configuration, - JSON_EXTRACT(detail.Properties, '$.StudioId') as studio_id, - JSON_EXTRACT(detail.Properties, '$.StudioName') as studio_name, - JSON_EXTRACT(detail.Properties, '$.StudioUrl') as studio_url, - JSON_EXTRACT(detail.Properties, '$.UserRoleArn') as user_role_arn - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::NimbleStudio::Studio' - AND detail.data__TypeName = 'AWS::NimbleStudio::Studio' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(json_each.value, 'Key') as tag_key, - json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'AdminRoleArn') as admin_role_arn, - json_extract_path_text(detail.Properties, 'DisplayName') as display_name, - json_extract_path_text(detail.Properties, 'HomeRegion') as home_region, - json_extract_path_text(detail.Properties, 'SsoClientId') as sso_client_id, - json_extract_path_text(detail.Properties, 'StudioEncryptionConfiguration') as studio_encryption_configuration, - json_extract_path_text(detail.Properties, 'StudioId') as studio_id, - json_extract_path_text(detail.Properties, 'StudioName') as studio_name, - json_extract_path_text(detail.Properties, 'StudioUrl') as studio_url, - json_extract_path_text(detail.Properties, 'UserRoleArn') as user_role_arn - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::NimbleStudio::Studio' - AND detail.data__TypeName = 'AWS::NimbleStudio::Studio' - AND listing.region = 'us-east-1' - studio_components: - name: studio_components - id: aws.nimblestudio.studio_components - x-cfn-schema-name: StudioComponent - x-cfn-type-name: AWS::NimbleStudio::StudioComponent - x-identifiers: - - StudioComponentId - - StudioId - x-type: cloud_control - methods: - create_resource: - config: - requestBodyTranslate: - algorithm: naive_DesiredState - operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__StudioComponent&__detailTransformed=true/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::NimbleStudio::StudioComponent" - } - response: - mediaType: application/json - openAPIDocKey: '200' - update_resource: - operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::NimbleStudio::StudioComponent" - } - response: - mediaType: application/json - openAPIDocKey: '200' - delete_resource: - operation: - $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::NimbleStudio::StudioComponent" - } - response: - mediaType: application/json - openAPIDocKey: '200' - sqlVerbs: - insert: - - $ref: '#/components/x-stackQL-resources/studio_components/methods/create_resource' - delete: - - $ref: '#/components/x-stackQL-resources/studio_components/methods/delete_resource' - update: - - $ref: '#/components/x-stackQL-resources/studio_components/methods/update_resource' - config: - views: - select: - predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - JSON_EXTRACT(Properties, '$.Configuration') as configuration, - JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.Ec2SecurityGroupIds') as ec2_security_group_ids, - JSON_EXTRACT(Properties, '$.InitializationScripts') as initialization_scripts, - JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.RuntimeRoleArn') as runtime_role_arn, - JSON_EXTRACT(Properties, '$.ScriptParameters') as script_parameters, - JSON_EXTRACT(Properties, '$.SecureInitializationRoleArn') as secure_initialization_role_arn, - JSON_EXTRACT(Properties, '$.StudioComponentId') as studio_component_id, - JSON_EXTRACT(Properties, '$.StudioId') as studio_id, - JSON_EXTRACT(Properties, '$.Subtype') as subtype, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.Type') as type - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::StudioComponent' - AND data__Identifier = '|' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - detail.region, - JSON_EXTRACT(detail.Properties, '$.Configuration') as configuration, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.Ec2SecurityGroupIds') as ec2_security_group_ids, - JSON_EXTRACT(detail.Properties, '$.InitializationScripts') as initialization_scripts, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.RuntimeRoleArn') as runtime_role_arn, - JSON_EXTRACT(detail.Properties, '$.ScriptParameters') as script_parameters, - JSON_EXTRACT(detail.Properties, '$.SecureInitializationRoleArn') as secure_initialization_role_arn, - JSON_EXTRACT(detail.Properties, '$.StudioComponentId') as studio_component_id, - JSON_EXTRACT(detail.Properties, '$.StudioId') as studio_id, - JSON_EXTRACT(detail.Properties, '$.Subtype') as subtype, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.Type') as type - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::NimbleStudio::StudioComponent' - AND detail.data__TypeName = 'AWS::NimbleStudio::StudioComponent' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - json_extract_path_text(Properties, 'Configuration') as configuration, - json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'Ec2SecurityGroupIds') as ec2_security_group_ids, - json_extract_path_text(Properties, 'InitializationScripts') as initialization_scripts, - json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'RuntimeRoleArn') as runtime_role_arn, - json_extract_path_text(Properties, 'ScriptParameters') as script_parameters, - json_extract_path_text(Properties, 'SecureInitializationRoleArn') as secure_initialization_role_arn, - json_extract_path_text(Properties, 'StudioComponentId') as studio_component_id, - json_extract_path_text(Properties, 'StudioId') as studio_id, - json_extract_path_text(Properties, 'Subtype') as subtype, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'Type') as type - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::NimbleStudio::StudioComponent' - AND data__Identifier = '|' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(detail.Properties, 'Configuration') as configuration, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'Ec2SecurityGroupIds') as ec2_security_group_ids, - json_extract_path_text(detail.Properties, 'InitializationScripts') as initialization_scripts, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'RuntimeRoleArn') as runtime_role_arn, - json_extract_path_text(detail.Properties, 'ScriptParameters') as script_parameters, - json_extract_path_text(detail.Properties, 'SecureInitializationRoleArn') as secure_initialization_role_arn, - json_extract_path_text(detail.Properties, 'StudioComponentId') as studio_component_id, - json_extract_path_text(detail.Properties, 'StudioId') as studio_id, - json_extract_path_text(detail.Properties, 'Subtype') as subtype, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'Type') as type - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::NimbleStudio::StudioComponent' - AND detail.data__TypeName = 'AWS::NimbleStudio::StudioComponent' - AND listing.region = 'us-east-1' - studio_components_list_only: - name: studio_components_list_only - id: aws.nimblestudio.studio_components_list_only - x-cfn-schema-name: StudioComponent - x-cfn-type-name: AWS::NimbleStudio::StudioComponent - x-identifiers: - - StudioComponentId - - StudioId - x-type: cloud_control_view - methods: {} - sqlVerbs: - insert: [] - delete: [] - update: [] - config: - views: - select: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - region, - JSON_EXTRACT(Properties, '$.StudioComponentId') as studio_component_id, - JSON_EXTRACT(Properties, '$.StudioId') as studio_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::StudioComponent' - AND region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - region, - json_extract_path_text(Properties, 'StudioComponentId') as studio_component_id, - json_extract_path_text(Properties, 'StudioId') as studio_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::NimbleStudio::StudioComponent' - AND region = 'us-east-1' - studio_component_tags: - name: studio_component_tags - id: aws.nimblestudio.studio_component_tags - x-cfn-schema-name: StudioComponent - x-cfn-type-name: AWS::NimbleStudio::StudioComponent - x-type: cloud_control_view - methods: {} - sqlVerbs: - insert: [] - delete: [] - update: [] - config: - views: - select: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - detail.region, - JSON_EXTRACT(json_each.value, '$.Key') as tag_key, - JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Configuration') as configuration, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.Ec2SecurityGroupIds') as ec2_security_group_ids, - JSON_EXTRACT(detail.Properties, '$.InitializationScripts') as initialization_scripts, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.RuntimeRoleArn') as runtime_role_arn, - JSON_EXTRACT(detail.Properties, '$.ScriptParameters') as script_parameters, - JSON_EXTRACT(detail.Properties, '$.SecureInitializationRoleArn') as secure_initialization_role_arn, - JSON_EXTRACT(detail.Properties, '$.StudioComponentId') as studio_component_id, - JSON_EXTRACT(detail.Properties, '$.StudioId') as studio_id, - JSON_EXTRACT(detail.Properties, '$.Subtype') as subtype, - JSON_EXTRACT(detail.Properties, '$.Type') as type - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::NimbleStudio::StudioComponent' - AND detail.data__TypeName = 'AWS::NimbleStudio::StudioComponent' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(json_each.value, 'Key') as tag_key, - json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Configuration') as configuration, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'Ec2SecurityGroupIds') as ec2_security_group_ids, - json_extract_path_text(detail.Properties, 'InitializationScripts') as initialization_scripts, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'RuntimeRoleArn') as runtime_role_arn, - json_extract_path_text(detail.Properties, 'ScriptParameters') as script_parameters, - json_extract_path_text(detail.Properties, 'SecureInitializationRoleArn') as secure_initialization_role_arn, - json_extract_path_text(detail.Properties, 'StudioComponentId') as studio_component_id, - json_extract_path_text(detail.Properties, 'StudioId') as studio_id, - json_extract_path_text(detail.Properties, 'Subtype') as subtype, - json_extract_path_text(detail.Properties, 'Type') as type - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::NimbleStudio::StudioComponent' - AND detail.data__TypeName = 'AWS::NimbleStudio::StudioComponent' - AND listing.region = 'us-east-1' -paths: - /?Action=CreateResource&Version=2021-09-30: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: CreateResource - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?Action=DeleteResource&Version=2021-09-30: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: DeleteResource - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.DeleteResource - enum: - - CloudApiService.DeleteResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' - description: Success - /?Action=UpdateResource&Version=2021-09-30: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: UpdateResource - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.UpdateResource - enum: - - CloudApiService.UpdateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - properties: - ClientName: - type: string - Identifier: - $ref: '#/components/x-cloud-control-schemas/Identifier' - PatchDocument: - type: string - RoleArn: - $ref: '#/components/x-cloud-control-schemas/RoleArn' - TypeName: - $ref: '#/components/x-cloud-control-schemas/TypeName' - TypeVersionId: - $ref: '#/components/x-cloud-control-schemas/TypeVersionId' - required: - - Identifier - - PatchDocument - type: object - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' - description: Success - /?Action=CreateResource&Version=2021-09-30&__LaunchProfile&__detailTransformed=true: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: CreateLaunchProfile - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateLaunchProfileRequest' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?Action=CreateResource&Version=2021-09-30&__StreamingImage&__detailTransformed=true: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: CreateStreamingImage - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateStreamingImageRequest' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?Action=CreateResource&Version=2021-09-30&__Studio&__detailTransformed=true: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: CreateStudio - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateStudioRequest' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?Action=CreateResource&Version=2021-09-30&__StudioComponent&__detailTransformed=true: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: CreateStudioComponent - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateStudioComponentRequest' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success -x-stackQL-config: - requestTranslate: - algorithm: drop_double_underscore_params - pagination: - requestToken: - key: NextToken - location: body - responseToken: - key: NextToken - location: body diff --git a/providers/src/aws/v00.00.00000/services/oam.yaml b/providers/src/aws/v00.00.00000/services/oam.yaml index 67078a5e..4de479de 100644 --- a/providers/src/aws/v00.00.00000/services/oam.yaml +++ b/providers/src/aws/v00.00.00000/services/oam.yaml @@ -473,10 +473,17 @@ components: tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - oam:ListTagsForResource + - oam:UntagResource + - oam:TagResource x-required-permissions: create: - oam:CreateLink - oam:GetLink + - oam:TagResource + - oam:ListTagsForResource - cloudwatch:Link - logs:Link - xray:Link @@ -484,6 +491,7 @@ components: - internetmonitor:Link read: - oam:GetLink + - oam:ListTagsForResource update: - oam:GetLink - oam:UpdateLink @@ -494,6 +502,7 @@ components: - internetmonitor:Link - oam:TagResource - oam:UntagResource + - oam:ListTagsForResource delete: - oam:DeleteLink - oam:GetLink @@ -544,12 +553,19 @@ components: tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - oam:ListTagsForResource + - oam:UntagResource + - oam:TagResource x-required-permissions: create: - oam:CreateSink - oam:PutSinkPolicy - oam:GetSinkPolicy - oam:GetSink + - oam:TagResource + - oam:ListTagsForResource delete: - oam:DeleteSink - oam:GetSinkPolicy @@ -559,12 +575,14 @@ components: read: - oam:GetSinkPolicy - oam:GetSink + - oam:ListTagsForResource update: - oam:PutSinkPolicy - oam:GetSinkPolicy - oam:GetSink - oam:TagResource - oam:UntagResource + - oam:ListTagsForResource CreateLinkRequest: properties: ClientToken: diff --git a/providers/src/aws/v00.00.00000/services/omics.yaml b/providers/src/aws/v00.00.00000/services/omics.yaml index 747a09fe..f4aadd44 100644 --- a/providers/src/aws/v00.00.00000/services/omics.yaml +++ b/providers/src/aws/v00.00.00000/services/omics.yaml @@ -589,6 +589,11 @@ components: tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - omics:TagResource + - omics:UntagResource + - omics:ListTagsForResource x-required-permissions: create: - omics:CreateAnnotationStore @@ -671,10 +676,15 @@ components: tagOnCreate: true tagUpdatable: false cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - omics:TagResource + - omics:ListTagsForResource x-required-permissions: create: - omics:CreateReferenceStore - omics:TagResource + - kms:DescribeKey read: - omics:GetReferenceStore - omics:ListTagsForResource @@ -735,6 +745,11 @@ components: tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - omics:TagResource + - omics:UntagResource + - omics:ListTagsForResource x-required-permissions: create: - omics:CreateRunGroup @@ -817,10 +832,15 @@ components: tagOnCreate: true tagUpdatable: false cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - omics:TagResource + - omics:ListTagsForResource x-required-permissions: create: - omics:CreateSequenceStore - omics:TagResource + - kms:DescribeKey read: - omics:GetSequenceStore - omics:ListTagsForResource @@ -900,6 +920,11 @@ components: tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - omics:TagResource + - omics:UntagResource + - omics:ListTagsForResource x-required-permissions: create: - omics:CreateVariantStore @@ -1049,6 +1074,11 @@ components: tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - omics:TagResource + - omics:UntagResource + - omics:ListTagsForResource x-required-permissions: create: - omics:CreateWorkflow diff --git a/providers/src/aws/v00.00.00000/services/opensearchserverless.yaml b/providers/src/aws/v00.00.00000/services/opensearchserverless.yaml index 88e1b54e..351b5772 100644 --- a/providers/src/aws/v00.00.00000/services/opensearchserverless.yaml +++ b/providers/src/aws/v00.00.00000/services/opensearchserverless.yaml @@ -663,6 +663,40 @@ components: description: Config type for security config enum: - saml + - iamidentitycenter + IamIdentityCenterInstanceArn: + type: string + description: The ARN of the IAM Identity Center instance used to integrate with OpenSearch Serverless + IamIdentityCenterApplicationArn: + type: string + description: The ARN of the IAM Identity Center application used to integrate with OpenSearch Serverless + IamIdentityCenterUserAttribute: + type: string + description: User attribute for this IAM Identity Center integration + IamIdentityCenterGroupAttribute: + type: string + description: Group attribute for this IAM Identity Center integration + IamIdentityCenterConfigOptions: + type: object + description: Describes IAM Identity Center options for an OpenSearch Serverless security configuration in the form of a key-value map + properties: + InstanceArn: + $ref: '#/components/schemas/IamIdentityCenterInstanceArn' + ApplicationArn: + $ref: '#/components/schemas/IamIdentityCenterApplicationArn' + ApplicationName: + type: string + description: The name of the IAM Identity Center application used to integrate with OpenSearch Serverless + ApplicationDescription: + type: string + description: The description of the IAM Identity Center application used to integrate with OpenSearch Serverless + UserAttribute: + $ref: '#/components/schemas/IamIdentityCenterUserAttribute' + GroupAttribute: + $ref: '#/components/schemas/IamIdentityCenterGroupAttribute' + required: + - InstanceArn + additionalProperties: false SecurityConfig: type: object properties: @@ -684,6 +718,8 @@ components: description: The friendly name of the security config SamlOptions: $ref: '#/components/schemas/SamlConfigOptions' + IamIdentityCenterOptions: + $ref: '#/components/schemas/IamIdentityCenterConfigOptions' Type: $ref: '#/components/schemas/SecurityConfigType' x-stackql-resource-name: security_config @@ -696,10 +732,14 @@ components: x-create-only-properties: - Type - Name + - IamIdentityCenterOptions/InstanceArn x-write-only-properties: - Name x-read-only-properties: - Id + - IamIdentityCenterOptions/ApplicationArn + - IamIdentityCenterOptions/ApplicationName + - IamIdentityCenterOptions/ApplicationDescription x-tagging: taggable: false tagOnCreate: false @@ -708,6 +748,12 @@ components: x-required-permissions: create: - aoss:CreateSecurityConfig + - sso:CreateApplication + - sso:ListApplications + - sso:DeleteApplication + - sso:PutApplicationAssignmentConfiguration + - sso:PutApplicationAuthenticationMethod + - sso:PutApplicationGrant read: - aoss:GetSecurityConfig update: @@ -715,6 +761,9 @@ components: - aoss:UpdateSecurityConfig delete: - aoss:DeleteSecurityConfig + - sso:ListApplicationAssignments + - sso:DeleteApplicationAssignment + - sso:DeleteApplication list: - aoss:ListSecurityConfigs SecurityPolicyType: @@ -1080,6 +1129,8 @@ components: description: The friendly name of the security config SamlOptions: $ref: '#/components/schemas/SamlConfigOptions' + IamIdentityCenterOptions: + $ref: '#/components/schemas/IamIdentityCenterConfigOptions' Type: $ref: '#/components/schemas/SecurityConfigType' x-stackQL-stringOnly: true @@ -1779,6 +1830,7 @@ components: JSON_EXTRACT(Properties, '$.Id') as id, JSON_EXTRACT(Properties, '$.Name') as name, JSON_EXTRACT(Properties, '$.SamlOptions') as saml_options, + JSON_EXTRACT(Properties, '$.IamIdentityCenterOptions') as iam_identity_center_options, JSON_EXTRACT(Properties, '$.Type') as type FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::SecurityConfig' AND data__Identifier = '' @@ -1792,6 +1844,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.SamlOptions') as saml_options, + JSON_EXTRACT(detail.Properties, '$.IamIdentityCenterOptions') as iam_identity_center_options, JSON_EXTRACT(detail.Properties, '$.Type') as type FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -1810,6 +1863,7 @@ components: json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'Name') as name, json_extract_path_text(Properties, 'SamlOptions') as saml_options, + json_extract_path_text(Properties, 'IamIdentityCenterOptions') as iam_identity_center_options, json_extract_path_text(Properties, 'Type') as type FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchServerless::SecurityConfig' AND data__Identifier = '' @@ -1823,6 +1877,7 @@ components: json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'SamlOptions') as saml_options, + json_extract_path_text(detail.Properties, 'IamIdentityCenterOptions') as iam_identity_center_options, json_extract_path_text(detail.Properties, 'Type') as type FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail diff --git a/providers/src/aws/v00.00.00000/services/opensearchservice.yaml b/providers/src/aws/v00.00.00000/services/opensearchservice.yaml index 5b5d7145..4f22532f 100644 --- a/providers/src/aws/v00.00.00000/services/opensearchservice.yaml +++ b/providers/src/aws/v00.00.00000/services/opensearchservice.yaml @@ -385,12 +385,183 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + AppConfigType: + type: string + enum: + - opensearchDashboards.dashboardAdmin.users + - opensearchDashboards.dashboardAdmin.groups + description: AppConfig type values. + Tag: + type: object + additionalProperties: false + properties: + Value: + description: The key of the tag. + type: string + minLength: 0 + maxLength: 256 + Key: + description: The value of the tag. + type: string + minLength: 0 + maxLength: 128 + required: + - Value + - Key + AppConfig: + type: object + description: A key-value pair of AppConfig + properties: + Key: + $ref: '#/components/schemas/AppConfigType' + description: The configuration key + Value: + type: string + maxLength: 256 + minLength: 0 + description: The configuration value. + required: + - Key + - Value + additionalProperties: false + DataSource: + type: object + description: Datasource arn and description + properties: + DataSourceArn: + type: string + description: The ARN of the data source. + DataSourceDescription: + type: string + description: Description of the data source. + required: + - DataSourceArn + additionalProperties: false + Application: + type: object + properties: + IamIdentityCenterOptions: + type: object + description: Options for configuring IAM Identity Center + properties: + Enabled: + type: boolean + description: Whether IAM Identity Center is enabled. + IamIdentityCenterInstanceArn: + type: string + description: The ARN of the IAM Identity Center instance. + IamRoleForIdentityCenterApplicationArn: + type: string + description: The ARN of the IAM role for Identity Center application. + additionalProperties: false + Arn: + type: string + description: Amazon Resource Name (ARN) format. + Id: + type: string + maxLength: 40 + minLength: 3 + description: The identifier of the application. + Name: + type: string + pattern: '[a-z][a-z0-9\-]+' + minLength: 3 + maxLength: 40 + description: The name of the application. + Endpoint: + type: string + description: The endpoint for the application. + AppConfigs: + type: array + items: + $ref: '#/components/schemas/AppConfig' + description: List of application configurations. + x-insertionOrder: false + DataSources: + type: array + items: + $ref: '#/components/schemas/DataSource' + description: List of data sources. + x-insertionOrder: false + Tags: + description: An arbitrary set of tags (key-value pairs) for this application. + items: + $ref: '#/components/schemas/Tag' + type: array + uniqueItems: true + required: + - Name + x-stackql-resource-name: application + description: Amazon OpenSearchService application resource + x-type-name: AWS::OpenSearchService::Application + x-stackql-primary-identifier: + - Name + x-stackql-additional-identifiers: + - - Arn + x-create-only-properties: + - Name + x-read-only-properties: + - Id + - Arn + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - es:AddTags + - es:RemoveTags + - es:ListTags + x-required-permissions: + create: + - es:CreateApplication + - es:GetApplication + - es:AddTags + - es:ListTags + - iam:CreateServiceLinkedRole + read: + - es:GetApplication + - es:ListTags + update: + - es:UpdateApplication + - es:GetApplication + - es:AddTags + - es:RemoveTags + - es:ListTags + delete: + - es:GetApplication + - es:DeleteApplication + list: + - es:ListApplications ZoneAwarenessConfig: type: object additionalProperties: false properties: AvailabilityZoneCount: type: integer + NodeConfig: + type: object + properties: + Enabled: + type: boolean + Type: + type: string + Count: + type: integer + additionalProperties: false + NodeOption: + type: object + properties: + NodeType: + type: string + enum: + - coordinator + NodeConfig: + $ref: '#/components/schemas/NodeConfig' + additionalProperties: false ClusterConfig: type: object additionalProperties: false @@ -419,6 +590,10 @@ components: type: boolean ColdStorageOptions: $ref: '#/components/schemas/ColdStorageOptions' + NodeOptions: + type: array + items: + $ref: '#/components/schemas/NodeOption' LogPublishingOption: type: object additionalProperties: false @@ -520,6 +695,18 @@ components: type: string SessionTimeoutMinutes: type: integer + JWTOptions: + type: object + additionalProperties: false + properties: + Enabled: + type: boolean + PublicKey: + type: string + SubjectKey: + type: string + RolesKey: + type: string AdvancedSecurityOptionsInput: type: object additionalProperties: false @@ -534,6 +721,8 @@ components: type: boolean SAMLOptions: $ref: '#/components/schemas/SAMLOptions' + JWTOptions: + $ref: '#/components/schemas/JWTOptions' AnonymousAuthDisableDate: type: string EBSOptions: @@ -558,23 +747,6 @@ components: type: string Enabled: type: boolean - Tag: - type: object - additionalProperties: false - properties: - Value: - description: The key of the tag. - type: string - minLength: 0 - maxLength: 256 - Key: - description: The value of the tag. - type: string - minLength: 0 - maxLength: 128 - required: - - Value - - Key ServiceSoftwareOptions: type: object additionalProperties: false @@ -636,6 +808,42 @@ components: properties: Enabled: type: boolean + SubjectKeyIdcType: + type: string + enum: + - UserName + - UserId + - Email + description: Subject Key Idc type values. + RolesKeyIdcType: + type: string + enum: + - GroupName + - GroupId + description: Roles Key Idc type values. + IdentityCenterOptions: + type: object + description: Options for configuring Identity Center + properties: + EnabledAPIAccess: + type: boolean + description: Whether Identity Center is enabled. + IdentityCenterInstanceARN: + type: string + description: The ARN of the Identity Center instance. + SubjectKey: + $ref: '#/components/schemas/SubjectKeyIdcType' + description: The subject key for Identity Center options. + RolesKey: + $ref: '#/components/schemas/RolesKeyIdcType' + description: The roles key for Identity Center options. + IdentityCenterApplicationARN: + type: string + description: The ARN of the Identity Center application. + IdentityStoreId: + type: string + description: The IdentityStoreId for Identity Center options. + additionalProperties: false Domain: type: object properties: @@ -705,6 +913,10 @@ components: $ref: '#/components/schemas/OffPeakWindowOptions' SoftwareUpdateOptions: $ref: '#/components/schemas/SoftwareUpdateOptions' + SkipShardMigrationWait: + type: boolean + IdentityCenterOptions: + $ref: '#/components/schemas/IdentityCenterOptions' x-stackql-resource-name: domain description: An example resource schema demonstrating some basic constructs and validation rules. x-type-name: AWS::OpenSearchService::Domain @@ -719,6 +931,7 @@ components: - AdvancedSecurityOptions/MasterUserOptions - AdvancedSecurityOptions/SAMLOptions/MasterUserName - AdvancedSecurityOptions/SAMLOptions/MasterBackendRole + - AdvancedSecurityOptions/JWTOptions/PublicKey x-read-only-properties: - Id - Arn @@ -728,6 +941,8 @@ components: - DomainEndpoints - ServiceSoftwareOptions - AdvancedSecurityOptions/AnonymousAuthDisableDate + - IdentityCenterOptions/IdentityCenterApplicationARN + - IdentityCenterOptions/IdentityStoreId x-required-permissions: create: - es:CreateDomain @@ -748,6 +963,72 @@ components: delete: - es:DeleteDomain - es:DescribeDomain + CreateApplicationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + IamIdentityCenterOptions: + type: object + description: Options for configuring IAM Identity Center + properties: + Enabled: + type: boolean + description: Whether IAM Identity Center is enabled. + IamIdentityCenterInstanceArn: + type: string + description: The ARN of the IAM Identity Center instance. + IamRoleForIdentityCenterApplicationArn: + type: string + description: The ARN of the IAM role for Identity Center application. + additionalProperties: false + Arn: + type: string + description: Amazon Resource Name (ARN) format. + Id: + type: string + maxLength: 40 + minLength: 3 + description: The identifier of the application. + Name: + type: string + pattern: '[a-z][a-z0-9\-]+' + minLength: 3 + maxLength: 40 + description: The name of the application. + Endpoint: + type: string + description: The endpoint for the application. + AppConfigs: + type: array + items: + $ref: '#/components/schemas/AppConfig' + description: List of application configurations. + x-insertionOrder: false + DataSources: + type: array + items: + $ref: '#/components/schemas/DataSource' + description: List of data sources. + x-insertionOrder: false + Tags: + description: An arbitrary set of tags (key-value pairs) for this application. + items: + $ref: '#/components/schemas/Tag' + type: array + uniqueItems: true + x-stackQL-stringOnly: true + x-title: CreateApplicationRequest + type: object + required: [] CreateDomainRequest: properties: ClientToken: @@ -827,6 +1108,10 @@ components: $ref: '#/components/schemas/OffPeakWindowOptions' SoftwareUpdateOptions: $ref: '#/components/schemas/SoftwareUpdateOptions' + SkipShardMigrationWait: + type: boolean + IdentityCenterOptions: + $ref: '#/components/schemas/IdentityCenterOptions' x-stackQL-stringOnly: true x-title: CreateDomainRequest type: object @@ -839,6 +1124,225 @@ components: description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: + applications: + name: applications + id: aws.opensearchservice.applications + x-cfn-schema-name: Application + x-cfn-type-name: AWS::OpenSearchService::Application + x-identifiers: + - Name + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Application&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::OpenSearchService::Application" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::OpenSearchService::Application" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::OpenSearchService::Application" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/applications/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/applications/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/applications/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IamIdentityCenterOptions') as iam_identity_center_options, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.AppConfigs') as app_configs, + JSON_EXTRACT(Properties, '$.DataSources') as data_sources, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchService::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.IamIdentityCenterOptions') as iam_identity_center_options, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(detail.Properties, '$.AppConfigs') as app_configs, + JSON_EXTRACT(detail.Properties, '$.DataSources') as data_sources, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::OpenSearchService::Application' + AND detail.data__TypeName = 'AWS::OpenSearchService::Application' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IamIdentityCenterOptions') as iam_identity_center_options, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'AppConfigs') as app_configs, + json_extract_path_text(Properties, 'DataSources') as data_sources, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchService::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'IamIdentityCenterOptions') as iam_identity_center_options, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, + json_extract_path_text(detail.Properties, 'AppConfigs') as app_configs, + json_extract_path_text(detail.Properties, 'DataSources') as data_sources, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::OpenSearchService::Application' + AND detail.data__TypeName = 'AWS::OpenSearchService::Application' + AND listing.region = 'us-east-1' + applications_list_only: + name: applications_list_only + id: aws.opensearchservice.applications_list_only + x-cfn-schema-name: Application + x-cfn-type-name: AWS::OpenSearchService::Application + x-identifiers: + - Name + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchService::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::OpenSearchService::Application' + AND region = 'us-east-1' + application_tags: + name: application_tags + id: aws.opensearchservice.application_tags + x-cfn-schema-name: Application + x-cfn-type-name: AWS::OpenSearchService::Application + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.IamIdentityCenterOptions') as iam_identity_center_options, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(detail.Properties, '$.AppConfigs') as app_configs, + JSON_EXTRACT(detail.Properties, '$.DataSources') as data_sources + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::OpenSearchService::Application' + AND detail.data__TypeName = 'AWS::OpenSearchService::Application' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'IamIdentityCenterOptions') as iam_identity_center_options, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, + json_extract_path_text(detail.Properties, 'AppConfigs') as app_configs, + json_extract_path_text(detail.Properties, 'DataSources') as data_sources + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::OpenSearchService::Application' + AND detail.data__TypeName = 'AWS::OpenSearchService::Application' + AND listing.region = 'us-east-1' domains: name: domains id: aws.opensearchservice.domains @@ -926,7 +1430,9 @@ components: JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.ServiceSoftwareOptions') as service_software_options, JSON_EXTRACT(Properties, '$.OffPeakWindowOptions') as off_peak_window_options, - JSON_EXTRACT(Properties, '$.SoftwareUpdateOptions') as software_update_options + JSON_EXTRACT(Properties, '$.SoftwareUpdateOptions') as software_update_options, + JSON_EXTRACT(Properties, '$.SkipShardMigrationWait') as skip_shard_migration_wait, + JSON_EXTRACT(Properties, '$.IdentityCenterOptions') as identity_center_options FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchService::Domain' AND data__Identifier = '' AND region = 'us-east-1' @@ -960,7 +1466,9 @@ components: json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'ServiceSoftwareOptions') as service_software_options, json_extract_path_text(Properties, 'OffPeakWindowOptions') as off_peak_window_options, - json_extract_path_text(Properties, 'SoftwareUpdateOptions') as software_update_options + json_extract_path_text(Properties, 'SoftwareUpdateOptions') as software_update_options, + json_extract_path_text(Properties, 'SkipShardMigrationWait') as skip_shard_migration_wait, + json_extract_path_text(Properties, 'IdentityCenterOptions') as identity_center_options FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OpenSearchService::Domain' AND data__Identifier = '' AND region = 'us-east-1' @@ -1107,6 +1615,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' description: Success + /?Action=CreateResource&Version=2021-09-30&__Application&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateApplication + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateApplicationRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Domain&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/organizations.yaml b/providers/src/aws/v00.00.00000/services/organizations.yaml index 97311288..6fd352d6 100644 --- a/providers/src/aws/v00.00.00000/services/organizations.yaml +++ b/providers/src/aws/v00.00.00000/services/organizations.yaml @@ -490,6 +490,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - organizations:TagResource + - organizations:UntagResource + - organizations:ListTagsForResource x-required-permissions: create: - organizations:CreateAccount @@ -580,7 +584,8 @@ components: - organizations:DescribeOrganization list: - organizations:DescribeOrganization - update: [] + update: + - organizations:DescribeOrganization OrganizationalUnit: type: object properties: @@ -635,6 +640,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - organizations:TagResource + - organizations:UntagResource + - organizations:ListTagsForResource x-required-permissions: create: - organizations:CreateOrganizationalUnit @@ -667,13 +676,16 @@ components: minLength: 1 maxLength: 128 Type: - description: 'The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY' + description: 'The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY, CHATBOT_POLICY, RESOURCE_CONTROL_POLICY,DECLARATIVE_POLICY_EC2' type: string enum: - SERVICE_CONTROL_POLICY - AISERVICES_OPT_OUT_POLICY - BACKUP_POLICY - TAG_POLICY + - CHATBOT_POLICY + - RESOURCE_CONTROL_POLICY + - DECLARATIVE_POLICY_EC2 Content: description: The Policy text content. For AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it. type: object @@ -737,6 +749,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - organizations:TagResource + - organizations:UntagResource + - organizations:ListTagsForResource x-required-permissions: create: - organizations:CreatePolicy @@ -806,6 +822,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - organizations:TagResource + - organizations:UntagResource + - organizations:ListTagsForResource x-required-permissions: create: - organizations:PutResourcePolicy @@ -1016,13 +1036,16 @@ components: minLength: 1 maxLength: 128 Type: - description: 'The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY' + description: 'The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY, CHATBOT_POLICY, RESOURCE_CONTROL_POLICY,DECLARATIVE_POLICY_EC2' type: string enum: - SERVICE_CONTROL_POLICY - AISERVICES_OPT_OUT_POLICY - BACKUP_POLICY - TAG_POLICY + - CHATBOT_POLICY + - RESOURCE_CONTROL_POLICY + - DECLARATIVE_POLICY_EC2 Content: description: The Policy text content. For AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it. type: object @@ -1367,6 +1390,18 @@ components: response: mediaType: application/json openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Organizations::Organization" + } + response: + mediaType: application/json + openAPIDocKey: '200' delete_resource: operation: $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' @@ -1384,7 +1419,8 @@ components: - $ref: '#/components/x-stackQL-resources/organizations/methods/create_resource' delete: - $ref: '#/components/x-stackQL-resources/organizations/methods/delete_resource' - update: [] + update: + - $ref: '#/components/x-stackQL-resources/organizations/methods/update_resource' config: views: select: diff --git a/providers/src/aws/v00.00.00000/services/osis.yaml b/providers/src/aws/v00.00.00000/services/osis.yaml index 1bd57a94..11899f14 100644 --- a/providers/src/aws/v00.00.00000/services/osis.yaml +++ b/providers/src/aws/v00.00.00000/services/osis.yaml @@ -465,6 +465,27 @@ components: minLength: 15 maxLength: 24 pattern: subnet-\w{8}(\w{9})? + VpcEndpointManagement: + description: Defines whether you or Amazon OpenSearch Ingestion service create and manage the VPC endpoint configured for the pipeline. + type: string + enum: + - CUSTOMER + - SERVICE + VpcAttachmentOptions: + type: object + description: Options for attaching a VPC to the pipeline. + properties: + AttachToVpc: + type: boolean + description: Whether the pipeline should be attached to the provided VPC + CidrBlock: + type: string + description: The CIDR block to be reserved for OpenSearch Ingestion to create elastic network interfaces (ENIs). + pattern: ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/(3[0-2]|[12]?[0-9])$ + required: + - AttachToVpc + - CidrBlock + additionalProperties: false required: - SubnetIds additionalProperties: false @@ -526,6 +547,11 @@ components: description: The VPC interface endpoints that have access to the pipeline. items: $ref: '#/components/schemas/VpcEndpoint' + VpcEndpointService: + description: The VPC endpoint service name for the pipeline. + type: string + minLength: 1 + maxLength: 128 PipelineArn: description: The Amazon Resource Name (ARN) of the pipeline. type: string @@ -556,6 +582,7 @@ components: - PipelineArn - IngestEndpointUrls - VpcEndpoints + - VpcEndpointService x-required-properties: - MaxUnits - MinUnits @@ -654,6 +681,11 @@ components: description: The VPC interface endpoints that have access to the pipeline. items: $ref: '#/components/schemas/VpcEndpoint' + VpcEndpointService: + description: The VPC endpoint service name for the pipeline. + type: string + minLength: 1 + maxLength: 128 PipelineArn: description: The Amazon Resource Name (ARN) of the pipeline. type: string @@ -751,6 +783,7 @@ components: JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.VpcOptions') as vpc_options, JSON_EXTRACT(Properties, '$.VpcEndpoints') as vpc_endpoints, + JSON_EXTRACT(Properties, '$.VpcEndpointService') as vpc_endpoint_service, JSON_EXTRACT(Properties, '$.PipelineArn') as pipeline_arn, JSON_EXTRACT(Properties, '$.IngestEndpointUrls') as ingest_endpoint_urls FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OSIS::Pipeline' @@ -771,6 +804,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.VpcOptions') as vpc_options, JSON_EXTRACT(detail.Properties, '$.VpcEndpoints') as vpc_endpoints, + JSON_EXTRACT(detail.Properties, '$.VpcEndpointService') as vpc_endpoint_service, JSON_EXTRACT(detail.Properties, '$.PipelineArn') as pipeline_arn, JSON_EXTRACT(detail.Properties, '$.IngestEndpointUrls') as ingest_endpoint_urls FROM aws.cloud_control.resources listing @@ -796,6 +830,7 @@ components: json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'VpcOptions') as vpc_options, json_extract_path_text(Properties, 'VpcEndpoints') as vpc_endpoints, + json_extract_path_text(Properties, 'VpcEndpointService') as vpc_endpoint_service, json_extract_path_text(Properties, 'PipelineArn') as pipeline_arn, json_extract_path_text(Properties, 'IngestEndpointUrls') as ingest_endpoint_urls FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::OSIS::Pipeline' @@ -816,6 +851,7 @@ components: json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'VpcOptions') as vpc_options, json_extract_path_text(detail.Properties, 'VpcEndpoints') as vpc_endpoints, + json_extract_path_text(detail.Properties, 'VpcEndpointService') as vpc_endpoint_service, json_extract_path_text(detail.Properties, 'PipelineArn') as pipeline_arn, json_extract_path_text(detail.Properties, 'IngestEndpointUrls') as ingest_endpoint_urls FROM aws.cloud_control.resources listing @@ -885,6 +921,7 @@ components: JSON_EXTRACT(detail.Properties, '$.PipelineName') as pipeline_name, JSON_EXTRACT(detail.Properties, '$.VpcOptions') as vpc_options, JSON_EXTRACT(detail.Properties, '$.VpcEndpoints') as vpc_endpoints, + JSON_EXTRACT(detail.Properties, '$.VpcEndpointService') as vpc_endpoint_service, JSON_EXTRACT(detail.Properties, '$.PipelineArn') as pipeline_arn, JSON_EXTRACT(detail.Properties, '$.IngestEndpointUrls') as ingest_endpoint_urls FROM aws.cloud_control.resources listing @@ -911,6 +948,7 @@ components: json_extract_path_text(detail.Properties, 'PipelineName') as pipeline_name, json_extract_path_text(detail.Properties, 'VpcOptions') as vpc_options, json_extract_path_text(detail.Properties, 'VpcEndpoints') as vpc_endpoints, + json_extract_path_text(detail.Properties, 'VpcEndpointService') as vpc_endpoint_service, json_extract_path_text(detail.Properties, 'PipelineArn') as pipeline_arn, json_extract_path_text(detail.Properties, 'IngestEndpointUrls') as ingest_endpoint_urls FROM aws.cloud_control.resources listing diff --git a/providers/src/aws/v00.00.00000/services/panorama.yaml b/providers/src/aws/v00.00.00000/services/panorama.yaml index 17be2e36..38eebb04 100644 --- a/providers/src/aws/v00.00.00000/services/panorama.yaml +++ b/providers/src/aws/v00.00.00000/services/panorama.yaml @@ -414,10 +414,12 @@ components: - REMOVAL_FAILED - REMOVAL_SUCCEEDED ManifestOverridesPayload: + description: Parameter overrides for an application instance. This is a JSON document that has a single key (``PayloadData``) where the value is an escaped string representation of the overrides document. additionalProperties: false type: object properties: PayloadData: + description: The overrides document. $ref: '#/components/schemas/ManifestOverridesPayloadData' RuntimeRoleArn: minLength: 1 @@ -463,10 +465,12 @@ components: items: $ref: '#/components/schemas/Tag' ManifestPayload: + description: A application verion's manifest file. This is a JSON document that has a single key (``PayloadData``) where the value is an escaped string representation of the application manifest (``graph.json``). This file is located in the ``graphs`` folder in your application source. additionalProperties: false type: object properties: PayloadData: + description: The application manifest. $ref: '#/components/schemas/ManifestPayloadData' ApplicationInstanceArn: minLength: 1 @@ -489,15 +493,18 @@ components: minLength: 1 maxLength: 128 pattern: ^.+$ + description: '' Value: type: string minLength: 0 maxLength: 256 pattern: ^.+$ + description: '' required: - Key - Value additionalProperties: false + description: '' DeviceName: minLength: 1 pattern: ^[a-zA-Z0-9\-\_]+$ @@ -507,42 +514,58 @@ components: type: object properties: DefaultRuntimeContextDeviceName: + description: '' $ref: '#/components/schemas/DeviceName' Status: + description: '' $ref: '#/components/schemas/ApplicationInstanceStatus' DefaultRuntimeContextDevice: + description: The device's ID. $ref: '#/components/schemas/DefaultRuntimeContextDevice' Description: + description: A description for the application instance. $ref: '#/components/schemas/Description' ApplicationInstanceIdToReplace: + description: The ID of an application instance to replace with the new instance. $ref: '#/components/schemas/ApplicationInstanceId' CreatedTime: + description: '' $ref: '#/components/schemas/Timestamp' HealthStatus: + description: '' $ref: '#/components/schemas/ApplicationInstanceHealthStatus' ManifestOverridesPayload: + description: Setting overrides for the application manifest. $ref: '#/components/schemas/ManifestOverridesPayload' LastUpdatedTime: + description: '' $ref: '#/components/schemas/Timestamp' RuntimeRoleArn: + description: The ARN of a runtime role for the application instance. $ref: '#/components/schemas/RuntimeRoleArn' Name: + description: A name for the application instance. $ref: '#/components/schemas/Name' ApplicationInstanceId: + description: '' $ref: '#/components/schemas/ApplicationInstanceId' StatusDescription: + description: '' $ref: '#/components/schemas/ApplicationInstanceStatusDescription' ManifestPayload: + description: The application's manifest document. $ref: '#/components/schemas/ManifestPayload' Arn: + description: '' $ref: '#/components/schemas/ApplicationInstanceArn' Tags: + description: Tags for the application instance. $ref: '#/components/schemas/TagList' required: - ManifestPayload - DefaultRuntimeContextDevice x-stackql-resource-name: application_instance - description: Schema for ApplicationInstance CloudFormation Resource + description: Creates an application instance and deploys it to a device. x-type-name: AWS::Panorama::ApplicationInstance x-stackql-primary-identifier: - ApplicationInstanceId @@ -631,34 +654,46 @@ components: properties: Bucket: type: string + description: The location's bucket. RepoPrefixLocation: type: string + description: The location's repo prefix. GeneratedPrefixLocation: type: string + description: The location's generated prefix. BinaryPrefixLocation: type: string + description: The location's binary prefix. ManifestPrefixLocation: type: string + description: The location's manifest prefix. additionalProperties: false + description: A storage location. Package: type: object properties: PackageName: $ref: '#/components/schemas/NodePackageName' + description: A name for the package. PackageId: $ref: '#/components/schemas/NodePackageId' + description: '' Arn: $ref: '#/components/schemas/NodePackageArn' + description: '' StorageLocation: $ref: '#/components/schemas/StorageLocation' + description: A storage location. CreatedTime: $ref: '#/components/schemas/Timestamp' + description: '' Tags: $ref: '#/components/schemas/TagList' + description: Tags for the package. required: - PackageName x-stackql-resource-name: package - description: Schema for Package CloudFormation Resource + description: Creates a package and storage location in an Amazon S3 access point. x-type-name: AWS::Panorama::Package x-stackql-primary-identifier: - PackageId @@ -750,34 +785,46 @@ components: properties: OwnerAccount: $ref: '#/components/schemas/PackageOwnerAccount' + description: An owner account. PackageId: $ref: '#/components/schemas/NodePackageId' + description: A package ID. PackageArn: $ref: '#/components/schemas/NodePackageArn' + description: '' PackageVersion: $ref: '#/components/schemas/NodePackageVersion' + description: A package version. PatchVersion: $ref: '#/components/schemas/NodePackagePatchVersion' + description: A patch version. MarkLatest: type: boolean + description: Whether to mark the new version as the latest version. IsLatestPatch: type: boolean + description: '' PackageName: $ref: '#/components/schemas/NodePackageName' + description: '' Status: $ref: '#/components/schemas/PackageVersionStatus' + description: '' StatusDescription: $ref: '#/components/schemas/PackageVersionStatusDescription' + description: '' RegisteredTime: $ref: '#/components/schemas/TimeStamp' + description: '' UpdatedLatestPatchVersion: $ref: '#/components/schemas/NodePackagePatchVersion' + description: If the version was marked latest, the new version to maker as latest. required: - PackageId - PackageVersion - PatchVersion x-stackql-resource-name: package_version - description: Schema for PackageVersion Resource Type + description: Registers a package version. x-type-name: AWS::Panorama::PackageVersion x-stackql-primary-identifier: - PackageId @@ -844,36 +891,52 @@ components: type: object properties: DefaultRuntimeContextDeviceName: + description: '' $ref: '#/components/schemas/DeviceName' Status: + description: '' $ref: '#/components/schemas/ApplicationInstanceStatus' DefaultRuntimeContextDevice: + description: The device's ID. $ref: '#/components/schemas/DefaultRuntimeContextDevice' Description: + description: A description for the application instance. $ref: '#/components/schemas/Description' ApplicationInstanceIdToReplace: + description: The ID of an application instance to replace with the new instance. $ref: '#/components/schemas/ApplicationInstanceId' CreatedTime: + description: '' $ref: '#/components/schemas/Timestamp' HealthStatus: + description: '' $ref: '#/components/schemas/ApplicationInstanceHealthStatus' ManifestOverridesPayload: + description: Setting overrides for the application manifest. $ref: '#/components/schemas/ManifestOverridesPayload' LastUpdatedTime: + description: '' $ref: '#/components/schemas/Timestamp' RuntimeRoleArn: + description: The ARN of a runtime role for the application instance. $ref: '#/components/schemas/RuntimeRoleArn' Name: + description: A name for the application instance. $ref: '#/components/schemas/Name' ApplicationInstanceId: + description: '' $ref: '#/components/schemas/ApplicationInstanceId' StatusDescription: + description: '' $ref: '#/components/schemas/ApplicationInstanceStatusDescription' ManifestPayload: + description: The application's manifest document. $ref: '#/components/schemas/ManifestPayload' Arn: + description: '' $ref: '#/components/schemas/ApplicationInstanceArn' Tags: + description: Tags for the application instance. $ref: '#/components/schemas/TagList' x-stackQL-stringOnly: true x-title: CreateApplicationInstanceRequest @@ -894,16 +957,22 @@ components: properties: PackageName: $ref: '#/components/schemas/NodePackageName' + description: A name for the package. PackageId: $ref: '#/components/schemas/NodePackageId' + description: '' Arn: $ref: '#/components/schemas/NodePackageArn' + description: '' StorageLocation: $ref: '#/components/schemas/StorageLocation' + description: A storage location. CreatedTime: $ref: '#/components/schemas/Timestamp' + description: '' Tags: $ref: '#/components/schemas/TagList' + description: Tags for the package. x-stackQL-stringOnly: true x-title: CreatePackageRequest type: object @@ -923,28 +992,40 @@ components: properties: OwnerAccount: $ref: '#/components/schemas/PackageOwnerAccount' + description: An owner account. PackageId: $ref: '#/components/schemas/NodePackageId' + description: A package ID. PackageArn: $ref: '#/components/schemas/NodePackageArn' + description: '' PackageVersion: $ref: '#/components/schemas/NodePackageVersion' + description: A package version. PatchVersion: $ref: '#/components/schemas/NodePackagePatchVersion' + description: A patch version. MarkLatest: type: boolean + description: Whether to mark the new version as the latest version. IsLatestPatch: type: boolean + description: '' PackageName: $ref: '#/components/schemas/NodePackageName' + description: '' Status: $ref: '#/components/schemas/PackageVersionStatus' + description: '' StatusDescription: $ref: '#/components/schemas/PackageVersionStatusDescription' + description: '' RegisteredTime: $ref: '#/components/schemas/TimeStamp' + description: '' UpdatedLatestPatchVersion: $ref: '#/components/schemas/NodePackagePatchVersion' + description: If the version was marked latest, the new version to maker as latest. x-stackQL-stringOnly: true x-title: CreatePackageVersionRequest type: object diff --git a/providers/src/aws/v00.00.00000/services/paymentcryptography.yaml b/providers/src/aws/v00.00.00000/services/paymentcryptography.yaml index 5778135a..f6a62ecc 100644 --- a/providers/src/aws/v00.00.00000/services/paymentcryptography.yaml +++ b/providers/src/aws/v00.00.00000/services/paymentcryptography.yaml @@ -433,6 +433,8 @@ components: - RSA_2048 - RSA_3072 - RSA_4096 + - ECC_NIST_P256 + - ECC_NIST_P384 KeyAttributes: type: object properties: @@ -543,9 +545,10 @@ components: Value: type: string maxLength: 256 - minLength: 0 + minLength: 1 required: - Key + - Value additionalProperties: false Key: type: object @@ -595,6 +598,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - payment-cryptography:ListTagsForResource + - payment-cryptography:TagResource + - payment-cryptography:UntagResource x-required-permissions: create: - payment-cryptography:GetKey diff --git a/providers/src/aws/v00.00.00000/services/pcaconnectorad.yaml b/providers/src/aws/v00.00.00000/services/pcaconnectorad.yaml index d38db598..8e4b0bae 100644 --- a/providers/src/aws/v00.00.00000/services/pcaconnectorad.yaml +++ b/providers/src/aws/v00.00.00000/services/pcaconnectorad.yaml @@ -440,11 +440,6 @@ components: - CertificateAuthorityArn - DirectoryId - VpcInformation - x-write-only-properties: - - CertificateAuthorityArn - - DirectoryId - - Tags - - VpcInformation x-read-only-properties: - ConnectorArn x-required-properties: @@ -457,6 +452,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - pca-connector-ad:ListTagsForResource + - pca-connector-ad:TagResource + - pca-connector-ad:UntagResource x-required-permissions: create: - acm-pca:DescribeCertificateAuthority @@ -469,14 +468,16 @@ components: - ec2:DescribeVpcEndpoints - pca-connector-ad:CreateConnector - pca-connector-ad:GetConnector + - pca-connector-ad:TagResource read: - pca-connector-ad:ListTagsForResource - pca-connector-ad:GetConnector delete: - - pca-connector-ad:GetConnector - - pca-connector-ad:DeleteConnector - ec2:DeleteVpcEndpoints - ec2:DescribeVpcEndpoints + - pca-connector-ad:GetConnector + - pca-connector-ad:DeleteConnector + - pca-connector-ad:UntagResource list: - pca-connector-ad:ListConnectors update: @@ -505,9 +506,6 @@ components: - DirectoryRegistrationArn x-create-only-properties: - DirectoryId - x-write-only-properties: - - DirectoryId - - Tags x-read-only-properties: - DirectoryRegistrationArn x-required-properties: @@ -518,21 +516,27 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - pca-connector-ad:ListTagsForResource + - pca-connector-ad:TagResource + - pca-connector-ad:UntagResource x-required-permissions: create: - - pca-connector-ad:GetDirectoryRegistration - - pca-connector-ad:CreateDirectoryRegistration - ds:AuthorizeApplication - ds:DescribeDirectories + - pca-connector-ad:GetDirectoryRegistration + - pca-connector-ad:CreateDirectoryRegistration + - pca-connector-ad:TagResource read: - - pca-connector-ad:ListTagsForResource - pca-connector-ad:GetDirectoryRegistration + - pca-connector-ad:ListTagsForResource delete: - - pca-connector-ad:GetDirectoryRegistration - - pca-connector-ad:DeleteDirectoryRegistration - ds:DescribeDirectories - ds:UnauthorizeApplication - ds:UpdateAuthorizedApplication + - pca-connector-ad:GetDirectoryRegistration + - pca-connector-ad:DeleteDirectoryRegistration + - pca-connector-ad:UntagResource list: - pca-connector-ad:ListDirectoryRegistrations update: @@ -1275,11 +1279,7 @@ components: - ConnectorArn - Name x-write-only-properties: - - ConnectorArn - - Definition - - Name - ReenrollAllCertificateHolders - - Tags x-read-only-properties: - TemplateArn x-required-properties: @@ -1292,9 +1292,14 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - pca-connector-ad:ListTagsForResource + - pca-connector-ad:TagResource + - pca-connector-ad:UntagResource x-required-permissions: create: - pca-connector-ad:CreateTemplate + - pca-connector-ad:TagResource read: - pca-connector-ad:GetTemplate - pca-connector-ad:ListTagsForResource @@ -1306,6 +1311,7 @@ components: delete: - pca-connector-ad:GetTemplate - pca-connector-ad:DeleteTemplate + - pca-connector-ad:UntagResource list: - pca-connector-ad:ListTemplates AccessRight: diff --git a/providers/src/aws/v00.00.00000/services/pcaconnectorscep.yaml b/providers/src/aws/v00.00.00000/services/pcaconnectorscep.yaml new file mode 100644 index 00000000..b6dd84b3 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/pcaconnectorscep.yaml @@ -0,0 +1,1286 @@ +openapi: 3.0.0 +info: + title: PCAConnectorSCEP + version: 2.0.0 + x-serviceName: cloudcontrolapi +servers: + - url: https://cloudcontrolapi.{region}.amazonaws.com + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The CloudControlApi multi-region endpoint + - url: https://cloudcontrolapi.{region}.amazonaws.com.cn + variables: + region: + description: The AWS region + enum: + - cn-north-1 + - cn-northwest-1 + default: cn-north-1 + description: The CloudControlApi endpoint for China (Beijing) and China (Ningxia) +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + x-cloud-control-schemas: + AlreadyExistsException: {} + CancelResourceRequestInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: CancelResourceRequestInput + type: object + CancelResourceRequestOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + ClientToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + ClientTokenConflictException: {} + ConcurrentModificationException: {} + ConcurrentOperationException: {} + CreateResourceInput: + properties: + ClientToken: + type: string + DesiredState: + allOf: + - $ref: '#/components/x-cloud-control-schemas/Properties' + - description: >- +

Structured data format representing the desired state of the resource, consisting of that resource's properties and their desired values.

Cloud Control API currently supports JSON as a structured data format.

 
 <p>Specify the desired state as one of the following:</p> <ul> <li> <p>A JSON blob</p> </li> <li> <p>A local path containing the desired state in JSON data format</p>
+                </li> </ul> <p>For more information, see <a href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-create.html#resource-operations-create-desiredstate">Composing the desired state of the resource</a> in the <i>Amazon Web Services Cloud Control API User Guide</i>.</p> <p>For more information about the properties of a specific resource, refer to the related topic for the resource in the
+                <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Resource and property types reference</a> in the <i>CloudFormation Users Guide</i>.</p>
+ RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - DesiredState + title: CreateResourceInput + type: object + CreateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + DeleteResourceInput: + properties: + ClientToken: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - Identifier + title: DeleteResourceInput + type: object + DeleteResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + GeneralServiceException: {} + GetResourceInput: + properties: + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + required: + - TypeName + - Identifier + title: GetResourceInput + type: object + GetResourceOutput: + properties: + ResourceDescription: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + TypeName: + type: string + type: object + GetResourceRequestStatusInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: GetResourceRequestStatusInput + type: object + GetResourceRequestStatusOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + HandlerErrorCode: + enum: + - NotUpdatable + - InvalidRequest + - AccessDenied + - InvalidCredentials + - AlreadyExists + - NotFound + - ResourceConflict + - Throttling + - ServiceLimitExceeded + - NotStabilized + - GeneralServiceException + - ServiceInternalError + - ServiceTimeout + - NetworkFailure + - InternalFailure + type: string + HandlerFailureException: {} + HandlerInternalFailureException: {} + HandlerNextToken: + maxLength: 2048 + minLength: 1 + pattern: .+ + type: string + Identifier: + maxLength: 1024 + minLength: 1 + pattern: .+ + type: string + InvalidCredentialsException: {} + InvalidRequestException: {} + MaxResults: + maximum: 100 + minimum: 1 + type: integer + NetworkFailureException: {} + NextToken: + maxLength: 2048 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + NotStabilizedException: {} + NotUpdatableException: {} + Operation: + enum: + - CREATE + - DELETE + - UPDATE + type: string + OperationStatus: + enum: + - PENDING + - IN_PROGRESS + - SUCCESS + - FAILED + - CANCEL_IN_PROGRESS + - CANCEL_COMPLETE + type: string + OperationStatuses: + items: + $ref: '#/components/x-cloud-control-schemas/OperationStatus' + type: array + Operations: + items: + $ref: '#/components/x-cloud-control-schemas/Operation' + type: array + PatchDocument: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + PrivateTypeException: {} + ProgressEvent: + example: + ErrorCode: string + EventTime: number + Identifier: string + Operation: string + OperationStatus: string + RequestToken: string + ResourceModel: string + RetryAfter: number + StatusMessage: string + TypeName: string + properties: + ErrorCode: + type: string + EventTime: + type: number + Identifier: + type: string + Operation: + type: string + OperationStatus: + type: string + RequestToken: + type: string + ResourceModel: + type: string + RetryAfter: + type: number + StatusMessage: + type: string + TypeName: + type: string + type: object + Properties: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + RequestToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + RequestTokenNotFoundException: {} + ResourceConflictException: {} + ResourceDescription: + description: Represents information about a provisioned resource. + properties: + Identifier: + type: string + Properties: + type: string + type: object + ResourceDescriptions: + items: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + type: array + ResourceNotFoundException: {} + ResourceRequestStatusFilter: + description: The filter criteria to use in determining the requests returned. + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/OperationStatuses' + - description: >- +

The operation statuses to include in the filter.

  • PENDING: The operation has been requested, but not yet initiated.

  • IN_PROGRESS: The operation is in progress.

  • SUCCESS: The operation completed.

  • FAILED: The operation failed.

  • CANCEL_IN_PROGRESS: The operation is in the process of being canceled.

  • + CANCEL_COMPLETE: The operation has been canceled.

+ type: object + ResourceRequestStatusSummaries: + items: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: array + RoleArn: + maxLength: 2048 + minLength: 20 + pattern: arn:.+:iam::[0-9]{12}:role/.+ + type: string + ServiceInternalErrorException: {} + ServiceLimitExceededException: {} + StatusMessage: + maxLength: 1024 + minLength: 0 + pattern: '[\s\S]*' + type: string + ThrottlingException: {} + Timestamp: + format: date-time + type: string + TypeName: + maxLength: 196 + minLength: 10 + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}' + type: string + TypeNotFoundException: {} + TypeVersionId: + maxLength: 128 + minLength: 1 + pattern: '[A-Za-z0-9-]+' + type: string + UnsupportedActionException: {} + UpdateResourceInput: + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/PatchDocument' + required: + - Identifier + - PatchDocument + title: UpdateResourceInput + type: object + UpdateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + schemas: + Tags: + type: object + x-patternProperties: + .+: + type: string + additionalProperties: false + Unit: + type: object + additionalProperties: false + Challenge: + type: object + properties: + ChallengeArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\/challenge\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$ + ConnectorArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$ + Tags: + $ref: '#/components/schemas/Tags' + required: + - ConnectorArn + x-stackql-resource-name: challenge + description: Represents a SCEP Challenge that is used for certificate enrollment + x-type-name: AWS::PCAConnectorSCEP::Challenge + x-stackql-primary-identifier: + - ChallengeArn + x-create-only-properties: + - ConnectorArn + x-read-only-properties: + - ChallengeArn + x-required-properties: + - ConnectorArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - pca-connector-scep:ListTagsForResource + - pca-connector-scep:TagResource + - pca-connector-scep:UntagResource + x-required-permissions: + create: + - pca-connector-scep:CreateChallenge + - pca-connector-scep:TagResource + read: + - pca-connector-scep:ListTagsForResource + - pca-connector-scep:GetChallengeMetadata + delete: + - pca-connector-scep:GetChallengeMetadata + - pca-connector-scep:DeleteChallenge + - pca-connector-scep:UntagResource + list: + - pca-connector-scep:ListChallengeMetadata + update: + - pca-connector-scep:ListTagsForResource + - pca-connector-scep:TagResource + - pca-connector-scep:UntagResource + ConnectorType: + type: string + enum: + - GENERAL_PURPOSE + - INTUNE + IntuneConfiguration: + type: object + properties: + AzureApplicationId: + type: string + maxLength: 100 + minLength: 15 + pattern: ^[a-zA-Z0-9]{2,15}-[a-zA-Z0-9]{2,15}-[a-zA-Z0-9]{2,15}-[a-zA-Z0-9]{2,15}-[a-zA-Z0-9]{2,15}$ + Domain: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]+$ + required: + - AzureApplicationId + - Domain + additionalProperties: false + MobileDeviceManagement: + type: object + oneOf: + - title: Intune + properties: + Intune: + $ref: '#/components/schemas/IntuneConfiguration' + required: + - Intune + additionalProperties: false + OpenIdConfiguration: + type: object + properties: + Issuer: + type: string + Subject: + type: string + Audience: + type: string + additionalProperties: false + Connector: + type: object + properties: + CertificateAuthorityArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:aws(-[a-z]+)*:acm-pca:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:certificate-authority\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$ + ConnectorArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$ + Type: + $ref: '#/components/schemas/ConnectorType' + Endpoint: + type: string + maxLength: 200 + minLength: 5 + MobileDeviceManagement: + $ref: '#/components/schemas/MobileDeviceManagement' + OpenIdConfiguration: + $ref: '#/components/schemas/OpenIdConfiguration' + Tags: + $ref: '#/components/schemas/Tags' + required: + - CertificateAuthorityArn + x-stackql-resource-name: connector + description: Represents a Connector that allows certificate issuance through Simple Certificate Enrollment Protocol (SCEP) + x-type-name: AWS::PCAConnectorSCEP::Connector + x-stackql-primary-identifier: + - ConnectorArn + x-create-only-properties: + - CertificateAuthorityArn + - MobileDeviceManagement + x-read-only-properties: + - ConnectorArn + - Endpoint + - OpenIdConfiguration + - Type + x-required-properties: + - CertificateAuthorityArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - pca-connector-scep:ListTagsForResource + - pca-connector-scep:TagResource + - pca-connector-scep:UntagResource + x-required-permissions: + create: + - acm-pca:DescribeCertificateAuthority + - acm-pca:GetCertificate + - acm-pca:GetCertificateAuthorityCertificate + - acm-pca:IssueCertificate + - pca-connector-scep:GetConnector + - pca-connector-scep:CreateConnector + - pca-connector-scep:TagResource + read: + - pca-connector-scep:ListTagsForResource + - pca-connector-scep:GetConnector + delete: + - acm-pca:DescribeCertificateAuthority + - acm-pca:GetCertificate + - acm-pca:GetCertificateAuthorityCertificate + - acm-pca:IssueCertificate + - pca-connector-scep:GetConnector + - pca-connector-scep:DeleteConnector + - pca-connector-scep:UntagResource + list: + - pca-connector-scep:ListConnectors + update: + - pca-connector-scep:ListTagsForResource + - pca-connector-scep:TagResource + - pca-connector-scep:UntagResource + CreateChallengeRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ChallengeArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\/challenge\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$ + ConnectorArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$ + Tags: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateChallengeRequest + type: object + required: [] + CreateConnectorRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + CertificateAuthorityArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:aws(-[a-z]+)*:acm-pca:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:certificate-authority\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$ + ConnectorArn: + type: string + maxLength: 200 + minLength: 5 + pattern: ^arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$ + Type: + $ref: '#/components/schemas/ConnectorType' + Endpoint: + type: string + maxLength: 200 + minLength: 5 + MobileDeviceManagement: + $ref: '#/components/schemas/MobileDeviceManagement' + OpenIdConfiguration: + $ref: '#/components/schemas/OpenIdConfiguration' + Tags: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateConnectorRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + challenges: + name: challenges + id: aws.pcaconnectorscep.challenges + x-cfn-schema-name: Challenge + x-cfn-type-name: AWS::PCAConnectorSCEP::Challenge + x-identifiers: + - ChallengeArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Challenge&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCAConnectorSCEP::Challenge" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCAConnectorSCEP::Challenge" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCAConnectorSCEP::Challenge" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/challenges/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/challenges/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/challenges/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ChallengeArn') as challenge_arn, + JSON_EXTRACT(Properties, '$.ConnectorArn') as connector_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorSCEP::Challenge' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ChallengeArn') as challenge_arn, + JSON_EXTRACT(detail.Properties, '$.ConnectorArn') as connector_arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::PCAConnectorSCEP::Challenge' + AND detail.data__TypeName = 'AWS::PCAConnectorSCEP::Challenge' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ChallengeArn') as challenge_arn, + json_extract_path_text(Properties, 'ConnectorArn') as connector_arn, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorSCEP::Challenge' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ChallengeArn') as challenge_arn, + json_extract_path_text(detail.Properties, 'ConnectorArn') as connector_arn, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::PCAConnectorSCEP::Challenge' + AND detail.data__TypeName = 'AWS::PCAConnectorSCEP::Challenge' + AND listing.region = 'us-east-1' + challenges_list_only: + name: challenges_list_only + id: aws.pcaconnectorscep.challenges_list_only + x-cfn-schema-name: Challenge + x-cfn-type-name: AWS::PCAConnectorSCEP::Challenge + x-identifiers: + - ChallengeArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ChallengeArn') as challenge_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorSCEP::Challenge' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ChallengeArn') as challenge_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorSCEP::Challenge' + AND region = 'us-east-1' + challenge_tags: + name: challenge_tags + id: aws.pcaconnectorscep.challenge_tags + x-cfn-schema-name: Challenge + x-cfn-type-name: AWS::PCAConnectorSCEP::Challenge + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ChallengeArn') as challenge_arn, + JSON_EXTRACT(detail.Properties, '$.ConnectorArn') as connector_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::PCAConnectorSCEP::Challenge' + AND detail.data__TypeName = 'AWS::PCAConnectorSCEP::Challenge' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ChallengeArn') as challenge_arn, + json_extract_path_text(detail.Properties, 'ConnectorArn') as connector_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::PCAConnectorSCEP::Challenge' + AND detail.data__TypeName = 'AWS::PCAConnectorSCEP::Challenge' + AND listing.region = 'us-east-1' + connectors: + name: connectors + id: aws.pcaconnectorscep.connectors + x-cfn-schema-name: Connector + x-cfn-type-name: AWS::PCAConnectorSCEP::Connector + x-identifiers: + - ConnectorArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Connector&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCAConnectorSCEP::Connector" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCAConnectorSCEP::Connector" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCAConnectorSCEP::Connector" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/connectors/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/connectors/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/connectors/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.CertificateAuthorityArn') as certificate_authority_arn, + JSON_EXTRACT(Properties, '$.ConnectorArn') as connector_arn, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.MobileDeviceManagement') as mobile_device_management, + JSON_EXTRACT(Properties, '$.OpenIdConfiguration') as open_id_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorSCEP::Connector' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.CertificateAuthorityArn') as certificate_authority_arn, + JSON_EXTRACT(detail.Properties, '$.ConnectorArn') as connector_arn, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(detail.Properties, '$.MobileDeviceManagement') as mobile_device_management, + JSON_EXTRACT(detail.Properties, '$.OpenIdConfiguration') as open_id_configuration, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::PCAConnectorSCEP::Connector' + AND detail.data__TypeName = 'AWS::PCAConnectorSCEP::Connector' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'CertificateAuthorityArn') as certificate_authority_arn, + json_extract_path_text(Properties, 'ConnectorArn') as connector_arn, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'MobileDeviceManagement') as mobile_device_management, + json_extract_path_text(Properties, 'OpenIdConfiguration') as open_id_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCAConnectorSCEP::Connector' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'CertificateAuthorityArn') as certificate_authority_arn, + json_extract_path_text(detail.Properties, 'ConnectorArn') as connector_arn, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, + json_extract_path_text(detail.Properties, 'MobileDeviceManagement') as mobile_device_management, + json_extract_path_text(detail.Properties, 'OpenIdConfiguration') as open_id_configuration, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::PCAConnectorSCEP::Connector' + AND detail.data__TypeName = 'AWS::PCAConnectorSCEP::Connector' + AND listing.region = 'us-east-1' + connectors_list_only: + name: connectors_list_only + id: aws.pcaconnectorscep.connectors_list_only + x-cfn-schema-name: Connector + x-cfn-type-name: AWS::PCAConnectorSCEP::Connector + x-identifiers: + - ConnectorArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ConnectorArn') as connector_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorSCEP::Connector' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ConnectorArn') as connector_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCAConnectorSCEP::Connector' + AND region = 'us-east-1' + connector_tags: + name: connector_tags + id: aws.pcaconnectorscep.connector_tags + x-cfn-schema-name: Connector + x-cfn-type-name: AWS::PCAConnectorSCEP::Connector + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.CertificateAuthorityArn') as certificate_authority_arn, + JSON_EXTRACT(detail.Properties, '$.ConnectorArn') as connector_arn, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(detail.Properties, '$.MobileDeviceManagement') as mobile_device_management, + JSON_EXTRACT(detail.Properties, '$.OpenIdConfiguration') as open_id_configuration + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::PCAConnectorSCEP::Connector' + AND detail.data__TypeName = 'AWS::PCAConnectorSCEP::Connector' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'CertificateAuthorityArn') as certificate_authority_arn, + json_extract_path_text(detail.Properties, 'ConnectorArn') as connector_arn, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, + json_extract_path_text(detail.Properties, 'MobileDeviceManagement') as mobile_device_management, + json_extract_path_text(detail.Properties, 'OpenIdConfiguration') as open_id_configuration + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::PCAConnectorSCEP::Connector' + AND detail.data__TypeName = 'AWS::PCAConnectorSCEP::Connector' + AND listing.region = 'us-east-1' +paths: + /?Action=CreateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Challenge&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateChallenge + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateChallengeRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Connector&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateConnector + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateConnectorRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success +x-stackQL-config: + requestTranslate: + algorithm: drop_double_underscore_params + pagination: + requestToken: + key: NextToken + location: body + responseToken: + key: NextToken + location: body diff --git a/providers/src/aws/v00.00.00000/services/pcs.yaml b/providers/src/aws/v00.00.00000/services/pcs.yaml new file mode 100644 index 00000000..57875425 --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/pcs.yaml @@ -0,0 +1,2290 @@ +openapi: 3.0.0 +info: + title: PCS + version: 2.0.0 + x-serviceName: cloudcontrolapi +servers: + - url: https://cloudcontrolapi.{region}.amazonaws.com + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The CloudControlApi multi-region endpoint + - url: https://cloudcontrolapi.{region}.amazonaws.com.cn + variables: + region: + description: The AWS region + enum: + - cn-north-1 + - cn-northwest-1 + default: cn-north-1 + description: The CloudControlApi endpoint for China (Beijing) and China (Ningxia) +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + x-cloud-control-schemas: + AlreadyExistsException: {} + CancelResourceRequestInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: CancelResourceRequestInput + type: object + CancelResourceRequestOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + ClientToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + ClientTokenConflictException: {} + ConcurrentModificationException: {} + ConcurrentOperationException: {} + CreateResourceInput: + properties: + ClientToken: + type: string + DesiredState: + allOf: + - $ref: '#/components/x-cloud-control-schemas/Properties' + - description: >- +

Structured data format representing the desired state of the resource, consisting of that resource's properties and their desired values.

Cloud Control API currently supports JSON as a structured data format.

 
 <p>Specify the desired state as one of the following:</p> <ul> <li> <p>A JSON blob</p> </li> <li> <p>A local path containing the desired state in JSON data format</p>
+                </li> </ul> <p>For more information, see <a href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-create.html#resource-operations-create-desiredstate">Composing the desired state of the resource</a> in the <i>Amazon Web Services Cloud Control API User Guide</i>.</p> <p>For more information about the properties of a specific resource, refer to the related topic for the resource in the
+                <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Resource and property types reference</a> in the <i>CloudFormation Users Guide</i>.</p>
+ RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - DesiredState + title: CreateResourceInput + type: object + CreateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + DeleteResourceInput: + properties: + ClientToken: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - Identifier + title: DeleteResourceInput + type: object + DeleteResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + GeneralServiceException: {} + GetResourceInput: + properties: + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + required: + - TypeName + - Identifier + title: GetResourceInput + type: object + GetResourceOutput: + properties: + ResourceDescription: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + TypeName: + type: string + type: object + GetResourceRequestStatusInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: GetResourceRequestStatusInput + type: object + GetResourceRequestStatusOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + HandlerErrorCode: + enum: + - NotUpdatable + - InvalidRequest + - AccessDenied + - InvalidCredentials + - AlreadyExists + - NotFound + - ResourceConflict + - Throttling + - ServiceLimitExceeded + - NotStabilized + - GeneralServiceException + - ServiceInternalError + - ServiceTimeout + - NetworkFailure + - InternalFailure + type: string + HandlerFailureException: {} + HandlerInternalFailureException: {} + HandlerNextToken: + maxLength: 2048 + minLength: 1 + pattern: .+ + type: string + Identifier: + maxLength: 1024 + minLength: 1 + pattern: .+ + type: string + InvalidCredentialsException: {} + InvalidRequestException: {} + MaxResults: + maximum: 100 + minimum: 1 + type: integer + NetworkFailureException: {} + NextToken: + maxLength: 2048 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + NotStabilizedException: {} + NotUpdatableException: {} + Operation: + enum: + - CREATE + - DELETE + - UPDATE + type: string + OperationStatus: + enum: + - PENDING + - IN_PROGRESS + - SUCCESS + - FAILED + - CANCEL_IN_PROGRESS + - CANCEL_COMPLETE + type: string + OperationStatuses: + items: + $ref: '#/components/x-cloud-control-schemas/OperationStatus' + type: array + Operations: + items: + $ref: '#/components/x-cloud-control-schemas/Operation' + type: array + PatchDocument: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + PrivateTypeException: {} + ProgressEvent: + example: + ErrorCode: string + EventTime: number + Identifier: string + Operation: string + OperationStatus: string + RequestToken: string + ResourceModel: string + RetryAfter: number + StatusMessage: string + TypeName: string + properties: + ErrorCode: + type: string + EventTime: + type: number + Identifier: + type: string + Operation: + type: string + OperationStatus: + type: string + RequestToken: + type: string + ResourceModel: + type: string + RetryAfter: + type: number + StatusMessage: + type: string + TypeName: + type: string + type: object + Properties: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + RequestToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + RequestTokenNotFoundException: {} + ResourceConflictException: {} + ResourceDescription: + description: Represents information about a provisioned resource. + properties: + Identifier: + type: string + Properties: + type: string + type: object + ResourceDescriptions: + items: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + type: array + ResourceNotFoundException: {} + ResourceRequestStatusFilter: + description: The filter criteria to use in determining the requests returned. + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/OperationStatuses' + - description: >- +

The operation statuses to include in the filter.

  • PENDING: The operation has been requested, but not yet initiated.

  • IN_PROGRESS: The operation is in progress.

  • SUCCESS: The operation completed.

  • FAILED: The operation failed.

  • CANCEL_IN_PROGRESS: The operation is in the process of being canceled.

  • + CANCEL_COMPLETE: The operation has been canceled.

+ type: object + ResourceRequestStatusSummaries: + items: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: array + RoleArn: + maxLength: 2048 + minLength: 20 + pattern: arn:.+:iam::[0-9]{12}:role/.+ + type: string + ServiceInternalErrorException: {} + ServiceLimitExceededException: {} + StatusMessage: + maxLength: 1024 + minLength: 0 + pattern: '[\s\S]*' + type: string + ThrottlingException: {} + Timestamp: + format: date-time + type: string + TypeName: + maxLength: 196 + minLength: 10 + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}' + type: string + TypeNotFoundException: {} + TypeVersionId: + maxLength: 128 + minLength: 1 + pattern: '[A-Za-z0-9-]+' + type: string + UnsupportedActionException: {} + UpdateResourceInput: + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/PatchDocument' + required: + - Identifier + - PatchDocument + title: UpdateResourceInput + type: object + UpdateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + schemas: + AuthKey: + type: object + description: The shared Slurm key for authentication, also known as the cluster secret. + properties: + SecretArn: + type: string + description: The Amazon Resource Name (ARN) of the the shared Slurm key. + SecretVersion: + type: string + description: The version of the shared Slurm key. + required: + - SecretArn + - SecretVersion + additionalProperties: false + Endpoint: + type: object + description: An endpoint available for interaction with the scheduler. + properties: + Port: + type: string + description: The endpoint's connection port number. + PrivateIpAddress: + type: string + description: The endpoint's private IP address. + Type: + type: string + description: Indicates the type of endpoint running at the specific IP address. + enum: + - SLURMCTLD + - SLURMDBD + PublicIpAddress: + type: string + description: The endpoint's public IP address. + required: + - Port + - PrivateIpAddress + - Type + additionalProperties: false + ErrorInfo: + type: object + description: An error that occurred during resource provisioning. + properties: + Code: + type: string + description: The short-form error code. + Message: + type: string + description: The detailed error information. + additionalProperties: false + SecurityGroupId: + type: string + description: A VPC security group ID. + SlurmCustomSetting: + type: object + description: Additional settings that directly map to Slurm settings. + properties: + ParameterName: + type: string + description: 'AWS PCS supports configuration of the following Slurm parameters for compute node groups: Weight and RealMemory.' + ParameterValue: + type: string + description: The value for the configured Slurm setting. + additionalProperties: false + required: + - ParameterName + - ParameterValue + SubnetId: + type: string + description: A VPC subnet ID. + Tag: + type: object + description: A key-value pair to associate with a resource. + properties: + Key: + type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 + maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 + additionalProperties: false + required: + - Key + Cluster: + type: object + properties: + Arn: + type: string + description: The unique Amazon Resource Name (ARN) of the cluster. + Endpoints: + type: array + description: The list of endpoints available for interaction with the scheduler. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Endpoint' + ErrorInfo: + type: array + description: The list of errors that occurred during cluster provisioning. + x-insertionOrder: false + items: + $ref: '#/components/schemas/ErrorInfo' + Id: + type: string + description: The generated unique ID of the cluster. + pattern: ^(pcs_[a-zA-Z0-9]+|[A-Za-z][A-Za-z0-9-]{1,40})$ + Name: + type: string + description: The name that identifies the cluster. + pattern: ^(?!pcs_)^(?![A-Za-z0-9]{10}$)[A-Za-z][A-Za-z0-9-]+$ + Networking: + type: object + description: The networking configuration for the cluster's control plane. + properties: + SecurityGroupIds: + type: array + description: The list of security group IDs associated with the Elastic Network Interface (ENI) created in subnets. + x-insertionOrder: false + items: + $ref: '#/components/schemas/SecurityGroupId' + SubnetIds: + type: array + description: The list of subnet IDs where AWS PCS creates an Elastic Network Interface (ENI) to enable communication between managed controllers and AWS PCS resources. The subnet must have an available IP address, cannot reside in AWS Outposts, AWS Wavelength, or an AWS Local Zone. AWS PCS currently supports only 1 subnet in this list. + x-insertionOrder: false + items: + $ref: '#/components/schemas/SubnetId' + additionalProperties: false + Scheduler: + type: object + description: The cluster management and job scheduling software associated with the cluster. + properties: + Type: + type: string + description: The software AWS PCS uses to manage cluster scaling and job scheduling. + enum: + - SLURM + Version: + type: string + description: The version of the specified scheduling software that AWS PCS uses to manage cluster scaling and job scheduling. + required: + - Type + - Version + additionalProperties: false + Size: + type: string + description: The size of the cluster. + enum: + - SMALL + - MEDIUM + - LARGE + SlurmConfiguration: + type: object + description: Additional options related to the Slurm scheduler. + properties: + AuthKey: + $ref: '#/components/schemas/AuthKey' + ScaleDownIdleTimeInSeconds: + type: integer + description: The time before an idle node is scaled down. + minimum: 1 + SlurmCustomSettings: + type: array + description: Additional Slurm-specific configuration that directly maps to Slurm settings. + x-insertionOrder: false + items: + $ref: '#/components/schemas/SlurmCustomSetting' + additionalProperties: false + Status: + type: string + description: The provisioning status of the cluster. The provisioning status doesn't indicate the overall health of the cluster. + enum: + - CREATING + - ACTIVE + - UPDATING + - DELETING + - CREATE_FAILED + - DELETE_FAILED + - UPDATE_FAILED + Tags: + description: 1 or more tags added to the resource. Each tag consists of a tag key and tag value. The tag value is optional and can be an empty string. + x-patternProperties: + ^.+$: + type: string + additionalProperties: false + required: + - Networking + - Scheduler + - Size + x-stackql-resource-name: cluster + description: AWS::PCS::Cluster resource creates an AWS PCS cluster. + x-type-name: AWS::PCS::Cluster + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - Networking + - Scheduler + - Size + - SlurmConfiguration + x-read-only-properties: + - Arn + - Endpoints + - ErrorInfo + - Id + - Status + x-required-properties: + - Networking + - Scheduler + - Size + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - pcs:TagResource + - pcs:ListTagsForResource + - pcs:UntagResource + x-required-permissions: + create: + - ec2:CreateNetworkInterface + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - ec2:GetSecurityGroupsForVpc + - iam:CreateServiceLinkedRole + - secretsmanager:CreateSecret + - secretsmanager:TagResource + - pcs:CreateCluster + - pcs:GetCluster + - pcs:ListTagsForResource + - pcs:TagResource + read: + - pcs:GetCluster + - pcs:ListTagsForResource + update: + - pcs:GetCluster + - pcs:ListTagsForResource + - pcs:TagResource + - pcs:UntagResource + delete: + - pcs:DeleteCluster + - pcs:GetCluster + list: + - pcs:ListClusters + InstanceConfig: + type: object + description: An EC2 instance configuration AWS PCS uses to launch compute nodes. + properties: + InstanceType: + type: string + description: The EC2 instance type that AWS PCS can provision in the compute node group. + additionalProperties: false + ComputeNodeGroup: + type: object + properties: + AmiId: + type: string + description: The ID of the Amazon Machine Image (AMI) that AWS PCS uses to launch instances. If not provided, AWS PCS uses the AMI ID specified in the custom launch template. + pattern: ^ami-[a-z0-9]+$ + Arn: + type: string + description: The unique Amazon Resource Name (ARN) of the compute node group. + ClusterId: + type: string + description: The ID of the cluster of the compute node group. + CustomLaunchTemplate: + type: object + description: An Amazon EC2 launch template AWS PCS uses to launch compute nodes. + properties: + Id: + type: string + description: The ID of the EC2 launch template to use to provision instances. + Version: + type: string + description: The version of the EC2 launch template to use to provision instances. + additionalProperties: false + required: + - Id + - Version + ErrorInfo: + type: array + description: The list of errors that occurred during compute node group provisioning. + x-insertionOrder: false + items: + $ref: '#/components/schemas/ErrorInfo' + IamInstanceProfileArn: + type: string + description: The Amazon Resource Name (ARN) of the IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have pcs:RegisterComputeNodeGroupInstance permissions attached to provision instances correctly. + pattern: ^arn:aws([a-zA-Z-]{0,10})?:iam::[0-9]{12}:instance-profile/.{1,128}$ + Id: + type: string + description: The generated unique ID of the compute node group. + InstanceConfigs: + type: array + description: A list of EC2 instance configurations that AWS PCS can provision in the compute node group. + x-insertionOrder: false + items: + $ref: '#/components/schemas/InstanceConfig' + Name: + type: string + description: The name that identifies the compute node group. + pattern: ^(?!pcs_)^(?![A-Za-z0-9]{10}$)[A-Za-z][A-Za-z0-9-]+$ + PurchaseOption: + type: string + description: Specifies how EC2 instances are purchased on your behalf. AWS PCS supports On-Demand and Spot instances. For more information, see Instance purchasing options in the Amazon Elastic Compute Cloud User Guide. If you don't provide this option, it defaults to On-Demand. + enum: + - ONDEMAND + - SPOT + ScalingConfiguration: + type: object + description: Specifies the boundaries of the compute node group auto scaling. + properties: + MaxInstanceCount: + type: integer + description: The upper bound of the number of instances allowed in the compute fleet. + minimum: 0 + MinInstanceCount: + type: integer + description: The lower bound of the number of instances allowed in the compute fleet. + minimum: 0 + additionalProperties: false + required: + - MaxInstanceCount + - MinInstanceCount + SlurmConfiguration: + type: object + description: Additional options related to the Slurm scheduler. + properties: + SlurmCustomSettings: + type: array + description: Additional Slurm-specific configuration that directly maps to Slurm settings. + x-insertionOrder: false + items: + $ref: '#/components/schemas/SlurmCustomSetting' + additionalProperties: false + SpotOptions: + type: object + description: Additional configuration when you specify SPOT as the purchase option. + properties: + AllocationStrategy: + type: string + description: The Amazon EC2 allocation strategy AWS PCS uses to provision EC2 instances. AWS PCS supports lowest price, capacity optimized, and price capacity optimized. If you don't provide this option, it defaults to price capacity optimized. + enum: + - lowest-price + - capacity-optimized + - price-capacity-optimized + additionalProperties: false + Status: + type: string + description: The provisioning status of the compute node group. The provisioning status doesn't indicate the overall health of the compute node group. + enum: + - CREATING + - ACTIVE + - UPDATING + - DELETING + - CREATE_FAILED + - DELETE_FAILED + - UPDATE_FAILED + SubnetIds: + type: array + description: The list of subnet IDs where instances are provisioned by the compute node group. The subnets must be in the same VPC as the cluster. + x-insertionOrder: false + items: + $ref: '#/components/schemas/SubnetId' + Tags: + description: 1 or more tags added to the resource. Each tag consists of a tag key and tag value. The tag value is optional and can be an empty string. + x-patternProperties: + ^.+$: + type: string + additionalProperties: false + required: + - ClusterId + - CustomLaunchTemplate + - IamInstanceProfileArn + - InstanceConfigs + - ScalingConfiguration + - SubnetIds + x-stackql-resource-name: compute_node_group + description: AWS::PCS::ComputeNodeGroup resource creates an AWS PCS compute node group. + x-type-name: AWS::PCS::ComputeNodeGroup + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - ClusterId + - InstanceConfigs + x-read-only-properties: + - Arn + - ErrorInfo + - Id + - Status + x-required-properties: + - ClusterId + - CustomLaunchTemplate + - IamInstanceProfileArn + - InstanceConfigs + - ScalingConfiguration + - SubnetIds + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - pcs:TagResource + - pcs:ListTagsForResource + - pcs:UntagResource + x-required-permissions: + create: + - ec2:DescribeImages + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - ec2:DescribeLaunchTemplates + - ec2:DescribeLaunchTemplateVersions + - ec2:DescribeInstanceTypes + - ec2:DescribeInstanceTypeOfferings + - ec2:RunInstances + - ec2:CreateFleet + - ec2:CreateTags + - iam:PassRole + - iam:GetInstanceProfile + - pcs:CreateComputeNodeGroup + - pcs:GetComputeNodeGroup + - pcs:ListTagsForResource + - pcs:TagResource + read: + - pcs:GetComputeNodeGroup + - pcs:ListTagsForResource + update: + - ec2:DescribeImages + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - ec2:DescribeLaunchTemplates + - ec2:DescribeLaunchTemplateVersions + - ec2:DescribeInstanceTypes + - ec2:DescribeInstanceTypeOfferings + - ec2:RunInstances + - ec2:CreateFleet + - ec2:CreateTags + - iam:PassRole + - iam:GetInstanceProfile + - pcs:GetComputeNodeGroup + - pcs:UpdateComputeNodeGroup + - pcs:ListTagsForResource + - pcs:TagResource + - pcs:UntagResource + delete: + - ec2:DescribeImages + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - ec2:DescribeLaunchTemplates + - ec2:DescribeLaunchTemplateVersions + - ec2:DescribeInstanceTypes + - ec2:DescribeInstanceTypeOfferings + - ec2:TerminateInstances + - ec2:CreateFleet + - ec2:CreateTags + - iam:PassRole + - iam:GetInstanceProfile + - pcs:GetComputeNodeGroup + - pcs:DeleteComputeNodeGroup + - pcs:ListTagsForResource + - pcs:TagResource + - pcs:UntagResource + list: + - pcs:ListClusters + - pcs:ListComputeNodeGroups + ComputeNodeGroupConfiguration: + type: object + description: The compute node group configuration for a queue. + properties: + ComputeNodeGroupId: + type: string + description: The compute node group ID for the compute node group configuration. + additionalProperties: false + Queue: + type: object + properties: + Arn: + type: string + description: The unique Amazon Resource Name (ARN) of the queue. + pattern: ^(.*?) + ClusterId: + type: string + description: The ID of the cluster of the queue. + ComputeNodeGroupConfigurations: + type: array + description: The list of compute node group configurations associated with the queue. Queues assign jobs to associated compute node groups. + x-insertionOrder: false + items: + $ref: '#/components/schemas/ComputeNodeGroupConfiguration' + ErrorInfo: + type: array + description: The list of errors that occurred during queue provisioning. + x-insertionOrder: false + items: + $ref: '#/components/schemas/ErrorInfo' + Id: + type: string + description: The generated unique ID of the queue. + Name: + type: string + description: The name that identifies the queue. + pattern: ^(?!pcs_)^(?![A-Za-z0-9]{10}$)[A-Za-z][A-Za-z0-9-]+$ + Status: + type: string + description: The provisioning status of the queue. The provisioning status doesn't indicate the overall health of the queue. + enum: + - CREATING + - ACTIVE + - UPDATING + - DELETING + - CREATE_FAILED + - DELETE_FAILED + - UPDATE_FAILED + Tags: + type: object + description: 1 or more tags added to the resource. Each tag consists of a tag key and tag value. The tag value is optional and can be an empty string. + x-patternProperties: + ^.+$: + type: string + additionalProperties: false + required: + - ClusterId + x-stackql-resource-name: queue + description: AWS::PCS::Queue resource creates an AWS PCS queue. + x-type-name: AWS::PCS::Queue + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - ClusterId + x-read-only-properties: + - Arn + - ErrorInfo + - Id + - Status + x-required-properties: + - ClusterId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - pcs:TagResource + - pcs:ListTagsForResource + - pcs:UntagResource + x-required-permissions: + create: + - ec2:CreateNetworkInterface + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + - ec2:GetSecurityGroupsForVpc + - iam:CreateServiceLinkedRole + - secretsmanager:CreateSecret + - secretsmanager:TagResource + - pcs:CreateQueue + - pcs:GetQueue + - pcs:ListTagsForResource + - pcs:TagResource + read: + - pcs:GetQueue + - pcs:ListTagsForResource + update: + - pcs:GetQueue + - pcs:UpdateQueue + - pcs:ListTagsForResource + - pcs:TagResource + - pcs:UntagResource + delete: + - pcs:DeleteQueue + - pcs:GetQueue + list: + - pcs:ListClusters + - pcs:ListQueues + CreateClusterRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + description: The unique Amazon Resource Name (ARN) of the cluster. + Endpoints: + type: array + description: The list of endpoints available for interaction with the scheduler. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Endpoint' + ErrorInfo: + type: array + description: The list of errors that occurred during cluster provisioning. + x-insertionOrder: false + items: + $ref: '#/components/schemas/ErrorInfo' + Id: + type: string + description: The generated unique ID of the cluster. + pattern: ^(pcs_[a-zA-Z0-9]+|[A-Za-z][A-Za-z0-9-]{1,40})$ + Name: + type: string + description: The name that identifies the cluster. + pattern: ^(?!pcs_)^(?![A-Za-z0-9]{10}$)[A-Za-z][A-Za-z0-9-]+$ + Networking: + type: object + description: The networking configuration for the cluster's control plane. + properties: + SecurityGroupIds: + type: array + description: The list of security group IDs associated with the Elastic Network Interface (ENI) created in subnets. + x-insertionOrder: false + items: + $ref: '#/components/schemas/SecurityGroupId' + SubnetIds: + type: array + description: The list of subnet IDs where AWS PCS creates an Elastic Network Interface (ENI) to enable communication between managed controllers and AWS PCS resources. The subnet must have an available IP address, cannot reside in AWS Outposts, AWS Wavelength, or an AWS Local Zone. AWS PCS currently supports only 1 subnet in this list. + x-insertionOrder: false + items: + $ref: '#/components/schemas/SubnetId' + additionalProperties: false + Scheduler: + type: object + description: The cluster management and job scheduling software associated with the cluster. + properties: + Type: + type: string + description: The software AWS PCS uses to manage cluster scaling and job scheduling. + enum: + - SLURM + Version: + type: string + description: The version of the specified scheduling software that AWS PCS uses to manage cluster scaling and job scheduling. + required: + - Type + - Version + additionalProperties: false + Size: + type: string + description: The size of the cluster. + enum: + - SMALL + - MEDIUM + - LARGE + SlurmConfiguration: + type: object + description: Additional options related to the Slurm scheduler. + properties: + AuthKey: + $ref: '#/components/schemas/AuthKey' + ScaleDownIdleTimeInSeconds: + type: integer + description: The time before an idle node is scaled down. + minimum: 1 + SlurmCustomSettings: + type: array + description: Additional Slurm-specific configuration that directly maps to Slurm settings. + x-insertionOrder: false + items: + $ref: '#/components/schemas/SlurmCustomSetting' + additionalProperties: false + Status: + type: string + description: The provisioning status of the cluster. The provisioning status doesn't indicate the overall health of the cluster. + enum: + - CREATING + - ACTIVE + - UPDATING + - DELETING + - CREATE_FAILED + - DELETE_FAILED + - UPDATE_FAILED + Tags: + description: 1 or more tags added to the resource. Each tag consists of a tag key and tag value. The tag value is optional and can be an empty string. + x-patternProperties: + ^.+$: + type: string + additionalProperties: false + x-stackQL-stringOnly: true + x-title: CreateClusterRequest + type: object + required: [] + CreateComputeNodeGroupRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AmiId: + type: string + description: The ID of the Amazon Machine Image (AMI) that AWS PCS uses to launch instances. If not provided, AWS PCS uses the AMI ID specified in the custom launch template. + pattern: ^ami-[a-z0-9]+$ + Arn: + type: string + description: The unique Amazon Resource Name (ARN) of the compute node group. + ClusterId: + type: string + description: The ID of the cluster of the compute node group. + CustomLaunchTemplate: + type: object + description: An Amazon EC2 launch template AWS PCS uses to launch compute nodes. + properties: + Id: + type: string + description: The ID of the EC2 launch template to use to provision instances. + Version: + type: string + description: The version of the EC2 launch template to use to provision instances. + additionalProperties: false + required: + - Id + - Version + ErrorInfo: + type: array + description: The list of errors that occurred during compute node group provisioning. + x-insertionOrder: false + items: + $ref: '#/components/schemas/ErrorInfo' + IamInstanceProfileArn: + type: string + description: The Amazon Resource Name (ARN) of the IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have pcs:RegisterComputeNodeGroupInstance permissions attached to provision instances correctly. + pattern: ^arn:aws([a-zA-Z-]{0,10})?:iam::[0-9]{12}:instance-profile/.{1,128}$ + Id: + type: string + description: The generated unique ID of the compute node group. + InstanceConfigs: + type: array + description: A list of EC2 instance configurations that AWS PCS can provision in the compute node group. + x-insertionOrder: false + items: + $ref: '#/components/schemas/InstanceConfig' + Name: + type: string + description: The name that identifies the compute node group. + pattern: ^(?!pcs_)^(?![A-Za-z0-9]{10}$)[A-Za-z][A-Za-z0-9-]+$ + PurchaseOption: + type: string + description: Specifies how EC2 instances are purchased on your behalf. AWS PCS supports On-Demand and Spot instances. For more information, see Instance purchasing options in the Amazon Elastic Compute Cloud User Guide. If you don't provide this option, it defaults to On-Demand. + enum: + - ONDEMAND + - SPOT + ScalingConfiguration: + type: object + description: Specifies the boundaries of the compute node group auto scaling. + properties: + MaxInstanceCount: + type: integer + description: The upper bound of the number of instances allowed in the compute fleet. + minimum: 0 + MinInstanceCount: + type: integer + description: The lower bound of the number of instances allowed in the compute fleet. + minimum: 0 + additionalProperties: false + required: + - MaxInstanceCount + - MinInstanceCount + SlurmConfiguration: + type: object + description: Additional options related to the Slurm scheduler. + properties: + SlurmCustomSettings: + type: array + description: Additional Slurm-specific configuration that directly maps to Slurm settings. + x-insertionOrder: false + items: + $ref: '#/components/schemas/SlurmCustomSetting' + additionalProperties: false + SpotOptions: + type: object + description: Additional configuration when you specify SPOT as the purchase option. + properties: + AllocationStrategy: + type: string + description: The Amazon EC2 allocation strategy AWS PCS uses to provision EC2 instances. AWS PCS supports lowest price, capacity optimized, and price capacity optimized. If you don't provide this option, it defaults to price capacity optimized. + enum: + - lowest-price + - capacity-optimized + - price-capacity-optimized + additionalProperties: false + Status: + type: string + description: The provisioning status of the compute node group. The provisioning status doesn't indicate the overall health of the compute node group. + enum: + - CREATING + - ACTIVE + - UPDATING + - DELETING + - CREATE_FAILED + - DELETE_FAILED + - UPDATE_FAILED + SubnetIds: + type: array + description: The list of subnet IDs where instances are provisioned by the compute node group. The subnets must be in the same VPC as the cluster. + x-insertionOrder: false + items: + $ref: '#/components/schemas/SubnetId' + Tags: + description: 1 or more tags added to the resource. Each tag consists of a tag key and tag value. The tag value is optional and can be an empty string. + x-patternProperties: + ^.+$: + type: string + additionalProperties: false + x-stackQL-stringOnly: true + x-title: CreateComputeNodeGroupRequest + type: object + required: [] + CreateQueueRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + description: The unique Amazon Resource Name (ARN) of the queue. + pattern: ^(.*?) + ClusterId: + type: string + description: The ID of the cluster of the queue. + ComputeNodeGroupConfigurations: + type: array + description: The list of compute node group configurations associated with the queue. Queues assign jobs to associated compute node groups. + x-insertionOrder: false + items: + $ref: '#/components/schemas/ComputeNodeGroupConfiguration' + ErrorInfo: + type: array + description: The list of errors that occurred during queue provisioning. + x-insertionOrder: false + items: + $ref: '#/components/schemas/ErrorInfo' + Id: + type: string + description: The generated unique ID of the queue. + Name: + type: string + description: The name that identifies the queue. + pattern: ^(?!pcs_)^(?![A-Za-z0-9]{10}$)[A-Za-z][A-Za-z0-9-]+$ + Status: + type: string + description: The provisioning status of the queue. The provisioning status doesn't indicate the overall health of the queue. + enum: + - CREATING + - ACTIVE + - UPDATING + - DELETING + - CREATE_FAILED + - DELETE_FAILED + - UPDATE_FAILED + Tags: + type: object + description: 1 or more tags added to the resource. Each tag consists of a tag key and tag value. The tag value is optional and can be an empty string. + x-patternProperties: + ^.+$: + type: string + additionalProperties: false + x-stackQL-stringOnly: true + x-title: CreateQueueRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + clusters: + name: clusters + id: aws.pcs.clusters + x-cfn-schema-name: Cluster + x-cfn-type-name: AWS::PCS::Cluster + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Cluster&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCS::Cluster" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCS::Cluster" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCS::Cluster" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/clusters/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/clusters/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/clusters/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Endpoints') as endpoints, + JSON_EXTRACT(Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Networking') as networking, + JSON_EXTRACT(Properties, '$.Scheduler') as scheduler, + JSON_EXTRACT(Properties, '$.Size') as size, + JSON_EXTRACT(Properties, '$.SlurmConfiguration') as slurm_configuration, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCS::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Endpoints') as endpoints, + JSON_EXTRACT(detail.Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Networking') as networking, + JSON_EXTRACT(detail.Properties, '$.Scheduler') as scheduler, + JSON_EXTRACT(detail.Properties, '$.Size') as size, + JSON_EXTRACT(detail.Properties, '$.SlurmConfiguration') as slurm_configuration, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::PCS::Cluster' + AND detail.data__TypeName = 'AWS::PCS::Cluster' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Endpoints') as endpoints, + json_extract_path_text(Properties, 'ErrorInfo') as error_info, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Networking') as networking, + json_extract_path_text(Properties, 'Scheduler') as scheduler, + json_extract_path_text(Properties, 'Size') as size, + json_extract_path_text(Properties, 'SlurmConfiguration') as slurm_configuration, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCS::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Endpoints') as endpoints, + json_extract_path_text(detail.Properties, 'ErrorInfo') as error_info, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Networking') as networking, + json_extract_path_text(detail.Properties, 'Scheduler') as scheduler, + json_extract_path_text(detail.Properties, 'Size') as size, + json_extract_path_text(detail.Properties, 'SlurmConfiguration') as slurm_configuration, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::PCS::Cluster' + AND detail.data__TypeName = 'AWS::PCS::Cluster' + AND listing.region = 'us-east-1' + clusters_list_only: + name: clusters_list_only + id: aws.pcs.clusters_list_only + x-cfn-schema-name: Cluster + x-cfn-type-name: AWS::PCS::Cluster + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCS::Cluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCS::Cluster' + AND region = 'us-east-1' + cluster_tags: + name: cluster_tags + id: aws.pcs.cluster_tags + x-cfn-schema-name: Cluster + x-cfn-type-name: AWS::PCS::Cluster + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Endpoints') as endpoints, + JSON_EXTRACT(detail.Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Networking') as networking, + JSON_EXTRACT(detail.Properties, '$.Scheduler') as scheduler, + JSON_EXTRACT(detail.Properties, '$.Size') as size, + JSON_EXTRACT(detail.Properties, '$.SlurmConfiguration') as slurm_configuration, + JSON_EXTRACT(detail.Properties, '$.Status') as status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::PCS::Cluster' + AND detail.data__TypeName = 'AWS::PCS::Cluster' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Endpoints') as endpoints, + json_extract_path_text(detail.Properties, 'ErrorInfo') as error_info, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Networking') as networking, + json_extract_path_text(detail.Properties, 'Scheduler') as scheduler, + json_extract_path_text(detail.Properties, 'Size') as size, + json_extract_path_text(detail.Properties, 'SlurmConfiguration') as slurm_configuration, + json_extract_path_text(detail.Properties, 'Status') as status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::PCS::Cluster' + AND detail.data__TypeName = 'AWS::PCS::Cluster' + AND listing.region = 'us-east-1' + compute_node_groups: + name: compute_node_groups + id: aws.pcs.compute_node_groups + x-cfn-schema-name: ComputeNodeGroup + x-cfn-type-name: AWS::PCS::ComputeNodeGroup + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ComputeNodeGroup&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCS::ComputeNodeGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCS::ComputeNodeGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCS::ComputeNodeGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/compute_node_groups/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/compute_node_groups/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/compute_node_groups/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AmiId') as ami_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ClusterId') as cluster_id, + JSON_EXTRACT(Properties, '$.CustomLaunchTemplate') as custom_launch_template, + JSON_EXTRACT(Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(Properties, '$.IamInstanceProfileArn') as iam_instance_profile_arn, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.InstanceConfigs') as instance_configs, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PurchaseOption') as purchase_option, + JSON_EXTRACT(Properties, '$.ScalingConfiguration') as scaling_configuration, + JSON_EXTRACT(Properties, '$.SlurmConfiguration') as slurm_configuration, + JSON_EXTRACT(Properties, '$.SpotOptions') as spot_options, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCS::ComputeNodeGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AmiId') as ami_id, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ClusterId') as cluster_id, + JSON_EXTRACT(detail.Properties, '$.CustomLaunchTemplate') as custom_launch_template, + JSON_EXTRACT(detail.Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(detail.Properties, '$.IamInstanceProfileArn') as iam_instance_profile_arn, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.InstanceConfigs') as instance_configs, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.PurchaseOption') as purchase_option, + JSON_EXTRACT(detail.Properties, '$.ScalingConfiguration') as scaling_configuration, + JSON_EXTRACT(detail.Properties, '$.SlurmConfiguration') as slurm_configuration, + JSON_EXTRACT(detail.Properties, '$.SpotOptions') as spot_options, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::PCS::ComputeNodeGroup' + AND detail.data__TypeName = 'AWS::PCS::ComputeNodeGroup' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AmiId') as ami_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ClusterId') as cluster_id, + json_extract_path_text(Properties, 'CustomLaunchTemplate') as custom_launch_template, + json_extract_path_text(Properties, 'ErrorInfo') as error_info, + json_extract_path_text(Properties, 'IamInstanceProfileArn') as iam_instance_profile_arn, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'InstanceConfigs') as instance_configs, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PurchaseOption') as purchase_option, + json_extract_path_text(Properties, 'ScalingConfiguration') as scaling_configuration, + json_extract_path_text(Properties, 'SlurmConfiguration') as slurm_configuration, + json_extract_path_text(Properties, 'SpotOptions') as spot_options, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCS::ComputeNodeGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AmiId') as ami_id, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ClusterId') as cluster_id, + json_extract_path_text(detail.Properties, 'CustomLaunchTemplate') as custom_launch_template, + json_extract_path_text(detail.Properties, 'ErrorInfo') as error_info, + json_extract_path_text(detail.Properties, 'IamInstanceProfileArn') as iam_instance_profile_arn, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'InstanceConfigs') as instance_configs, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'PurchaseOption') as purchase_option, + json_extract_path_text(detail.Properties, 'ScalingConfiguration') as scaling_configuration, + json_extract_path_text(detail.Properties, 'SlurmConfiguration') as slurm_configuration, + json_extract_path_text(detail.Properties, 'SpotOptions') as spot_options, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::PCS::ComputeNodeGroup' + AND detail.data__TypeName = 'AWS::PCS::ComputeNodeGroup' + AND listing.region = 'us-east-1' + compute_node_groups_list_only: + name: compute_node_groups_list_only + id: aws.pcs.compute_node_groups_list_only + x-cfn-schema-name: ComputeNodeGroup + x-cfn-type-name: AWS::PCS::ComputeNodeGroup + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCS::ComputeNodeGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCS::ComputeNodeGroup' + AND region = 'us-east-1' + compute_node_group_tags: + name: compute_node_group_tags + id: aws.pcs.compute_node_group_tags + x-cfn-schema-name: ComputeNodeGroup + x-cfn-type-name: AWS::PCS::ComputeNodeGroup + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AmiId') as ami_id, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ClusterId') as cluster_id, + JSON_EXTRACT(detail.Properties, '$.CustomLaunchTemplate') as custom_launch_template, + JSON_EXTRACT(detail.Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(detail.Properties, '$.IamInstanceProfileArn') as iam_instance_profile_arn, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.InstanceConfigs') as instance_configs, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.PurchaseOption') as purchase_option, + JSON_EXTRACT(detail.Properties, '$.ScalingConfiguration') as scaling_configuration, + JSON_EXTRACT(detail.Properties, '$.SlurmConfiguration') as slurm_configuration, + JSON_EXTRACT(detail.Properties, '$.SpotOptions') as spot_options, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::PCS::ComputeNodeGroup' + AND detail.data__TypeName = 'AWS::PCS::ComputeNodeGroup' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AmiId') as ami_id, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ClusterId') as cluster_id, + json_extract_path_text(detail.Properties, 'CustomLaunchTemplate') as custom_launch_template, + json_extract_path_text(detail.Properties, 'ErrorInfo') as error_info, + json_extract_path_text(detail.Properties, 'IamInstanceProfileArn') as iam_instance_profile_arn, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'InstanceConfigs') as instance_configs, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'PurchaseOption') as purchase_option, + json_extract_path_text(detail.Properties, 'ScalingConfiguration') as scaling_configuration, + json_extract_path_text(detail.Properties, 'SlurmConfiguration') as slurm_configuration, + json_extract_path_text(detail.Properties, 'SpotOptions') as spot_options, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::PCS::ComputeNodeGroup' + AND detail.data__TypeName = 'AWS::PCS::ComputeNodeGroup' + AND listing.region = 'us-east-1' + queues: + name: queues + id: aws.pcs.queues + x-cfn-schema-name: Queue + x-cfn-type-name: AWS::PCS::Queue + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Queue&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCS::Queue" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCS::Queue" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::PCS::Queue" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/queues/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/queues/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/queues/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ClusterId') as cluster_id, + JSON_EXTRACT(Properties, '$.ComputeNodeGroupConfigurations') as compute_node_group_configurations, + JSON_EXTRACT(Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCS::Queue' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ClusterId') as cluster_id, + JSON_EXTRACT(detail.Properties, '$.ComputeNodeGroupConfigurations') as compute_node_group_configurations, + JSON_EXTRACT(detail.Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::PCS::Queue' + AND detail.data__TypeName = 'AWS::PCS::Queue' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ClusterId') as cluster_id, + json_extract_path_text(Properties, 'ComputeNodeGroupConfigurations') as compute_node_group_configurations, + json_extract_path_text(Properties, 'ErrorInfo') as error_info, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::PCS::Queue' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ClusterId') as cluster_id, + json_extract_path_text(detail.Properties, 'ComputeNodeGroupConfigurations') as compute_node_group_configurations, + json_extract_path_text(detail.Properties, 'ErrorInfo') as error_info, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::PCS::Queue' + AND detail.data__TypeName = 'AWS::PCS::Queue' + AND listing.region = 'us-east-1' + queues_list_only: + name: queues_list_only + id: aws.pcs.queues_list_only + x-cfn-schema-name: Queue + x-cfn-type-name: AWS::PCS::Queue + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCS::Queue' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::PCS::Queue' + AND region = 'us-east-1' + queue_tags: + name: queue_tags + id: aws.pcs.queue_tags + x-cfn-schema-name: Queue + x-cfn-type-name: AWS::PCS::Queue + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ClusterId') as cluster_id, + JSON_EXTRACT(detail.Properties, '$.ComputeNodeGroupConfigurations') as compute_node_group_configurations, + JSON_EXTRACT(detail.Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Status') as status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::PCS::Queue' + AND detail.data__TypeName = 'AWS::PCS::Queue' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ClusterId') as cluster_id, + json_extract_path_text(detail.Properties, 'ComputeNodeGroupConfigurations') as compute_node_group_configurations, + json_extract_path_text(detail.Properties, 'ErrorInfo') as error_info, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Status') as status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::PCS::Queue' + AND detail.data__TypeName = 'AWS::PCS::Queue' + AND listing.region = 'us-east-1' +paths: + /?Action=CreateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Cluster&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateCluster + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateClusterRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__ComputeNodeGroup&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateComputeNodeGroup + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateComputeNodeGroupRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Queue&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateQueue + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateQueueRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success +x-stackQL-config: + requestTranslate: + algorithm: drop_double_underscore_params + pagination: + requestToken: + key: NextToken + location: body + responseToken: + key: NextToken + location: body diff --git a/providers/src/aws/v00.00.00000/services/pinpoint.yaml b/providers/src/aws/v00.00.00000/services/pinpoint.yaml index 078998f1..563ddd75 100644 --- a/providers/src/aws/v00.00.00000/services/pinpoint.yaml +++ b/providers/src/aws/v00.00.00000/services/pinpoint.yaml @@ -509,7 +509,15 @@ components: - Arn x-required-properties: - TemplateName - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - mobiletargeting:TagResource + - mobiletargeting:UntagResource x-required-permissions: create: - mobiletargeting:CreateInAppTemplate @@ -527,6 +535,8 @@ components: update: - mobiletargeting:UpdateInAppTemplate - mobiletargeting:GetInAppTemplate + - mobiletargeting:TagResource + - mobiletargeting:UntagResource CreateInAppTemplateRequest: properties: ClientToken: diff --git a/providers/src/aws/v00.00.00000/services/pipes.yaml b/providers/src/aws/v00.00.00000/services/pipes.yaml index e91913c4..f11090a3 100644 --- a/providers/src/aws/v00.00.00000/services/pipes.yaml +++ b/providers/src/aws/v00.00.00000/services/pipes.yaml @@ -523,7 +523,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^(^arn:aws([a-z]|\-)*:logs:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):log-group:.+)$ + pattern: ^(^arn:aws([a-z]|\-)*:logs:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}):(\d{12}):log-group:.+)$ additionalProperties: false DeadLetterConfig: type: object @@ -532,7 +532,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ additionalProperties: false DimensionMapping: type: object @@ -662,7 +662,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ InferenceAcceleratorOverrides: type: array items: @@ -673,7 +673,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ additionalProperties: false EpochTimeUnit: type: string @@ -707,7 +707,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^(^arn:aws([a-z]|\-)*:firehose:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):deliverystream/.+)$ + pattern: ^(^arn:aws([a-z]|\-)*:firehose:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}):(\d{12}):deliverystream/.+)$ additionalProperties: false HeaderParametersMap: type: object @@ -750,7 +750,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ description: Optional SecretManager ARN which stores the database credentials required: - BasicAuth @@ -764,7 +764,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ description: Optional SecretManager ARN which stores the database credentials required: - SaslScram512Auth @@ -776,7 +776,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ description: Optional SecretManager ARN which stores the database credentials required: - ClientCertificateTlsAuth @@ -1081,7 +1081,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ description: Optional SecretManager ARN which stores the database credentials Vpc: $ref: '#/components/schemas/SelfManagedKafkaAccessConfigurationVpc' @@ -1163,7 +1163,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ TaskCount: type: integer minimum: 1 @@ -1237,7 +1237,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ maxItems: 10 minItems: 0 Time: @@ -1319,7 +1319,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)|(\$(\.[\w/_-]+(\[(\d+|\*)\])*)*)$ description: Optional SecretManager ARN which stores the database credentials Database: type: string @@ -1515,7 +1515,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ description: Optional SecretManager ARN which stores the database credentials required: - BasicAuth @@ -1527,7 +1527,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ description: Optional SecretManager ARN which stores the database credentials required: - SaslScram512Auth @@ -1539,7 +1539,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ description: Optional SecretManager ARN which stores the database credentials required: - SaslScram256Auth @@ -1551,7 +1551,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ + pattern: ^(^arn:aws([a-z]|\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}):(\d{12}):secret:.+)$ description: Optional SecretManager ARN which stores the database credentials required: - ClientCertificateTlsAuth @@ -1657,9 +1657,13 @@ components: type: string maxLength: 1600 minLength: 0 - pattern: ^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ + pattern: ^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ EnrichmentParameters: $ref: '#/components/schemas/PipeEnrichmentParameters' + KmsKeyIdentifier: + type: string + maxLength: 2048 + minLength: 0 LastModifiedTime: type: string format: date-time @@ -1679,7 +1683,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^smk://(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]):[0-9]{1,5}|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ + pattern: ^smk://(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]):[0-9]{1,5}|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ SourceParameters: $ref: '#/components/schemas/PipeSourceParameters' StateReason: @@ -1693,7 +1697,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ TargetParameters: $ref: '#/components/schemas/PipeTargetParameters' required: @@ -1719,10 +1723,10 @@ components: - SourceParameters/ManagedStreamingKafkaParameters/TopicName - SourceParameters/ManagedStreamingKafkaParameters/StartingPosition - SourceParameters/ManagedStreamingKafkaParameters/ConsumerGroupID - - SourceParameters/SelfManagedApacheKafkaParameters/TopicName - - SourceParameters/SelfManagedApacheKafkaParameters/StartingPosition - - SourceParameters/SelfManagedApacheKafkaParameters/AdditionalBootstrapServers - - SourceParameters/SelfManagedApacheKafkaParameters/ConsumerGroupID + - SourceParameters/SelfManagedKafkaParameters/TopicName + - SourceParameters/SelfManagedKafkaParameters/StartingPosition + - SourceParameters/SelfManagedKafkaParameters/AdditionalBootstrapServers + - SourceParameters/SelfManagedKafkaParameters/ConsumerGroupID x-write-only-properties: - TargetParameters - SourceParameters @@ -1742,6 +1746,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - pipes:TagResource + - pipes:UntagResource + - pipes:ListTagsForResource x-required-permissions: create: - pipes:CreatePipe @@ -1758,8 +1766,12 @@ components: - s3:PutBucketPolicy - s3:GetBucketPolicy - firehose:TagDeliveryStream + - kms:DescribeKey + - kms:Decrypt + - kms:GenerateDataKey read: - pipes:DescribePipe + - kms:Decrypt update: - pipes:UpdatePipe - pipes:TagResource @@ -1778,14 +1790,21 @@ components: - s3:PutBucketPolicy - s3:GetBucketPolicy - firehose:TagDeliveryStream + - kms:DescribeKey + - kms:Decrypt + - kms:GenerateDataKey delete: - pipes:DeletePipe - pipes:DescribePipe + - pipes:UntagResource - logs:CreateLogDelivery - logs:UpdateLogDelivery - logs:DeleteLogDelivery - logs:GetLogDelivery - logs:ListLogDeliveries + - kms:DescribeKey + - kms:Decrypt + - kms:GenerateDataKey list: - pipes:ListPipes CreatePipeRequest: @@ -1822,9 +1841,13 @@ components: type: string maxLength: 1600 minLength: 0 - pattern: ^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ + pattern: ^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ EnrichmentParameters: $ref: '#/components/schemas/PipeEnrichmentParameters' + KmsKeyIdentifier: + type: string + maxLength: 2048 + minLength: 0 LastModifiedTime: type: string format: date-time @@ -1844,7 +1867,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^smk://(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]):[0-9]{1,5}|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ + pattern: ^smk://(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]):[0-9]{1,5}|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ SourceParameters: $ref: '#/components/schemas/PipeSourceParameters' StateReason: @@ -1858,7 +1881,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ + pattern: ^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(\d{12})?:(.+)$ TargetParameters: $ref: '#/components/schemas/PipeTargetParameters' x-stackQL-stringOnly: true @@ -1943,6 +1966,7 @@ components: JSON_EXTRACT(Properties, '$.DesiredState') as desired_state, JSON_EXTRACT(Properties, '$.Enrichment') as enrichment, JSON_EXTRACT(Properties, '$.EnrichmentParameters') as enrichment_parameters, + JSON_EXTRACT(Properties, '$.KmsKeyIdentifier') as kms_key_identifier, JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, JSON_EXTRACT(Properties, '$.LogConfiguration') as log_configuration, JSON_EXTRACT(Properties, '$.Name') as name, @@ -1968,6 +1992,7 @@ components: JSON_EXTRACT(detail.Properties, '$.DesiredState') as desired_state, JSON_EXTRACT(detail.Properties, '$.Enrichment') as enrichment, JSON_EXTRACT(detail.Properties, '$.EnrichmentParameters') as enrichment_parameters, + JSON_EXTRACT(detail.Properties, '$.KmsKeyIdentifier') as kms_key_identifier, JSON_EXTRACT(detail.Properties, '$.LastModifiedTime') as last_modified_time, JSON_EXTRACT(detail.Properties, '$.LogConfiguration') as log_configuration, JSON_EXTRACT(detail.Properties, '$.Name') as name, @@ -1998,6 +2023,7 @@ components: json_extract_path_text(Properties, 'DesiredState') as desired_state, json_extract_path_text(Properties, 'Enrichment') as enrichment, json_extract_path_text(Properties, 'EnrichmentParameters') as enrichment_parameters, + json_extract_path_text(Properties, 'KmsKeyIdentifier') as kms_key_identifier, json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, json_extract_path_text(Properties, 'LogConfiguration') as log_configuration, json_extract_path_text(Properties, 'Name') as name, @@ -2023,6 +2049,7 @@ components: json_extract_path_text(detail.Properties, 'DesiredState') as desired_state, json_extract_path_text(detail.Properties, 'Enrichment') as enrichment, json_extract_path_text(detail.Properties, 'EnrichmentParameters') as enrichment_parameters, + json_extract_path_text(detail.Properties, 'KmsKeyIdentifier') as kms_key_identifier, json_extract_path_text(detail.Properties, 'LastModifiedTime') as last_modified_time, json_extract_path_text(detail.Properties, 'LogConfiguration') as log_configuration, json_extract_path_text(detail.Properties, 'Name') as name, @@ -2098,6 +2125,7 @@ components: JSON_EXTRACT(detail.Properties, '$.DesiredState') as desired_state, JSON_EXTRACT(detail.Properties, '$.Enrichment') as enrichment, JSON_EXTRACT(detail.Properties, '$.EnrichmentParameters') as enrichment_parameters, + JSON_EXTRACT(detail.Properties, '$.KmsKeyIdentifier') as kms_key_identifier, JSON_EXTRACT(detail.Properties, '$.LastModifiedTime') as last_modified_time, JSON_EXTRACT(detail.Properties, '$.LogConfiguration') as log_configuration, JSON_EXTRACT(detail.Properties, '$.Name') as name, @@ -2129,6 +2157,7 @@ components: json_extract_path_text(detail.Properties, 'DesiredState') as desired_state, json_extract_path_text(detail.Properties, 'Enrichment') as enrichment, json_extract_path_text(detail.Properties, 'EnrichmentParameters') as enrichment_parameters, + json_extract_path_text(detail.Properties, 'KmsKeyIdentifier') as kms_key_identifier, json_extract_path_text(detail.Properties, 'LastModifiedTime') as last_modified_time, json_extract_path_text(detail.Properties, 'LogConfiguration') as log_configuration, json_extract_path_text(detail.Properties, 'Name') as name, diff --git a/providers/src/aws/v00.00.00000/services/proton.yaml b/providers/src/aws/v00.00.00000/services/proton.yaml index 0761b862..9d81e65e 100644 --- a/providers/src/aws/v00.00.00000/services/proton.yaml +++ b/providers/src/aws/v00.00.00000/services/proton.yaml @@ -481,6 +481,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - proton:ListTagsForResource + - proton:UntagResource + - proton:TagResource x-required-permissions: create: - proton:CreateEnvironmentAccountConnection @@ -572,28 +576,177 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - proton:ListTagsForResource + - proton:UntagResource + - proton:TagResource x-required-permissions: create: - proton:CreateEnvironmentTemplate + - proton:DeleteEnvironmentTemplate + - proton:ListTagsForResource - proton:TagResource - proton:GetEnvironmentTemplate - - kms:* + - kms:CancelKeyDeletion + - kms:CreateAlias + - kms:CreateCustomKeyStore + - kms:CreateGrant + - kms:CreateKey + - kms:DeleteAlias + - kms:DeleteCustomKeyStore + - kms:DeleteImportedKeyMaterial + - kms:DescribeCustomKeyStores + - kms:DescribeKey + - kms:DisableKey + - kms:DisableKeyRotation + - kms:EnableKey + - kms:EnableKeyRotation + - kms:GenerateDataKey + - kms:GetKeyPolicy + - kms:GetKeyRotationStatus + - kms:GetParametersForImport + - kms:GetPublicKey + - kms:ListAliases + - kms:ListGrants + - kms:ListKeyPolicies + - kms:ListKeyRotations + - kms:ListKeys + - kms:ListResourceTags + - kms:ListRetirableGrants + - kms:PutKeyPolicy + - kms:RevokeGrant + - kms:ScheduleKeyDeletion + - kms:TagResource + - kms:UntagResource + - kms:UpdateAlias + - kms:UpdateCustomKeyStore + - kms:UpdateKeyDescription + - kms:UpdatePrimaryRegion read: - - proton:GetEnvironmentTemplate + - proton:CreateEnvironmentTemplate + - proton:DeleteEnvironmentTemplate - proton:ListTagsForResource - - kms:* + - proton:GetEnvironmentTemplate + - kms:CancelKeyDeletion + - kms:CreateAlias + - kms:CreateCustomKeyStore + - kms:CreateGrant + - kms:CreateKey + - kms:DeleteAlias + - kms:DeleteCustomKeyStore + - kms:DeleteImportedKeyMaterial + - kms:DescribeCustomKeyStores + - kms:DescribeKey + - kms:DisableKey + - kms:DisableKeyRotation + - kms:EnableKey + - kms:EnableKeyRotation + - kms:GenerateDataKey + - kms:GetKeyPolicy + - kms:GetKeyRotationStatus + - kms:GetParametersForImport + - kms:GetPublicKey + - kms:ListAliases + - kms:ListGrants + - kms:ListKeyPolicies + - kms:ListKeyRotations + - kms:ListKeys + - kms:ListResourceTags + - kms:ListRetirableGrants + - kms:PutKeyPolicy + - kms:RevokeGrant + - kms:ScheduleKeyDeletion + - kms:TagResource + - kms:UntagResource + - kms:UpdateAlias + - kms:UpdateCustomKeyStore + - kms:UpdateKeyDescription + - kms:UpdatePrimaryRegion update: - proton:CreateEnvironmentTemplate + - proton:DeleteEnvironmentTemplate + - proton:GetEnvironmentTemplate - proton:ListTagsForResource - proton:TagResource - - proton:UntagResource - proton:UpdateEnvironmentTemplate - - proton:GetEnvironmentTemplate - - kms:* + - proton:UntagResource + - kms:CancelKeyDeletion + - kms:CreateAlias + - kms:CreateCustomKeyStore + - kms:CreateGrant + - kms:CreateKey + - kms:DeleteAlias + - kms:DeleteCustomKeyStore + - kms:DeleteImportedKeyMaterial + - kms:DescribeCustomKeyStores + - kms:DescribeKey + - kms:DisableKey + - kms:DisableKeyRotation + - kms:EnableKey + - kms:EnableKeyRotation + - kms:GenerateDataKey + - kms:GetKeyPolicy + - kms:GetKeyRotationStatus + - kms:GetParametersForImport + - kms:GetPublicKey + - kms:ListAliases + - kms:ListGrants + - kms:ListKeyPolicies + - kms:ListKeyRotations + - kms:ListKeys + - kms:ListResourceTags + - kms:ListRetirableGrants + - kms:PutKeyPolicy + - kms:RevokeGrant + - kms:ScheduleKeyDeletion + - kms:TagResource + - kms:UntagResource + - kms:UpdateAlias + - kms:UpdateCustomKeyStore + - kms:UpdateKeyDescription + - kms:UpdatePrimaryRegion delete: + - proton:CreateEnvironmentTemplate - proton:DeleteEnvironmentTemplate - proton:GetEnvironmentTemplate - - kms:* + - proton:ListTagsForResource + - proton:TagResource + - proton:UntagResource + - kms:CancelKeyDeletion + - kms:CreateAlias + - kms:CreateCustomKeyStore + - kms:CreateGrant + - kms:CreateKey + - kms:DeleteAlias + - kms:DeleteCustomKeyStore + - kms:DeleteImportedKeyMaterial + - kms:DescribeCustomKeyStores + - kms:DescribeKey + - kms:DisableKey + - kms:DisableKeyRotation + - kms:EnableKey + - kms:EnableKeyRotation + - kms:GenerateDataKey + - kms:GetKeyPolicy + - kms:GetKeyRotationStatus + - kms:GetParametersForImport + - kms:GetPublicKey + - kms:ListAliases + - kms:ListGrants + - kms:ListKeyPolicies + - kms:ListKeyRotations + - kms:ListKeys + - kms:ListResourceTags + - kms:ListRetirableGrants + - kms:PutKeyPolicy + - kms:RevokeGrant + - kms:ScheduleKeyDeletion + - kms:TagResource + - kms:UntagResource + - kms:UpdateAlias + - kms:UpdateCustomKeyStore + - kms:UpdateKeyDescription + - kms:UpdatePrimaryRegion list: - proton:ListEnvironmentTemplates ServiceTemplate: @@ -658,16 +811,88 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - proton:ListTagsForResource + - proton:UntagResource + - proton:TagResource x-required-permissions: create: - proton:CreateServiceTemplate - proton:TagResource - - kms:* - proton:GetServiceTemplate + - kms:CancelKeyDeletion + - kms:CreateAlias + - kms:CreateCustomKeyStore + - kms:CreateGrant + - kms:CreateKey + - kms:DeleteAlias + - kms:DeleteCustomKeyStore + - kms:DeleteImportedKeyMaterial + - kms:DescribeCustomKeyStores + - kms:DescribeKey + - kms:DisableKey + - kms:DisableKeyRotation + - kms:EnableKey + - kms:EnableKeyRotation + - kms:GenerateDataKey + - kms:GetKeyPolicy + - kms:GetKeyRotationStatus + - kms:GetParametersForImport + - kms:GetPublicKey + - kms:ListAliases + - kms:ListGrants + - kms:ListKeyPolicies + - kms:ListKeyRotations + - kms:ListKeys + - kms:ListResourceTags + - kms:ListRetirableGrants + - kms:PutKeyPolicy + - kms:RevokeGrant + - kms:ScheduleKeyDeletion + - kms:TagResource + - kms:UntagResource + - kms:UpdateAlias + - kms:UpdateCustomKeyStore + - kms:UpdateKeyDescription + - kms:UpdatePrimaryRegion read: - proton:GetServiceTemplate - proton:ListTagsForResource - - kms:* + - kms:CancelKeyDeletion + - kms:CreateAlias + - kms:CreateCustomKeyStore + - kms:CreateGrant + - kms:CreateKey + - kms:DeleteAlias + - kms:DeleteCustomKeyStore + - kms:DeleteImportedKeyMaterial + - kms:DescribeCustomKeyStores + - kms:DescribeKey + - kms:DisableKey + - kms:DisableKeyRotation + - kms:EnableKey + - kms:EnableKeyRotation + - kms:GenerateDataKey + - kms:GetKeyPolicy + - kms:GetKeyRotationStatus + - kms:GetParametersForImport + - kms:GetPublicKey + - kms:ListAliases + - kms:ListGrants + - kms:ListKeyPolicies + - kms:ListKeyRotations + - kms:ListKeys + - kms:ListResourceTags + - kms:ListRetirableGrants + - kms:PutKeyPolicy + - kms:RevokeGrant + - kms:ScheduleKeyDeletion + - kms:TagResource + - kms:UntagResource + - kms:UpdateAlias + - kms:UpdateCustomKeyStore + - kms:UpdateKeyDescription + - kms:UpdatePrimaryRegion update: - proton:GetServiceTemplate - proton:CreateServiceTemplate @@ -675,12 +900,80 @@ components: - proton:TagResource - proton:UntagResource - proton:UpdateServiceTemplate - - kms:* + - kms:CancelKeyDeletion + - kms:CreateAlias + - kms:CreateCustomKeyStore + - kms:CreateGrant + - kms:CreateKey + - kms:DeleteAlias + - kms:DeleteCustomKeyStore + - kms:DeleteImportedKeyMaterial + - kms:DescribeCustomKeyStores + - kms:DescribeKey + - kms:DisableKey + - kms:DisableKeyRotation + - kms:EnableKey + - kms:EnableKeyRotation + - kms:GenerateDataKey + - kms:GetKeyPolicy + - kms:GetKeyRotationStatus + - kms:GetParametersForImport + - kms:GetPublicKey + - kms:ListAliases + - kms:ListGrants + - kms:ListKeyPolicies + - kms:ListKeyRotations + - kms:ListKeys + - kms:ListResourceTags + - kms:ListRetirableGrants + - kms:PutKeyPolicy + - kms:RevokeGrant + - kms:ScheduleKeyDeletion + - kms:TagResource + - kms:UntagResource + - kms:UpdateAlias + - kms:UpdateCustomKeyStore + - kms:UpdateKeyDescription + - kms:UpdatePrimaryRegion delete: - proton:DeleteServiceTemplate - proton:UntagResource - - kms:* - proton:GetServiceTemplate + - kms:CancelKeyDeletion + - kms:CreateAlias + - kms:CreateCustomKeyStore + - kms:CreateGrant + - kms:CreateKey + - kms:DeleteAlias + - kms:DeleteCustomKeyStore + - kms:DeleteImportedKeyMaterial + - kms:DescribeCustomKeyStores + - kms:DescribeKey + - kms:DisableKey + - kms:DisableKeyRotation + - kms:EnableKey + - kms:EnableKeyRotation + - kms:GenerateDataKey + - kms:GetKeyPolicy + - kms:GetKeyRotationStatus + - kms:GetParametersForImport + - kms:GetPublicKey + - kms:ListAliases + - kms:ListGrants + - kms:ListKeyPolicies + - kms:ListKeyRotations + - kms:ListKeys + - kms:ListResourceTags + - kms:ListRetirableGrants + - kms:PutKeyPolicy + - kms:RevokeGrant + - kms:ScheduleKeyDeletion + - kms:TagResource + - kms:UntagResource + - kms:UpdateAlias + - kms:UpdateCustomKeyStore + - kms:UpdateKeyDescription + - kms:UpdatePrimaryRegion list: - proton:ListServiceTemplates CreateEnvironmentAccountConnectionRequest: diff --git a/providers/src/aws/v00.00.00000/services/qbusiness.yaml b/providers/src/aws/v00.00.00000/services/qbusiness.yaml index c5cb456a..06502c24 100644 --- a/providers/src/aws/v00.00.00000/services/qbusiness.yaml +++ b/providers/src/aws/v00.00.00000/services/qbusiness.yaml @@ -406,6 +406,21 @@ components: enum: - ENABLED - DISABLED + AutoSubscriptionConfiguration: + type: object + properties: + AutoSubscribe: + $ref: '#/components/schemas/AutoSubscriptionStatus' + DefaultSubscriptionType: + $ref: '#/components/schemas/SubscriptionType' + required: + - AutoSubscribe + additionalProperties: false + AutoSubscriptionStatus: + type: string + enum: + - ENABLED + - DISABLED EncryptionConfiguration: type: object properties: @@ -414,6 +429,55 @@ components: maxLength: 2048 minLength: 1 additionalProperties: false + IdentityType: + type: string + enum: + - AWS_IAM_IDP_SAML + - AWS_IAM_IDP_OIDC + - AWS_IAM_IDC + - AWS_QUICKSIGHT_IDP + PersonalizationConfiguration: + type: object + properties: + PersonalizationControlMode: + $ref: '#/components/schemas/PersonalizationControlMode' + required: + - PersonalizationControlMode + additionalProperties: false + PersonalizationControlMode: + type: string + enum: + - ENABLED + - DISABLED + QAppsConfiguration: + type: object + properties: + QAppsControlMode: + $ref: '#/components/schemas/QAppsControlMode' + required: + - QAppsControlMode + additionalProperties: false + QAppsControlMode: + type: string + enum: + - ENABLED + - DISABLED + QuickSightConfiguration: + type: object + properties: + ClientNamespace: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9._-]*$ + required: + - ClientNamespace + additionalProperties: false + SubscriptionType: + type: string + enum: + - Q_LITE + - Q_BUSINESS Tag: type: object properties: @@ -444,6 +508,15 @@ components: pattern: ^[a-zA-Z0-9][a-zA-Z0-9-]{35}$ AttachmentsConfiguration: $ref: '#/components/schemas/AttachmentsConfiguration' + AutoSubscriptionConfiguration: + $ref: '#/components/schemas/AutoSubscriptionConfiguration' + ClientIdsForOIDC: + type: array + items: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9_.:/()*?=-]*$ CreatedAt: type: string format: date-time @@ -459,6 +532,11 @@ components: pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]*$ EncryptionConfiguration: $ref: '#/components/schemas/EncryptionConfiguration' + IamIdentityProviderArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:aws:iam::\d{12}:(oidc-provider|saml-provider)/[a-zA-Z0-9_\.\/@\-]+$ IdentityCenterApplicationArn: type: string maxLength: 1224 @@ -469,6 +547,14 @@ components: maxLength: 1224 minLength: 10 pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}$ + IdentityType: + $ref: '#/components/schemas/IdentityType' + PersonalizationConfiguration: + $ref: '#/components/schemas/PersonalizationConfiguration' + QAppsConfiguration: + $ref: '#/components/schemas/QAppsConfiguration' + QuickSightConfiguration: + $ref: '#/components/schemas/QuickSightConfiguration' RoleArn: type: string maxLength: 1284 @@ -478,7 +564,6 @@ components: $ref: '#/components/schemas/ApplicationStatus' Tags: type: array - x-insertionOrder: false items: $ref: '#/components/schemas/Tag' maxItems: 200 @@ -494,7 +579,11 @@ components: x-stackql-primary-identifier: - ApplicationId x-create-only-properties: + - ClientIdsForOIDC - EncryptionConfiguration + - IamIdentityProviderArn + - IdentityType + - QuickSightConfiguration x-write-only-properties: - IdentityCenterInstanceArn x-read-only-properties: @@ -508,8 +597,17 @@ components: - DisplayName x-tagging: taggable: true + tagUpdatable: true + tagOnCreate: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - qbusiness:UntagResource + - qbusiness:TagResource + - qbusiness:ListTagsForResource x-required-permissions: create: + - iam:GetSAMLProvider - iam:PassRole - kms:CreateGrant - kms:DescribeKey @@ -517,8 +615,12 @@ components: - qbusiness:GetApplication - qbusiness:ListTagsForResource - qbusiness:TagResource + - qbusiness:UpdateApplication + - quicksight:DescribeAccountSubscription + - quicksight:ListNamespaces - sso:CreateApplication - sso:DeleteApplication + - sso:DescribeInstance - sso:PutApplicationAccessScope - sso:PutApplicationAuthenticationMethod - sso:PutApplicationGrant @@ -534,6 +636,7 @@ components: - qbusiness:UpdateApplication - sso:CreateApplication - sso:DeleteApplication + - sso:DescribeInstance - sso:PutApplicationAccessScope - sso:PutApplicationAuthenticationMethod - sso:PutApplicationGrant @@ -544,6 +647,222 @@ components: - sso:DeleteApplication list: - qbusiness:ListApplications + ActionConfiguration: + type: object + properties: + Action: + type: string + pattern: ^qbusiness:[a-zA-Z]+$ + FilterConfiguration: + $ref: '#/components/schemas/ActionFilterConfiguration' + required: + - Action + additionalProperties: false + ActionFilterConfiguration: + type: object + properties: + DocumentAttributeFilter: + $ref: '#/components/schemas/AttributeFilter' + required: + - DocumentAttributeFilter + additionalProperties: false + AttributeFilter: + type: object + properties: + AndAllFilters: + type: array + items: + $ref: '#/components/schemas/AttributeFilter' + OrAllFilters: + type: array + items: + $ref: '#/components/schemas/AttributeFilter' + NotFilter: + $ref: '#/components/schemas/AttributeFilter' + EqualsTo: + $ref: '#/components/schemas/DocumentAttribute' + ContainsAll: + $ref: '#/components/schemas/DocumentAttribute' + ContainsAny: + $ref: '#/components/schemas/DocumentAttribute' + GreaterThan: + $ref: '#/components/schemas/DocumentAttribute' + GreaterThanOrEquals: + $ref: '#/components/schemas/DocumentAttribute' + LessThan: + $ref: '#/components/schemas/DocumentAttribute' + LessThanOrEquals: + $ref: '#/components/schemas/DocumentAttribute' + additionalProperties: false + DocumentAttribute: + type: object + properties: + Name: + type: string + maxLength: 200 + minLength: 1 + pattern: ^[a-zA-Z0-9_][a-zA-Z0-9_-]*$ + Value: + $ref: '#/components/schemas/DocumentAttributeValue' + required: + - Name + - Value + additionalProperties: false + DocumentAttributeValue: + oneOf: + - type: object + title: StringValue + properties: + StringValue: + type: string + maxLength: 2048 + required: + - StringValue + additionalProperties: false + - type: object + title: StringListValue + properties: + StringListValue: + type: array + x-insertionOrder: true + items: + type: string + maxLength: 2048 + minLength: 1 + required: + - StringListValue + additionalProperties: false + - type: object + title: LongValue + properties: + LongValue: + type: number + required: + - LongValue + additionalProperties: false + - type: object + title: DateValue + properties: + DateValue: + type: string + format: date-time + required: + - DateValue + additionalProperties: false + Unit: + type: object + additionalProperties: false + DataAccessor: + type: object + properties: + ActionConfigurations: + type: array + items: + $ref: '#/components/schemas/ActionConfiguration' + maxItems: 10 + minItems: 1 + ApplicationId: + type: string + maxLength: 36 + minLength: 36 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9-]{35}$ + CreatedAt: + type: string + format: date-time + DataAccessorArn: + type: string + maxLength: 1284 + minLength: 0 + pattern: ^arn:[a-z0-9-\.]{1,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[^/].{0,1023}$ + DataAccessorId: + type: string + maxLength: 36 + minLength: 36 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9-]{35}$ + DisplayName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]*$ + IdcApplicationArn: + type: string + maxLength: 1224 + minLength: 10 + pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}$ + Principal: + type: string + maxLength: 1284 + minLength: 1 + pattern: ^arn:aws:iam::[0-9]{12}:role/[a-zA-Z0-9_/+=,.@-]+$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + UpdatedAt: + type: string + format: date-time + required: + - ApplicationId + - ActionConfigurations + - DisplayName + - Principal + x-stackql-resource-name: data_accessor + description: Definition of AWS::QBusiness::DataAccessor Resource Type + x-type-name: AWS::QBusiness::DataAccessor + x-stackql-primary-identifier: + - ApplicationId + - DataAccessorId + x-create-only-properties: + - ApplicationId + - Principal + x-read-only-properties: + - CreatedAt + - DataAccessorArn + - DataAccessorId + - IdcApplicationArn + - UpdatedAt + x-required-properties: + - ApplicationId + - ActionConfigurations + - DisplayName + - Principal + x-tagging: + taggable: true + tagUpdatable: true + tagOnCreate: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - qbusiness:UntagResource + - qbusiness:TagResource + - qbusiness:ListTagsForResource + x-required-permissions: + create: + - qbusiness:CreateDataAccessor + - qbusiness:GetDataAccessor + - qbusiness:ListTagsForResource + - qbusiness:TagResource + - sso:CreateApplication + - sso:PutApplicationAuthenticationMethod + - sso:PutApplicationGrant + - sso:PutApplicationAccessScope + read: + - qbusiness:GetDataAccessor + - qbusiness:ListTagsForResource + update: + - qbusiness:GetDataAccessor + - qbusiness:ListTagsForResource + - qbusiness:TagResource + - qbusiness:UntagResource + - qbusiness:UpdateDataAccessor + delete: + - qbusiness:DeleteDataAccessor + - qbusiness:GetDataAccessor + - sso:DeleteApplication + list: + - qbusiness:ListDataAccessors AttributeValueOperator: type: string enum: @@ -613,47 +932,6 @@ components: required: - Key additionalProperties: false - DocumentAttributeValue: - oneOf: - - type: object - title: StringValue - properties: - StringValue: - type: string - maxLength: 2048 - required: - - StringValue - additionalProperties: false - - type: object - title: StringListValue - properties: - StringListValue: - type: array - x-insertionOrder: true - items: - type: string - maxLength: 2048 - minLength: 1 - required: - - StringListValue - additionalProperties: false - - type: object - title: LongValue - properties: - LongValue: - type: number - required: - - LongValue - additionalProperties: false - - type: object - title: DateValue - properties: - DateValue: - type: string - format: date-time - required: - - DateValue - additionalProperties: false DocumentContentOperator: type: string enum: @@ -672,6 +950,25 @@ components: - EXISTS - NOT_EXISTS - BEGINS_WITH + ImageExtractionStatus: + type: string + enum: + - ENABLED + - DISABLED + ImageExtractionConfiguration: + type: object + properties: + ImageExtractionStatus: + $ref: '#/components/schemas/ImageExtractionStatus' + required: + - ImageExtractionStatus + additionalProperties: false + MediaExtractionConfiguration: + type: object + properties: + ImageExtractionConfiguration: + $ref: '#/components/schemas/ImageExtractionConfiguration' + additionalProperties: false DocumentEnrichmentConfiguration: type: object properties: @@ -752,6 +1049,8 @@ components: pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]*$ DocumentEnrichmentConfiguration: $ref: '#/components/schemas/DocumentEnrichmentConfiguration' + MediaExtractionConfiguration: + $ref: '#/components/schemas/MediaExtractionConfiguration' IndexId: type: string maxLength: 36 @@ -997,16 +1296,78 @@ components: - qbusiness:GetIndex list: - qbusiness:ListIndices - APISchema: - oneOf: - - type: object - title: Payload - properties: - Payload: - type: string - required: - - Payload - additionalProperties: false + Permission: + type: object + properties: + ApplicationId: + type: string + maxLength: 36 + minLength: 36 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9-]{35}$ + StatementId: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + Actions: + type: array + items: + type: string + pattern: ^qbusiness:[a-zA-Z]+$ + maxItems: 10 + minItems: 1 + Principal: + type: string + maxLength: 1284 + minLength: 1 + pattern: ^arn:aws:iam::[0-9]{12}:role/[a-zA-Z0-9_/+=,.@-]+$ + required: + - ApplicationId + - StatementId + - Actions + - Principal + x-stackql-resource-name: permission + description: Definition of AWS::QBusiness::Permission Resource Type + x-type-name: AWS::QBusiness::Permission + x-stackql-primary-identifier: + - ApplicationId + - StatementId + x-create-only-properties: + - ApplicationId + - StatementId + - Actions + - Principal + x-required-properties: + - ApplicationId + - StatementId + - Actions + - Principal + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - qbusiness:AssociatePermission + - qbusiness:PutResourcePolicy + read: + - qbusiness:GetPolicy + delete: + - qbusiness:DisassociatePermission + - qbusiness:PutResourcePolicy + list: + - qbusiness:GetPolicy + APISchema: + oneOf: + - type: object + title: Payload + properties: + Payload: + type: string + required: + - Payload + additionalProperties: false - type: object title: S3 properties: @@ -1068,6 +1429,16 @@ components: maxLength: 1284 minLength: 0 pattern: ^arn:[a-z0-9-\.]{1,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[^/].{0,1023}$ + AuthorizationUrl: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^(https?|ftp|file)://([^\s]*)$ + TokenUrl: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^(https?|ftp|file)://([^\s]*)$ required: - RoleArn - SecretArn @@ -1121,6 +1492,18 @@ components: - JIRA - ZENDESK - CUSTOM + - QUICKSIGHT + - SERVICENOW_NOW_PLATFORM + - JIRA_CLOUD + - SALESFORCE_CRM + - ZENDESK_SUITE + - ATLASSIAN_CONFLUENCE + - GOOGLE_CALENDAR + - MICROSOFT_TEAMS + - MICROSOFT_EXCHANGE + - PAGERDUTY_ADVANCE + - SMARTSHEET + - ASANA S3: type: object properties: @@ -1178,7 +1561,6 @@ components: $ref: '#/components/schemas/PluginState' Tags: type: array - x-insertionOrder: false items: $ref: '#/components/schemas/Tag' maxItems: 200 @@ -1189,7 +1571,6 @@ components: type: string format: date-time required: - - ApplicationId - AuthConfiguration - DisplayName - Type @@ -1209,12 +1590,19 @@ components: - PluginId - UpdatedAt x-required-properties: - - ApplicationId - AuthConfiguration - DisplayName - Type x-tagging: taggable: true + tagUpdatable: true + tagOnCreate: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - qbusiness:UntagResource + - qbusiness:TagResource + - qbusiness:ListTagsForResource x-required-permissions: create: - iam:PassRole @@ -1222,7 +1610,6 @@ components: - qbusiness:GetPlugin - qbusiness:ListTagsForResource - qbusiness:TagResource - - qbusiness:UpdatePlugin read: - qbusiness:GetPlugin - qbusiness:ListTagsForResource @@ -1385,6 +1772,52 @@ components: - qbusiness:GetRetriever list: - qbusiness:ListRetrievers + IdentityProviderConfiguration: + oneOf: + - type: object + title: SamlConfiguration + properties: + SamlConfiguration: + $ref: '#/components/schemas/SamlProviderConfiguration' + required: + - SamlConfiguration + additionalProperties: false + - type: object + title: OpenIDConnectConfiguration + properties: + OpenIDConnectConfiguration: + $ref: '#/components/schemas/OpenIDConnectProviderConfiguration' + required: + - OpenIDConnectConfiguration + additionalProperties: false + OpenIDConnectProviderConfiguration: + type: object + properties: + SecretsArn: + type: string + maxLength: 1284 + minLength: 0 + pattern: ^arn:[a-z0-9-\.]{1,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[^/].{0,1023}$ + SecretsRole: + type: string + maxLength: 1284 + minLength: 0 + pattern: ^arn:[a-z0-9-\.]{1,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[^/].{0,1023}$ + required: + - SecretsArn + - SecretsRole + additionalProperties: false + SamlProviderConfiguration: + type: object + properties: + AuthenticationUrl: + type: string + maxLength: 1284 + minLength: 1 + pattern: ^https://.*$ + required: + - AuthenticationUrl + additionalProperties: false WebExperienceSamplePromptsControlMode: type: string enum: @@ -1398,6 +1831,35 @@ components: - DELETING - FAILED - PENDING_AUTH_CONFIG + Origin: + type: string + maxLength: 64 + minLength: 1 + pattern: ^(http:\/\/|https:\/\/)[a-zA-Z0-9-_.]+(?::[0-9]{1,5})?$ + CustomizationConfiguration: + type: object + properties: + CustomCSSUrl: + type: string + maxLength: 1284 + minLength: 0 + pattern: ^(https?://[a-zA-Z0-9-_.+%/]+\.css)?$ + LogoUrl: + type: string + maxLength: 1284 + minLength: 0 + pattern: ^(https?://[a-zA-Z0-9-_.+%/]+\.(svg|png))?$ + FontUrl: + type: string + maxLength: 1284 + minLength: 0 + pattern: ^(https?://[a-zA-Z0-9-_.+%/]+\.(ttf|woff|woff2|otf))?$ + FaviconUrl: + type: string + maxLength: 1284 + minLength: 0 + pattern: ^(https?://[a-zA-Z0-9-_.+%/]+\.(svg|ico))?$ + additionalProperties: false WebExperience: type: object properties: @@ -1414,6 +1876,8 @@ components: maxLength: 2048 minLength: 1 pattern: ^(https?|ftp|file)://([^\s]*)$ + IdentityProviderConfiguration: + $ref: '#/components/schemas/IdentityProviderConfiguration' RoleArn: type: string maxLength: 1284 @@ -1457,6 +1921,15 @@ components: type: string maxLength: 300 minLength: 0 + Origins: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Origin' + maxItems: 10 + minItems: 0 + CustomizationConfiguration: + $ref: '#/components/schemas/CustomizationConfiguration' required: - ApplicationId x-stackql-resource-name: web_experience @@ -1529,6 +2002,15 @@ components: pattern: ^[a-zA-Z0-9][a-zA-Z0-9-]{35}$ AttachmentsConfiguration: $ref: '#/components/schemas/AttachmentsConfiguration' + AutoSubscriptionConfiguration: + $ref: '#/components/schemas/AutoSubscriptionConfiguration' + ClientIdsForOIDC: + type: array + items: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9_.:/()*?=-]*$ CreatedAt: type: string format: date-time @@ -1544,6 +2026,11 @@ components: pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]*$ EncryptionConfiguration: $ref: '#/components/schemas/EncryptionConfiguration' + IamIdentityProviderArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:aws:iam::\d{12}:(oidc-provider|saml-provider)/[a-zA-Z0-9_\.\/@\-]+$ IdentityCenterApplicationArn: type: string maxLength: 1224 @@ -1554,6 +2041,14 @@ components: maxLength: 1224 minLength: 10 pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}$ + IdentityType: + $ref: '#/components/schemas/IdentityType' + PersonalizationConfiguration: + $ref: '#/components/schemas/PersonalizationConfiguration' + QAppsConfiguration: + $ref: '#/components/schemas/QAppsConfiguration' + QuickSightConfiguration: + $ref: '#/components/schemas/QuickSightConfiguration' RoleArn: type: string maxLength: 1284 @@ -1563,7 +2058,6 @@ components: $ref: '#/components/schemas/ApplicationStatus' Tags: type: array - x-insertionOrder: false items: $ref: '#/components/schemas/Tag' maxItems: 200 @@ -1575,6 +2069,71 @@ components: x-title: CreateApplicationRequest type: object required: [] + CreateDataAccessorRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ActionConfigurations: + type: array + items: + $ref: '#/components/schemas/ActionConfiguration' + maxItems: 10 + minItems: 1 + ApplicationId: + type: string + maxLength: 36 + minLength: 36 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9-]{35}$ + CreatedAt: + type: string + format: date-time + DataAccessorArn: + type: string + maxLength: 1284 + minLength: 0 + pattern: ^arn:[a-z0-9-\.]{1,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[^/].{0,1023}$ + DataAccessorId: + type: string + maxLength: 36 + minLength: 36 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9-]{35}$ + DisplayName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]*$ + IdcApplicationArn: + type: string + maxLength: 1224 + minLength: 10 + pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}$ + Principal: + type: string + maxLength: 1284 + minLength: 1 + pattern: ^arn:aws:iam::[0-9]{12}:role/[a-zA-Z0-9_/+=,.@-]+$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + UpdatedAt: + type: string + format: date-time + x-stackQL-stringOnly: true + x-title: CreateDataAccessorRequest + type: object + required: [] CreateDataSourceRequest: properties: ClientToken: @@ -1619,6 +2178,8 @@ components: pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]*$ DocumentEnrichmentConfiguration: $ref: '#/components/schemas/DocumentEnrichmentConfiguration' + MediaExtractionConfiguration: + $ref: '#/components/schemas/MediaExtractionConfiguration' IndexId: type: string maxLength: 36 @@ -1725,6 +2286,45 @@ components: x-title: CreateIndexRequest type: object required: [] + CreatePermissionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ApplicationId: + type: string + maxLength: 36 + minLength: 36 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9-]{35}$ + StatementId: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9_-]+$ + Actions: + type: array + items: + type: string + pattern: ^qbusiness:[a-zA-Z]+$ + maxItems: 10 + minItems: 1 + Principal: + type: string + maxLength: 1284 + minLength: 1 + pattern: ^arn:aws:iam::[0-9]{12}:role/[a-zA-Z0-9_/+=,.@-]+$ + x-stackQL-stringOnly: true + x-title: CreatePermissionRequest + type: object + required: [] CreatePluginRequest: properties: ClientToken: @@ -1776,7 +2376,6 @@ components: $ref: '#/components/schemas/PluginState' Tags: type: array - x-insertionOrder: false items: $ref: '#/components/schemas/Tag' maxItems: 200 @@ -1877,6 +2476,8 @@ components: maxLength: 2048 minLength: 1 pattern: ^(https?|ftp|file)://([^\s]*)$ + IdentityProviderConfiguration: + $ref: '#/components/schemas/IdentityProviderConfiguration' RoleArn: type: string maxLength: 1284 @@ -1920,6 +2521,15 @@ components: type: string maxLength: 300 minLength: 0 + Origins: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Origin' + maxItems: 10 + minItems: 0 + CustomizationConfiguration: + $ref: '#/components/schemas/CustomizationConfiguration' x-stackQL-stringOnly: true x-title: CreateWebExperienceRequest type: object @@ -1951,7 +2561,299 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::QBusiness::Application" + "TypeName": "AWS::QBusiness::Application" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::QBusiness::Application" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::QBusiness::Application" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/applications/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/applications/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/applications/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.AttachmentsConfiguration') as attachments_configuration, + JSON_EXTRACT(Properties, '$.AutoSubscriptionConfiguration') as auto_subscription_configuration, + JSON_EXTRACT(Properties, '$.ClientIdsForOIDC') as client_ids_for_oid_c, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.EncryptionConfiguration') as encryption_configuration, + JSON_EXTRACT(Properties, '$.IamIdentityProviderArn') as iam_identity_provider_arn, + JSON_EXTRACT(Properties, '$.IdentityCenterApplicationArn') as identity_center_application_arn, + JSON_EXTRACT(Properties, '$.IdentityCenterInstanceArn') as identity_center_instance_arn, + JSON_EXTRACT(Properties, '$.IdentityType') as identity_type, + JSON_EXTRACT(Properties, '$.PersonalizationConfiguration') as personalization_configuration, + JSON_EXTRACT(Properties, '$.QAppsConfiguration') as q_apps_configuration, + JSON_EXTRACT(Properties, '$.QuickSightConfiguration') as quick_sight_configuration, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QBusiness::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(detail.Properties, '$.AttachmentsConfiguration') as attachments_configuration, + JSON_EXTRACT(detail.Properties, '$.AutoSubscriptionConfiguration') as auto_subscription_configuration, + JSON_EXTRACT(detail.Properties, '$.ClientIdsForOIDC') as client_ids_for_oid_c, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(detail.Properties, '$.EncryptionConfiguration') as encryption_configuration, + JSON_EXTRACT(detail.Properties, '$.IamIdentityProviderArn') as iam_identity_provider_arn, + JSON_EXTRACT(detail.Properties, '$.IdentityCenterApplicationArn') as identity_center_application_arn, + JSON_EXTRACT(detail.Properties, '$.IdentityCenterInstanceArn') as identity_center_instance_arn, + JSON_EXTRACT(detail.Properties, '$.IdentityType') as identity_type, + JSON_EXTRACT(detail.Properties, '$.PersonalizationConfiguration') as personalization_configuration, + JSON_EXTRACT(detail.Properties, '$.QAppsConfiguration') as q_apps_configuration, + JSON_EXTRACT(detail.Properties, '$.QuickSightConfiguration') as quick_sight_configuration, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::QBusiness::Application' + AND detail.data__TypeName = 'AWS::QBusiness::Application' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'AttachmentsConfiguration') as attachments_configuration, + json_extract_path_text(Properties, 'AutoSubscriptionConfiguration') as auto_subscription_configuration, + json_extract_path_text(Properties, 'ClientIdsForOIDC') as client_ids_for_oid_c, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'EncryptionConfiguration') as encryption_configuration, + json_extract_path_text(Properties, 'IamIdentityProviderArn') as iam_identity_provider_arn, + json_extract_path_text(Properties, 'IdentityCenterApplicationArn') as identity_center_application_arn, + json_extract_path_text(Properties, 'IdentityCenterInstanceArn') as identity_center_instance_arn, + json_extract_path_text(Properties, 'IdentityType') as identity_type, + json_extract_path_text(Properties, 'PersonalizationConfiguration') as personalization_configuration, + json_extract_path_text(Properties, 'QAppsConfiguration') as q_apps_configuration, + json_extract_path_text(Properties, 'QuickSightConfiguration') as quick_sight_configuration, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QBusiness::Application' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, + json_extract_path_text(detail.Properties, 'AttachmentsConfiguration') as attachments_configuration, + json_extract_path_text(detail.Properties, 'AutoSubscriptionConfiguration') as auto_subscription_configuration, + json_extract_path_text(detail.Properties, 'ClientIdsForOIDC') as client_ids_for_oid_c, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, + json_extract_path_text(detail.Properties, 'EncryptionConfiguration') as encryption_configuration, + json_extract_path_text(detail.Properties, 'IamIdentityProviderArn') as iam_identity_provider_arn, + json_extract_path_text(detail.Properties, 'IdentityCenterApplicationArn') as identity_center_application_arn, + json_extract_path_text(detail.Properties, 'IdentityCenterInstanceArn') as identity_center_instance_arn, + json_extract_path_text(detail.Properties, 'IdentityType') as identity_type, + json_extract_path_text(detail.Properties, 'PersonalizationConfiguration') as personalization_configuration, + json_extract_path_text(detail.Properties, 'QAppsConfiguration') as q_apps_configuration, + json_extract_path_text(detail.Properties, 'QuickSightConfiguration') as quick_sight_configuration, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::QBusiness::Application' + AND detail.data__TypeName = 'AWS::QBusiness::Application' + AND listing.region = 'us-east-1' + applications_list_only: + name: applications_list_only + id: aws.qbusiness.applications_list_only + x-cfn-schema-name: Application + x-cfn-type-name: AWS::QBusiness::Application + x-identifiers: + - ApplicationId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QBusiness::Application' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationId') as application_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QBusiness::Application' + AND region = 'us-east-1' + application_tags: + name: application_tags + id: aws.qbusiness.application_tags + x-cfn-schema-name: Application + x-cfn-type-name: AWS::QBusiness::Application + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(detail.Properties, '$.AttachmentsConfiguration') as attachments_configuration, + JSON_EXTRACT(detail.Properties, '$.AutoSubscriptionConfiguration') as auto_subscription_configuration, + JSON_EXTRACT(detail.Properties, '$.ClientIdsForOIDC') as client_ids_for_oid_c, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(detail.Properties, '$.EncryptionConfiguration') as encryption_configuration, + JSON_EXTRACT(detail.Properties, '$.IamIdentityProviderArn') as iam_identity_provider_arn, + JSON_EXTRACT(detail.Properties, '$.IdentityCenterApplicationArn') as identity_center_application_arn, + JSON_EXTRACT(detail.Properties, '$.IdentityCenterInstanceArn') as identity_center_instance_arn, + JSON_EXTRACT(detail.Properties, '$.IdentityType') as identity_type, + JSON_EXTRACT(detail.Properties, '$.PersonalizationConfiguration') as personalization_configuration, + JSON_EXTRACT(detail.Properties, '$.QAppsConfiguration') as q_apps_configuration, + JSON_EXTRACT(detail.Properties, '$.QuickSightConfiguration') as quick_sight_configuration, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::QBusiness::Application' + AND detail.data__TypeName = 'AWS::QBusiness::Application' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, + json_extract_path_text(detail.Properties, 'AttachmentsConfiguration') as attachments_configuration, + json_extract_path_text(detail.Properties, 'AutoSubscriptionConfiguration') as auto_subscription_configuration, + json_extract_path_text(detail.Properties, 'ClientIdsForOIDC') as client_ids_for_oid_c, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, + json_extract_path_text(detail.Properties, 'EncryptionConfiguration') as encryption_configuration, + json_extract_path_text(detail.Properties, 'IamIdentityProviderArn') as iam_identity_provider_arn, + json_extract_path_text(detail.Properties, 'IdentityCenterApplicationArn') as identity_center_application_arn, + json_extract_path_text(detail.Properties, 'IdentityCenterInstanceArn') as identity_center_instance_arn, + json_extract_path_text(detail.Properties, 'IdentityType') as identity_type, + json_extract_path_text(detail.Properties, 'PersonalizationConfiguration') as personalization_configuration, + json_extract_path_text(detail.Properties, 'QAppsConfiguration') as q_apps_configuration, + json_extract_path_text(detail.Properties, 'QuickSightConfiguration') as quick_sight_configuration, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::QBusiness::Application' + AND detail.data__TypeName = 'AWS::QBusiness::Application' + AND listing.region = 'us-east-1' + data_accessors: + name: data_accessors + id: aws.qbusiness.data_accessors + x-cfn-schema-name: DataAccessor + x-cfn-type-name: AWS::QBusiness::DataAccessor + x-identifiers: + - ApplicationId + - DataAccessorId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DataAccessor&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::QBusiness::DataAccessor" } response: mediaType: application/json @@ -1963,7 +2865,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::QBusiness::Application" + "TypeName": "AWS::QBusiness::DataAccessor" } response: mediaType: application/json @@ -1975,18 +2877,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::QBusiness::Application" + "TypeName": "AWS::QBusiness::DataAccessor" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/applications/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/data_accessors/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/applications/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/data_accessors/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/applications/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/data_accessors/methods/update_resource' config: views: select: @@ -1995,46 +2897,40 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(Properties, '$.ActionConfigurations') as action_configurations, JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, - JSON_EXTRACT(Properties, '$.AttachmentsConfiguration') as attachments_configuration, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DataAccessorArn') as data_accessor_arn, + JSON_EXTRACT(Properties, '$.DataAccessorId') as data_accessor_id, JSON_EXTRACT(Properties, '$.DisplayName') as display_name, - JSON_EXTRACT(Properties, '$.EncryptionConfiguration') as encryption_configuration, - JSON_EXTRACT(Properties, '$.IdentityCenterApplicationArn') as identity_center_application_arn, - JSON_EXTRACT(Properties, '$.IdentityCenterInstanceArn') as identity_center_instance_arn, - JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.IdcApplicationArn') as idc_application_arn, + JSON_EXTRACT(Properties, '$.Principal') as principal, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QBusiness::Application' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QBusiness::DataAccessor' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(detail.Properties, '$.ActionConfigurations') as action_configurations, JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, - JSON_EXTRACT(detail.Properties, '$.AttachmentsConfiguration') as attachments_configuration, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DataAccessorArn') as data_accessor_arn, + JSON_EXTRACT(detail.Properties, '$.DataAccessorId') as data_accessor_id, JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, - JSON_EXTRACT(detail.Properties, '$.EncryptionConfiguration') as encryption_configuration, - JSON_EXTRACT(detail.Properties, '$.IdentityCenterApplicationArn') as identity_center_application_arn, - JSON_EXTRACT(detail.Properties, '$.IdentityCenterInstanceArn') as identity_center_instance_arn, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.IdcApplicationArn') as idc_application_arn, + JSON_EXTRACT(detail.Properties, '$.Principal') as principal, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::QBusiness::Application' - AND detail.data__TypeName = 'AWS::QBusiness::Application' + WHERE listing.data__TypeName = 'AWS::QBusiness::DataAccessor' + AND detail.data__TypeName = 'AWS::QBusiness::DataAccessor' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -2042,54 +2938,49 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(Properties, 'ActionConfigurations') as action_configurations, json_extract_path_text(Properties, 'ApplicationId') as application_id, - json_extract_path_text(Properties, 'AttachmentsConfiguration') as attachments_configuration, json_extract_path_text(Properties, 'CreatedAt') as created_at, - json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DataAccessorArn') as data_accessor_arn, + json_extract_path_text(Properties, 'DataAccessorId') as data_accessor_id, json_extract_path_text(Properties, 'DisplayName') as display_name, - json_extract_path_text(Properties, 'EncryptionConfiguration') as encryption_configuration, - json_extract_path_text(Properties, 'IdentityCenterApplicationArn') as identity_center_application_arn, - json_extract_path_text(Properties, 'IdentityCenterInstanceArn') as identity_center_instance_arn, - json_extract_path_text(Properties, 'RoleArn') as role_arn, - json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'IdcApplicationArn') as idc_application_arn, + json_extract_path_text(Properties, 'Principal') as principal, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'UpdatedAt') as updated_at - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QBusiness::Application' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QBusiness::DataAccessor' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(detail.Properties, 'ActionConfigurations') as action_configurations, json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, - json_extract_path_text(detail.Properties, 'AttachmentsConfiguration') as attachments_configuration, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DataAccessorArn') as data_accessor_arn, + json_extract_path_text(detail.Properties, 'DataAccessorId') as data_accessor_id, json_extract_path_text(detail.Properties, 'DisplayName') as display_name, - json_extract_path_text(detail.Properties, 'EncryptionConfiguration') as encryption_configuration, - json_extract_path_text(detail.Properties, 'IdentityCenterApplicationArn') as identity_center_application_arn, - json_extract_path_text(detail.Properties, 'IdentityCenterInstanceArn') as identity_center_instance_arn, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, - json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'IdcApplicationArn') as idc_application_arn, + json_extract_path_text(detail.Properties, 'Principal') as principal, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::QBusiness::Application' - AND detail.data__TypeName = 'AWS::QBusiness::Application' + WHERE listing.data__TypeName = 'AWS::QBusiness::DataAccessor' + AND detail.data__TypeName = 'AWS::QBusiness::DataAccessor' AND listing.region = 'us-east-1' - applications_list_only: - name: applications_list_only - id: aws.qbusiness.applications_list_only - x-cfn-schema-name: Application - x-cfn-type-name: AWS::QBusiness::Application + data_accessors_list_only: + name: data_accessors_list_only + id: aws.qbusiness.data_accessors_list_only + x-cfn-schema-name: DataAccessor + x-cfn-type-name: AWS::QBusiness::DataAccessor x-identifiers: - ApplicationId + - DataAccessorId x-type: cloud_control_view methods: {} sqlVerbs: @@ -2103,22 +2994,24 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.ApplicationId') as application_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QBusiness::Application' + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.DataAccessorId') as data_accessor_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QBusiness::DataAccessor' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'ApplicationId') as application_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QBusiness::Application' + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'DataAccessorId') as data_accessor_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QBusiness::DataAccessor' AND region = 'us-east-1' - application_tags: - name: application_tags - id: aws.qbusiness.application_tags - x-cfn-schema-name: Application - x-cfn-type-name: AWS::QBusiness::Application + data_accessor_tags: + name: data_accessor_tags + id: aws.qbusiness.data_accessor_tags + x-cfn-schema-name: DataAccessor + x-cfn-type-name: AWS::QBusiness::DataAccessor x-type: cloud_control_view methods: {} sqlVerbs: @@ -2134,25 +3027,22 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.ApplicationArn') as application_arn, + JSON_EXTRACT(detail.Properties, '$.ActionConfigurations') as action_configurations, JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, - JSON_EXTRACT(detail.Properties, '$.AttachmentsConfiguration') as attachments_configuration, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DataAccessorArn') as data_accessor_arn, + JSON_EXTRACT(detail.Properties, '$.DataAccessorId') as data_accessor_id, JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, - JSON_EXTRACT(detail.Properties, '$.EncryptionConfiguration') as encryption_configuration, - JSON_EXTRACT(detail.Properties, '$.IdentityCenterApplicationArn') as identity_center_application_arn, - JSON_EXTRACT(detail.Properties, '$.IdentityCenterInstanceArn') as identity_center_instance_arn, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.IdcApplicationArn') as idc_application_arn, + JSON_EXTRACT(detail.Properties, '$.Principal') as principal, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::QBusiness::Application' - AND detail.data__TypeName = 'AWS::QBusiness::Application' + WHERE listing.data__TypeName = 'AWS::QBusiness::DataAccessor' + AND detail.data__TypeName = 'AWS::QBusiness::DataAccessor' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -2161,25 +3051,22 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'ApplicationArn') as application_arn, + json_extract_path_text(detail.Properties, 'ActionConfigurations') as action_configurations, json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, - json_extract_path_text(detail.Properties, 'AttachmentsConfiguration') as attachments_configuration, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DataAccessorArn') as data_accessor_arn, + json_extract_path_text(detail.Properties, 'DataAccessorId') as data_accessor_id, json_extract_path_text(detail.Properties, 'DisplayName') as display_name, - json_extract_path_text(detail.Properties, 'EncryptionConfiguration') as encryption_configuration, - json_extract_path_text(detail.Properties, 'IdentityCenterApplicationArn') as identity_center_application_arn, - json_extract_path_text(detail.Properties, 'IdentityCenterInstanceArn') as identity_center_instance_arn, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, - json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'IdcApplicationArn') as idc_application_arn, + json_extract_path_text(detail.Properties, 'Principal') as principal, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::QBusiness::Application' - AND detail.data__TypeName = 'AWS::QBusiness::Application' + WHERE listing.data__TypeName = 'AWS::QBusiness::DataAccessor' + AND detail.data__TypeName = 'AWS::QBusiness::DataAccessor' AND listing.region = 'us-east-1' data_sources: name: data_sources @@ -2254,6 +3141,7 @@ components: JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.DisplayName') as display_name, JSON_EXTRACT(Properties, '$.DocumentEnrichmentConfiguration') as document_enrichment_configuration, + JSON_EXTRACT(Properties, '$.MediaExtractionConfiguration') as media_extraction_configuration, JSON_EXTRACT(Properties, '$.IndexId') as index_id, JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(Properties, '$.Status') as status, @@ -2278,6 +3166,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, JSON_EXTRACT(detail.Properties, '$.DocumentEnrichmentConfiguration') as document_enrichment_configuration, + JSON_EXTRACT(detail.Properties, '$.MediaExtractionConfiguration') as media_extraction_configuration, JSON_EXTRACT(detail.Properties, '$.IndexId') as index_id, JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(detail.Properties, '$.Status') as status, @@ -2307,6 +3196,7 @@ components: json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'DisplayName') as display_name, json_extract_path_text(Properties, 'DocumentEnrichmentConfiguration') as document_enrichment_configuration, + json_extract_path_text(Properties, 'MediaExtractionConfiguration') as media_extraction_configuration, json_extract_path_text(Properties, 'IndexId') as index_id, json_extract_path_text(Properties, 'RoleArn') as role_arn, json_extract_path_text(Properties, 'Status') as status, @@ -2331,6 +3221,7 @@ components: json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'DisplayName') as display_name, json_extract_path_text(detail.Properties, 'DocumentEnrichmentConfiguration') as document_enrichment_configuration, + json_extract_path_text(detail.Properties, 'MediaExtractionConfiguration') as media_extraction_configuration, json_extract_path_text(detail.Properties, 'IndexId') as index_id, json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, json_extract_path_text(detail.Properties, 'Status') as status, @@ -2411,6 +3302,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, JSON_EXTRACT(detail.Properties, '$.DocumentEnrichmentConfiguration') as document_enrichment_configuration, + JSON_EXTRACT(detail.Properties, '$.MediaExtractionConfiguration') as media_extraction_configuration, JSON_EXTRACT(detail.Properties, '$.IndexId') as index_id, JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(detail.Properties, '$.Status') as status, @@ -2441,6 +3333,7 @@ components: json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'DisplayName') as display_name, json_extract_path_text(detail.Properties, 'DocumentEnrichmentConfiguration') as document_enrichment_configuration, + json_extract_path_text(detail.Properties, 'MediaExtractionConfiguration') as media_extraction_configuration, json_extract_path_text(detail.Properties, 'IndexId') as index_id, json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, json_extract_path_text(detail.Properties, 'Status') as status, @@ -2709,6 +3602,143 @@ components: WHERE listing.data__TypeName = 'AWS::QBusiness::Index' AND detail.data__TypeName = 'AWS::QBusiness::Index' AND listing.region = 'us-east-1' + permissions: + name: permissions + id: aws.qbusiness.permissions + x-cfn-schema-name: Permission + x-cfn-type-name: AWS::QBusiness::Permission + x-identifiers: + - ApplicationId + - StatementId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Permission&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::QBusiness::Permission" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::QBusiness::Permission" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/permissions/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/permissions/methods/delete_resource' + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.StatementId') as statement_id, + JSON_EXTRACT(Properties, '$.Actions') as actions, + JSON_EXTRACT(Properties, '$.Principal') as principal + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QBusiness::Permission' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(detail.Properties, '$.StatementId') as statement_id, + JSON_EXTRACT(detail.Properties, '$.Actions') as actions, + JSON_EXTRACT(detail.Properties, '$.Principal') as principal + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::QBusiness::Permission' + AND detail.data__TypeName = 'AWS::QBusiness::Permission' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'StatementId') as statement_id, + json_extract_path_text(Properties, 'Actions') as actions, + json_extract_path_text(Properties, 'Principal') as principal + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QBusiness::Permission' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, + json_extract_path_text(detail.Properties, 'StatementId') as statement_id, + json_extract_path_text(detail.Properties, 'Actions') as actions, + json_extract_path_text(detail.Properties, 'Principal') as principal + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::QBusiness::Permission' + AND detail.data__TypeName = 'AWS::QBusiness::Permission' + AND listing.region = 'us-east-1' + permissions_list_only: + name: permissions_list_only + id: aws.qbusiness.permissions_list_only + x-cfn-schema-name: Permission + x-cfn-type-name: AWS::QBusiness::Permission + x-identifiers: + - ApplicationId + - StatementId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, + JSON_EXTRACT(Properties, '$.StatementId') as statement_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QBusiness::Permission' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ApplicationId') as application_id, + json_extract_path_text(Properties, 'StatementId') as statement_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QBusiness::Permission' + AND region = 'us-east-1' plugins: name: plugins id: aws.qbusiness.plugins @@ -3270,6 +4300,7 @@ components: JSON_EXTRACT(Properties, '$.ApplicationId') as application_id, JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.DefaultEndpoint') as default_endpoint, + JSON_EXTRACT(Properties, '$.IdentityProviderConfiguration') as identity_provider_configuration, JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(Properties, '$.SamplePromptsControlMode') as sample_prompts_control_mode, JSON_EXTRACT(Properties, '$.Status') as status, @@ -3279,7 +4310,9 @@ components: JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, JSON_EXTRACT(Properties, '$.WebExperienceArn') as web_experience_arn, JSON_EXTRACT(Properties, '$.WebExperienceId') as web_experience_id, - JSON_EXTRACT(Properties, '$.WelcomeMessage') as welcome_message + JSON_EXTRACT(Properties, '$.WelcomeMessage') as welcome_message, + JSON_EXTRACT(Properties, '$.Origins') as origins, + JSON_EXTRACT(Properties, '$.CustomizationConfiguration') as customization_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QBusiness::WebExperience' AND data__Identifier = '|' AND region = 'us-east-1' @@ -3291,6 +4324,7 @@ components: JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.DefaultEndpoint') as default_endpoint, + JSON_EXTRACT(detail.Properties, '$.IdentityProviderConfiguration') as identity_provider_configuration, JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(detail.Properties, '$.SamplePromptsControlMode') as sample_prompts_control_mode, JSON_EXTRACT(detail.Properties, '$.Status') as status, @@ -3300,7 +4334,9 @@ components: JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, JSON_EXTRACT(detail.Properties, '$.WebExperienceArn') as web_experience_arn, JSON_EXTRACT(detail.Properties, '$.WebExperienceId') as web_experience_id, - JSON_EXTRACT(detail.Properties, '$.WelcomeMessage') as welcome_message + JSON_EXTRACT(detail.Properties, '$.WelcomeMessage') as welcome_message, + JSON_EXTRACT(detail.Properties, '$.Origins') as origins, + JSON_EXTRACT(detail.Properties, '$.CustomizationConfiguration') as customization_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3317,6 +4353,7 @@ components: json_extract_path_text(Properties, 'ApplicationId') as application_id, json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'DefaultEndpoint') as default_endpoint, + json_extract_path_text(Properties, 'IdentityProviderConfiguration') as identity_provider_configuration, json_extract_path_text(Properties, 'RoleArn') as role_arn, json_extract_path_text(Properties, 'SamplePromptsControlMode') as sample_prompts_control_mode, json_extract_path_text(Properties, 'Status') as status, @@ -3326,7 +4363,9 @@ components: json_extract_path_text(Properties, 'UpdatedAt') as updated_at, json_extract_path_text(Properties, 'WebExperienceArn') as web_experience_arn, json_extract_path_text(Properties, 'WebExperienceId') as web_experience_id, - json_extract_path_text(Properties, 'WelcomeMessage') as welcome_message + json_extract_path_text(Properties, 'WelcomeMessage') as welcome_message, + json_extract_path_text(Properties, 'Origins') as origins, + json_extract_path_text(Properties, 'CustomizationConfiguration') as customization_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QBusiness::WebExperience' AND data__Identifier = '|' AND region = 'us-east-1' @@ -3338,6 +4377,7 @@ components: json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'DefaultEndpoint') as default_endpoint, + json_extract_path_text(detail.Properties, 'IdentityProviderConfiguration') as identity_provider_configuration, json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, json_extract_path_text(detail.Properties, 'SamplePromptsControlMode') as sample_prompts_control_mode, json_extract_path_text(detail.Properties, 'Status') as status, @@ -3347,7 +4387,9 @@ components: json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, json_extract_path_text(detail.Properties, 'WebExperienceArn') as web_experience_arn, json_extract_path_text(detail.Properties, 'WebExperienceId') as web_experience_id, - json_extract_path_text(detail.Properties, 'WelcomeMessage') as welcome_message + json_extract_path_text(detail.Properties, 'WelcomeMessage') as welcome_message, + json_extract_path_text(detail.Properties, 'Origins') as origins, + json_extract_path_text(detail.Properties, 'CustomizationConfiguration') as customization_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3412,6 +4454,7 @@ components: JSON_EXTRACT(detail.Properties, '$.ApplicationId') as application_id, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.DefaultEndpoint') as default_endpoint, + JSON_EXTRACT(detail.Properties, '$.IdentityProviderConfiguration') as identity_provider_configuration, JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, JSON_EXTRACT(detail.Properties, '$.SamplePromptsControlMode') as sample_prompts_control_mode, JSON_EXTRACT(detail.Properties, '$.Status') as status, @@ -3420,7 +4463,9 @@ components: JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, JSON_EXTRACT(detail.Properties, '$.WebExperienceArn') as web_experience_arn, JSON_EXTRACT(detail.Properties, '$.WebExperienceId') as web_experience_id, - JSON_EXTRACT(detail.Properties, '$.WelcomeMessage') as welcome_message + JSON_EXTRACT(detail.Properties, '$.WelcomeMessage') as welcome_message, + JSON_EXTRACT(detail.Properties, '$.Origins') as origins, + JSON_EXTRACT(detail.Properties, '$.CustomizationConfiguration') as customization_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3439,6 +4484,7 @@ components: json_extract_path_text(detail.Properties, 'ApplicationId') as application_id, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'DefaultEndpoint') as default_endpoint, + json_extract_path_text(detail.Properties, 'IdentityProviderConfiguration') as identity_provider_configuration, json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, json_extract_path_text(detail.Properties, 'SamplePromptsControlMode') as sample_prompts_control_mode, json_extract_path_text(detail.Properties, 'Status') as status, @@ -3447,7 +4493,9 @@ components: json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, json_extract_path_text(detail.Properties, 'WebExperienceArn') as web_experience_arn, json_extract_path_text(detail.Properties, 'WebExperienceId') as web_experience_id, - json_extract_path_text(detail.Properties, 'WelcomeMessage') as welcome_message + json_extract_path_text(detail.Properties, 'WelcomeMessage') as welcome_message, + json_extract_path_text(detail.Properties, 'Origins') as origins, + json_extract_path_text(detail.Properties, 'CustomizationConfiguration') as customization_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3641,6 +4689,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__DataAccessor&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDataAccessor + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDataAccessorRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__DataSource&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -3725,6 +4815,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Permission&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreatePermission + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreatePermissionRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Plugin&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/quicksight.yaml b/providers/src/aws/v00.00.00000/services/quicksight.yaml index 25d1e3f9..86350cee 100644 --- a/providers/src/aws/v00.00.00000/services/quicksight.yaml +++ b/providers/src/aws/v00.00.00000/services/quicksight.yaml @@ -405,8 +405,7 @@ components: $ref: '#/components/schemas/TableTotalsPlacement' TotalCellStyle: $ref: '#/components/schemas/TableCellStyle' - TotalsVisibility: - $ref: '#/components/schemas/Visibility' + TotalsVisibility: {} MetricHeaderCellStyle: $ref: '#/components/schemas/TableCellStyle' Entity: @@ -470,8 +469,7 @@ components: properties: Symbol: $ref: '#/components/schemas/NumericSeparatorSymbol' - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} PredefinedHierarchy: additionalProperties: false type: object @@ -553,6 +551,11 @@ components: - UPDATE_SUCCESSFUL - UPDATE_FAILED - DELETED + CommitMode: + type: string + enum: + - AUTO + - MANUAL RadarChartFieldWells: additionalProperties: false type: object @@ -589,8 +592,7 @@ components: $ref: '#/components/schemas/LineInterpolation' LineStyle: $ref: '#/components/schemas/LineChartLineStyle' - LineVisibility: - $ref: '#/components/schemas/Visibility' + LineVisibility: {} LineWidth: description: String based length that is composed of value and unit in px type: string @@ -692,6 +694,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -730,8 +736,7 @@ components: additionalProperties: false type: object properties: - MissingDateVisibility: - $ref: '#/components/schemas/Visibility' + MissingDateVisibility: {} KPIActualValueConditionalFormatting: additionalProperties: false type: object @@ -771,6 +776,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -790,10 +799,8 @@ components: AxisOffset: description: String based length that is composed of value and unit in px type: string - AxisLineVisibility: - $ref: '#/components/schemas/Visibility' - GridLineVisibility: - $ref: '#/components/schemas/Visibility' + AxisLineVisibility: {} + GridLineVisibility: {} ScrollbarOptions: $ref: '#/components/schemas/ScrollBarOptions' DataPathLabelType: @@ -804,8 +811,7 @@ components: minLength: 1 type: string maxLength: 512 - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} FieldValue: minLength: 0 type: string @@ -896,6 +902,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -932,6 +942,8 @@ components: $ref: '#/components/schemas/DataLabelOptions' Tooltip: $ref: '#/components/schemas/TooltipOptions' + SingleAxisOptions: + $ref: '#/components/schemas/SingleAxisOptions' SmallMultiplesOptions: $ref: '#/components/schemas/SmallMultiplesOptions' PrimaryYAxisDisplayOptions: @@ -1006,6 +1018,31 @@ components: type: array items: $ref: '#/components/schemas/MeasureField' + LayerMapVisual: + additionalProperties: false + type: object + properties: + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + VisualId: + minLength: 1 + pattern: ^[\w\-]+$ + type: string + maxLength: 512 + ChartConfiguration: {} + DataSetIdentifier: + minLength: 1 + type: string + maxLength: 2048 + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 + required: + - DataSetIdentifier + - VisualId RelativeDateType: type: string enum: @@ -1061,6 +1098,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -1107,6 +1148,8 @@ components: $ref: '#/components/schemas/SheetControlListType' DisplayOptions: $ref: '#/components/schemas/DropDownControlDisplayOptions' + CommitMode: + $ref: '#/components/schemas/CommitMode' SelectableValues: $ref: '#/components/schemas/FilterSelectableValues' GaugeChartFieldWells: @@ -1254,11 +1297,41 @@ components: $ref: '#/components/schemas/ConditionalFormattingColor' Icon: $ref: '#/components/schemas/ConditionalFormattingIcon' + PluginVisual: + additionalProperties: false + type: object + properties: + Subtitle: + $ref: '#/components/schemas/VisualSubtitleLabelOptions' + PluginArn: + type: string + VisualId: + minLength: 1 + pattern: ^[\w\-]+$ + type: string + maxLength: 512 + ChartConfiguration: + $ref: '#/components/schemas/PluginVisualConfiguration' + Title: + $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 + required: + - PluginArn + - VisualId BoxPlotFillStyle: type: string enum: - SOLID - TRANSPARENT + ImageInteractionOptions: + additionalProperties: false + type: object + properties: + ImageMenuOption: + $ref: '#/components/schemas/ImageMenuOption' DataLabelType: additionalProperties: false type: object @@ -1282,8 +1355,13 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} + TooltipTarget: + type: string + enum: + - BOTH + - BAR + - LINE DataLabelPosition: type: string enum: @@ -1358,6 +1436,12 @@ components: Color: pattern: ^#[A-F0-9]{6}$ type: string + SheetImageSource: + additionalProperties: false + type: object + properties: + SheetImageStaticFileSource: + $ref: '#/components/schemas/SheetImageStaticFileSource' FilterDateTimePickerControl: additionalProperties: false type: object @@ -1375,6 +1459,8 @@ components: minLength: 1 type: string maxLength: 2048 + CommitMode: + $ref: '#/components/schemas/CommitMode' SourceFilterId: minLength: 1 pattern: ^[\w\-]+$ @@ -1391,6 +1477,30 @@ components: - RIGHT - BOTTOM - TOP + PluginVisualFieldWell: + additionalProperties: false + type: object + properties: + Unaggregated: + minItems: 0 + maxItems: 200 + type: array + items: + $ref: '#/components/schemas/UnaggregatedField' + AxisName: + $ref: '#/components/schemas/PluginVisualAxisName' + Measures: + minItems: 0 + maxItems: 200 + type: array + items: + $ref: '#/components/schemas/MeasureField' + Dimensions: + minItems: 0 + maxItems: 200 + type: array + items: + $ref: '#/components/schemas/DimensionField' KPIVisualLayoutOptions: additionalProperties: false type: object @@ -1419,8 +1529,7 @@ components: minLength: 1 type: string maxLength: 1024 - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} WordCloudOptions: additionalProperties: false type: object @@ -1463,6 +1572,8 @@ components: minLength: 1 type: string maxLength: 2048 + CommitMode: + $ref: '#/components/schemas/CommitMode' SelectableValues: $ref: '#/components/schemas/ParameterSelectableValues' required: @@ -1483,8 +1594,7 @@ components: minLength: 1 type: string maxLength: 512 - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} Width: description: String based length that is composed of value and unit in px type: string @@ -1533,10 +1643,37 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} FormatText: $ref: '#/components/schemas/LongFormatText' + GeospatialLayerItem: + additionalProperties: false + type: object + properties: + LayerId: + type: string + JoinDefinition: + $ref: '#/components/schemas/GeospatialLayerJoinDefinition' + Actions: + minItems: 0 + maxItems: 10 + type: array + items: + $ref: '#/components/schemas/LayerCustomAction' + LayerType: + $ref: '#/components/schemas/GeospatialLayerType' + LayerDefinition: + $ref: '#/components/schemas/GeospatialLayerDefinition' + Tooltip: + $ref: '#/components/schemas/TooltipOptions' + Label: + type: string + Visibility: + $ref: '#/components/schemas/Visibility' + DataSource: + $ref: '#/components/schemas/GeospatialDataSourceItem' + required: + - LayerId DataPathType: additionalProperties: false type: object @@ -1594,6 +1731,12 @@ components: $ref: '#/components/schemas/ConditionalFormattingColor' required: - BackgroundColor + GeospatialLayerType: + type: string + enum: + - POINT + - LINE + - POLYGON GaugeChartArcConditionalFormatting: additionalProperties: false type: object @@ -1835,6 +1978,8 @@ components: $ref: '#/components/schemas/ChartAxisLabelOptions' Tooltip: $ref: '#/components/schemas/TooltipOptions' + SingleAxisOptions: + $ref: '#/components/schemas/SingleAxisOptions' PrimaryYAxisDisplayOptions: $ref: '#/components/schemas/AxisDisplayOptions' VisualPalette: @@ -1936,20 +2081,16 @@ components: type: array items: $ref: '#/components/schemas/DataLabelType' - MeasureLabelVisibility: - $ref: '#/components/schemas/Visibility' + MeasureLabelVisibility: {} Position: $ref: '#/components/schemas/DataLabelPosition' LabelContent: $ref: '#/components/schemas/DataLabelContent' - Visibility: - $ref: '#/components/schemas/Visibility' - TotalsVisibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} + TotalsVisibility: {} Overlap: $ref: '#/components/schemas/DataLabelOverlap' - CategoryLabelVisibility: - $ref: '#/components/schemas/Visibility' + CategoryLabelVisibility: {} LabelColor: pattern: ^#[A-F0-9]{6}$ type: string @@ -1983,6 +2124,12 @@ components: properties: Relative: $ref: '#/components/schemas/RelativeFontSize' + InnerFilter: + additionalProperties: false + type: object + properties: + CategoryInnerFilter: + $ref: '#/components/schemas/CategoryInnerFilter' PivotTableFieldCollapseStateTarget: additionalProperties: false type: object @@ -2023,6 +2170,13 @@ components: enum: - ENABLED - DISABLED + SheetImageTooltipConfiguration: + additionalProperties: false + type: object + properties: + Visibility: {} + TooltipText: + $ref: '#/components/schemas/SheetImageTooltipText' SheetControlSliderType: type: string enum: @@ -2103,10 +2257,8 @@ components: additionalProperties: false type: object properties: - OverflowColumnHeaderVisibility: - $ref: '#/components/schemas/Visibility' - VerticalOverflowVisibility: - $ref: '#/components/schemas/Visibility' + OverflowColumnHeaderVisibility: {} + VerticalOverflowVisibility: {} EmptyVisual: additionalProperties: false type: object @@ -2138,10 +2290,8 @@ components: Color: pattern: ^#[A-F0-9]{6}$ type: string - TooltipVisibility: - $ref: '#/components/schemas/Visibility' - Visibility: - $ref: '#/components/schemas/Visibility' + TooltipVisibility: {} + Visibility: {} required: - Type CustomFilterConfiguration: @@ -2234,8 +2384,7 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} AxisDisplayDataDrivenRange: additionalProperties: false type: object @@ -2339,8 +2488,7 @@ components: properties: VisibleRange: $ref: '#/components/schemas/VisibleRangeOptions' - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} ConditionalFormattingCustomIconOptions: additionalProperties: false type: object @@ -2393,6 +2541,18 @@ components: $ref: '#/components/schemas/VisualPalette' XAxisDisplayOptions: $ref: '#/components/schemas/AxisDisplayOptions' + GeospatialCircleSymbolStyle: + additionalProperties: false + type: object + properties: + FillColor: + $ref: '#/components/schemas/GeospatialColor' + StrokeWidth: + $ref: '#/components/schemas/GeospatialLineWidth' + StrokeColor: + $ref: '#/components/schemas/GeospatialColor' + CircleRadius: + $ref: '#/components/schemas/GeospatialCircleRadius' CustomContentType: type: string enum: @@ -2499,6 +2659,8 @@ components: minLength: 1 type: string maxLength: 2048 + CommitMode: + $ref: '#/components/schemas/CommitMode' SourceFilterId: minLength: 1 pattern: ^[\w\-]+$ @@ -2599,6 +2761,18 @@ components: $ref: '#/components/schemas/FontConfiguration' VerticalPosition: $ref: '#/components/schemas/ReferenceLineLabelVerticalPosition' + GeospatialCategoricalDataColor: + additionalProperties: false + type: object + properties: + DataValue: + type: string + Color: + pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ + type: string + required: + - Color + - DataValue HistogramVisual: additionalProperties: false type: object @@ -2620,6 +2794,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 required: - VisualId DateTimeValueWhenUnsetConfiguration: @@ -2654,8 +2832,19 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 required: - VisualId + PluginVisualItemsLimitConfiguration: + additionalProperties: false + type: object + properties: + ItemsLimit: + default: null + type: number GridLayoutElement: additionalProperties: false type: object @@ -2699,8 +2888,7 @@ components: Height: description: String based length that is composed of value and unit in px type: string - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} RenderingRules: minItems: 0 maxItems: 10000 @@ -2932,6 +3120,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -2968,8 +3160,14 @@ components: Color: pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ type: string - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} + SheetImageScalingType: + type: string + enum: + - SCALE_TO_WIDTH + - SCALE_TO_HEIGHT + - SCALE_TO_CONTAINER + - SCALE_NONE BoxPlotFieldWells: additionalProperties: false type: object @@ -2993,8 +3191,7 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} ValidationStrategy: description:

The option to relax the validation that is required to create and update analyses, dashboards, and templates with definition objects. When you set this value to LENIENT, validation is skipped for specific errors.

additionalProperties: false @@ -3030,12 +3227,19 @@ components: properties: HeatmapColor: $ref: '#/components/schemas/GeospatialHeatmapColorScale' + StaticFile: + additionalProperties: false + type: object + properties: + ImageStaticFile: + $ref: '#/components/schemas/ImageStaticFile' + SpatialStaticFile: + $ref: '#/components/schemas/SpatialStaticFile' PanelTitleOptions: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} FontConfiguration: $ref: '#/components/schemas/FontConfiguration' HorizontalTextAlignment: @@ -3109,6 +3313,12 @@ components: type: array items: type: string + SheetImageScalingConfiguration: + additionalProperties: false + type: object + properties: + ScalingType: + $ref: '#/components/schemas/SheetImageScalingType' FreeFormLayoutElementBorderStyle: additionalProperties: false type: object @@ -3116,8 +3326,7 @@ components: Color: pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ type: string - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} CategoryFilter: additionalProperties: false type: object @@ -3173,6 +3382,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -3293,6 +3506,19 @@ components: $ref: '#/components/schemas/FreeFormLayoutConfiguration' SectionBasedLayout: $ref: '#/components/schemas/SectionBasedLayoutConfiguration' + ImageStaticFile: + additionalProperties: false + type: object + properties: + StaticFileId: + minLength: 1 + pattern: ^[\w\-]+$ + type: string + maxLength: 512 + Source: + $ref: '#/components/schemas/StaticFileSource' + required: + - StaticFileId PivotFieldSortOptions: additionalProperties: false type: object @@ -3306,6 +3532,12 @@ components: required: - FieldId - SortBy + GeospatialLineStyle: + additionalProperties: false + type: object + properties: + LineSymbolStyle: + $ref: '#/components/schemas/GeospatialLineSymbolStyle' SimpleAttributeAggregationFunction: type: string enum: @@ -3356,6 +3588,18 @@ components: type: string enum: - ICON_ONLY + GeospatialPolygonStyle: + additionalProperties: false + type: object + properties: + PolygonSymbolStyle: + $ref: '#/components/schemas/GeospatialPolygonSymbolStyle' + GeospatialDataSourceItem: + additionalProperties: false + type: object + properties: + StaticFileDataSource: + $ref: '#/components/schemas/GeospatialStaticFileSource' KPIProgressBarConditionalFormatting: additionalProperties: false type: object @@ -3475,6 +3719,20 @@ components: $ref: '#/components/schemas/ChartAxisLabelOptions' VisualPalette: $ref: '#/components/schemas/VisualPalette' + PluginVisualConfiguration: + additionalProperties: false + type: object + properties: + SortConfiguration: + $ref: '#/components/schemas/PluginVisualSortConfiguration' + VisualOptions: + $ref: '#/components/schemas/PluginVisualOptions' + FieldWells: + minItems: 0 + maxItems: 10 + type: array + items: + $ref: '#/components/schemas/PluginVisualFieldWell' FilterCrossSheetControl: additionalProperties: false type: object @@ -3528,6 +3786,11 @@ components: properties: LocalNavigationConfiguration: $ref: '#/components/schemas/LocalNavigationConfiguration' + GeospatialPointStyle: + additionalProperties: false + type: object + properties: + CircleSymbolStyle: {} HorizontalTextAlignment: type: string enum: @@ -3535,6 +3798,33 @@ components: - CENTER - RIGHT - AUTO + LayerCustomActionOperation: + additionalProperties: false + type: object + properties: + NavigationOperation: + $ref: '#/components/schemas/CustomActionNavigationOperation' + SetParametersOperation: + $ref: '#/components/schemas/CustomActionSetParametersOperation' + FilterOperation: + $ref: '#/components/schemas/CustomActionFilterOperation' + URLOperation: + $ref: '#/components/schemas/CustomActionURLOperation' + GeospatialLayerMapConfiguration: + additionalProperties: false + type: object + properties: + Legend: + $ref: '#/components/schemas/LegendOptions' + MapState: + $ref: '#/components/schemas/GeospatialMapState' + MapStyle: + $ref: '#/components/schemas/GeospatialMapStyle' + Interactions: {} + MapLayers: + type: array + items: + $ref: '#/components/schemas/GeospatialLayerItem' DecimalPlacesConfiguration: additionalProperties: false type: object @@ -3555,6 +3845,16 @@ components: $ref: '#/components/schemas/PaperSize' PaperOrientation: $ref: '#/components/schemas/PaperOrientation' + GeospatialLayerJoinDefinition: + additionalProperties: false + type: object + properties: + ColorField: + $ref: '#/components/schemas/GeospatialLayerColorField' + ShapeKeyField: + type: string + DatasetKeyField: + $ref: '#/components/schemas/UnaggregatedField' FilledMapConditionalFormatting: additionalProperties: false type: object @@ -3599,14 +3899,12 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} DonutCenterOptions: additionalProperties: false type: object properties: - LabelVisibility: - $ref: '#/components/schemas/Visibility' + LabelVisibility: {} BodySectionContent: additionalProperties: false type: object @@ -3621,18 +3919,38 @@ components: $ref: '#/components/schemas/ConditionalFormattingColor' BackgroundColor: $ref: '#/components/schemas/ConditionalFormattingColor' - PivotTableCellConditionalFormatting: + CategoryInnerFilter: additionalProperties: false type: object properties: - Scope: - $ref: '#/components/schemas/PivotTableConditionalFormattingScope' - Scopes: - minItems: 0 - maxItems: 3 - type: array - items: - $ref: '#/components/schemas/PivotTableConditionalFormattingScope' + Configuration: + $ref: '#/components/schemas/CategoryFilterConfiguration' + Column: + $ref: '#/components/schemas/ColumnIdentifier' + DefaultFilterControlConfiguration: + $ref: '#/components/schemas/DefaultFilterControlConfiguration' + required: + - Column + - Configuration + GeospatialLineWidth: + additionalProperties: false + type: object + properties: + LineWidth: + type: number + minimum: 0 + PivotTableCellConditionalFormatting: + additionalProperties: false + type: object + properties: + Scope: + $ref: '#/components/schemas/PivotTableConditionalFormattingScope' + Scopes: + minItems: 0 + maxItems: 3 + type: array + items: + $ref: '#/components/schemas/PivotTableConditionalFormattingScope' FieldId: minLength: 1 type: string @@ -3687,6 +4005,16 @@ components: type: array items: $ref: '#/components/schemas/DimensionField' + GeospatialLayerDefinition: + additionalProperties: false + type: object + properties: + PointLayer: + $ref: '#/components/schemas/GeospatialPointLayer' + PolygonLayer: + $ref: '#/components/schemas/GeospatialPolygonLayer' + LineLayer: + $ref: '#/components/schemas/GeospatialLineLayer' PieChartAggregatedFieldWells: additionalProperties: false type: object @@ -3709,6 +4037,14 @@ components: type: array items: $ref: '#/components/schemas/DimensionField' + GeospatialLineLayer: + additionalProperties: false + type: object + properties: + Style: + $ref: '#/components/schemas/GeospatialLineStyle' + required: + - Style LineChartVisual: additionalProperties: false type: object @@ -3730,6 +4066,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -3900,8 +4240,7 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} NumericFilterSelectAllOptions: type: string enum: @@ -3914,14 +4253,21 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} SheetControlLayoutConfiguration: additionalProperties: false type: object properties: GridLayout: $ref: '#/components/schemas/GridLayoutConfiguration' + YAxisOptions: + additionalProperties: false + type: object + properties: + YAxis: + $ref: '#/components/schemas/SingleYAxisOption' + required: + - YAxis ResourcePermission: type: object description:

Permission for the resource.

@@ -3973,8 +4319,7 @@ components: $ref: '#/components/schemas/TableCellStyle' TotalCellStyle: $ref: '#/components/schemas/TableCellStyle' - TotalsVisibility: - $ref: '#/components/schemas/Visibility' + TotalsVisibility: {} FieldLevel: $ref: '#/components/schemas/PivotTableSubtotalLevel' MetricHeaderCellStyle: @@ -3989,10 +4334,8 @@ components: additionalProperties: false type: object properties: - OverflowColumnHeaderVisibility: - $ref: '#/components/schemas/Visibility' - VerticalOverflowVisibility: - $ref: '#/components/schemas/Visibility' + OverflowColumnHeaderVisibility: {} + VerticalOverflowVisibility: {} TableOrientation: type: string enum: @@ -4099,6 +4442,14 @@ components: $ref: '#/components/schemas/TopBottomMoversComputation' UniqueValues: $ref: '#/components/schemas/UniqueValuesComputation' + GeospatialPolygonLayer: + additionalProperties: false + type: object + properties: + Style: + $ref: '#/components/schemas/GeospatialPolygonStyle' + required: + - Style RelativeFontSize: type: string enum: @@ -4117,6 +4468,14 @@ components: type: array items: $ref: '#/components/schemas/CascadingControlSource' + StaticFileSource: + additionalProperties: false + type: object + properties: + UrlOptions: + $ref: '#/components/schemas/StaticFileUrlSourceOptions' + S3Options: + $ref: '#/components/schemas/StaticFileS3SourceOptions' LineChartLineStyle: type: string enum: @@ -4149,6 +4508,10 @@ components: $ref: '#/components/schemas/SpecialValue' required: - Color + SingleYAxisOption: + type: string + enum: + - PRIMARY_Y_AXIS SpecialValue: type: string enum: @@ -4212,6 +4575,18 @@ components: - ParameterControlId - SourceParameterName - Title + PluginVisualTableQuerySort: + additionalProperties: false + type: object + properties: + ItemsLimitConfiguration: + $ref: '#/components/schemas/PluginVisualItemsLimitConfiguration' + RowSort: + minItems: 0 + maxItems: 100 + type: array + items: + $ref: '#/components/schemas/FieldSortOptions' ParameterDateTimePickerControl: additionalProperties: false type: object @@ -4236,6 +4611,11 @@ components: - ParameterControlId - SourceParameterName - Title + PluginVisualAxisName: + type: string + enum: + - GROUP_BY + - VALUE TreeMapSortConfiguration: additionalProperties: false type: object @@ -4281,6 +4661,11 @@ components: $ref: '#/components/schemas/FieldSortOptions' PaginationConfiguration: $ref: '#/components/schemas/PaginationConfiguration' + ImageMenuOption: + additionalProperties: false + type: object + properties: + AvailabilityStatus: {} CategoryDrillDownFilter: additionalProperties: false type: object @@ -4350,6 +4735,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -4399,6 +4788,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 required: - VisualId TopBottomComputationType: @@ -4515,14 +4908,11 @@ components: additionalProperties: false type: object properties: - MeasureLabelVisibility: - $ref: '#/components/schemas/Visibility' + MeasureLabelVisibility: {} Position: $ref: '#/components/schemas/DataLabelPosition' - Visibility: - $ref: '#/components/schemas/Visibility' - CategoryLabelVisibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} + CategoryLabelVisibility: {} LabelColor: pattern: ^#[A-F0-9]{6}$ type: string @@ -4539,8 +4929,7 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} HeaderFooterSectionConfiguration: additionalProperties: false type: object @@ -4640,6 +5029,12 @@ components: description:

The unique identifier associated with a sheet.

type: string maxLength: 512 + Images: + minItems: 0 + maxItems: 10 + type: array + items: + $ref: '#/components/schemas/SheetImage' Name: minLength: 1 description: |- @@ -4698,6 +5093,20 @@ components: type: array items: $ref: '#/components/schemas/DimensionField' + GeospatialNullDataSettings: + additionalProperties: false + type: object + properties: + SymbolStyle: + $ref: '#/components/schemas/GeospatialNullSymbolStyle' + required: + - SymbolStyle + SingleAxisOptions: + additionalProperties: false + type: object + properties: + YAxisOptions: + $ref: '#/components/schemas/YAxisOptions' DateMeasureField: additionalProperties: false type: object @@ -4741,6 +5150,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -4776,10 +5189,8 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' - SortIconVisibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} + SortIconVisibility: {} AxisLabelOptions: minItems: 0 maxItems: 100 @@ -4942,6 +5353,7 @@ components: - FILTER_CONTROL - PARAMETER_CONTROL - TEXT_BOX + - IMAGE WaterfallVisual: additionalProperties: false type: object @@ -4963,6 +5375,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -5006,8 +5422,7 @@ components: $ref: '#/components/schemas/TableCellStyle' RowHeaderStyle: $ref: '#/components/schemas/TableCellStyle' - CollapsedRowDimensionsVisibility: - $ref: '#/components/schemas/Visibility' + CollapsedRowDimensionsVisibility: {} RowsLayout: $ref: '#/components/schemas/PivotTableRowsLayout' MetricPlacement: @@ -5015,16 +5430,13 @@ components: DefaultCellWidth: description: String based length that is composed of value and unit in px type: string - ColumnNamesVisibility: - $ref: '#/components/schemas/Visibility' + ColumnNamesVisibility: {} RowsLabelOptions: $ref: '#/components/schemas/PivotTableRowsLabelOptions' - SingleMetricVisibility: - $ref: '#/components/schemas/Visibility' + SingleMetricVisibility: {} ColumnHeaderStyle: $ref: '#/components/schemas/TableCellStyle' - ToggleButtonsVisibility: - $ref: '#/components/schemas/Visibility' + ToggleButtonsVisibility: {} CellStyle: $ref: '#/components/schemas/TableCellStyle' RowAlternateColorOptions: @@ -5154,6 +5566,17 @@ components: enum: - DISCRETE - GRADIENT + SheetImageStaticFileSource: + additionalProperties: false + type: object + properties: + StaticFileId: + minLength: 1 + pattern: ^[\w\-]+$ + type: string + maxLength: 512 + required: + - StaticFileId TableFieldCustomIconContent: additionalProperties: false type: object @@ -5172,8 +5595,7 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} InfoIconText: minLength: 1 type: string @@ -5345,6 +5767,14 @@ components: - AUTO - INDEPENDENT - SHARED + GeospatialLineSymbolStyle: + additionalProperties: false + type: object + properties: + FillColor: + $ref: '#/components/schemas/GeospatialColor' + LineWidth: + $ref: '#/components/schemas/GeospatialLineWidth' ConditionalFormattingCustomIconCondition: additionalProperties: false type: object @@ -5423,6 +5853,10 @@ components: $ref: '#/components/schemas/InsightConfiguration' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 required: - DataSetIdentifier - VisualId @@ -5574,8 +6008,7 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} CategoryFilterConfiguration: additionalProperties: false type: object @@ -5586,6 +6019,17 @@ components: $ref: '#/components/schemas/CustomFilterConfiguration' FilterListConfiguration: $ref: '#/components/schemas/FilterListConfiguration' + GeospatialSolidColor: + description: Describes the properties for a solid color + additionalProperties: false + type: object + properties: + State: {} + Color: + pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ + type: string + required: + - Color NumericEqualityDrillDownFilter: additionalProperties: false type: object @@ -5633,6 +6077,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 required: - VisualId FilledMapConfiguration: @@ -5674,18 +6122,18 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} LegendOptions: additionalProperties: false type: object properties: Position: $ref: '#/components/schemas/LegendPosition' + ValueFontConfiguration: + $ref: '#/components/schemas/FontConfiguration' Title: $ref: '#/components/schemas/LabelOptions' - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} Height: description: String based length that is composed of value and unit in px type: string @@ -5725,6 +6173,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -5754,6 +6206,13 @@ components: required: - Color - Expression + GeospatialCircleRadius: + additionalProperties: false + type: object + properties: + Radius: + type: number + minimum: 0 TableFieldCustomTextContent: additionalProperties: false type: object @@ -5867,8 +6326,7 @@ components: properties: VerticalTextAlignment: $ref: '#/components/schemas/VerticalTextAlignment' - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} Height: maximum: 500 type: number @@ -5962,12 +6420,19 @@ components: $ref: '#/components/schemas/PivotTableFieldOptions' TotalOptions: $ref: '#/components/schemas/PivotTableTotalOptions' + GeospatialMapState: + additionalProperties: false + type: object + properties: + Bounds: + $ref: '#/components/schemas/GeospatialCoordinateBounds' + MapNavigation: + $ref: '#/components/schemas/GeospatialMapNavigation' LoadingAnimation: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} TotalOptions: additionalProperties: false type: object @@ -5986,8 +6451,7 @@ components: $ref: '#/components/schemas/TableTotalsPlacement' TotalCellStyle: $ref: '#/components/schemas/TableCellStyle' - TotalsVisibility: - $ref: '#/components/schemas/Visibility' + TotalsVisibility: {} ForecastScenario: additionalProperties: false type: object @@ -6017,6 +6481,8 @@ components: properties: DisplayOptions: $ref: '#/components/schemas/RelativeDateTimeControlDisplayOptions' + CommitMode: + $ref: '#/components/schemas/CommitMode' SectionPageBreakConfiguration: additionalProperties: false type: object @@ -6032,8 +6498,7 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} DonutOptions: additionalProperties: false type: object @@ -6080,6 +6545,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -6135,6 +6604,27 @@ components: $ref: '#/components/schemas/ExplicitHierarchy' PredefinedHierarchy: $ref: '#/components/schemas/PredefinedHierarchy' + NestedFilter: + additionalProperties: false + type: object + properties: + Column: + $ref: '#/components/schemas/ColumnIdentifier' + InnerFilter: + $ref: '#/components/schemas/InnerFilter' + IncludeInnerSet: + default: false + type: boolean + FilterId: + minLength: 1 + pattern: ^[\w\-]+$ + type: string + maxLength: 512 + required: + - Column + - FilterId + - IncludeInnerSet + - InnerFilter StringParameter: description:

A string parameter.

additionalProperties: false @@ -6206,6 +6696,22 @@ components: $ref: '#/components/schemas/GridLayoutElement' required: - Elements + PluginVisualOptions: + additionalProperties: false + type: object + properties: + VisualProperties: + type: array + items: + $ref: '#/components/schemas/PluginVisualProperty' + PluginVisualProperty: + additionalProperties: false + type: object + properties: + Value: + type: string + Name: + type: string HistogramBinOptions: additionalProperties: false type: object @@ -6302,6 +6808,12 @@ components: type: array items: $ref: '#/components/schemas/FilterControl' + Images: + minItems: 0 + maxItems: 10 + type: array + items: + $ref: '#/components/schemas/SheetImage' SheetControlLayouts: minItems: 0 maxItems: 1 @@ -6328,6 +6840,8 @@ components: additionalProperties: false type: object properties: + NestedFilter: + $ref: '#/components/schemas/NestedFilter' NumericEqualityFilter: $ref: '#/components/schemas/NumericEqualityFilter' NumericRangeFilter: @@ -6441,6 +6955,12 @@ components: - EndDate - StartDate - Value + PluginVisualSortConfiguration: + additionalProperties: false + type: object + properties: + PluginVisualTableQuerySort: + $ref: '#/components/schemas/PluginVisualTableQuerySort' CategoricalMeasureField: additionalProperties: false type: object @@ -6462,8 +6982,7 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} UniqueValuesComputation: additionalProperties: false type: object @@ -6498,8 +7017,7 @@ components: properties: CustomLabel: type: string - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} FontConfiguration: $ref: '#/components/schemas/FontConfiguration' UnaggregatedField: @@ -6565,14 +7083,15 @@ components: additionalProperties: false type: object properties: + TooltipTarget: + $ref: '#/components/schemas/TooltipTarget' FieldId: minLength: 1 type: string maxLength: 512 Label: type: string - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} required: - FieldId TableSideBorderOptions: @@ -6600,8 +7119,7 @@ components: MarkerSize: description: String based length that is composed of value and unit in px type: string - MarkerVisibility: - $ref: '#/components/schemas/Visibility' + MarkerVisibility: {} MarkerColor: pattern: ^#[A-F0-9]{6}$ type: string @@ -6628,6 +7146,8 @@ components: minLength: 1 type: string maxLength: 2048 + CommitMode: + $ref: '#/components/schemas/CommitMode' SourceFilterId: minLength: 1 pattern: ^[\w\-]+$ @@ -6760,6 +7280,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -6824,6 +7348,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 required: - VisualId ComboChartSortConfiguration: @@ -6846,6 +7374,36 @@ components: type: array items: $ref: '#/components/schemas/FieldSortOptions' + SheetImage: + additionalProperties: false + type: object + properties: + Actions: + minItems: 0 + maxItems: 10 + type: array + items: + $ref: '#/components/schemas/ImageCustomAction' + SheetImageId: + minLength: 1 + pattern: ^[\w\-]+$ + type: string + maxLength: 512 + Tooltip: + $ref: '#/components/schemas/SheetImageTooltipConfiguration' + Scaling: + $ref: '#/components/schemas/SheetImageScalingConfiguration' + Interactions: + $ref: '#/components/schemas/ImageInteractionOptions' + Source: + $ref: '#/components/schemas/SheetImageSource' + ImageContentAltText: + minLength: 1 + type: string + maxLength: 1024 + required: + - SheetImageId + - Source TextAreaControlDisplayOptions: additionalProperties: false type: object @@ -6900,29 +7458,57 @@ components: enum: - ALL_VISUALS - SELECTED_VISUALS - TopBottomMoversComputation: + ImageCustomAction: additionalProperties: false type: object properties: - Type: - $ref: '#/components/schemas/TopBottomComputationType' - Category: - $ref: '#/components/schemas/DimensionField' - Value: - $ref: '#/components/schemas/MeasureField' - SortOrder: - $ref: '#/components/schemas/TopBottomSortOrder' - Time: - $ref: '#/components/schemas/DimensionField' - MoverSize: - default: 0 - maximum: 20 - type: number - minimum: 1 - ComputationId: - minLength: 1 - pattern: ^[\w\-]+$ - type: string + Status: + $ref: '#/components/schemas/WidgetStatus' + Trigger: + $ref: '#/components/schemas/ImageCustomActionTrigger' + CustomActionId: + minLength: 1 + pattern: ^[\w\-]+$ + type: string + maxLength: 512 + Name: + minLength: 1 + type: string + maxLength: 256 + ActionOperations: + minItems: 1 + maxItems: 2 + type: array + items: + $ref: '#/components/schemas/ImageCustomActionOperation' + required: + - ActionOperations + - CustomActionId + - Name + - Trigger + TopBottomMoversComputation: + additionalProperties: false + type: object + properties: + Type: + $ref: '#/components/schemas/TopBottomComputationType' + Category: + $ref: '#/components/schemas/DimensionField' + Value: + $ref: '#/components/schemas/MeasureField' + SortOrder: + $ref: '#/components/schemas/TopBottomSortOrder' + Time: + $ref: '#/components/schemas/DimensionField' + MoverSize: + default: 0 + maximum: 20 + type: number + minimum: 1 + ComputationId: + minLength: 1 + pattern: ^[\w\-]+$ + type: string maxLength: 512 Name: type: string @@ -7009,8 +7595,20 @@ components: minLength: 1 type: string maxLength: 512 - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} + SpatialStaticFile: + additionalProperties: false + type: object + properties: + StaticFileId: + minLength: 1 + pattern: ^[\w\-]+$ + type: string + maxLength: 512 + Source: + $ref: '#/components/schemas/StaticFileSource' + required: + - StaticFileId AxisLogarithmicScale: additionalProperties: false type: object @@ -7018,6 +7616,22 @@ components: Base: default: null type: number + GeospatialLayerColorField: + additionalProperties: false + type: object + properties: + ColorValuesFields: + minItems: 0 + maxItems: 1 + type: array + items: + $ref: '#/components/schemas/MeasureField' + ColorDimensionsFields: + minItems: 0 + maxItems: 1 + type: array + items: + $ref: '#/components/schemas/DimensionField' KPISortConfiguration: additionalProperties: false type: object @@ -7099,10 +7713,37 @@ components: minLength: 1 type: string maxLength: 512 - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} required: - FieldId + LayerCustomAction: + additionalProperties: false + type: object + properties: + Status: + $ref: '#/components/schemas/WidgetStatus' + Trigger: + $ref: '#/components/schemas/LayerCustomActionTrigger' + CustomActionId: + minLength: 1 + pattern: ^[\w\-]+$ + type: string + maxLength: 512 + Name: + minLength: 1 + type: string + maxLength: 256 + ActionOperations: + minItems: 1 + maxItems: 2 + type: array + items: + $ref: '#/components/schemas/LayerCustomActionOperation' + required: + - ActionOperations + - CustomActionId + - Name + - Trigger SectionBasedLayoutConfiguration: additionalProperties: false type: object @@ -7146,12 +7787,28 @@ components: properties: ScreenCanvasSizeOptions: $ref: '#/components/schemas/FreeFormLayoutScreenCanvasSizeOptions' + GeospatialMapStyle: + additionalProperties: false + type: object + properties: + BaseMapStyle: + $ref: '#/components/schemas/BaseMapStyleType' + BaseMapVisibility: + $ref: '#/components/schemas/Visibility' + BackgroundColor: + pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ + type: string NumericSeparatorSymbol: type: string enum: - COMMA - DOT - SPACE + QueryExecutionMode: + type: string + enum: + - AUTO + - MANUAL TargetVisualOptions: type: string enum: @@ -7165,6 +7822,12 @@ components: CustomValue: default: null type: number + QueryExecutionOptions: + additionalProperties: false + type: object + properties: + QueryExecutionMode: + $ref: '#/components/schemas/QueryExecutionMode' ColumnSort: additionalProperties: false type: object @@ -7186,6 +7849,16 @@ components: $ref: '#/components/schemas/SheetControlDateTimePickerType' DisplayOptions: $ref: '#/components/schemas/DateTimePickerControlDisplayOptions' + CommitMode: + $ref: '#/components/schemas/CommitMode' + GeospatialPointLayer: + additionalProperties: false + type: object + properties: + Style: + $ref: '#/components/schemas/GeospatialPointStyle' + required: + - Style NumericalMeasureField: additionalProperties: false type: object @@ -7311,6 +7984,26 @@ components: type: string required: - ComputationId + GeospatialGradientColor: + additionalProperties: false + type: object + properties: + DefaultOpacity: + maximum: 1 + type: number + minimum: 0 + StepColors: + minItems: 2 + maxItems: 3 + type: array + items: + $ref: '#/components/schemas/GeospatialGradientStepColor' + NullDataVisibility: + $ref: '#/components/schemas/Visibility' + NullDataSettings: + $ref: '#/components/schemas/GeospatialNullDataSettings' + required: + - StepColors TableFieldLinkContentConfiguration: additionalProperties: false type: object @@ -7335,20 +8028,39 @@ components: properties: Role: $ref: '#/components/schemas/PivotTableConditionalFormattingScopeRole' + ImageCustomActionTrigger: + type: string + enum: + - CLICK + - MENU ColumnTooltipItem: additionalProperties: false type: object properties: Aggregation: $ref: '#/components/schemas/AggregationFunction' + TooltipTarget: + $ref: '#/components/schemas/TooltipTarget' Column: $ref: '#/components/schemas/ColumnIdentifier' Label: type: string - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} required: - Column + GeospatialGradientStepColor: + additionalProperties: false + type: object + properties: + DataValue: + default: 0 + type: number + Color: + pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ + type: string + required: + - Color + - DataValue PivotTableFieldOptions: additionalProperties: false type: object @@ -7532,14 +8244,29 @@ components: required: - Columns - HierarchyId + StaticFileUrlSourceOptions: + additionalProperties: false + type: object + properties: + Url: + type: string + required: + - Url + SheetImageTooltipText: + additionalProperties: false + type: object + properties: + PlainText: + minLength: 1 + type: string + maxLength: 1024 TooltipOptions: additionalProperties: false type: object properties: SelectedTooltipType: $ref: '#/components/schemas/SelectedTooltipType' - TooltipVisibility: - $ref: '#/components/schemas/Visibility' + TooltipVisibility: {} FieldBasedTooltip: $ref: '#/components/schemas/FieldBasedTooltip' FieldBasedTooltip: @@ -7552,8 +8279,7 @@ components: type: array items: $ref: '#/components/schemas/TooltipItem' - AggregationVisibility: - $ref: '#/components/schemas/Visibility' + AggregationVisibility: {} TooltipTitleType: $ref: '#/components/schemas/TooltipTitleType' FilledMapAggregatedFieldWells: @@ -7611,6 +8337,11 @@ components: - POINT - CLUSTER - HEATMAP + LayerCustomActionTrigger: + type: string + enum: + - DATA_POINT_CLICK + - DATA_POINT_MENU ComboChartVisual: additionalProperties: false type: object @@ -7632,6 +8363,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -7710,6 +8445,16 @@ components: type: array items: $ref: '#/components/schemas/FieldSortOptions' + ImageCustomActionOperation: + additionalProperties: false + type: object + properties: + NavigationOperation: + $ref: '#/components/schemas/CustomActionNavigationOperation' + SetParametersOperation: + $ref: '#/components/schemas/CustomActionSetParametersOperation' + URLOperation: + $ref: '#/components/schemas/CustomActionURLOperation' AllSheetsFilterScopeConfiguration: additionalProperties: false type: object @@ -7719,6 +8464,24 @@ components: properties: HistogramAggregatedFieldWells: $ref: '#/components/schemas/HistogramAggregatedFieldWells' + GeospatialCategoricalColor: + additionalProperties: false + type: object + properties: + CategoryDataColors: + type: array + items: + $ref: '#/components/schemas/GeospatialCategoricalDataColor' + DefaultOpacity: + maximum: 1 + type: number + minimum: 0 + NullDataVisibility: + $ref: '#/components/schemas/Visibility' + NullDataSettings: + $ref: '#/components/schemas/GeospatialNullDataSettings' + required: + - CategoryDataColors PieChartConfiguration: additionalProperties: false type: object @@ -7814,6 +8577,19 @@ components: $ref: '#/components/schemas/LabelOptions' InfoIconLabelOptions: $ref: '#/components/schemas/SheetControlInfoIconLabelOptions' + GeospatialPolygonSymbolStyle: + additionalProperties: false + type: object + properties: + FillColor: {} + StrokeWidth: {} + StrokeColor: {} + GeospatialColorState: + description: Defines view state of the color + type: string + enum: + - ENABLED + - DISABLED LineSeriesAxisDisplayOptions: additionalProperties: false type: object @@ -7847,6 +8623,10 @@ components: $ref: '#/components/schemas/VisualCustomAction' Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 ColumnHierarchies: minItems: 0 maxItems: 2 @@ -7938,8 +8718,7 @@ components: $ref: '#/components/schemas/RadarChartAxesRangeScale' VisualPalette: $ref: '#/components/schemas/VisualPalette' - AlternateBandColorsVisibility: - $ref: '#/components/schemas/Visibility' + AlternateBandColorsVisibility: {} StartAngle: maximum: 360 type: number @@ -7960,8 +8739,7 @@ components: additionalProperties: false type: object properties: - Visibility: - $ref: '#/components/schemas/Visibility' + Visibility: {} FormatText: $ref: '#/components/schemas/ShortFormatText' ParameterTextFieldControl: @@ -8012,6 +8790,16 @@ components: $ref: '#/components/schemas/NumericalAggregationFunction' CategoricalAggregationFunction: $ref: '#/components/schemas/CategoricalAggregationFunction' + GeospatialColor: + additionalProperties: false + type: object + properties: + Gradient: + $ref: '#/components/schemas/GeospatialGradientColor' + Categorical: + $ref: '#/components/schemas/GeospatialCategoricalColor' + Solid: + $ref: '#/components/schemas/GeospatialSolidColor' TableStyleTarget: additionalProperties: false type: object @@ -8058,6 +8846,17 @@ components: - SQUARE - DIAMOND - ROUNDED_SQUARE + GeospatialStaticFileSource: + additionalProperties: false + type: object + properties: + StaticFileId: + minLength: 1 + pattern: ^[\w\-]+$ + type: string + maxLength: 512 + required: + - StaticFileId ArcAxisDisplayRange: additionalProperties: false type: object @@ -8086,10 +8885,24 @@ components: properties: FunnelChartVisual: $ref: '#/components/schemas/FunnelChartVisual' - FilledMapVisual: - $ref: '#/components/schemas/FilledMapVisual' BoxPlotVisual: $ref: '#/components/schemas/BoxPlotVisual' + GeospatialMapVisual: + $ref: '#/components/schemas/GeospatialMapVisual' + ScatterPlotVisual: + $ref: '#/components/schemas/ScatterPlotVisual' + RadarChartVisual: + $ref: '#/components/schemas/RadarChartVisual' + ComboChartVisual: + $ref: '#/components/schemas/ComboChartVisual' + WordCloudVisual: + $ref: '#/components/schemas/WordCloudVisual' + SankeyDiagramVisual: + $ref: '#/components/schemas/SankeyDiagramVisual' + GaugeChartVisual: + $ref: '#/components/schemas/GaugeChartVisual' + FilledMapVisual: + $ref: '#/components/schemas/FilledMapVisual' WaterfallVisual: $ref: '#/components/schemas/WaterfallVisual' CustomContentVisual: @@ -8100,32 +8913,20 @@ components: $ref: '#/components/schemas/KPIVisual' HistogramVisual: $ref: '#/components/schemas/HistogramVisual' + PluginVisual: + $ref: '#/components/schemas/PluginVisual' TableVisual: $ref: '#/components/schemas/TableVisual' PivotTableVisual: $ref: '#/components/schemas/PivotTableVisual' - GeospatialMapVisual: - $ref: '#/components/schemas/GeospatialMapVisual' BarChartVisual: $ref: '#/components/schemas/BarChartVisual' - ScatterPlotVisual: - $ref: '#/components/schemas/ScatterPlotVisual' - RadarChartVisual: - $ref: '#/components/schemas/RadarChartVisual' HeatMapVisual: $ref: '#/components/schemas/HeatMapVisual' TreeMapVisual: $ref: '#/components/schemas/TreeMapVisual' - ComboChartVisual: - $ref: '#/components/schemas/ComboChartVisual' - WordCloudVisual: - $ref: '#/components/schemas/WordCloudVisual' InsightVisual: $ref: '#/components/schemas/InsightVisual' - SankeyDiagramVisual: - $ref: '#/components/schemas/SankeyDiagramVisual' - GaugeChartVisual: - $ref: '#/components/schemas/GaugeChartVisual' LineChartVisual: $ref: '#/components/schemas/LineChartVisual' EmptyVisual: @@ -8167,9 +8968,18 @@ components: maxLength: 2048 Title: $ref: '#/components/schemas/VisualTitleLabelOptions' + VisualContentAltText: + minLength: 1 + type: string + maxLength: 1024 required: - DataSetIdentifier - VisualId + GeospatialMapNavigation: + type: string + enum: + - ENABLED + - DISABLED PanelConfiguration: additionalProperties: false type: object @@ -8182,29 +8992,40 @@ components: GutterSpacing: description: String based length that is composed of value and unit in px type: string - BackgroundVisibility: - $ref: '#/components/schemas/Visibility' - BorderVisibility: - $ref: '#/components/schemas/Visibility' + BackgroundVisibility: {} + BorderVisibility: {} BorderColor: pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ type: string Title: $ref: '#/components/schemas/PanelTitleOptions' - GutterVisibility: - $ref: '#/components/schemas/Visibility' + GutterVisibility: {} BackgroundColor: pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ type: string - SmallMultiplesOptions: + StaticFileS3SourceOptions: additionalProperties: false type: object properties: - MaxVisibleRows: - maximum: 10 - type: number - minimum: 1 - PanelConfiguration: + BucketName: + type: string + ObjectKey: + type: string + Region: + type: string + required: + - BucketName + - ObjectKey + - Region + SmallMultiplesOptions: + additionalProperties: false + type: object + properties: + MaxVisibleRows: + maximum: 10 + type: number + minimum: 1 + PanelConfiguration: $ref: '#/components/schemas/PanelConfiguration' MaxVisibleColumns: maximum: 10 @@ -8226,6 +9047,14 @@ components: type: array items: $ref: '#/components/schemas/FilterGroup' + QueryExecutionOptions: + $ref: '#/components/schemas/QueryExecutionOptions' + StaticFiles: + minItems: 0 + maxItems: 200 + type: array + items: + $ref: '#/components/schemas/StaticFile' CalculatedFields: minItems: 0 maxItems: 500 @@ -8265,6 +9094,19 @@ components: enum: - PORTRAIT - LANDSCAPE + GeospatialNullSymbolStyle: + additionalProperties: false + type: object + properties: + FillColor: + pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ + type: string + StrokeWidth: + type: number + minimum: 0 + StrokeColor: + pattern: ^#[A-F0-9]{6}(?:[A-F0-9]{2})?$ + type: string NumericSeparatorConfiguration: additionalProperties: false type: object @@ -8322,10 +9164,8 @@ components: properties: StyleOptions: $ref: '#/components/schemas/BoxPlotStyleOptions' - OutlierVisibility: - $ref: '#/components/schemas/Visibility' - AllDataPointsVisibility: - $ref: '#/components/schemas/Visibility' + OutlierVisibility: {} + AllDataPointsVisibility: {} KPIPrimaryValueConditionalFormatting: additionalProperties: false type: object @@ -8393,6 +9233,12 @@ components: type: string ValidationStrategy: $ref: '#/components/schemas/ValidationStrategy' + FolderArns: + minItems: 0 + maxItems: 10 + type: array + items: + type: string Name: minLength: 1 description:

The descriptive name of the analysis.

@@ -8455,6 +9301,7 @@ components: - SourceEntity - Status - ValidationStrategy + - FolderArns x-read-only-properties: - Arn - CreatedTime @@ -8479,11 +9326,17 @@ components: - quicksight:TagResource - quicksight:UntagResource - quicksight:ListTagsForResource + - quicksight:CreateFolderMembership + - quicksight:DeleteFolderMembership + - quicksight:ListFoldersForResource update: - quicksight:DescribeAnalysis - quicksight:DescribeAnalysisPermissions - quicksight:UpdateAnalysis - quicksight:UpdateAnalysisPermissions + - quicksight:CreateFolderMembership + - quicksight:DeleteFolderMembership + - quicksight:ListFoldersForResource - quicksight:DescribeTemplate - quicksight:DescribeTheme - quicksight:PassDataSet @@ -8495,6 +9348,114 @@ components: delete: - quicksight:DescribeAnalysis - quicksight:DeleteAnalysis + Capabilities: + type: object + properties: + ExportToCsv: + $ref: '#/components/schemas/CapabilityState' + ExportToExcel: + $ref: '#/components/schemas/CapabilityState' + CreateAndUpdateThemes: + $ref: '#/components/schemas/CapabilityState' + AddOrRunAnomalyDetectionForAnalyses: + $ref: '#/components/schemas/CapabilityState' + ShareAnalyses: + $ref: '#/components/schemas/CapabilityState' + CreateAndUpdateDatasets: + $ref: '#/components/schemas/CapabilityState' + ShareDatasets: + $ref: '#/components/schemas/CapabilityState' + SubscribeDashboardEmailReports: + $ref: '#/components/schemas/CapabilityState' + CreateAndUpdateDashboardEmailReports: + $ref: '#/components/schemas/CapabilityState' + ShareDashboards: + $ref: '#/components/schemas/CapabilityState' + CreateAndUpdateThresholdAlerts: + $ref: '#/components/schemas/CapabilityState' + RenameSharedFolders: + $ref: '#/components/schemas/CapabilityState' + CreateSharedFolders: + $ref: '#/components/schemas/CapabilityState' + CreateAndUpdateDataSources: + $ref: '#/components/schemas/CapabilityState' + ShareDataSources: + $ref: '#/components/schemas/CapabilityState' + ViewAccountSPICECapacity: + $ref: '#/components/schemas/CapabilityState' + CreateSPICEDataset: + $ref: '#/components/schemas/CapabilityState' + additionalProperties: false + CapabilityState: + type: string + enum: + - DENY + CustomPermissions: + type: object + properties: + Arn: + type: string + AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + Capabilities: + $ref: '#/components/schemas/Capabilities' + CustomPermissionsName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9+=,.@_-]+$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 1 + required: + - AwsAccountId + - CustomPermissionsName + x-stackql-resource-name: custom_permissions + description: Definition of the AWS::QuickSight::CustomPermissions Resource Type. + x-type-name: AWS::QuickSight::CustomPermissions + x-stackql-primary-identifier: + - AwsAccountId + - CustomPermissionsName + x-create-only-properties: + - AwsAccountId + - CustomPermissionsName + x-read-only-properties: + - Arn + x-required-properties: + - AwsAccountId + - CustomPermissionsName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + x-required-permissions: + create: + - quicksight:CreateCustomPermissions + - quicksight:TagResource + read: + - quicksight:DescribeCustomPermissions + - quicksight:ListTagsForResource + update: + - quicksight:UpdateCustomPermissions + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + delete: + - quicksight:DeleteCustomPermissions + list: + - quicksight:ListCustomPermissions ExportToCSVOption: description:

Export to .csv option.

additionalProperties: false @@ -8557,8 +9518,7 @@ components: $ref: '#/components/schemas/AdHocFilteringOption' VisualPublishOptions: $ref: '#/components/schemas/DashboardVisualPublishOptions' - VisualMenuOption: - $ref: '#/components/schemas/VisualMenuOption' + VisualMenuOption: {} DataPointTooltipOption: $ref: '#/components/schemas/DataPointTooltipOption' VisualAxisSortOption: @@ -8682,6 +9642,12 @@ components: type: array items: $ref: '#/components/schemas/FilterGroup' + StaticFiles: + minItems: 0 + maxItems: 200 + type: array + items: + $ref: '#/components/schemas/StaticFile' CalculatedFields: minItems: 0 maxItems: 500 @@ -8801,6 +9767,12 @@ components: type: string ValidationStrategy: $ref: '#/components/schemas/ValidationStrategy' + FolderArns: + minItems: 0 + maxItems: 10 + type: array + items: + type: string DashboardId: minLength: 1 pattern: ^[\w\-]+$ @@ -8871,6 +9843,7 @@ components: - ThemeArn - VersionDescription - ValidationStrategy + - FolderArns x-read-only-properties: - Arn - CreatedTime @@ -8896,6 +9869,9 @@ components: - quicksight:TagResource - quicksight:UntagResource - quicksight:ListTagsForResource + - quicksight:CreateFolderMembership + - quicksight:DeleteFolderMembership + - quicksight:ListFoldersForResource update: - quicksight:DescribeDashboard - quicksight:DescribeDashboardPermissions @@ -8906,6 +9882,9 @@ components: - quicksight:DescribeTemplate - quicksight:DescribeTheme - quicksight:PassDataSet + - quicksight:CreateFolderMembership + - quicksight:DeleteFolderMembership + - quicksight:ListFoldersForResource - quicksight:TagResource - quicksight:UntagResource - quicksight:ListTagsForResource @@ -8914,681 +9893,528 @@ components: delete: - quicksight:DescribeDashboard - quicksight:DeleteDashboard - CalculatedColumn: + IntegerDatasetParameter: + description:

An integer parameter for a dataset.

+ additionalProperties: false type: object - description:

A calculated column for a dataset.

properties: - ColumnName: - type: string - maxLength: 127 + ValueType: + $ref: '#/components/schemas/DatasetParameterValueType' + DefaultValues: + $ref: '#/components/schemas/IntegerDatasetParameterDefaultValues' + Id: minLength: 1 - description:

Column name.

- ColumnId: + pattern: ^[a-zA-Z0-9-]+$ + description:

An identifier for the integer parameter created in the dataset.

type: string - maxLength: 64 + maxLength: 128 + Name: minLength: 1 - description: |- -

A unique ID to identify a calculated column. During a dataset update, if the column ID - of a calculated column matches that of an existing calculated column, Amazon QuickSight - preserves the existing calculated column.

- Expression: + pattern: ^[a-zA-Z0-9]+$ + description:

The name of the integer parameter that is created in the dataset.

type: string - maxLength: 4096 - minLength: 1 - description:

An expression that defines the calculated column.

+ maxLength: 2048 required: - - ColumnId - - ColumnName - - Expression + - Id + - Name + - ValueType + RowLevelPermissionPolicy: + type: string + enum: + - GRANT_ACCESS + - DENY_ACCESS + RowLevelPermissionTagRule: + description:

A set of rules associated with a tag.

additionalProperties: false - CastColumnTypeOperation: type: object - description:

A transform operation that casts a column to a different type.

properties: ColumnName: + description:

The column name that a tag key is assigned to.

type: string - maxLength: 127 + TagKey: minLength: 1 - description:

Column name.

- NewColumnType: - $ref: '#/components/schemas/ColumnDataType' - SubType: - $ref: '#/components/schemas/ColumnDataSubType' - Format: + description:

The unique key for a tag.

type: string - maxLength: 32 + maxLength: 128 + MatchAllValue: + minLength: 1 + description:

A string that you want to use to filter by all the values in a column in the dataset and don’t want to list the values one by one. For example, you can use an asterisk as your match all value.

+ type: string + maxLength: 256 + TagMultiValueDelimiter: minLength: 0 - description: |- -

When casting a column from string to datetime type, you can supply a string in a - format supported by Amazon QuickSight to denote the source data format.

+ description:

A string that you want to use to delimit the values when you pass the values at run time. For example, you can delimit the values with a comma.

+ type: string + maxLength: 10 required: - ColumnName - - NewColumnType - additionalProperties: false - ColumnDataSubType: - type: string - enum: - - FLOAT - - FIXED - ColumnDataType: - type: string - enum: - - STRING - - INTEGER - - DECIMAL - - DATETIME - ColumnDescription: - type: object - description:

Metadata that contains a description for a column.

- properties: - Text: - type: string - maxLength: 500 - minLength: 0 - description:

The text of a description for a column.

- additionalProperties: false - ColumnGroup: - type: object + - TagKey + LogicalTable: description: |- -

Groupings of columns that work together in certain Amazon QuickSight features. This is - a variant type structure. For this structure to be valid, only one of the attributes can - be non-null.

- properties: - GeoSpatialColumnGroup: - $ref: '#/components/schemas/GeoSpatialColumnGroup' +

A logical table is a unit that joins and that data + transformations operate on. A logical table has a source, which can be either a physical + table or result of a join. When a logical table points to a physical table, the logical + table acts as a mutable copy of that physical table through transform operations.

additionalProperties: false - ColumnLevelPermissionRule: type: object - description: |- -

A rule defined to grant access on one or more restricted columns. - Each dataset can have multiple rules. - To create a restricted column, you add it to one or more rules. - Each rule must contain at least one column and at least one user or group. - To be able to see a restricted column, a user or group needs to be added - to a rule for that column.

properties: - Principals: - type: array - items: - type: string - maxItems: 100 + Alias: + minLength: 1 + description:

A display name for the logical table.

+ type: string + maxLength: 64 + DataTransforms: minItems: 1 - description:

An array of Amazon Resource Names (ARNs) for Amazon QuickSight users or groups.

- ColumnNames: + maxItems: 2048 + description:

Transform operations that act on this logical table. For this structure to be valid, only one of the attributes can be non-null.

type: array items: - type: string - minItems: 1 - description:

An array of column names.

+ $ref: '#/components/schemas/TransformOperation' + Source: + $ref: '#/components/schemas/LogicalTableSource' + required: + - Alias + FileFormat: + type: string + enum: + - CSV + - TSV + - CLF + - ELF + - XLSX + - JSON + IngestionWaitPolicy: + description:

Wait policy to use when creating/updating dataset. Default is to wait for SPICE ingestion to finish with timeout of 36 hours.

additionalProperties: false - ColumnTag: type: object - description: |- -

A tag for a column in a - - TagColumnOperation - - structure. This is a - variant type structure. For this structure to be valid, only one of the attributes can - be non-null.

properties: - ColumnGeographicRole: - $ref: '#/components/schemas/GeoSpatialDataRole' - ColumnDescription: - $ref: '#/components/schemas/ColumnDescription' - additionalProperties: false - ColumnTagName: - type: string - enum: - - COLUMN_GEOGRAPHIC_ROLE - - COLUMN_DESCRIPTION - CreateColumnsOperation: - type: object - description: |- -

A transform operation that creates calculated columns. Columns created in one such - operation form a lexical closure.

- properties: - Columns: - type: array - items: - $ref: '#/components/schemas/CalculatedColumn' - maxItems: 128 - minItems: 1 - description:

Calculated columns to create.

- required: - - Columns - additionalProperties: false - CustomSql: - type: object - description:

A physical table type built from the results of the custom SQL query.

- properties: - DataSourceArn: - type: string - description:

The Amazon Resource Name (ARN) of the data source.

- Name: - type: string - maxLength: 128 - minLength: 1 - description:

A display name for the SQL query result.

- SqlQuery: - type: string - maxLength: 168000 - minLength: 1 - description:

The SQL query.

- Columns: - type: array - items: - $ref: '#/components/schemas/InputColumn' - maxItems: 2048 - minItems: 1 - description:

The column schema from the SQL query result set.

- required: - - Columns - - DataSourceArn - - Name - - SqlQuery - additionalProperties: false - DataSetImportMode: - type: string - enum: - - SPICE - - DIRECT_QUERY - DataSetRefreshProperties: - type: object - description:

The refresh properties of a dataset.

- properties: - RefreshConfiguration: - $ref: '#/components/schemas/RefreshConfiguration' - required: - - RefreshConfiguration - additionalProperties: false - DataSetUsageConfiguration: - type: object - description:

The usage configuration to apply to child datasets that reference this dataset as a source.

- properties: - DisableUseAsDirectQuerySource: - type: boolean - default: false - description:

An option that controls whether a child dataset of a direct query can use this dataset as a source.

- DisableUseAsImportedSource: + WaitForSpiceIngestion: + default: true + description: |- +

Wait for SPICE ingestion to finish to mark dataset creation/update successful. Default (true). + Applicable only when DataSetImportMode mode is set to SPICE.

type: boolean - default: false - description:

An option that controls whether a child dataset that's stored in QuickSight can use this dataset as a source.

- additionalProperties: false - DatasetParameter: - type: object - description:

A dataset parameter.

- properties: - StringDatasetParameter: - $ref: '#/components/schemas/StringDatasetParameter' - DecimalDatasetParameter: - $ref: '#/components/schemas/DecimalDatasetParameter' - IntegerDatasetParameter: - $ref: '#/components/schemas/IntegerDatasetParameter' - DateTimeDatasetParameter: - $ref: '#/components/schemas/DateTimeDatasetParameter' + IngestionWaitTimeInHours: + default: 36 + description: |- +

The maximum time (in hours) to wait for Ingestion to complete. Default timeout is 36 hours. + Applicable only when DataSetImportMode mode is set to SPICE and WaitForSpiceIngestion is set to true.

+ maximum: 36 + type: number + minimum: 1 + StringDatasetParameter: + description:

A string parameter for a dataset.

additionalProperties: false - DatasetParameterValueType: - type: string - enum: - - MULTI_VALUED - - SINGLE_VALUED - DateTimeDatasetParameter: type: object - description:

A date time parameter for a dataset.

properties: - Id: - type: string - maxLength: 128 - minLength: 1 - pattern: ^[a-zA-Z0-9-]+$ - description:

An identifier for the parameter that is created in the dataset.

- Name: - type: string - maxLength: 2048 - minLength: 1 - pattern: ^[a-zA-Z0-9]+$ - description:

The name of the date time parameter that is created in the dataset.

ValueType: $ref: '#/components/schemas/DatasetParameterValueType' - TimeGranularity: - $ref: '#/components/schemas/TimeGranularity' DefaultValues: - $ref: '#/components/schemas/DateTimeDatasetParameterDefaultValues' - required: - - Id - - Name - - ValueType - additionalProperties: false - DateTimeDatasetParameterDefaultValues: - type: object - description:

The default values of a date time parameter.

- properties: - StaticValues: - type: array - items: - type: string - description:

The default value for the date time parameter.

- maxItems: 32 - minItems: 0 - description:

A list of static default values for a given date time parameter.

- additionalProperties: false - DecimalDatasetParameter: - type: object - description:

A decimal parameter for a dataset.

- properties: + $ref: '#/components/schemas/StringDatasetParameterDefaultValues' Id: - type: string - maxLength: 128 minLength: 1 pattern: ^[a-zA-Z0-9-]+$ - description:

An identifier for the decimal parameter created in the dataset.

- Name: + description:

An identifier for the string parameter that is created in the dataset.

type: string - maxLength: 2048 + maxLength: 128 + Name: minLength: 1 pattern: ^[a-zA-Z0-9]+$ - description:

The name of the decimal parameter that is created in the dataset.

- ValueType: - $ref: '#/components/schemas/DatasetParameterValueType' - DefaultValues: - $ref: '#/components/schemas/DecimalDatasetParameterDefaultValues' + description:

The name of the string parameter that is created in the dataset.

+ type: string + maxLength: 2048 required: - Id - Name - ValueType + UntagColumnOperation: + description:

A transform operation that removes tags associated with a column.

additionalProperties: false - DecimalDatasetParameterDefaultValues: - type: object - description:

The default values of a decimal parameter.

- properties: - StaticValues: - type: array - items: - type: number - default: 0 - description:

The default value for the decimal parameter.

- maxItems: 32 - minItems: 0 - description:

A list of static default values for a given decimal parameter.

- additionalProperties: false - FieldFolder: type: object - description:

A FieldFolder element is a folder that contains fields and nested subfolders.

properties: - Description: + ColumnName: + minLength: 1 + description:

The column that this operation acts on.

type: string - maxLength: 500 - minLength: 0 - description:

The description for a field folder.

- Columns: + maxLength: 127 + TagNames: + description:

The column tags to remove from this column.

type: array items: - type: string - maxItems: 5000 - minItems: 0 - description:

A folder has a list of columns. A column can only be in one folder.

- additionalProperties: false - FieldFolderMap: - type: object - x-patternProperties: - .+: - $ref: '#/components/schemas/FieldFolder' - additionalProperties: false - FileFormat: - type: string - enum: - - CSV - - TSV - - CLF - - ELF - - XLSX - - JSON + $ref: '#/components/schemas/ColumnTagName' + required: + - ColumnName + - TagNames FilterOperation: - type: object description:

A transform operation that filters rows based on a condition.

+ additionalProperties: false + type: object properties: ConditionExpression: - type: string - maxLength: 4096 minLength: 1 description: |-

An expression that must evaluate to a Boolean value. Rows for which the expression evaluates to true are kept in the dataset.

+ type: string + maxLength: 4096 required: - ConditionExpression + ColumnLevelPermissionRule: + description: |- +

A rule defined to grant access on one or more restricted columns. + Each dataset can have multiple rules. + To create a restricted column, you add it to one or more rules. + Each rule must contain at least one column and at least one user or group. + To be able to see a restricted column, a user or group needs to be added + to a rule for that column.

additionalProperties: false - GeoSpatialColumnGroup: type: object - description:

Geospatial column group that denotes a hierarchy.

properties: - Name: - type: string - maxLength: 64 - minLength: 1 - description:

A display name for the hierarchy.

- CountryCode: - $ref: '#/components/schemas/GeoSpatialCountryCode' - Columns: + ColumnNames: + minItems: 1 + description:

An array of column names.

type: array items: type: string - maxLength: 127 - minLength: 1 - maxItems: 16 + Principals: minItems: 1 - description:

Columns in this hierarchy.

- required: - - Columns - - Name - additionalProperties: false - GeoSpatialCountryCode: - type: string - enum: - - US - GeoSpatialDataRole: - type: string - enum: - - COUNTRY - - STATE - - COUNTY - - CITY - - POSTCODE - - LONGITUDE - - LATITUDE - - POLITICAL1 - - CENSUS_TRACT - - CENSUS_BLOCK_GROUP - - CENSUS_BLOCK - IncrementalRefresh: - type: object - description:

The incremental refresh configuration for a dataset.

- properties: - LookbackWindow: - $ref: '#/components/schemas/LookbackWindow' - required: - - LookbackWindow + maxItems: 100 + description:

An array of Amazon Resource Names (ARNs) for Amazon QuickSight users or groups.

+ type: array + items: + type: string + CastColumnTypeOperation: + description:

A transform operation that casts a column to a different type.

additionalProperties: false - InputColumn: type: object - description:

Metadata for a column that is used as the input of a transform operation.

properties: - Name: + ColumnName: + minLength: 1 + description:

Column name.

type: string maxLength: 127 - minLength: 1 - description:

The name of this column in the underlying data source.

- Type: - $ref: '#/components/schemas/InputColumnDataType' SubType: $ref: '#/components/schemas/ColumnDataSubType' + Format: + minLength: 0 + description: |- +

When casting a column from string to datetime type, you can supply a string in a + format supported by Amazon QuickSight to denote the source data format.

+ type: string + maxLength: 32 + NewColumnType: + $ref: '#/components/schemas/ColumnDataType' required: - - Name - - Type + - ColumnName + - NewColumnType + UploadSettings: + description:

Information about the format for a source file or files.

additionalProperties: false - InputColumnDataType: - type: string - enum: - - STRING - - INTEGER - - DECIMAL - - DATETIME - - BIT - - BOOLEAN - - JSON - IntegerDatasetParameter: type: object - description:

An integer parameter for a dataset.

properties: - Id: - type: string - maxLength: 128 + ContainsHeader: + description:

Whether the file has a header row, or the files each have a header row.

+ type: boolean + TextQualifier: + $ref: '#/components/schemas/TextQualifier' + Format: + $ref: '#/components/schemas/FileFormat' + StartFromRow: + description:

A row number to start reading data from.

+ type: number + minimum: 1 + Delimiter: minLength: 1 - pattern: ^[a-zA-Z0-9-]+$ - description:

An identifier for the integer parameter created in the dataset.

- Name: + description:

The delimiter between values in the file.

type: string - maxLength: 2048 - minLength: 1 - pattern: ^[a-zA-Z0-9]+$ - description:

The name of the integer parameter that is created in the dataset.

- ValueType: - $ref: '#/components/schemas/DatasetParameterValueType' - DefaultValues: - $ref: '#/components/schemas/IntegerDatasetParameterDefaultValues' - required: - - Id - - Name - - ValueType + maxLength: 1 + CreateColumnsOperation: + description: |- +

A transform operation that creates calculated columns. Columns created in one such + operation form a lexical closure.

additionalProperties: false - IntegerDatasetParameterDefaultValues: type: object - description:

The default values of an integer parameter.

properties: - StaticValues: + Columns: + minItems: 1 + maxItems: 128 + description:

Calculated columns to create.

type: array items: - type: number - default: 0 - description:

The default value for the integer parameter.

- maxItems: 32 - minItems: 0 - description:

A list of static default values for a given integer parameter.

- additionalProperties: false - JoinInstruction: - type: object - description:

The instructions associated with a join.

- properties: - LeftOperand: - type: string - maxLength: 64 - minLength: 1 - pattern: ^[0-9a-zA-Z-]*$ - description:

The operand on the left side of a join.

- RightOperand: - type: string - maxLength: 64 - minLength: 1 - pattern: ^[0-9a-zA-Z-]*$ - description:

The operand on the right side of a join.

- LeftJoinKeyProperties: - $ref: '#/components/schemas/JoinKeyProperties' - RightJoinKeyProperties: - $ref: '#/components/schemas/JoinKeyProperties' - Type: - $ref: '#/components/schemas/JoinType' - OnClause: - type: string - maxLength: 512 - minLength: 1 - description:

The join instructions provided in the ON clause of a join.

+ $ref: '#/components/schemas/CalculatedColumn' required: - - LeftOperand - - OnClause - - RightOperand - - Type - additionalProperties: false + - Columns JoinKeyProperties: - type: object description:

Properties associated with the columns participating in a join.

+ additionalProperties: false + type: object properties: UniqueKey: - type: boolean description: |-

A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Amazon QuickSight to optimize query performance.

+ type: boolean + DecimalDatasetParameterDefaultValues: + description:

The default values of a decimal parameter.

additionalProperties: false - JoinType: - type: string - enum: - - INNER - - OUTER - - LEFT - - RIGHT - LogicalTable: type: object - description: |- -

A logical table is a unit that joins and that data - transformations operate on. A logical table has a source, which can be either a physical - table or result of a join. When a logical table points to a physical table, the logical - table acts as a mutable copy of that physical table through transform operations.

properties: - Alias: - type: string - maxLength: 64 - minLength: 1 - description:

A display name for the logical table.

- DataTransforms: + StaticValues: + minItems: 0 + maxItems: 32 + description:

A list of static default values for a given decimal parameter.

type: array items: - $ref: '#/components/schemas/TransformOperation' - maxItems: 2048 - minItems: 1 - description:

Transform operations that act on this logical table. For this structure to be valid, only one of the attributes can be non-null.

- Source: - $ref: '#/components/schemas/LogicalTableSource' - required: - - Alias - - Source - additionalProperties: false - LogicalTableMap: - type: object - maxProperties: 64 - minProperties: 1 + default: 0 + description:

The default value for the decimal parameter.

+ type: number + Status: + type: string + enum: + - ENABLED + - DISABLED + PhysicalTableMap: x-patternProperties: ^[0-9a-zA-Z-]*$: - $ref: '#/components/schemas/LogicalTable' + $ref: '#/components/schemas/PhysicalTable' + maxProperties: 32 + additionalProperties: false + type: object + minProperties: 0 + TagColumnOperation: + description:

A transform operation that tags a column with additional information.

additionalProperties: false - LogicalTableSource: type: object - description: |- -

Information about the source of a logical table. This is a variant type structure. For - this structure to be valid, only one of the attributes can be non-null.

properties: - JoinInstruction: - $ref: '#/components/schemas/JoinInstruction' - PhysicalTableId: - type: string - maxLength: 64 + ColumnName: minLength: 1 - pattern: ^[0-9a-zA-Z-]*$ - description:

Physical table ID.

- DataSetArn: + description:

The column that this operation acts on.

type: string - description:

The Amazon Resource Number (ARN) of the parent dataset.

+ maxLength: 127 + Tags: + minItems: 1 + maxItems: 16 + description: |- +

The dataset column tag, currently only used for geospatial type tagging.

+ +

This is not tags for the Amazon Web Services tagging feature.

+ + type: array + items: + $ref: '#/components/schemas/ColumnTag' + required: + - ColumnName + - Tags + RefreshConfiguration: + description:

The refresh configuration of a dataset.

additionalProperties: false - LookbackWindow: type: object + properties: + IncrementalRefresh: + $ref: '#/components/schemas/IncrementalRefresh' + required: + - IncrementalRefresh + LookbackWindow: description:

The lookback window setup of an incremental refresh configuration.

+ additionalProperties: false + type: object properties: ColumnName: - type: string description:

The name of the lookback window column.

- Size: - type: number - default: 0 - minimum: 1 - description:

The lookback window column size.

+ type: string SizeUnit: $ref: '#/components/schemas/LookbackWindowSizeUnit' + Size: + default: 0 + description:

The lookback window column size.

+ type: number + minimum: 1 required: - ColumnName - Size - SizeUnit + RelationalTable: + description:

A physical table type for relational data sources.

additionalProperties: false - LookbackWindowSizeUnit: + type: object + properties: + DataSourceArn: + description:

The Amazon Resource Name (ARN) for the data source.

+ type: string + InputColumns: + minItems: 1 + maxItems: 2048 + description:

The column schema of the table.

+ type: array + items: + $ref: '#/components/schemas/InputColumn' + Schema: + minLength: 0 + description:

The schema name. This name applies to certain relational database engines.

+ type: string + maxLength: 256 + Catalog: + minLength: 0 + description:

The catalog associated with a table.

+ type: string + maxLength: 256 + Name: + minLength: 1 + description:

The name of the relational table.

+ type: string + maxLength: 256 + required: + - DataSourceArn + - Name + DatasetParameterValueType: type: string enum: - - HOUR - - DAY - - WEEK - NewDefaultValues: + - MULTI_VALUED + - SINGLE_VALUED + PerformanceConfiguration: + additionalProperties: false type: object - description:

The configuration that overrides the existing default values for a dataset parameter that is inherited from another dataset.

properties: - StringStaticValues: + UniqueKeys: + minItems: 1 + maxItems: 1 type: array items: - type: string - maxLength: 512 - minLength: 0 - description:

The default value for the string parameter.

- maxItems: 32 - minItems: 0 - description:

A list of static default values for a given string parameter.

- DecimalStaticValues: + $ref: '#/components/schemas/UniqueKey' + CalculatedColumn: + description:

A calculated column for a dataset.

+ additionalProperties: false + type: object + properties: + ColumnId: + minLength: 1 + description: |- +

A unique ID to identify a calculated column. During a dataset update, if the column ID + of a calculated column matches that of an existing calculated column, Amazon QuickSight + preserves the existing calculated column.

+ type: string + maxLength: 64 + ColumnName: + minLength: 1 + description:

Column name.

+ type: string + maxLength: 127 + Expression: + minLength: 1 + description:

An expression that defines the calculated column.

+ type: string + maxLength: 250000 + required: + - ColumnId + - ColumnName + - Expression + DataSetRefreshProperties: + description:

The refresh properties of a dataset.

+ additionalProperties: false + type: object + properties: + RefreshConfiguration: + $ref: '#/components/schemas/RefreshConfiguration' + S3Source: + description:

A physical table type for an S3 data source.

+ additionalProperties: false + type: object + properties: + DataSourceArn: + description:

The Amazon Resource Name (ARN) for the data source.

+ type: string + InputColumns: + minItems: 1 + maxItems: 2048 + description: |- +

A physical table type for an S3 data source.

+ +

For files that aren't JSON, only STRING data types are supported in input columns.

+ type: array items: - type: number - default: 0 - description:

The default value for the decimal parameter.

- maxItems: 32 + $ref: '#/components/schemas/InputColumn' + UploadSettings: {} + required: + - DataSourceArn + - InputColumns + FieldFolder: + description:

A FieldFolder element is a folder that contains fields and nested subfolders.

+ additionalProperties: false + type: object + properties: + Description: + minLength: 0 + description:

The description for a field folder.

+ type: string + maxLength: 500 + Columns: minItems: 0 - description:

A list of static default values for a given decimal parameter.

- DateTimeStaticValues: + maxItems: 5000 + description:

A folder has a list of columns. A column can only be in one folder.

type: array items: type: string - description:

The default value for the date time parameter.

- maxItems: 32 - minItems: 0 - description:

A list of static default values for a given date time parameter.

- IntegerStaticValues: - type: array - items: - type: number - default: 0 - description:

The default value for the integer parameter.

- maxItems: 32 - minItems: 0 - description:

A list of static default values for a given integer parameter.

+ InputColumn: + description:

Metadata for a column that is used as the input of a transform operation.

additionalProperties: false - OutputColumn: type: object - description:

Output column.

properties: + Type: + $ref: '#/components/schemas/InputColumnDataType' + SubType: + $ref: '#/components/schemas/ColumnDataSubType' Name: + minLength: 1 + description:

The name of this column in the underlying data source.

type: string maxLength: 127 - minLength: 1 - description:

The display name of the column..

+ required: + - Name + - Type + LogicalTableMap: + x-patternProperties: + ^[0-9a-zA-Z-]*$: + $ref: '#/components/schemas/LogicalTable' + maxProperties: 64 + additionalProperties: false + type: object + minProperties: 1 + IncrementalRefresh: + description:

The incremental refresh configuration for a dataset.

+ additionalProperties: false + type: object + properties: + LookbackWindow: + $ref: '#/components/schemas/LookbackWindow' + required: + - LookbackWindow + OutputColumn: + description:

Output column.

+ additionalProperties: false + type: object + properties: + Type: + $ref: '#/components/schemas/ColumnDataType' Description: - type: string - maxLength: 500 minLength: 0 description:

A description for a column.

- Type: - $ref: '#/components/schemas/ColumnDataType' + type: string + maxLength: 500 SubType: $ref: '#/components/schemas/ColumnDataSubType' - additionalProperties: false - OverrideDatasetParameterOperation: - type: object - description:

A transform operation that overrides the dataset parameter values that are defined in another dataset.

- properties: - ParameterName: - type: string - maxLength: 2048 + Name: minLength: 1 - pattern: ^[a-zA-Z0-9]+$ - description:

The name of the parameter to be overridden with different values.

- NewParameterName: + description:

The display name of the column..

type: string - maxLength: 2048 - minLength: 1 - pattern: ^[a-zA-Z0-9]+$ - description:

The new name for the parameter.

- NewDefaultValues: - $ref: '#/components/schemas/NewDefaultValues' - required: - - ParameterName - additionalProperties: false + maxLength: 127 PhysicalTable: - type: object description: |-

A view of a data source that contains information about the shape of the data in the underlying source. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.

+ additionalProperties: false + type: object properties: RelationalTable: $ref: '#/components/schemas/RelationalTable' @@ -9596,94 +10422,79 @@ components: $ref: '#/components/schemas/CustomSql' S3Source: $ref: '#/components/schemas/S3Source' + ColumnDataSubType: + type: string + enum: + - FLOAT + - FIXED + DateTimeDatasetParameterDefaultValues: + description:

The default values of a date time parameter.

additionalProperties: false - PhysicalTableMap: - type: object - maxProperties: 32 - minProperties: 0 - x-patternProperties: - ^[0-9a-zA-Z-]*$: - $ref: '#/components/schemas/PhysicalTable' - additionalProperties: false - ProjectOperation: type: object - description: |- -

A transform operation that projects columns. Operations that come after a projection - can only refer to projected columns.

properties: - ProjectedColumns: + StaticValues: + minItems: 0 + maxItems: 32 + description:

A list of static default values for a given date time parameter.

type: array items: + description:

The default value for the date time parameter.

type: string - maxItems: 2000 - minItems: 1 - description:

Projected columns.

- required: - - ProjectedColumns + LogicalTableSource: + description: |- +

Information about the source of a logical table. This is a variant type structure. For + this structure to be valid, only one of the attributes can be non-null.

additionalProperties: false - RefreshConfiguration: type: object - description:

The refresh configuration of a dataset.

properties: - IncrementalRefresh: - $ref: '#/components/schemas/IncrementalRefresh' - required: - - IncrementalRefresh + PhysicalTableId: + minLength: 1 + pattern: ^[0-9a-zA-Z-]*$ + description:

Physical table ID.

+ type: string + maxLength: 64 + JoinInstruction: + $ref: '#/components/schemas/JoinInstruction' + DataSetArn: + description:

The Amazon Resource Number (ARN) of the parent dataset.

+ type: string + ColumnTag: + description: |- +

A tag for a column in a + + TagColumnOperation + + structure. This is a + variant type structure. For this structure to be valid, only one of the attributes can + be non-null.

additionalProperties: false - RelationalTable: type: object - description:

A physical table type for relational data sources.

properties: - DataSourceArn: - type: string - description:

The Amazon Resource Name (ARN) for the data source.

- Catalog: - type: string - maxLength: 256 - minLength: 0 - description:

The catalog associated with a table.

- Schema: - type: string - maxLength: 256 - minLength: 0 - description:

The schema name. This name applies to certain relational database engines.

- Name: - type: string - maxLength: 256 - minLength: 1 - description:

The name of the relational table.

- InputColumns: - type: array - items: - $ref: '#/components/schemas/InputColumn' - maxItems: 2048 - minItems: 1 - description:

The column schema of the table.

- required: - - DataSourceArn - - InputColumns - - Name + ColumnGeographicRole: + $ref: '#/components/schemas/GeoSpatialDataRole' + ColumnDescription: + $ref: '#/components/schemas/ColumnDescription' + TextQualifier: + type: string + enum: + - DOUBLE_QUOTE + - SINGLE_QUOTE + ColumnDescription: + description:

Metadata that contains a description for a column.

additionalProperties: false - RenameColumnOperation: type: object - description:

A transform operation that renames a column.

properties: - ColumnName: - type: string - maxLength: 127 - minLength: 1 - description:

The name of the column to be renamed.

- NewColumnName: + Text: + minLength: 0 + description:

The text of a description for a column.

type: string - maxLength: 127 - minLength: 1 - description:

The new name for the column.

- required: - - ColumnName - - NewColumnName - additionalProperties: false + maxLength: 500 + DataSetImportMode: + type: string + enum: + - SPICE + - DIRECT_QUERY RowLevelPermissionDataSet: - type: object description: |-

Information about a dataset that contains permissions for row-level security (RLS). The permissions dataset maps fields to users or groups. For more information, see @@ -9691,364 +10502,559 @@ components: Guide.

The option to deny permissions by setting PermissionPolicy to DENY_ACCESS is not supported for new RLS datasets.

+ additionalProperties: false + type: object properties: - Namespace: + Status: + $ref: '#/components/schemas/Status' + FormatVersion: + $ref: '#/components/schemas/RowLevelPermissionFormatVersion' + Arn: + description:

The Amazon Resource Name (ARN) of the dataset that contains permissions for RLS.

type: string - maxLength: 64 + Namespace: minLength: 0 pattern: ^[a-zA-Z0-9._-]*$ description:

The namespace associated with the dataset that contains permissions for RLS.

- Arn: type: string - description:

The Amazon Resource Name (ARN) of the dataset that contains permissions for RLS.

+ maxLength: 64 PermissionPolicy: $ref: '#/components/schemas/RowLevelPermissionPolicy' - FormatVersion: - $ref: '#/components/schemas/RowLevelPermissionFormatVersion' - Status: - $ref: '#/components/schemas/Status' required: - Arn - PermissionPolicy - additionalProperties: false - RowLevelPermissionFormatVersion: - type: string - enum: - - VERSION_1 - - VERSION_2 - RowLevelPermissionPolicy: + ColumnTagName: type: string enum: - - GRANT_ACCESS - - DENY_ACCESS - RowLevelPermissionTagConfiguration: - type: object - description:

The configuration of tags on a dataset to set row-level security.

- properties: - Status: - $ref: '#/components/schemas/Status' - TagRules: - type: array - items: - $ref: '#/components/schemas/RowLevelPermissionTagRule' - maxItems: 50 - minItems: 1 - description:

A set of rules associated with row-level security, such as the tag names and columns that they are assigned to.

- TagRuleConfigurations: - type: array - items: - type: array - items: - type: string - maxLength: 128 - minLength: 1 - maxItems: 50 - minItems: 1 - maxItems: 50 - minItems: 1 - description:

A list of tag configuration rules to apply to a dataset. All tag configurations have the OR condition. Tags within each tile will be joined (AND). At least one rule in this structure must have all tag values assigned to it to apply Row-level security (RLS) to the dataset.

- required: - - TagRules + - COLUMN_GEOGRAPHIC_ROLE + - COLUMN_DESCRIPTION + RenameColumnOperation: + description:

A transform operation that renames a column.

additionalProperties: false - RowLevelPermissionTagRule: type: object - description:

A set of rules associated with a tag.

properties: - TagKey: - type: string - maxLength: 128 + NewColumnName: minLength: 1 - description:

The unique key for a tag.

- ColumnName: - type: string - description:

The column name that a tag key is assigned to.

- TagMultiValueDelimiter: - type: string - maxLength: 10 - minLength: 0 - description:

A string that you want to use to delimit the values when you pass the values at run time. For example, you can delimit the values with a comma.

- MatchAllValue: + description:

The new name for the column.

type: string - maxLength: 256 + maxLength: 127 + ColumnName: minLength: 1 - description:

A string that you want to use to filter by all the values in a column in the dataset and don’t want to list the values one by one. For example, you can use an asterisk as your match all value.

+ description:

The name of the column to be renamed.

+ type: string + maxLength: 127 required: - ColumnName - - TagKey + - NewColumnName + FieldFolderMap: + x-patternProperties: + .+: + $ref: '#/components/schemas/FieldFolder' additionalProperties: false - S3Source: type: object - description:

A physical table type for an S3 data source.

- properties: - DataSourceArn: - type: string - description:

The Amazon Resource Name (ARN) for the data source.

- UploadSettings: - $ref: '#/components/schemas/UploadSettings' - InputColumns: - type: array - items: - $ref: '#/components/schemas/InputColumn' - maxItems: 2048 - minItems: 1 - description: |- -

A physical table type for an S3 data source.

- -

For files that aren't JSON, only STRING data types are supported in input columns.

- - required: - - DataSourceArn - - InputColumns - additionalProperties: false - Status: + RowLevelPermissionFormatVersion: type: string enum: - - ENABLED - - DISABLED - StringDatasetParameter: + - VERSION_1 + - VERSION_2 + DecimalDatasetParameter: + description:

A decimal parameter for a dataset.

+ additionalProperties: false type: object - description:

A string parameter for a dataset.

properties: + ValueType: + $ref: '#/components/schemas/DatasetParameterValueType' + DefaultValues: + $ref: '#/components/schemas/DecimalDatasetParameterDefaultValues' Id: - type: string - maxLength: 128 minLength: 1 pattern: ^[a-zA-Z0-9-]+$ - description:

An identifier for the string parameter that is created in the dataset.

- Name: + description:

An identifier for the decimal parameter created in the dataset.

type: string - maxLength: 2048 + maxLength: 128 + Name: minLength: 1 pattern: ^[a-zA-Z0-9]+$ - description:

The name of the string parameter that is created in the dataset.

- ValueType: - $ref: '#/components/schemas/DatasetParameterValueType' - DefaultValues: - $ref: '#/components/schemas/StringDatasetParameterDefaultValues' + description:

The name of the decimal parameter that is created in the dataset.

+ type: string + maxLength: 2048 required: - Id - Name - ValueType + ColumnDataType: + type: string + enum: + - STRING + - INTEGER + - DECIMAL + - DATETIME + DateTimeDatasetParameter: + description:

A date time parameter for a dataset.

additionalProperties: false - StringDatasetParameterDefaultValues: type: object - description:

The default values of a string parameter.

properties: - StaticValues: - type: array - items: - type: string - maxLength: 512 - minLength: 0 - description:

The default value for the string parameter.

- maxItems: 32 - minItems: 0 - description:

A list of static default values for a given string parameter.

- additionalProperties: false - TagColumnOperation: - type: object - description:

A transform operation that tags a column with additional information.

+ ValueType: + $ref: '#/components/schemas/DatasetParameterValueType' + TimeGranularity: + $ref: '#/components/schemas/TimeGranularity' + DefaultValues: + $ref: '#/components/schemas/DateTimeDatasetParameterDefaultValues' + Id: + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + description:

An identifier for the parameter that is created in the dataset.

+ type: string + maxLength: 128 + Name: + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + description:

The name of the date time parameter that is created in the dataset.

+ type: string + maxLength: 2048 + required: + - Id + - Name + - ValueType + JoinInstruction: + description:

The instructions associated with a join.

+ additionalProperties: false + type: object properties: - ColumnName: + OnClause: + minLength: 1 + description:

The join instructions provided in the ON clause of a join.

type: string - maxLength: 127 + maxLength: 512 + Type: + $ref: '#/components/schemas/JoinType' + LeftJoinKeyProperties: + $ref: '#/components/schemas/JoinKeyProperties' + LeftOperand: minLength: 1 - description:

The column that this operation acts on.

- Tags: + pattern: ^[0-9a-zA-Z-]*$ + description:

The operand on the left side of a join.

+ type: string + maxLength: 64 + RightOperand: + minLength: 1 + pattern: ^[0-9a-zA-Z-]*$ + description:

The operand on the right side of a join.

+ type: string + maxLength: 64 + RightJoinKeyProperties: + $ref: '#/components/schemas/JoinKeyProperties' + required: + - LeftOperand + - OnClause + - RightOperand + - Type + JoinType: + type: string + enum: + - INNER + - OUTER + - LEFT + - RIGHT + RowLevelPermissionTagConfiguration: + description:

The configuration of tags on a dataset to set row-level security.

+ additionalProperties: false + type: object + properties: + Status: + $ref: '#/components/schemas/Status' + TagRules: + minItems: 1 + maxItems: 50 + description:

A set of rules associated with row-level security, such as the tag names and columns that they are assigned to.

type: array items: - $ref: '#/components/schemas/ColumnTag' - maxItems: 16 + $ref: '#/components/schemas/RowLevelPermissionTagRule' + TagRuleConfigurations: minItems: 1 - description: |- -

The dataset column tag, currently only used for geospatial type tagging.

- -

This is not tags for the Amazon Web Services tagging feature.

- + maxItems: 50 + description:

A list of tag configuration rules to apply to a dataset. All tag configurations have the OR condition. Tags within each tile will be joined (AND). At least one rule in this structure must have all tag values assigned to it to apply Row-level security (RLS) to the dataset.

+ type: array + items: + minItems: 1 + maxItems: 50 + type: array + items: + minLength: 1 + type: string + maxLength: 128 required: - - ColumnName - - Tags - additionalProperties: false - TextQualifier: - type: string - enum: - - DOUBLE_QUOTE - - SINGLE_QUOTE + - TagRules TransformOperation: - type: object description: |-

A data transformation on a logical table. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.

+ additionalProperties: false + type: object properties: - ProjectOperation: - $ref: '#/components/schemas/ProjectOperation' - FilterOperation: - $ref: '#/components/schemas/FilterOperation' - CreateColumnsOperation: - $ref: '#/components/schemas/CreateColumnsOperation' - RenameColumnOperation: - $ref: '#/components/schemas/RenameColumnOperation' - CastColumnTypeOperation: - $ref: '#/components/schemas/CastColumnTypeOperation' TagColumnOperation: $ref: '#/components/schemas/TagColumnOperation' + RenameColumnOperation: + $ref: '#/components/schemas/RenameColumnOperation' UntagColumnOperation: $ref: '#/components/schemas/UntagColumnOperation' OverrideDatasetParameterOperation: $ref: '#/components/schemas/OverrideDatasetParameterOperation' + FilterOperation: + $ref: '#/components/schemas/FilterOperation' + CastColumnTypeOperation: + $ref: '#/components/schemas/CastColumnTypeOperation' + CreateColumnsOperation: + $ref: '#/components/schemas/CreateColumnsOperation' + ProjectOperation: + $ref: '#/components/schemas/ProjectOperation' + InputColumnDataType: + type: string + enum: + - STRING + - INTEGER + - DECIMAL + - DATETIME + - BIT + - BOOLEAN + - JSON + GeoSpatialColumnGroup: + description:

Geospatial column group that denotes a hierarchy.

additionalProperties: false - UntagColumnOperation: type: object - description:

A transform operation that removes tags associated with a column.

properties: - ColumnName: + Columns: + minItems: 1 + maxItems: 16 + description:

Columns in this hierarchy.

+ type: array + items: + minLength: 1 + type: string + maxLength: 127 + CountryCode: + $ref: '#/components/schemas/GeoSpatialCountryCode' + Name: + minLength: 1 + description:

A display name for the hierarchy.

type: string - maxLength: 127 + maxLength: 64 + required: + - Columns + - Name + GeoSpatialCountryCode: + type: string + enum: + - US + OverrideDatasetParameterOperation: + description:

A transform operation that overrides the dataset parameter values that are defined in another dataset.

+ additionalProperties: false + type: object + properties: + NewDefaultValues: + $ref: '#/components/schemas/NewDefaultValues' + ParameterName: minLength: 1 - description:

The column that this operation acts on.

- TagNames: + pattern: ^[a-zA-Z0-9]+$ + description:

The name of the parameter to be overridden with different values.

+ type: string + maxLength: 2048 + NewParameterName: + minLength: 1 + pattern: ^[a-zA-Z0-9]+$ + description:

The new name for the parameter.

+ type: string + maxLength: 2048 + required: + - ParameterName + UniqueKey: + additionalProperties: false + type: object + properties: + ColumnNames: + minItems: 1 + maxItems: 1 type: array items: - $ref: '#/components/schemas/ColumnTagName' - description:

The column tags to remove from this column.

+ minLength: 1 + type: string + maxLength: 127 required: - - ColumnName - - TagNames + - ColumnNames + GeoSpatialDataRole: + type: string + enum: + - COUNTRY + - STATE + - COUNTY + - CITY + - POSTCODE + - LONGITUDE + - LATITUDE + - POLITICAL1 + - CENSUS_TRACT + - CENSUS_BLOCK_GROUP + - CENSUS_BLOCK + NewDefaultValues: + description:

The configuration that overrides the existing default values for a dataset parameter that is inherited from another dataset.

additionalProperties: false - UploadSettings: type: object - description:

Information about the format for a source file or files.

properties: - Format: - $ref: '#/components/schemas/FileFormat' - StartFromRow: - type: number - minimum: 1 - description:

A row number to start reading data from.

- ContainsHeader: + DecimalStaticValues: + minItems: 0 + maxItems: 32 + description:

A list of static default values for a given decimal parameter.

+ type: array + items: + default: 0 + description:

The default value for the decimal parameter.

+ type: number + IntegerStaticValues: + minItems: 0 + maxItems: 32 + description:

A list of static default values for a given integer parameter.

+ type: array + items: + default: 0 + description:

The default value for the integer parameter.

+ type: number + StringStaticValues: + minItems: 0 + maxItems: 32 + description:

A list of static default values for a given string parameter.

+ type: array + items: + minLength: 0 + description:

The default value for the string parameter.

+ type: string + maxLength: 512 + DateTimeStaticValues: + minItems: 0 + maxItems: 32 + description:

A list of static default values for a given date time parameter.

+ type: array + items: + description:

The default value for the date time parameter.

+ type: string + DatasetParameter: + description:

A dataset parameter.

+ additionalProperties: false + type: object + properties: + IntegerDatasetParameter: + $ref: '#/components/schemas/IntegerDatasetParameter' + DateTimeDatasetParameter: + $ref: '#/components/schemas/DateTimeDatasetParameter' + DecimalDatasetParameter: + $ref: '#/components/schemas/DecimalDatasetParameter' + StringDatasetParameter: + $ref: '#/components/schemas/StringDatasetParameter' + IntegerDatasetParameterDefaultValues: + description:

The default values of an integer parameter.

+ additionalProperties: false + type: object + properties: + StaticValues: + minItems: 0 + maxItems: 32 + description:

A list of static default values for a given integer parameter.

+ type: array + items: + default: 0 + description:

The default value for the integer parameter.

+ type: number + DataSetUsageConfiguration: + description:

The usage configuration to apply to child datasets that reference this dataset as a source.

+ additionalProperties: false + type: object + properties: + DisableUseAsImportedSource: + default: false + description:

An option that controls whether a child dataset that's stored in QuickSight can use this dataset as a source.

type: boolean - description:

Whether the file has a header row, or the files each have a header row.

- TextQualifier: - $ref: '#/components/schemas/TextQualifier' - Delimiter: + DisableUseAsDirectQuerySource: + default: false + description:

An option that controls whether a child dataset of a direct query can use this dataset as a source.

+ type: boolean + StringDatasetParameterDefaultValues: + description:

The default values of a string parameter.

+ additionalProperties: false + type: object + properties: + StaticValues: + minItems: 0 + maxItems: 32 + description:

A list of static default values for a given string parameter.

+ type: array + items: + minLength: 0 + description:

The default value for the string parameter.

+ type: string + maxLength: 512 + LookbackWindowSizeUnit: + type: string + enum: + - HOUR + - DAY + - WEEK + ColumnGroup: + description: |- +

Groupings of columns that work together in certain Amazon QuickSight features. This is + a variant type structure. For this structure to be valid, only one of the attributes can + be non-null.

+ additionalProperties: false + type: object + properties: + GeoSpatialColumnGroup: + $ref: '#/components/schemas/GeoSpatialColumnGroup' + CustomSql: + description:

A physical table type built from the results of the custom SQL query.

+ additionalProperties: false + type: object + properties: + DataSourceArn: + description:

The Amazon Resource Name (ARN) of the data source.

type: string - maxLength: 1 + SqlQuery: minLength: 1 - description:

The delimiter between values in the file.

+ description:

The SQL query.

+ type: string + maxLength: 168000 + Columns: + minItems: 1 + maxItems: 2048 + description:

The column schema from the SQL query result set.

+ type: array + items: + $ref: '#/components/schemas/InputColumn' + Name: + minLength: 1 + description:

A display name for the SQL query result.

+ type: string + maxLength: 128 + required: + - DataSourceArn + - Name + - SqlQuery + ProjectOperation: + description: |- +

A transform operation that projects columns. Operations that come after a projection + can only refer to projected columns.

additionalProperties: false - IngestionWaitPolicy: type: object - description:

Wait policy to use when creating/updating dataset. Default is to wait for SPICE ingestion to finish with timeout of 36 hours.

properties: - WaitForSpiceIngestion: - type: boolean - description: |- -

Wait for SPICE ingestion to finish to mark dataset creation/update successful. Default (true). - Applicable only when DataSetImportMode mode is set to SPICE.

- default: true - IngestionWaitTimeInHours: - type: number - description: |- -

The maximum time (in hours) to wait for Ingestion to complete. Default timeout is 36 hours. - Applicable only when DataSetImportMode mode is set to SPICE and WaitForSpiceIngestion is set to true.

- minimum: 1 - maximum: 36 - default: 36 - additionalProperties: false + ProjectedColumns: + minItems: 1 + maxItems: 2000 + description:

Projected columns.

+ type: array + items: + type: string + required: + - ProjectedColumns DataSet: type: object properties: - Arn: + PhysicalTableMap: + $ref: '#/components/schemas/PhysicalTableMap' + CreatedTime: + format: string + description:

The time that this dataset was created.

type: string - description:

The Amazon Resource Name (ARN) of the resource.

- AwsAccountId: + FieldFolders: + $ref: '#/components/schemas/FieldFolderMap' + LastUpdatedTime: + format: string + description:

The last time that this dataset was updated.

type: string - maxLength: 12 - minLength: 12 - pattern: ^[0-9]{12}$ - ColumnGroups: - type: array - items: - $ref: '#/components/schemas/ColumnGroup' - maxItems: 8 - minItems: 1 - description:

Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.

- ColumnLevelPermissionRules: + DataSetId: + type: string + FolderArns: + minItems: 0 + maxItems: 10 + description:

When you create the dataset, Amazon QuickSight adds the dataset to these folders.

type: array items: - $ref: '#/components/schemas/ColumnLevelPermissionRule' - minItems: 1 - description: |- -

A set of one or more definitions of a - ColumnLevelPermissionRule - .

+ type: string ConsumedSpiceCapacityInBytes: - type: number default: 0 description: |-

The amount of SPICE capacity used by this dataset. This is 0 if the dataset isn't imported into SPICE.

- CreatedTime: - type: string - description:

The time that this dataset was created.

- format: string - DataSetId: - type: string + type: number + PerformanceConfiguration: + $ref: '#/components/schemas/PerformanceConfiguration' + RowLevelPermissionDataSet: + $ref: '#/components/schemas/RowLevelPermissionDataSet' DataSetRefreshProperties: $ref: '#/components/schemas/DataSetRefreshProperties' - DataSetUsageConfiguration: - $ref: '#/components/schemas/DataSetUsageConfiguration' - DatasetParameters: + RowLevelPermissionTagConfiguration: + $ref: '#/components/schemas/RowLevelPermissionTagConfiguration' + IngestionWaitPolicy: + $ref: '#/components/schemas/IngestionWaitPolicy' + ColumnLevelPermissionRules: + minItems: 1 + description: |- +

A set of one or more definitions of a + ColumnLevelPermissionRule + .

type: array items: - $ref: '#/components/schemas/DatasetParameter' - maxItems: 32 - minItems: 0 - description:

The parameter declarations of the dataset.

- FieldFolders: - $ref: '#/components/schemas/FieldFolderMap' + $ref: '#/components/schemas/ColumnLevelPermissionRule' + Name: + minLength: 1 + description:

The display name for the dataset.

+ type: string + maxLength: 128 + ColumnGroups: + minItems: 1 + maxItems: 8 + description:

Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.

+ type: array + items: + $ref: '#/components/schemas/ColumnGroup' ImportMode: $ref: '#/components/schemas/DataSetImportMode' - LastUpdatedTime: - type: string - description:

The last time that this dataset was updated.

- format: string + DatasetParameters: + minItems: 0 + maxItems: 32 + description:

The parameter declarations of the dataset.

+ type: array + items: + $ref: '#/components/schemas/DatasetParameter' LogicalTableMap: $ref: '#/components/schemas/LogicalTableMap' - Name: + AwsAccountId: + minLength: 12 + pattern: ^[0-9]{12}$ type: string - maxLength: 128 - minLength: 1 - description:

The display name for the dataset.

- OutputColumns: + maxLength: 12 + DataSetUsageConfiguration: + $ref: '#/components/schemas/DataSetUsageConfiguration' + Permissions: + minItems: 1 + maxItems: 64 + description:

A list of resource permissions on the dataset.

type: array items: - $ref: '#/components/schemas/OutputColumn' + $ref: '#/components/schemas/ResourcePermission' + OutputColumns: description: |-

The list of columns after all transforms. These columns are available in templates, analyses, and dashboards.

- Permissions: type: array items: - $ref: '#/components/schemas/ResourcePermission' - maxItems: 64 - minItems: 1 - description:

A list of resource permissions on the dataset.

- PhysicalTableMap: - $ref: '#/components/schemas/PhysicalTableMap' - RowLevelPermissionDataSet: - $ref: '#/components/schemas/RowLevelPermissionDataSet' - RowLevelPermissionTagConfiguration: - $ref: '#/components/schemas/RowLevelPermissionTagConfiguration' + $ref: '#/components/schemas/OutputColumn' + Arn: + description:

The Amazon Resource Name (ARN) of the resource.

+ type: string Tags: + minItems: 1 + maxItems: 200 + description:

Contains a map of the key-value pairs for the resource tag or tags assigned to the dataset.

type: array items: $ref: '#/components/schemas/Tag' - maxItems: 200 - minItems: 1 - description:

Contains a map of the key-value pairs for the resource tag or tags assigned to the dataset.

- IngestionWaitPolicy: - $ref: '#/components/schemas/IngestionWaitPolicy' x-stackql-resource-name: data_set description: Definition of the AWS::QuickSight::DataSet Resource Type. x-type-name: AWS::QuickSight::DataSet @@ -10061,6 +11067,7 @@ components: x-write-only-properties: - FieldFolders - IngestionWaitPolicy + - FolderArns x-read-only-properties: - Arn - ConsumedSpiceCapacityInBytes @@ -10071,9 +11078,14 @@ components: taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: true tagProperty: /properties/Tags + cloudFormationSystemTags: true x-required-permissions: + read: + - quicksight:DescribeDataSet + - quicksight:DescribeDataSetPermissions + - quicksight:ListTagsForResource + - quicksight:DescribeDataSetRefreshProperties create: - quicksight:DescribeDataSet - quicksight:DescribeDataSetPermissions @@ -10086,11 +11098,9 @@ components: - quicksight:ListTagsForResource - quicksight:DescribeDataSetRefreshProperties - quicksight:PutDataSetRefreshProperties - read: - - quicksight:DescribeDataSet - - quicksight:DescribeDataSetPermissions - - quicksight:ListTagsForResource - - quicksight:DescribeDataSetRefreshProperties + - quicksight:CreateFolderMembership + - quicksight:DeleteFolderMembership + - quicksight:ListFoldersForResource update: - quicksight:DescribeDataSet - quicksight:DescribeDataSetPermissions @@ -10101,12 +11111,18 @@ components: - quicksight:DescribeIngestion - quicksight:ListIngestions - quicksight:CancelIngestion + - quicksight:CreateFolderMembership + - quicksight:DeleteFolderMembership + - quicksight:ListFoldersForResource - quicksight:TagResource - quicksight:UntagResource - quicksight:ListTagsForResource - quicksight:PutDataSetRefreshProperties - quicksight:DescribeDataSetRefreshProperties - quicksight:DeleteDataSetRefreshProperties + list: + - quicksight:DescribeDataSet + - quicksight:ListDataSets delete: - quicksight:DescribeDataSet - quicksight:DeleteDataSet @@ -10114,9 +11130,6 @@ components: - quicksight:DescribeIngestion - quicksight:DeleteDataSetRefreshProperties - quicksight:DescribeDataSetRefreshProperties - list: - - quicksight:DescribeDataSet - - quicksight:ListDataSets AmazonElasticsearchParameters: type: object description:

The parameters for OpenSearch.

@@ -10206,6 +11219,12 @@ components: - Host - Port additionalProperties: false + AuthenticationType: + type: string + enum: + - PASSWORD + - TOKEN + - X509 AwsIotAnalyticsParameters: type: object description:

The parameters for IoT Analytics.

@@ -10371,6 +11390,7 @@ components: - PRESTO - REDSHIFT - S3 + - S3_TABLES - SALESFORCE - SERVICENOW - SNOWFLAKE @@ -10387,6 +11407,8 @@ components: - MONGO_ATLAS - DOCUMENTDB - APPFLOW + - IMPALA + - GLUE DatabricksParameters: type: object description:

The parameters that are required to connect to a Databricks data source.

@@ -10489,6 +11511,26 @@ components: - Host - Port additionalProperties: false + OAuthParameters: + type: object + properties: + TokenProviderUrl: + type: string + maxLength: 2048 + minLength: 1 + OAuthScope: + type: string + maxLength: 128 + minLength: 1 + IdentityProviderVpcConnectionProperties: + $ref: '#/components/schemas/VpcConnectionProperties' + IdentityProviderResourceUri: + type: string + maxLength: 2048 + minLength: 1 + required: + - TokenProviderUrl + additionalProperties: false OracleParameters: type: object description:

The parameters for Oracle.

@@ -10684,6 +11726,14 @@ components: maxLength: 128 minLength: 0 description:

Warehouse.

+ AuthenticationType: + $ref: '#/components/schemas/AuthenticationType' + DatabaseAccessControlRole: + type: string + maxLength: 128 + minLength: 0 + OAuthParameters: + $ref: '#/components/schemas/OAuthParameters' required: - Database - Host @@ -10766,6 +11816,14 @@ components: description:

The catalog name for the Starburst data source.

ProductType: $ref: '#/components/schemas/StarburstProductType' + DatabaseAccessControlRole: + type: string + maxLength: 128 + minLength: 0 + AuthenticationType: + $ref: '#/components/schemas/AuthenticationType' + OAuthParameters: + $ref: '#/components/schemas/OAuthParameters' required: - Catalog - Host @@ -10875,6 +11933,12 @@ components: $ref: '#/components/schemas/DataSourceParameters' ErrorInfo: $ref: '#/components/schemas/DataSourceErrorInfo' + FolderArns: + type: array + items: + type: string + maxItems: 10 + minItems: 0 LastUpdatedTime: type: string description:

The last time that this data source was updated.

@@ -10911,48 +11975,166 @@ components: x-type-name: AWS::QuickSight::DataSource x-stackql-primary-identifier: - AwsAccountId - - DataSourceId + - DataSourceId + x-create-only-properties: + - AwsAccountId + - DataSourceId + - Type + x-write-only-properties: + - Credentials + - FolderArns + x-read-only-properties: + - Arn + - CreatedTime + - LastUpdatedTime + - Status + x-required-properties: + - Name + - Type + x-required-permissions: + read: + - quicksight:DescribeDataSource + - quicksight:DescribeDataSourcePermissions + - quicksight:ListTagsForResource + create: + - quicksight:CreateDataSource + - quicksight:DescribeDataSource + - quicksight:DescribeDataSourcePermissions + - quicksight:TagResource + - quicksight:ListTagsForResource + - quicksight:CreateFolderMembership + - quicksight:DeleteFolderMembership + - quicksight:ListFoldersForResource + update: + - quicksight:DescribeDataSource + - quicksight:DescribeDataSourcePermissions + - quicksight:UpdateDataSource + - quicksight:UpdateDataSourcePermissions + - quicksight:CreateFolderMembership + - quicksight:DeleteFolderMembership + - quicksight:ListFoldersForResource + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource + delete: + - quicksight:DescribeDataSource + - quicksight:DescribeDataSourcePermissions + - quicksight:DeleteDataSource + - quicksight:ListTagsForResource + list: + - quicksight:DescribeDataSource + - quicksight:ListDataSources + FolderType: + type: string + enum: + - SHARED + - RESTRICTED + SharingModel: + type: string + enum: + - ACCOUNT + - NAMESPACE + Folder: + type: object + properties: + Arn: + type: string + description:

The Amazon Resource Name (ARN) for the folder.

+ pattern: ^arn:.* + AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + CreatedTime: + type: string + description:

The time that the folder was created.

+ format: date-time + FolderId: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[\w\-]+$ + FolderType: + $ref: '#/components/schemas/FolderType' + LastUpdatedTime: + type: string + description:

The time that the folder was last updated.

+ format: date-time + Name: + type: string + maxLength: 200 + minLength: 1 + ParentFolderArn: + type: string + Permissions: + type: array + items: + $ref: '#/components/schemas/ResourcePermission' + maxItems: 64 + minItems: 1 + x-insertionOrder: false + SharingModel: + $ref: '#/components/schemas/SharingModel' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 1 + x-insertionOrder: false + x-stackql-resource-name: folder + description: Definition of the AWS::QuickSight::Folder Resource Type. + x-type-name: AWS::QuickSight::Folder + x-stackql-primary-identifier: + - AwsAccountId + - FolderId x-create-only-properties: + - ParentFolderArn + - SharingModel + - FolderType + - FolderId - AwsAccountId - - DataSourceId - - Type x-write-only-properties: - - Credentials + - ParentFolderArn x-read-only-properties: - Arn - CreatedTime - LastUpdatedTime - - Status - x-required-properties: - - Name - - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - quicksight:TagResource + - quicksight:UntagResource + - quicksight:ListTagsForResource x-required-permissions: read: - - quicksight:DescribeDataSource - - quicksight:DescribeDataSourcePermissions + - quicksight:DescribeFolder + - quicksight:DescribeFolderPermissions - quicksight:ListTagsForResource create: - - quicksight:CreateDataSource - - quicksight:DescribeDataSource - - quicksight:DescribeDataSourcePermissions + - quicksight:CreateFolder + - quicksight:DescribeFolder + - quicksight:UpdateFolderPermissions + - quicksight:DescribeFolderPermissions - quicksight:TagResource - quicksight:ListTagsForResource update: - - quicksight:DescribeDataSource - - quicksight:DescribeDataSourcePermissions - - quicksight:UpdateDataSource - - quicksight:UpdateDataSourcePermissions + - quicksight:DescribeFolder + - quicksight:UpdateFolder + - quicksight:DescribeFolderPermissions + - quicksight:UpdateFolderPermissions + - quicksight:ListTagsForResource - quicksight:TagResource - quicksight:UntagResource - - quicksight:ListTagsForResource delete: - - quicksight:DescribeDataSource - - quicksight:DescribeDataSourcePermissions - - quicksight:DeleteDataSource - - quicksight:ListTagsForResource + - quicksight:DeleteFolder list: - - quicksight:DescribeDataSource - - quicksight:ListDataSources + - quicksight:ListFolders RefreshScheduleMap: type: object properties: @@ -11080,6 +12262,8 @@ components: type: array items: $ref: '#/components/schemas/FilterGroup' + QueryExecutionOptions: + $ref: '#/components/schemas/QueryExecutionOptions' CalculatedFields: minItems: 0 maxItems: 500 @@ -12732,6 +13916,12 @@ components: type: string ValidationStrategy: $ref: '#/components/schemas/ValidationStrategy' + FolderArns: + minItems: 0 + maxItems: 10 + type: array + items: + type: string Name: minLength: 1 description:

The descriptive name of the analysis.

@@ -12779,6 +13969,43 @@ components: x-title: CreateAnalysisRequest type: object required: [] + CreateCustomPermissionsRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + Capabilities: + $ref: '#/components/schemas/Capabilities' + CustomPermissionsName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9+=,.@_-]+$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 1 + x-stackQL-stringOnly: true + x-title: CreateCustomPermissionsRequest + type: object + required: [] CreateDashboardRequest: properties: ClientToken: @@ -12814,6 +14041,12 @@ components: type: string ValidationStrategy: $ref: '#/components/schemas/ValidationStrategy' + FolderArns: + minItems: 0 + maxItems: 10 + type: array + items: + type: string DashboardId: minLength: 1 pattern: ^[\w\-]+$ @@ -12879,97 +14112,106 @@ components: DesiredState: type: object properties: - Arn: + PhysicalTableMap: + $ref: '#/components/schemas/PhysicalTableMap' + CreatedTime: + format: string + description:

The time that this dataset was created.

type: string - description:

The Amazon Resource Name (ARN) of the resource.

- AwsAccountId: + FieldFolders: + $ref: '#/components/schemas/FieldFolderMap' + LastUpdatedTime: + format: string + description:

The last time that this dataset was updated.

type: string - maxLength: 12 - minLength: 12 - pattern: ^[0-9]{12}$ - ColumnGroups: - type: array - items: - $ref: '#/components/schemas/ColumnGroup' - maxItems: 8 - minItems: 1 - description:

Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.

- ColumnLevelPermissionRules: + DataSetId: + type: string + FolderArns: + minItems: 0 + maxItems: 10 + description:

When you create the dataset, Amazon QuickSight adds the dataset to these folders.

type: array items: - $ref: '#/components/schemas/ColumnLevelPermissionRule' - minItems: 1 - description: |- -

A set of one or more definitions of a - ColumnLevelPermissionRule - .

+ type: string ConsumedSpiceCapacityInBytes: - type: number default: 0 description: |-

The amount of SPICE capacity used by this dataset. This is 0 if the dataset isn't imported into SPICE.

- CreatedTime: - type: string - description:

The time that this dataset was created.

- format: string - DataSetId: - type: string + type: number + PerformanceConfiguration: + $ref: '#/components/schemas/PerformanceConfiguration' + RowLevelPermissionDataSet: + $ref: '#/components/schemas/RowLevelPermissionDataSet' DataSetRefreshProperties: $ref: '#/components/schemas/DataSetRefreshProperties' - DataSetUsageConfiguration: - $ref: '#/components/schemas/DataSetUsageConfiguration' - DatasetParameters: + RowLevelPermissionTagConfiguration: + $ref: '#/components/schemas/RowLevelPermissionTagConfiguration' + IngestionWaitPolicy: + $ref: '#/components/schemas/IngestionWaitPolicy' + ColumnLevelPermissionRules: + minItems: 1 + description: |- +

A set of one or more definitions of a + ColumnLevelPermissionRule + .

type: array items: - $ref: '#/components/schemas/DatasetParameter' - maxItems: 32 - minItems: 0 - description:

The parameter declarations of the dataset.

- FieldFolders: - $ref: '#/components/schemas/FieldFolderMap' + $ref: '#/components/schemas/ColumnLevelPermissionRule' + Name: + minLength: 1 + description:

The display name for the dataset.

+ type: string + maxLength: 128 + ColumnGroups: + minItems: 1 + maxItems: 8 + description:

Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.

+ type: array + items: + $ref: '#/components/schemas/ColumnGroup' ImportMode: $ref: '#/components/schemas/DataSetImportMode' - LastUpdatedTime: - type: string - description:

The last time that this dataset was updated.

- format: string + DatasetParameters: + minItems: 0 + maxItems: 32 + description:

The parameter declarations of the dataset.

+ type: array + items: + $ref: '#/components/schemas/DatasetParameter' LogicalTableMap: $ref: '#/components/schemas/LogicalTableMap' - Name: + AwsAccountId: + minLength: 12 + pattern: ^[0-9]{12}$ type: string - maxLength: 128 - minLength: 1 - description:

The display name for the dataset.

- OutputColumns: + maxLength: 12 + DataSetUsageConfiguration: + $ref: '#/components/schemas/DataSetUsageConfiguration' + Permissions: + minItems: 1 + maxItems: 64 + description:

A list of resource permissions on the dataset.

type: array items: - $ref: '#/components/schemas/OutputColumn' + $ref: '#/components/schemas/ResourcePermission' + OutputColumns: description: |-

The list of columns after all transforms. These columns are available in templates, analyses, and dashboards.

- Permissions: type: array items: - $ref: '#/components/schemas/ResourcePermission' - maxItems: 64 - minItems: 1 - description:

A list of resource permissions on the dataset.

- PhysicalTableMap: - $ref: '#/components/schemas/PhysicalTableMap' - RowLevelPermissionDataSet: - $ref: '#/components/schemas/RowLevelPermissionDataSet' - RowLevelPermissionTagConfiguration: - $ref: '#/components/schemas/RowLevelPermissionTagConfiguration' + $ref: '#/components/schemas/OutputColumn' + Arn: + description:

The Amazon Resource Name (ARN) of the resource.

+ type: string Tags: + minItems: 1 + maxItems: 200 + description:

Contains a map of the key-value pairs for the resource tag or tags assigned to the dataset.

type: array items: $ref: '#/components/schemas/Tag' - maxItems: 200 - minItems: 1 - description:

Contains a map of the key-value pairs for the resource tag or tags assigned to the dataset.

- IngestionWaitPolicy: - $ref: '#/components/schemas/IngestionWaitPolicy' x-stackQL-stringOnly: true x-title: CreateDataSetRequest type: object @@ -13005,7 +14247,79 @@ components: are automatically allowed.

Arn: type: string - description:

The Amazon Resource Name (ARN) of the data source.

+ description:

The Amazon Resource Name (ARN) of the data source.

+ AwsAccountId: + type: string + maxLength: 12 + minLength: 12 + pattern: ^[0-9]{12}$ + CreatedTime: + type: string + description:

The time that this data source was created.

+ format: date-time + Credentials: + $ref: '#/components/schemas/DataSourceCredentials' + DataSourceId: + type: string + DataSourceParameters: + $ref: '#/components/schemas/DataSourceParameters' + ErrorInfo: + $ref: '#/components/schemas/DataSourceErrorInfo' + FolderArns: + type: array + items: + type: string + maxItems: 10 + minItems: 0 + LastUpdatedTime: + type: string + description:

The last time that this data source was updated.

+ format: date-time + Name: + type: string + maxLength: 128 + minLength: 1 + Permissions: + type: array + items: + $ref: '#/components/schemas/ResourcePermission' + maxItems: 64 + minItems: 1 + SslProperties: + $ref: '#/components/schemas/SslProperties' + Status: + $ref: '#/components/schemas/ResourceStatus' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 1 + Type: + $ref: '#/components/schemas/DataSourceType' + VpcConnectionProperties: + $ref: '#/components/schemas/VpcConnectionProperties' + x-stackQL-stringOnly: true + x-title: CreateDataSourceRequest + type: object + required: [] + CreateFolderRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + description:

The Amazon Resource Name (ARN) for the folder.

+ pattern: ^arn:.* AwsAccountId: type: string maxLength: 12 @@ -13013,46 +14327,43 @@ components: pattern: ^[0-9]{12}$ CreatedTime: type: string - description:

The time that this data source was created.

+ description:

The time that the folder was created.

format: date-time - Credentials: - $ref: '#/components/schemas/DataSourceCredentials' - DataSourceId: + FolderId: type: string - DataSourceParameters: - $ref: '#/components/schemas/DataSourceParameters' - ErrorInfo: - $ref: '#/components/schemas/DataSourceErrorInfo' + maxLength: 2048 + minLength: 1 + pattern: ^[\w\-]+$ + FolderType: + $ref: '#/components/schemas/FolderType' LastUpdatedTime: type: string - description:

The last time that this data source was updated.

+ description:

The time that the folder was last updated.

format: date-time Name: type: string - maxLength: 128 + maxLength: 200 minLength: 1 + ParentFolderArn: + type: string Permissions: type: array items: $ref: '#/components/schemas/ResourcePermission' maxItems: 64 minItems: 1 - SslProperties: - $ref: '#/components/schemas/SslProperties' - Status: - $ref: '#/components/schemas/ResourceStatus' + x-insertionOrder: false + SharingModel: + $ref: '#/components/schemas/SharingModel' Tags: type: array items: $ref: '#/components/schemas/Tag' maxItems: 200 minItems: 1 - Type: - $ref: '#/components/schemas/DataSourceType' - VpcConnectionProperties: - $ref: '#/components/schemas/VpcConnectionProperties' + x-insertionOrder: false x-stackQL-stringOnly: true - x-title: CreateDataSourceRequest + x-title: CreateFolderRequest type: object required: [] CreateRefreshScheduleRequest: @@ -13434,6 +14745,7 @@ components: JSON_EXTRACT(Properties, '$.Definition') as definition, JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, JSON_EXTRACT(Properties, '$.ValidationStrategy') as validation_strategy, + JSON_EXTRACT(Properties, '$.FolderArns') as folder_arns, JSON_EXTRACT(Properties, '$.Name') as name, JSON_EXTRACT(Properties, '$.Errors') as errors, JSON_EXTRACT(Properties, '$.AnalysisId') as analysis_id, @@ -13459,6 +14771,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Definition') as definition, JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, JSON_EXTRACT(detail.Properties, '$.ValidationStrategy') as validation_strategy, + JSON_EXTRACT(detail.Properties, '$.FolderArns') as folder_arns, JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.Errors') as errors, JSON_EXTRACT(detail.Properties, '$.AnalysisId') as analysis_id, @@ -13489,54 +14802,287 @@ components: json_extract_path_text(Properties, 'Definition') as definition, json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, json_extract_path_text(Properties, 'ValidationStrategy') as validation_strategy, + json_extract_path_text(Properties, 'FolderArns') as folder_arns, json_extract_path_text(Properties, 'Name') as name, json_extract_path_text(Properties, 'Errors') as errors, json_extract_path_text(Properties, 'AnalysisId') as analysis_id, json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, json_extract_path_text(Properties, 'Permissions') as permissions, json_extract_path_text(Properties, 'Arn') as arn, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'Sheets') as sheets - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Analysis' - AND data__Identifier = '|' + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Sheets') as sheets + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Analysis' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'CreatedTime') as created_time, + json_extract_path_text(detail.Properties, 'Parameters') as parameters, + json_extract_path_text(detail.Properties, 'DataSetArns') as data_set_arns, + json_extract_path_text(detail.Properties, 'SourceEntity') as source_entity, + json_extract_path_text(detail.Properties, 'ThemeArn') as theme_arn, + json_extract_path_text(detail.Properties, 'Definition') as definition, + json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(detail.Properties, 'ValidationStrategy') as validation_strategy, + json_extract_path_text(detail.Properties, 'FolderArns') as folder_arns, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Errors') as errors, + json_extract_path_text(detail.Properties, 'AnalysisId') as analysis_id, + json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(detail.Properties, 'Permissions') as permissions, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Sheets') as sheets + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::QuickSight::Analysis' + AND detail.data__TypeName = 'AWS::QuickSight::Analysis' + AND listing.region = 'us-east-1' + analyses_list_only: + name: analyses_list_only + id: aws.quicksight.analyses_list_only + x-cfn-schema-name: Analysis + x-cfn-type-name: AWS::QuickSight::Analysis + x-identifiers: + - AnalysisId + - AwsAccountId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AnalysisId') as analysis_id, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Analysis' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AnalysisId') as analysis_id, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Analysis' + AND region = 'us-east-1' + analysis_tags: + name: analysis_tags + id: aws.quicksight.analysis_tags + x-cfn-schema-name: Analysis + x-cfn-type-name: AWS::QuickSight::Analysis + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(detail.Properties, '$.Parameters') as parameters, + JSON_EXTRACT(detail.Properties, '$.DataSetArns') as data_set_arns, + JSON_EXTRACT(detail.Properties, '$.SourceEntity') as source_entity, + JSON_EXTRACT(detail.Properties, '$.ThemeArn') as theme_arn, + JSON_EXTRACT(detail.Properties, '$.Definition') as definition, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(detail.Properties, '$.ValidationStrategy') as validation_strategy, + JSON_EXTRACT(detail.Properties, '$.FolderArns') as folder_arns, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Errors') as errors, + JSON_EXTRACT(detail.Properties, '$.AnalysisId') as analysis_id, + JSON_EXTRACT(detail.Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(detail.Properties, '$.Permissions') as permissions, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Sheets') as sheets + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::QuickSight::Analysis' + AND detail.data__TypeName = 'AWS::QuickSight::Analysis' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'CreatedTime') as created_time, + json_extract_path_text(detail.Properties, 'Parameters') as parameters, + json_extract_path_text(detail.Properties, 'DataSetArns') as data_set_arns, + json_extract_path_text(detail.Properties, 'SourceEntity') as source_entity, + json_extract_path_text(detail.Properties, 'ThemeArn') as theme_arn, + json_extract_path_text(detail.Properties, 'Definition') as definition, + json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(detail.Properties, 'ValidationStrategy') as validation_strategy, + json_extract_path_text(detail.Properties, 'FolderArns') as folder_arns, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Errors') as errors, + json_extract_path_text(detail.Properties, 'AnalysisId') as analysis_id, + json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(detail.Properties, 'Permissions') as permissions, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Sheets') as sheets + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::QuickSight::Analysis' + AND detail.data__TypeName = 'AWS::QuickSight::Analysis' + AND listing.region = 'us-east-1' + custom_permissions: + name: custom_permissions + id: aws.quicksight.custom_permissions + x-cfn-schema-name: CustomPermissions + x-cfn-type-name: AWS::QuickSight::CustomPermissions + x-identifiers: + - AwsAccountId + - CustomPermissionsName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__CustomPermissions&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::QuickSight::CustomPermissions" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::QuickSight::CustomPermissions" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::QuickSight::CustomPermissions" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/custom_permissions/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/custom_permissions/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/custom_permissions/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.Capabilities') as capabilities, + JSON_EXTRACT(Properties, '$.CustomPermissionsName') as custom_permissions_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::CustomPermissions' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(detail.Properties, '$.Capabilities') as capabilities, + JSON_EXTRACT(detail.Properties, '$.CustomPermissionsName') as custom_permissions_name, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::QuickSight::CustomPermissions' + AND detail.data__TypeName = 'AWS::QuickSight::CustomPermissions' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'Capabilities') as capabilities, + json_extract_path_text(Properties, 'CustomPermissionsName') as custom_permissions_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::CustomPermissions' + AND data__Identifier = '|' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Status') as status, - json_extract_path_text(detail.Properties, 'CreatedTime') as created_time, - json_extract_path_text(detail.Properties, 'Parameters') as parameters, - json_extract_path_text(detail.Properties, 'DataSetArns') as data_set_arns, - json_extract_path_text(detail.Properties, 'SourceEntity') as source_entity, - json_extract_path_text(detail.Properties, 'ThemeArn') as theme_arn, - json_extract_path_text(detail.Properties, 'Definition') as definition, - json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, - json_extract_path_text(detail.Properties, 'ValidationStrategy') as validation_strategy, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Errors') as errors, - json_extract_path_text(detail.Properties, 'AnalysisId') as analysis_id, - json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, - json_extract_path_text(detail.Properties, 'Permissions') as permissions, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'Sheets') as sheets + json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(detail.Properties, 'Capabilities') as capabilities, + json_extract_path_text(detail.Properties, 'CustomPermissionsName') as custom_permissions_name, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::QuickSight::Analysis' - AND detail.data__TypeName = 'AWS::QuickSight::Analysis' + WHERE listing.data__TypeName = 'AWS::QuickSight::CustomPermissions' + AND detail.data__TypeName = 'AWS::QuickSight::CustomPermissions' AND listing.region = 'us-east-1' - analyses_list_only: - name: analyses_list_only - id: aws.quicksight.analyses_list_only - x-cfn-schema-name: Analysis - x-cfn-type-name: AWS::QuickSight::Analysis + custom_permissions_list_only: + name: custom_permissions_list_only + id: aws.quicksight.custom_permissions_list_only + x-cfn-schema-name: CustomPermissions + x-cfn-type-name: AWS::QuickSight::CustomPermissions x-identifiers: - - AnalysisId - AwsAccountId + - CustomPermissionsName x-type: cloud_control_view methods: {} sqlVerbs: @@ -13550,24 +15096,24 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.AnalysisId') as analysis_id, - JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Analysis' + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.CustomPermissionsName') as custom_permissions_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::CustomPermissions' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'AnalysisId') as analysis_id, - json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Analysis' + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'CustomPermissionsName') as custom_permissions_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::CustomPermissions' AND region = 'us-east-1' - analysis_tags: - name: analysis_tags - id: aws.quicksight.analysis_tags - x-cfn-schema-name: Analysis - x-cfn-type-name: AWS::QuickSight::Analysis + custom_permissions_tags: + name: custom_permissions_tags + id: aws.quicksight.custom_permissions_tags + x-cfn-schema-name: CustomPermissions + x-cfn-type-name: AWS::QuickSight::CustomPermissions x-type: cloud_control_view methods: {} sqlVerbs: @@ -13583,29 +15129,17 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Status') as status, - JSON_EXTRACT(detail.Properties, '$.CreatedTime') as created_time, - JSON_EXTRACT(detail.Properties, '$.Parameters') as parameters, - JSON_EXTRACT(detail.Properties, '$.DataSetArns') as data_set_arns, - JSON_EXTRACT(detail.Properties, '$.SourceEntity') as source_entity, - JSON_EXTRACT(detail.Properties, '$.ThemeArn') as theme_arn, - JSON_EXTRACT(detail.Properties, '$.Definition') as definition, - JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, - JSON_EXTRACT(detail.Properties, '$.ValidationStrategy') as validation_strategy, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Errors') as errors, - JSON_EXTRACT(detail.Properties, '$.AnalysisId') as analysis_id, - JSON_EXTRACT(detail.Properties, '$.AwsAccountId') as aws_account_id, - JSON_EXTRACT(detail.Properties, '$.Permissions') as permissions, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.Sheets') as sheets + JSON_EXTRACT(detail.Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(detail.Properties, '$.Capabilities') as capabilities, + JSON_EXTRACT(detail.Properties, '$.CustomPermissionsName') as custom_permissions_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::QuickSight::Analysis' - AND detail.data__TypeName = 'AWS::QuickSight::Analysis' + WHERE listing.data__TypeName = 'AWS::QuickSight::CustomPermissions' + AND detail.data__TypeName = 'AWS::QuickSight::CustomPermissions' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -13614,29 +15148,17 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Status') as status, - json_extract_path_text(detail.Properties, 'CreatedTime') as created_time, - json_extract_path_text(detail.Properties, 'Parameters') as parameters, - json_extract_path_text(detail.Properties, 'DataSetArns') as data_set_arns, - json_extract_path_text(detail.Properties, 'SourceEntity') as source_entity, - json_extract_path_text(detail.Properties, 'ThemeArn') as theme_arn, - json_extract_path_text(detail.Properties, 'Definition') as definition, - json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, - json_extract_path_text(detail.Properties, 'ValidationStrategy') as validation_strategy, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Errors') as errors, - json_extract_path_text(detail.Properties, 'AnalysisId') as analysis_id, - json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, - json_extract_path_text(detail.Properties, 'Permissions') as permissions, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'Sheets') as sheets + json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(detail.Properties, 'Capabilities') as capabilities, + json_extract_path_text(detail.Properties, 'CustomPermissionsName') as custom_permissions_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::QuickSight::Analysis' - AND detail.data__TypeName = 'AWS::QuickSight::Analysis' + WHERE listing.data__TypeName = 'AWS::QuickSight::CustomPermissions' + AND detail.data__TypeName = 'AWS::QuickSight::CustomPermissions' AND listing.region = 'us-east-1' dashboards: name: dashboards @@ -13710,6 +15232,7 @@ components: JSON_EXTRACT(Properties, '$.Definition') as definition, JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, JSON_EXTRACT(Properties, '$.ValidationStrategy') as validation_strategy, + JSON_EXTRACT(Properties, '$.FolderArns') as folder_arns, JSON_EXTRACT(Properties, '$.DashboardId') as dashboard_id, JSON_EXTRACT(Properties, '$.LinkSharingConfiguration') as link_sharing_configuration, JSON_EXTRACT(Properties, '$.Name') as name, @@ -13737,6 +15260,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Definition') as definition, JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, JSON_EXTRACT(detail.Properties, '$.ValidationStrategy') as validation_strategy, + JSON_EXTRACT(detail.Properties, '$.FolderArns') as folder_arns, JSON_EXTRACT(detail.Properties, '$.DashboardId') as dashboard_id, JSON_EXTRACT(detail.Properties, '$.LinkSharingConfiguration') as link_sharing_configuration, JSON_EXTRACT(detail.Properties, '$.Name') as name, @@ -13769,6 +15293,7 @@ components: json_extract_path_text(Properties, 'Definition') as definition, json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, json_extract_path_text(Properties, 'ValidationStrategy') as validation_strategy, + json_extract_path_text(Properties, 'FolderArns') as folder_arns, json_extract_path_text(Properties, 'DashboardId') as dashboard_id, json_extract_path_text(Properties, 'LinkSharingConfiguration') as link_sharing_configuration, json_extract_path_text(Properties, 'Name') as name, @@ -13796,6 +15321,7 @@ components: json_extract_path_text(detail.Properties, 'Definition') as definition, json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, json_extract_path_text(detail.Properties, 'ValidationStrategy') as validation_strategy, + json_extract_path_text(detail.Properties, 'FolderArns') as folder_arns, json_extract_path_text(detail.Properties, 'DashboardId') as dashboard_id, json_extract_path_text(detail.Properties, 'LinkSharingConfiguration') as link_sharing_configuration, json_extract_path_text(detail.Properties, 'Name') as name, @@ -13876,6 +15402,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Definition') as definition, JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, JSON_EXTRACT(detail.Properties, '$.ValidationStrategy') as validation_strategy, + JSON_EXTRACT(detail.Properties, '$.FolderArns') as folder_arns, JSON_EXTRACT(detail.Properties, '$.DashboardId') as dashboard_id, JSON_EXTRACT(detail.Properties, '$.LinkSharingConfiguration') as link_sharing_configuration, JSON_EXTRACT(detail.Properties, '$.Name') as name, @@ -13909,6 +15436,7 @@ components: json_extract_path_text(detail.Properties, 'Definition') as definition, json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, json_extract_path_text(detail.Properties, 'ValidationStrategy') as validation_strategy, + json_extract_path_text(detail.Properties, 'FolderArns') as folder_arns, json_extract_path_text(detail.Properties, 'DashboardId') as dashboard_id, json_extract_path_text(detail.Properties, 'LinkSharingConfiguration') as link_sharing_configuration, json_extract_path_text(detail.Properties, 'Name') as name, @@ -13991,28 +15519,30 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Arn') as arn, - JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, - JSON_EXTRACT(Properties, '$.ColumnGroups') as column_groups, - JSON_EXTRACT(Properties, '$.ColumnLevelPermissionRules') as column_level_permission_rules, - JSON_EXTRACT(Properties, '$.ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + JSON_EXTRACT(Properties, '$.PhysicalTableMap') as physical_table_map, JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.FieldFolders') as field_folders, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, JSON_EXTRACT(Properties, '$.DataSetId') as data_set_id, + JSON_EXTRACT(Properties, '$.FolderArns') as folder_arns, + JSON_EXTRACT(Properties, '$.ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + JSON_EXTRACT(Properties, '$.PerformanceConfiguration') as performance_configuration, + JSON_EXTRACT(Properties, '$.RowLevelPermissionDataSet') as row_level_permission_data_set, JSON_EXTRACT(Properties, '$.DataSetRefreshProperties') as data_set_refresh_properties, - JSON_EXTRACT(Properties, '$.DataSetUsageConfiguration') as data_set_usage_configuration, - JSON_EXTRACT(Properties, '$.DatasetParameters') as dataset_parameters, - JSON_EXTRACT(Properties, '$.FieldFolders') as field_folders, + JSON_EXTRACT(Properties, '$.RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, + JSON_EXTRACT(Properties, '$.IngestionWaitPolicy') as ingestion_wait_policy, + JSON_EXTRACT(Properties, '$.ColumnLevelPermissionRules') as column_level_permission_rules, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ColumnGroups') as column_groups, JSON_EXTRACT(Properties, '$.ImportMode') as import_mode, - JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.DatasetParameters') as dataset_parameters, JSON_EXTRACT(Properties, '$.LogicalTableMap') as logical_table_map, - JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.OutputColumns') as output_columns, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.DataSetUsageConfiguration') as data_set_usage_configuration, JSON_EXTRACT(Properties, '$.Permissions') as permissions, - JSON_EXTRACT(Properties, '$.PhysicalTableMap') as physical_table_map, - JSON_EXTRACT(Properties, '$.RowLevelPermissionDataSet') as row_level_permission_data_set, - JSON_EXTRACT(Properties, '$.RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.IngestionWaitPolicy') as ingestion_wait_policy + JSON_EXTRACT(Properties, '$.OutputColumns') as output_columns, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::DataSet' AND data__Identifier = '|' AND region = 'us-east-1' @@ -14021,28 +15551,30 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.AwsAccountId') as aws_account_id, - JSON_EXTRACT(detail.Properties, '$.ColumnGroups') as column_groups, - JSON_EXTRACT(detail.Properties, '$.ColumnLevelPermissionRules') as column_level_permission_rules, - JSON_EXTRACT(detail.Properties, '$.ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + JSON_EXTRACT(detail.Properties, '$.PhysicalTableMap') as physical_table_map, JSON_EXTRACT(detail.Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(detail.Properties, '$.FieldFolders') as field_folders, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, JSON_EXTRACT(detail.Properties, '$.DataSetId') as data_set_id, + JSON_EXTRACT(detail.Properties, '$.FolderArns') as folder_arns, + JSON_EXTRACT(detail.Properties, '$.ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + JSON_EXTRACT(detail.Properties, '$.PerformanceConfiguration') as performance_configuration, + JSON_EXTRACT(detail.Properties, '$.RowLevelPermissionDataSet') as row_level_permission_data_set, JSON_EXTRACT(detail.Properties, '$.DataSetRefreshProperties') as data_set_refresh_properties, - JSON_EXTRACT(detail.Properties, '$.DataSetUsageConfiguration') as data_set_usage_configuration, - JSON_EXTRACT(detail.Properties, '$.DatasetParameters') as dataset_parameters, - JSON_EXTRACT(detail.Properties, '$.FieldFolders') as field_folders, + JSON_EXTRACT(detail.Properties, '$.RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, + JSON_EXTRACT(detail.Properties, '$.IngestionWaitPolicy') as ingestion_wait_policy, + JSON_EXTRACT(detail.Properties, '$.ColumnLevelPermissionRules') as column_level_permission_rules, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ColumnGroups') as column_groups, JSON_EXTRACT(detail.Properties, '$.ImportMode') as import_mode, - JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(detail.Properties, '$.DatasetParameters') as dataset_parameters, JSON_EXTRACT(detail.Properties, '$.LogicalTableMap') as logical_table_map, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.OutputColumns') as output_columns, + JSON_EXTRACT(detail.Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(detail.Properties, '$.DataSetUsageConfiguration') as data_set_usage_configuration, JSON_EXTRACT(detail.Properties, '$.Permissions') as permissions, - JSON_EXTRACT(detail.Properties, '$.PhysicalTableMap') as physical_table_map, - JSON_EXTRACT(detail.Properties, '$.RowLevelPermissionDataSet') as row_level_permission_data_set, - JSON_EXTRACT(detail.Properties, '$.RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.IngestionWaitPolicy') as ingestion_wait_policy + JSON_EXTRACT(detail.Properties, '$.OutputColumns') as output_columns, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -14056,28 +15588,30 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Arn') as arn, - json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, - json_extract_path_text(Properties, 'ColumnGroups') as column_groups, - json_extract_path_text(Properties, 'ColumnLevelPermissionRules') as column_level_permission_rules, - json_extract_path_text(Properties, 'ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + json_extract_path_text(Properties, 'PhysicalTableMap') as physical_table_map, json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'FieldFolders') as field_folders, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, json_extract_path_text(Properties, 'DataSetId') as data_set_id, + json_extract_path_text(Properties, 'FolderArns') as folder_arns, + json_extract_path_text(Properties, 'ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + json_extract_path_text(Properties, 'PerformanceConfiguration') as performance_configuration, + json_extract_path_text(Properties, 'RowLevelPermissionDataSet') as row_level_permission_data_set, json_extract_path_text(Properties, 'DataSetRefreshProperties') as data_set_refresh_properties, - json_extract_path_text(Properties, 'DataSetUsageConfiguration') as data_set_usage_configuration, - json_extract_path_text(Properties, 'DatasetParameters') as dataset_parameters, - json_extract_path_text(Properties, 'FieldFolders') as field_folders, + json_extract_path_text(Properties, 'RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, + json_extract_path_text(Properties, 'IngestionWaitPolicy') as ingestion_wait_policy, + json_extract_path_text(Properties, 'ColumnLevelPermissionRules') as column_level_permission_rules, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ColumnGroups') as column_groups, json_extract_path_text(Properties, 'ImportMode') as import_mode, - json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'DatasetParameters') as dataset_parameters, json_extract_path_text(Properties, 'LogicalTableMap') as logical_table_map, - json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'OutputColumns') as output_columns, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'DataSetUsageConfiguration') as data_set_usage_configuration, json_extract_path_text(Properties, 'Permissions') as permissions, - json_extract_path_text(Properties, 'PhysicalTableMap') as physical_table_map, - json_extract_path_text(Properties, 'RowLevelPermissionDataSet') as row_level_permission_data_set, - json_extract_path_text(Properties, 'RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'IngestionWaitPolicy') as ingestion_wait_policy + json_extract_path_text(Properties, 'OutputColumns') as output_columns, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::DataSet' AND data__Identifier = '|' AND region = 'us-east-1' @@ -14086,28 +15620,30 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, - json_extract_path_text(detail.Properties, 'ColumnGroups') as column_groups, - json_extract_path_text(detail.Properties, 'ColumnLevelPermissionRules') as column_level_permission_rules, - json_extract_path_text(detail.Properties, 'ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + json_extract_path_text(detail.Properties, 'PhysicalTableMap') as physical_table_map, json_extract_path_text(detail.Properties, 'CreatedTime') as created_time, + json_extract_path_text(detail.Properties, 'FieldFolders') as field_folders, + json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, json_extract_path_text(detail.Properties, 'DataSetId') as data_set_id, + json_extract_path_text(detail.Properties, 'FolderArns') as folder_arns, + json_extract_path_text(detail.Properties, 'ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + json_extract_path_text(detail.Properties, 'PerformanceConfiguration') as performance_configuration, + json_extract_path_text(detail.Properties, 'RowLevelPermissionDataSet') as row_level_permission_data_set, json_extract_path_text(detail.Properties, 'DataSetRefreshProperties') as data_set_refresh_properties, - json_extract_path_text(detail.Properties, 'DataSetUsageConfiguration') as data_set_usage_configuration, - json_extract_path_text(detail.Properties, 'DatasetParameters') as dataset_parameters, - json_extract_path_text(detail.Properties, 'FieldFolders') as field_folders, + json_extract_path_text(detail.Properties, 'RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, + json_extract_path_text(detail.Properties, 'IngestionWaitPolicy') as ingestion_wait_policy, + json_extract_path_text(detail.Properties, 'ColumnLevelPermissionRules') as column_level_permission_rules, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ColumnGroups') as column_groups, json_extract_path_text(detail.Properties, 'ImportMode') as import_mode, - json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(detail.Properties, 'DatasetParameters') as dataset_parameters, json_extract_path_text(detail.Properties, 'LogicalTableMap') as logical_table_map, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'OutputColumns') as output_columns, + json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(detail.Properties, 'DataSetUsageConfiguration') as data_set_usage_configuration, json_extract_path_text(detail.Properties, 'Permissions') as permissions, - json_extract_path_text(detail.Properties, 'PhysicalTableMap') as physical_table_map, - json_extract_path_text(detail.Properties, 'RowLevelPermissionDataSet') as row_level_permission_data_set, - json_extract_path_text(detail.Properties, 'RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'IngestionWaitPolicy') as ingestion_wait_policy + json_extract_path_text(detail.Properties, 'OutputColumns') as output_columns, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -14169,27 +15705,29 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.AwsAccountId') as aws_account_id, - JSON_EXTRACT(detail.Properties, '$.ColumnGroups') as column_groups, - JSON_EXTRACT(detail.Properties, '$.ColumnLevelPermissionRules') as column_level_permission_rules, - JSON_EXTRACT(detail.Properties, '$.ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + JSON_EXTRACT(detail.Properties, '$.PhysicalTableMap') as physical_table_map, JSON_EXTRACT(detail.Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(detail.Properties, '$.FieldFolders') as field_folders, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, JSON_EXTRACT(detail.Properties, '$.DataSetId') as data_set_id, + JSON_EXTRACT(detail.Properties, '$.FolderArns') as folder_arns, + JSON_EXTRACT(detail.Properties, '$.ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + JSON_EXTRACT(detail.Properties, '$.PerformanceConfiguration') as performance_configuration, + JSON_EXTRACT(detail.Properties, '$.RowLevelPermissionDataSet') as row_level_permission_data_set, JSON_EXTRACT(detail.Properties, '$.DataSetRefreshProperties') as data_set_refresh_properties, - JSON_EXTRACT(detail.Properties, '$.DataSetUsageConfiguration') as data_set_usage_configuration, - JSON_EXTRACT(detail.Properties, '$.DatasetParameters') as dataset_parameters, - JSON_EXTRACT(detail.Properties, '$.FieldFolders') as field_folders, + JSON_EXTRACT(detail.Properties, '$.RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, + JSON_EXTRACT(detail.Properties, '$.IngestionWaitPolicy') as ingestion_wait_policy, + JSON_EXTRACT(detail.Properties, '$.ColumnLevelPermissionRules') as column_level_permission_rules, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ColumnGroups') as column_groups, JSON_EXTRACT(detail.Properties, '$.ImportMode') as import_mode, - JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(detail.Properties, '$.DatasetParameters') as dataset_parameters, JSON_EXTRACT(detail.Properties, '$.LogicalTableMap') as logical_table_map, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.OutputColumns') as output_columns, + JSON_EXTRACT(detail.Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(detail.Properties, '$.DataSetUsageConfiguration') as data_set_usage_configuration, JSON_EXTRACT(detail.Properties, '$.Permissions') as permissions, - JSON_EXTRACT(detail.Properties, '$.PhysicalTableMap') as physical_table_map, - JSON_EXTRACT(detail.Properties, '$.RowLevelPermissionDataSet') as row_level_permission_data_set, - JSON_EXTRACT(detail.Properties, '$.RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, - JSON_EXTRACT(detail.Properties, '$.IngestionWaitPolicy') as ingestion_wait_policy + JSON_EXTRACT(detail.Properties, '$.OutputColumns') as output_columns, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -14205,27 +15743,29 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, - json_extract_path_text(detail.Properties, 'ColumnGroups') as column_groups, - json_extract_path_text(detail.Properties, 'ColumnLevelPermissionRules') as column_level_permission_rules, - json_extract_path_text(detail.Properties, 'ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + json_extract_path_text(detail.Properties, 'PhysicalTableMap') as physical_table_map, json_extract_path_text(detail.Properties, 'CreatedTime') as created_time, + json_extract_path_text(detail.Properties, 'FieldFolders') as field_folders, + json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, json_extract_path_text(detail.Properties, 'DataSetId') as data_set_id, + json_extract_path_text(detail.Properties, 'FolderArns') as folder_arns, + json_extract_path_text(detail.Properties, 'ConsumedSpiceCapacityInBytes') as consumed_spice_capacity_in_bytes, + json_extract_path_text(detail.Properties, 'PerformanceConfiguration') as performance_configuration, + json_extract_path_text(detail.Properties, 'RowLevelPermissionDataSet') as row_level_permission_data_set, json_extract_path_text(detail.Properties, 'DataSetRefreshProperties') as data_set_refresh_properties, - json_extract_path_text(detail.Properties, 'DataSetUsageConfiguration') as data_set_usage_configuration, - json_extract_path_text(detail.Properties, 'DatasetParameters') as dataset_parameters, - json_extract_path_text(detail.Properties, 'FieldFolders') as field_folders, + json_extract_path_text(detail.Properties, 'RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, + json_extract_path_text(detail.Properties, 'IngestionWaitPolicy') as ingestion_wait_policy, + json_extract_path_text(detail.Properties, 'ColumnLevelPermissionRules') as column_level_permission_rules, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ColumnGroups') as column_groups, json_extract_path_text(detail.Properties, 'ImportMode') as import_mode, - json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(detail.Properties, 'DatasetParameters') as dataset_parameters, json_extract_path_text(detail.Properties, 'LogicalTableMap') as logical_table_map, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'OutputColumns') as output_columns, + json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(detail.Properties, 'DataSetUsageConfiguration') as data_set_usage_configuration, json_extract_path_text(detail.Properties, 'Permissions') as permissions, - json_extract_path_text(detail.Properties, 'PhysicalTableMap') as physical_table_map, - json_extract_path_text(detail.Properties, 'RowLevelPermissionDataSet') as row_level_permission_data_set, - json_extract_path_text(detail.Properties, 'RowLevelPermissionTagConfiguration') as row_level_permission_tag_configuration, - json_extract_path_text(detail.Properties, 'IngestionWaitPolicy') as ingestion_wait_policy + json_extract_path_text(detail.Properties, 'OutputColumns') as output_columns, + json_extract_path_text(detail.Properties, 'Arn') as arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -14306,6 +15846,7 @@ components: JSON_EXTRACT(Properties, '$.DataSourceId') as data_source_id, JSON_EXTRACT(Properties, '$.DataSourceParameters') as data_source_parameters, JSON_EXTRACT(Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(Properties, '$.FolderArns') as folder_arns, JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, JSON_EXTRACT(Properties, '$.Name') as name, JSON_EXTRACT(Properties, '$.Permissions') as permissions, @@ -14330,6 +15871,7 @@ components: JSON_EXTRACT(detail.Properties, '$.DataSourceId') as data_source_id, JSON_EXTRACT(detail.Properties, '$.DataSourceParameters') as data_source_parameters, JSON_EXTRACT(detail.Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(detail.Properties, '$.FolderArns') as folder_arns, JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.Permissions') as permissions, @@ -14359,6 +15901,7 @@ components: json_extract_path_text(Properties, 'DataSourceId') as data_source_id, json_extract_path_text(Properties, 'DataSourceParameters') as data_source_parameters, json_extract_path_text(Properties, 'ErrorInfo') as error_info, + json_extract_path_text(Properties, 'FolderArns') as folder_arns, json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, json_extract_path_text(Properties, 'Name') as name, json_extract_path_text(Properties, 'Permissions') as permissions, @@ -14383,6 +15926,7 @@ components: json_extract_path_text(detail.Properties, 'DataSourceId') as data_source_id, json_extract_path_text(detail.Properties, 'DataSourceParameters') as data_source_parameters, json_extract_path_text(detail.Properties, 'ErrorInfo') as error_info, + json_extract_path_text(detail.Properties, 'FolderArns') as folder_arns, json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'Permissions') as permissions, @@ -14460,6 +16004,7 @@ components: JSON_EXTRACT(detail.Properties, '$.DataSourceId') as data_source_id, JSON_EXTRACT(detail.Properties, '$.DataSourceParameters') as data_source_parameters, JSON_EXTRACT(detail.Properties, '$.ErrorInfo') as error_info, + JSON_EXTRACT(detail.Properties, '$.FolderArns') as folder_arns, JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.Permissions') as permissions, @@ -14490,6 +16035,7 @@ components: json_extract_path_text(detail.Properties, 'DataSourceId') as data_source_id, json_extract_path_text(detail.Properties, 'DataSourceParameters') as data_source_parameters, json_extract_path_text(detail.Properties, 'ErrorInfo') as error_info, + json_extract_path_text(detail.Properties, 'FolderArns') as folder_arns, json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'Permissions') as permissions, @@ -14505,6 +16051,247 @@ components: WHERE listing.data__TypeName = 'AWS::QuickSight::DataSource' AND detail.data__TypeName = 'AWS::QuickSight::DataSource' AND listing.region = 'us-east-1' + folders: + name: folders + id: aws.quicksight.folders + x-cfn-schema-name: Folder + x-cfn-type-name: AWS::QuickSight::Folder + x-identifiers: + - AwsAccountId + - FolderId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Folder&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::QuickSight::Folder" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::QuickSight::Folder" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::QuickSight::Folder" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/folders/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/folders/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/folders/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(Properties, '$.FolderId') as folder_id, + JSON_EXTRACT(Properties, '$.FolderType') as folder_type, + JSON_EXTRACT(Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ParentFolderArn') as parent_folder_arn, + JSON_EXTRACT(Properties, '$.Permissions') as permissions, + JSON_EXTRACT(Properties, '$.SharingModel') as sharing_model, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Folder' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(detail.Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(detail.Properties, '$.FolderId') as folder_id, + JSON_EXTRACT(detail.Properties, '$.FolderType') as folder_type, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ParentFolderArn') as parent_folder_arn, + JSON_EXTRACT(detail.Properties, '$.Permissions') as permissions, + JSON_EXTRACT(detail.Properties, '$.SharingModel') as sharing_model, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::QuickSight::Folder' + AND detail.data__TypeName = 'AWS::QuickSight::Folder' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'CreatedTime') as created_time, + json_extract_path_text(Properties, 'FolderId') as folder_id, + json_extract_path_text(Properties, 'FolderType') as folder_type, + json_extract_path_text(Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ParentFolderArn') as parent_folder_arn, + json_extract_path_text(Properties, 'Permissions') as permissions, + json_extract_path_text(Properties, 'SharingModel') as sharing_model, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::QuickSight::Folder' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(detail.Properties, 'CreatedTime') as created_time, + json_extract_path_text(detail.Properties, 'FolderId') as folder_id, + json_extract_path_text(detail.Properties, 'FolderType') as folder_type, + json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ParentFolderArn') as parent_folder_arn, + json_extract_path_text(detail.Properties, 'Permissions') as permissions, + json_extract_path_text(detail.Properties, 'SharingModel') as sharing_model, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::QuickSight::Folder' + AND detail.data__TypeName = 'AWS::QuickSight::Folder' + AND listing.region = 'us-east-1' + folders_list_only: + name: folders_list_only + id: aws.quicksight.folders_list_only + x-cfn-schema-name: Folder + x-cfn-type-name: AWS::QuickSight::Folder + x-identifiers: + - AwsAccountId + - FolderId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(Properties, '$.FolderId') as folder_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Folder' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(Properties, 'FolderId') as folder_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::QuickSight::Folder' + AND region = 'us-east-1' + folder_tags: + name: folder_tags + id: aws.quicksight.folder_tags + x-cfn-schema-name: Folder + x-cfn-type-name: AWS::QuickSight::Folder + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.AwsAccountId') as aws_account_id, + JSON_EXTRACT(detail.Properties, '$.CreatedTime') as created_time, + JSON_EXTRACT(detail.Properties, '$.FolderId') as folder_id, + JSON_EXTRACT(detail.Properties, '$.FolderType') as folder_type, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedTime') as last_updated_time, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ParentFolderArn') as parent_folder_arn, + JSON_EXTRACT(detail.Properties, '$.Permissions') as permissions, + JSON_EXTRACT(detail.Properties, '$.SharingModel') as sharing_model + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::QuickSight::Folder' + AND detail.data__TypeName = 'AWS::QuickSight::Folder' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'AwsAccountId') as aws_account_id, + json_extract_path_text(detail.Properties, 'CreatedTime') as created_time, + json_extract_path_text(detail.Properties, 'FolderId') as folder_id, + json_extract_path_text(detail.Properties, 'FolderType') as folder_type, + json_extract_path_text(detail.Properties, 'LastUpdatedTime') as last_updated_time, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ParentFolderArn') as parent_folder_arn, + json_extract_path_text(detail.Properties, 'Permissions') as permissions, + json_extract_path_text(detail.Properties, 'SharingModel') as sharing_model + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::QuickSight::Folder' + AND detail.data__TypeName = 'AWS::QuickSight::Folder' + AND listing.region = 'us-east-1' refresh_schedules: name: refresh_schedules id: aws.quicksight.refresh_schedules @@ -15777,6 +17564,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__CustomPermissions&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateCustomPermissions + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateCustomPermissionsRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Dashboard&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -15903,6 +17732,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Folder&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateFolder + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateFolderRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__RefreshSchedule&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/ram.yaml b/providers/src/aws/v00.00.00000/services/ram.yaml index 9227c75e..a1a8a75b 100644 --- a/providers/src/aws/v00.00.00000/services/ram.yaml +++ b/providers/src/aws/v00.00.00000/services/ram.yaml @@ -386,22 +386,19 @@ components: type: object schemas: Tag: + description: A key-value pair to associate with a resource. type: object - additionalProperties: false properties: Key: type: string description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' - minLength: 1 - maxLength: 128 Value: type: string description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' - minLength: 0 - maxLength: 256 required: - Key - Value + additionalProperties: false Permission: type: object properties: @@ -479,6 +476,106 @@ components: list: - ram:ListPermissions - ram:ListPermissionVersions + ResourceShare: + type: object + properties: + AllowExternalPrincipals: + description: Specifies whether principals outside your organization in AWS Organizations can be associated with a resource share. A value of `true` lets you share with individual AWS accounts that are not in your organization. A value of `false` only has meaning if your account is a member of an AWS Organization. The default value is `true`. + type: boolean + Arn: + type: string + Name: + description: Specifies the name of the resource share. + type: string + PermissionArns: + description: Specifies the [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) of the AWS RAM permission to associate with the resource share. If you do not specify an ARN for the permission, AWS RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share. + type: array + x-insertionOrder: false + items: + type: string + Principals: + description: |- + Specifies the principals to associate with the resource share. The possible values are: + + - An AWS account ID + + - An Amazon Resource Name (ARN) of an organization in AWS Organizations + + - An ARN of an organizational unit (OU) in AWS Organizations + + - An ARN of an IAM role + + - An ARN of an IAM user + type: array + x-insertionOrder: false + items: + type: string + ResourceArns: + description: Specifies a list of one or more ARNs of the resources to associate with the resource share. + type: array + x-insertionOrder: false + items: + type: string + Sources: + description: Specifies from which source accounts the service principal has access to the resources in this resource share. + type: array + x-insertionOrder: false + items: + type: string + Tags: + description: Specifies one or more tags to attach to the resource share itself. It doesn't attach the tags to the resources associated with the resource share. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - Name + x-stackql-resource-name: resource_share + description: Resource type definition for AWS::RAM::ResourceShare + x-type-name: AWS::RAM::ResourceShare + x-stackql-primary-identifier: + - Arn + x-write-only-properties: + - PermissionArns + - Principals + - ResourceArns + - Sources + x-read-only-properties: + - Arn + x-required-properties: + - Name + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - ram:TagResource + - ram:UntagResource + x-required-permissions: + create: + - ram:CreateResourceShare + - ram:TagResource + read: + - ram:GetResourceShares + update: + - ram:GetPermission + - ram:GetResourceShares + - ram:GetResourceShareAssociations + - ram:ListResourceSharePermissions + - ram:UpdateResourceShare + - ram:AssociateResourceSharePermission + - ram:AssociateResourceShare + - ram:DisassociateResourceShare + - ram:UntagResource + - ram:TagResource + delete: + - ram:DeleteResourceShare + - ram:GetResourceShares + list: + - ram:GetResourceShares CreatePermissionRequest: properties: ClientToken: @@ -521,6 +618,73 @@ components: x-title: CreatePermissionRequest type: object required: [] + CreateResourceShareRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AllowExternalPrincipals: + description: Specifies whether principals outside your organization in AWS Organizations can be associated with a resource share. A value of `true` lets you share with individual AWS accounts that are not in your organization. A value of `false` only has meaning if your account is a member of an AWS Organization. The default value is `true`. + type: boolean + Arn: + type: string + Name: + description: Specifies the name of the resource share. + type: string + PermissionArns: + description: Specifies the [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) of the AWS RAM permission to associate with the resource share. If you do not specify an ARN for the permission, AWS RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share. + type: array + x-insertionOrder: false + items: + type: string + Principals: + description: |- + Specifies the principals to associate with the resource share. The possible values are: + + - An AWS account ID + + - An Amazon Resource Name (ARN) of an organization in AWS Organizations + + - An ARN of an organizational unit (OU) in AWS Organizations + + - An ARN of an IAM role + + - An ARN of an IAM user + type: array + x-insertionOrder: false + items: + type: string + ResourceArns: + description: Specifies a list of one or more ARNs of the resources to associate with the resource share. + type: array + x-insertionOrder: false + items: + type: string + Sources: + description: Specifies from which source accounts the service principal has access to the resources in this resource share. + type: array + x-insertionOrder: false + items: + type: string + Tags: + description: Specifies one or more tags to attach to the resource share itself. It doesn't attach the tags to the resources associated with the resource share. + type: array + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateResourceShareRequest + type: object + required: [] securitySchemes: hmac: type: apiKey @@ -748,6 +912,225 @@ components: WHERE listing.data__TypeName = 'AWS::RAM::Permission' AND detail.data__TypeName = 'AWS::RAM::Permission' AND listing.region = 'us-east-1' + resource_shares: + name: resource_shares + id: aws.ram.resource_shares + x-cfn-schema-name: ResourceShare + x-cfn-type-name: AWS::RAM::ResourceShare + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ResourceShare&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::RAM::ResourceShare" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::RAM::ResourceShare" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::RAM::ResourceShare" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/resource_shares/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/resource_shares/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/resource_shares/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AllowExternalPrincipals') as allow_external_principals, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.PermissionArns') as permission_arns, + JSON_EXTRACT(Properties, '$.Principals') as principals, + JSON_EXTRACT(Properties, '$.ResourceArns') as resource_arns, + JSON_EXTRACT(Properties, '$.Sources') as sources, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RAM::ResourceShare' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AllowExternalPrincipals') as allow_external_principals, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.PermissionArns') as permission_arns, + JSON_EXTRACT(detail.Properties, '$.Principals') as principals, + JSON_EXTRACT(detail.Properties, '$.ResourceArns') as resource_arns, + JSON_EXTRACT(detail.Properties, '$.Sources') as sources, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::RAM::ResourceShare' + AND detail.data__TypeName = 'AWS::RAM::ResourceShare' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AllowExternalPrincipals') as allow_external_principals, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'PermissionArns') as permission_arns, + json_extract_path_text(Properties, 'Principals') as principals, + json_extract_path_text(Properties, 'ResourceArns') as resource_arns, + json_extract_path_text(Properties, 'Sources') as sources, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RAM::ResourceShare' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AllowExternalPrincipals') as allow_external_principals, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'PermissionArns') as permission_arns, + json_extract_path_text(detail.Properties, 'Principals') as principals, + json_extract_path_text(detail.Properties, 'ResourceArns') as resource_arns, + json_extract_path_text(detail.Properties, 'Sources') as sources, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::RAM::ResourceShare' + AND detail.data__TypeName = 'AWS::RAM::ResourceShare' + AND listing.region = 'us-east-1' + resource_shares_list_only: + name: resource_shares_list_only + id: aws.ram.resource_shares_list_only + x-cfn-schema-name: ResourceShare + x-cfn-type-name: AWS::RAM::ResourceShare + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RAM::ResourceShare' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RAM::ResourceShare' + AND region = 'us-east-1' + resource_share_tags: + name: resource_share_tags + id: aws.ram.resource_share_tags + x-cfn-schema-name: ResourceShare + x-cfn-type-name: AWS::RAM::ResourceShare + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AllowExternalPrincipals') as allow_external_principals, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.PermissionArns') as permission_arns, + JSON_EXTRACT(detail.Properties, '$.Principals') as principals, + JSON_EXTRACT(detail.Properties, '$.ResourceArns') as resource_arns, + JSON_EXTRACT(detail.Properties, '$.Sources') as sources + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::RAM::ResourceShare' + AND detail.data__TypeName = 'AWS::RAM::ResourceShare' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AllowExternalPrincipals') as allow_external_principals, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'PermissionArns') as permission_arns, + json_extract_path_text(detail.Properties, 'Principals') as principals, + json_extract_path_text(detail.Properties, 'ResourceArns') as resource_arns, + json_extract_path_text(detail.Properties, 'Sources') as sources + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::RAM::ResourceShare' + AND detail.data__TypeName = 'AWS::RAM::ResourceShare' + AND listing.region = 'us-east-1' paths: /?Action=CreateResource&Version=2021-09-30: parameters: @@ -933,6 +1316,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__ResourceShare&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResourceShare + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateResourceShareRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params diff --git a/providers/src/aws/v00.00.00000/services/rbin.yaml b/providers/src/aws/v00.00.00000/services/rbin.yaml new file mode 100644 index 00000000..ae253a3e --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/rbin.yaml @@ -0,0 +1,1090 @@ +openapi: 3.0.0 +info: + title: Rbin + version: 2.0.0 + x-serviceName: cloudcontrolapi +servers: + - url: https://cloudcontrolapi.{region}.amazonaws.com + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The CloudControlApi multi-region endpoint + - url: https://cloudcontrolapi.{region}.amazonaws.com.cn + variables: + region: + description: The AWS region + enum: + - cn-north-1 + - cn-northwest-1 + default: cn-north-1 + description: The CloudControlApi endpoint for China (Beijing) and China (Ningxia) +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + x-cloud-control-schemas: + AlreadyExistsException: {} + CancelResourceRequestInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: CancelResourceRequestInput + type: object + CancelResourceRequestOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + ClientToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + ClientTokenConflictException: {} + ConcurrentModificationException: {} + ConcurrentOperationException: {} + CreateResourceInput: + properties: + ClientToken: + type: string + DesiredState: + allOf: + - $ref: '#/components/x-cloud-control-schemas/Properties' + - description: >- +

Structured data format representing the desired state of the resource, consisting of that resource's properties and their desired values.

Cloud Control API currently supports JSON as a structured data format.

 
 <p>Specify the desired state as one of the following:</p> <ul> <li> <p>A JSON blob</p> </li> <li> <p>A local path containing the desired state in JSON data format</p>
+                </li> </ul> <p>For more information, see <a href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-create.html#resource-operations-create-desiredstate">Composing the desired state of the resource</a> in the <i>Amazon Web Services Cloud Control API User Guide</i>.</p> <p>For more information about the properties of a specific resource, refer to the related topic for the resource in the
+                <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Resource and property types reference</a> in the <i>CloudFormation Users Guide</i>.</p>
+ RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - DesiredState + title: CreateResourceInput + type: object + CreateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + DeleteResourceInput: + properties: + ClientToken: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - Identifier + title: DeleteResourceInput + type: object + DeleteResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + GeneralServiceException: {} + GetResourceInput: + properties: + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + required: + - TypeName + - Identifier + title: GetResourceInput + type: object + GetResourceOutput: + properties: + ResourceDescription: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + TypeName: + type: string + type: object + GetResourceRequestStatusInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: GetResourceRequestStatusInput + type: object + GetResourceRequestStatusOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + HandlerErrorCode: + enum: + - NotUpdatable + - InvalidRequest + - AccessDenied + - InvalidCredentials + - AlreadyExists + - NotFound + - ResourceConflict + - Throttling + - ServiceLimitExceeded + - NotStabilized + - GeneralServiceException + - ServiceInternalError + - ServiceTimeout + - NetworkFailure + - InternalFailure + type: string + HandlerFailureException: {} + HandlerInternalFailureException: {} + HandlerNextToken: + maxLength: 2048 + minLength: 1 + pattern: .+ + type: string + Identifier: + maxLength: 1024 + minLength: 1 + pattern: .+ + type: string + InvalidCredentialsException: {} + InvalidRequestException: {} + MaxResults: + maximum: 100 + minimum: 1 + type: integer + NetworkFailureException: {} + NextToken: + maxLength: 2048 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + NotStabilizedException: {} + NotUpdatableException: {} + Operation: + enum: + - CREATE + - DELETE + - UPDATE + type: string + OperationStatus: + enum: + - PENDING + - IN_PROGRESS + - SUCCESS + - FAILED + - CANCEL_IN_PROGRESS + - CANCEL_COMPLETE + type: string + OperationStatuses: + items: + $ref: '#/components/x-cloud-control-schemas/OperationStatus' + type: array + Operations: + items: + $ref: '#/components/x-cloud-control-schemas/Operation' + type: array + PatchDocument: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + PrivateTypeException: {} + ProgressEvent: + example: + ErrorCode: string + EventTime: number + Identifier: string + Operation: string + OperationStatus: string + RequestToken: string + ResourceModel: string + RetryAfter: number + StatusMessage: string + TypeName: string + properties: + ErrorCode: + type: string + EventTime: + type: number + Identifier: + type: string + Operation: + type: string + OperationStatus: + type: string + RequestToken: + type: string + ResourceModel: + type: string + RetryAfter: + type: number + StatusMessage: + type: string + TypeName: + type: string + type: object + Properties: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + RequestToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + RequestTokenNotFoundException: {} + ResourceConflictException: {} + ResourceDescription: + description: Represents information about a provisioned resource. + properties: + Identifier: + type: string + Properties: + type: string + type: object + ResourceDescriptions: + items: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + type: array + ResourceNotFoundException: {} + ResourceRequestStatusFilter: + description: The filter criteria to use in determining the requests returned. + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/OperationStatuses' + - description: >- +

The operation statuses to include in the filter.

  • PENDING: The operation has been requested, but not yet initiated.

  • IN_PROGRESS: The operation is in progress.

  • SUCCESS: The operation completed.

  • FAILED: The operation failed.

  • CANCEL_IN_PROGRESS: The operation is in the process of being canceled.

  • + CANCEL_COMPLETE: The operation has been canceled.

+ type: object + ResourceRequestStatusSummaries: + items: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: array + RoleArn: + maxLength: 2048 + minLength: 20 + pattern: arn:.+:iam::[0-9]{12}:role/.+ + type: string + ServiceInternalErrorException: {} + ServiceLimitExceededException: {} + StatusMessage: + maxLength: 1024 + minLength: 0 + pattern: '[\s\S]*' + type: string + ThrottlingException: {} + Timestamp: + format: date-time + type: string + TypeName: + maxLength: 196 + minLength: 10 + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}' + type: string + TypeNotFoundException: {} + TypeVersionId: + maxLength: 128 + minLength: 1 + pattern: '[A-Za-z0-9-]+' + type: string + UnsupportedActionException: {} + UpdateResourceInput: + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/PatchDocument' + required: + - Identifier + - PatchDocument + title: UpdateResourceInput + type: object + UpdateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + schemas: + Tag: + description: Metadata of a retention rule, consisting of a key-value pair. + type: object + additionalProperties: false + properties: + Key: + description: A unique identifier for the tag. + type: string + minLength: 1 + maxLength: 128 + Value: + description: String which you can use to describe or define the tag. + type: string + minLength: 0 + maxLength: 256 + required: + - Key + - Value + ResourceTag: + description: The resource tag of the rule. + type: object + properties: + ResourceTagKey: + description: The tag key of the resource. + type: string + minLength: 1 + maxLength: 128 + ResourceTagValue: + description: The tag value of the resource + type: string + minLength: 0 + maxLength: 256 + additionalProperties: false + required: + - ResourceTagKey + - ResourceTagValue + RetentionPeriod: + description: The retention period of the rule. + type: object + properties: + RetentionPeriodValue: + description: The retention period value of the rule. + type: integer + minimum: 1 + maximum: 3650 + RetentionPeriodUnit: + description: The retention period unit of the rule + type: string + enum: + - DAYS + additionalProperties: false + required: + - RetentionPeriodValue + - RetentionPeriodUnit + UnlockDelay: + type: object + properties: + UnlockDelayValue: + description: The unlock delay period, measured in the unit specified for UnlockDelayUnit. + type: integer + minimum: 7 + maximum: 30 + UnlockDelayUnit: + description: The unit of time in which to measure the unlock delay. Currently, the unlock delay can be measure only in days. + type: string + enum: + - DAYS + additionalProperties: false + Rule: + type: object + properties: + Arn: + description: Rule Arn is unique for each rule. + type: string + minLength: 0 + maxLength: 1011 + Identifier: + description: The unique ID of the retention rule. + type: string + pattern: '[0-9a-zA-Z]{11}' + Description: + description: The description of the retention rule. + type: string + maxLength: 255 + ResourceTags: + description: Information about the resource tags used to identify resources that are retained by the retention rule. + type: array + maxItems: 50 + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/ResourceTag' + ExcludeResourceTags: + description: Information about the exclude resource tags used to identify resources that are excluded by the retention rule. + type: array + maxItems: 5 + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/ResourceTag' + ResourceType: + description: The resource type retained by the retention rule. + type: string + enum: + - EBS_SNAPSHOT + - EC2_IMAGE + Tags: + description: Information about the tags assigned to the retention rule. + type: array + maxItems: 200 + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + RetentionPeriod: + description: Information about the retention period for which the retention rule is to retain resources. + $ref: '#/components/schemas/RetentionPeriod' + Status: + description: The state of the retention rule. Only retention rules that are in the available state retain resources. + type: string + pattern: pending|available + LockConfiguration: + description: Information about the retention rule lock configuration. + $ref: '#/components/schemas/UnlockDelay' + LockState: + description: The lock state for the retention rule. + type: string + pattern: locked|pending_unlock|unlocked + required: + - RetentionPeriod + - ResourceType + x-stackql-resource-name: rule + description: Resource Type definition for AWS::Rbin::Rule + x-type-name: AWS::Rbin::Rule + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Identifier + x-create-only-properties: + - ResourceType + x-write-only-properties: + - LockConfiguration + - LockConfiguration/UnlockDelayValue + - LockConfiguration/UnlockDelayUnit + x-read-only-properties: + - Arn + - Identifier + - LockState + x-required-properties: + - RetentionPeriod + - ResourceType + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - rbin:TagResource + - rbin:UntagResource + - rbin:ListTagsForResource + x-required-permissions: + create: + - rbin:CreateRule + - rbin:GetRule + - rbin:LockRule + - rbin:TagResource + - iam:PassRole + read: + - rbin:GetRule + - rbin:ListTagsForResource + - iam:PassRole + update: + - rbin:GetRule + - rbin:UpdateRule + - rbin:LockRule + - rbin:UnlockRule + - rbin:TagResource + - rbin:UntagResource + - rbin:ListTagsForResource + - iam:PassRole + delete: + - rbin:GetRule + - rbin:DeleteRule + - iam:PassRole + list: + - rbin:ListRules + - rbin:ListTagsForResource + - iam:PassRole + CreateRuleRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + description: Rule Arn is unique for each rule. + type: string + minLength: 0 + maxLength: 1011 + Identifier: + description: The unique ID of the retention rule. + type: string + pattern: '[0-9a-zA-Z]{11}' + Description: + description: The description of the retention rule. + type: string + maxLength: 255 + ResourceTags: + description: Information about the resource tags used to identify resources that are retained by the retention rule. + type: array + maxItems: 50 + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/ResourceTag' + ExcludeResourceTags: + description: Information about the exclude resource tags used to identify resources that are excluded by the retention rule. + type: array + maxItems: 5 + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/ResourceTag' + ResourceType: + description: The resource type retained by the retention rule. + type: string + enum: + - EBS_SNAPSHOT + - EC2_IMAGE + Tags: + description: Information about the tags assigned to the retention rule. + type: array + maxItems: 200 + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + RetentionPeriod: + description: Information about the retention period for which the retention rule is to retain resources. + $ref: '#/components/schemas/RetentionPeriod' + Status: + description: The state of the retention rule. Only retention rules that are in the available state retain resources. + type: string + pattern: pending|available + LockConfiguration: + description: Information about the retention rule lock configuration. + $ref: '#/components/schemas/UnlockDelay' + LockState: + description: The lock state for the retention rule. + type: string + pattern: locked|pending_unlock|unlocked + x-stackQL-stringOnly: true + x-title: CreateRuleRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + rules: + name: rules + id: aws.rbin.rules + x-cfn-schema-name: Rule + x-cfn-type-name: AWS::Rbin::Rule + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Rule&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Rbin::Rule" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Rbin::Rule" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Rbin::Rule" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/rules/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/rules/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/rules/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Identifier') as identifier, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ResourceTags') as resource_tags, + JSON_EXTRACT(Properties, '$.ExcludeResourceTags') as exclude_resource_tags, + JSON_EXTRACT(Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.RetentionPeriod') as retention_period, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.LockConfiguration') as lock_configuration, + JSON_EXTRACT(Properties, '$.LockState') as lock_state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Rbin::Rule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.ResourceTags') as resource_tags, + JSON_EXTRACT(detail.Properties, '$.ExcludeResourceTags') as exclude_resource_tags, + JSON_EXTRACT(detail.Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.RetentionPeriod') as retention_period, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.LockConfiguration') as lock_configuration, + JSON_EXTRACT(detail.Properties, '$.LockState') as lock_state + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Rbin::Rule' + AND detail.data__TypeName = 'AWS::Rbin::Rule' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Identifier') as identifier, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ResourceTags') as resource_tags, + json_extract_path_text(Properties, 'ExcludeResourceTags') as exclude_resource_tags, + json_extract_path_text(Properties, 'ResourceType') as resource_type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'RetentionPeriod') as retention_period, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'LockConfiguration') as lock_configuration, + json_extract_path_text(Properties, 'LockState') as lock_state + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Rbin::Rule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'ResourceTags') as resource_tags, + json_extract_path_text(detail.Properties, 'ExcludeResourceTags') as exclude_resource_tags, + json_extract_path_text(detail.Properties, 'ResourceType') as resource_type, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'RetentionPeriod') as retention_period, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'LockConfiguration') as lock_configuration, + json_extract_path_text(detail.Properties, 'LockState') as lock_state + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Rbin::Rule' + AND detail.data__TypeName = 'AWS::Rbin::Rule' + AND listing.region = 'us-east-1' + rules_list_only: + name: rules_list_only + id: aws.rbin.rules_list_only + x-cfn-schema-name: Rule + x-cfn-type-name: AWS::Rbin::Rule + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Rbin::Rule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Rbin::Rule' + AND region = 'us-east-1' + rule_tags: + name: rule_tags + id: aws.rbin.rule_tags + x-cfn-schema-name: Rule + x-cfn-type-name: AWS::Rbin::Rule + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Identifier') as identifier, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.ResourceTags') as resource_tags, + JSON_EXTRACT(detail.Properties, '$.ExcludeResourceTags') as exclude_resource_tags, + JSON_EXTRACT(detail.Properties, '$.ResourceType') as resource_type, + JSON_EXTRACT(detail.Properties, '$.RetentionPeriod') as retention_period, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.LockConfiguration') as lock_configuration, + JSON_EXTRACT(detail.Properties, '$.LockState') as lock_state + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Rbin::Rule' + AND detail.data__TypeName = 'AWS::Rbin::Rule' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Identifier') as identifier, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'ResourceTags') as resource_tags, + json_extract_path_text(detail.Properties, 'ExcludeResourceTags') as exclude_resource_tags, + json_extract_path_text(detail.Properties, 'ResourceType') as resource_type, + json_extract_path_text(detail.Properties, 'RetentionPeriod') as retention_period, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'LockConfiguration') as lock_configuration, + json_extract_path_text(detail.Properties, 'LockState') as lock_state + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Rbin::Rule' + AND detail.data__TypeName = 'AWS::Rbin::Rule' + AND listing.region = 'us-east-1' +paths: + /?Action=CreateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Rule&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateRule + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateRuleRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success +x-stackQL-config: + requestTranslate: + algorithm: drop_double_underscore_params + pagination: + requestToken: + key: NextToken + location: body + responseToken: + key: NextToken + location: body diff --git a/providers/src/aws/v00.00.00000/services/rds.yaml b/providers/src/aws/v00.00.00000/services/rds.yaml index e4ba62dd..5157d703 100644 --- a/providers/src/aws/v00.00.00000/services/rds.yaml +++ b/providers/src/aws/v00.00.00000/services/rds.yaml @@ -386,18 +386,20 @@ components: type: object schemas: Tag: - description: A key-value pair to associate with a resource. + description: |- + Metadata assigned to an Amazon RDS resource consisting of a key-value pair. + For more information, see [Tagging Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*. type: object additionalProperties: false properties: Key: type: string - description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + description: 'A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can''t be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, ''_'', ''.'', '':'', ''/'', ''='', ''+'', ''-'', ''@'' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$").' minLength: 1 maxLength: 128 Value: type: string - description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + description: 'A value is the optional value of the tag. The string value can be from 1 to 256 Unicode characters in length and can''t be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, ''_'', ''.'', '':'', ''/'', ''='', ''+'', ''-'', ''@'' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$").' minLength: 0 maxLength: 256 required: @@ -407,12 +409,12 @@ components: properties: DatabaseInstallationFilesS3BucketName: type: string - description: The name of an Amazon S3 bucket that contains database installation files for your CEV. For example, a valid bucket name is `my-custom-installation-files`. + description: The name of an Amazon S3 bucket that contains database installation files for your CEV. For example, a valid bucket name is ``my-custom-installation-files``. minLength: 3 maxLength: 63 DatabaseInstallationFilesS3Prefix: type: string - description: The Amazon S3 directory that contains the database installation files for your CEV. For example, a valid bucket name is `123456789012/cev1`. If this setting isn't specified, no prefix is assumed. + description: The Amazon S3 directory that contains the database installation files for your CEV. For example, a valid bucket name is ``123456789012/cev1``. If this setting isn't specified, no prefix is assumed. minLength: 1 maxLength: 255 Description: @@ -422,46 +424,60 @@ components: maxLength: 1000 Engine: type: string - description: The database engine to use for your custom engine version (CEV). The only supported value is `custom-oracle-ee`. + description: |- + The database engine to use for your custom engine version (CEV). + Valid values: + + ``custom-oracle-ee`` + + ``custom-oracle-ee-cdb`` minLength: 1 maxLength: 35 EngineVersion: type: string - description: The name of your CEV. The name format is 19.customized_string . For example, a valid name is 19.my_cev1. This setting is required for RDS Custom for Oracle, but optional for Amazon RDS. The combination of Engine and EngineVersion is unique per customer per Region. + description: |- + The name of your CEV. The name format is ``major version.customized_string``. For example, a valid CEV name is ``19.my_cev1``. This setting is required for RDS Custom for Oracle, but optional for Amazon RDS. The combination of ``Engine`` and ``EngineVersion`` is unique per customer per Region. + *Constraints:* Minimum length is 1. Maximum length is 60. + *Pattern:* ``^[a-z0-9_.-]{1,60$``} minLength: 1 maxLength: 60 KMSKeyId: type: string - description: The AWS KMS key identifier for an encrypted CEV. A symmetric KMS key is required for RDS Custom, but optional for Amazon RDS. + description: |- + The AWS KMS key identifier for an encrypted CEV. A symmetric encryption KMS key is required for RDS Custom, but optional for Amazon RDS. + If you have an existing symmetric encryption KMS key in your account, you can use it with RDS Custom. No further action is necessary. If you don't already have a symmetric encryption KMS key in your account, follow the instructions in [Creating a symmetric encryption KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html#create-symmetric-cmk) in the *Key Management Service Developer Guide*. + You can choose the same symmetric encryption key when you create a CEV and a DB instance, or choose different keys. minLength: 1 maxLength: 2048 Manifest: type: string - description: The CEV manifest, which is a JSON document that describes the installation .zip files stored in Amazon S3. Specify the name/value pairs in a file or a quoted string. RDS Custom applies the patches in the order in which they are listed. + description: |- + The CEV manifest, which is a JSON document that describes the installation .zip files stored in Amazon S3. Specify the name/value pairs in a file or a quoted string. RDS Custom applies the patches in the order in which they are listed. + The following JSON fields are valid: + + MediaImportTemplateVersion Version of the CEV manifest. The date is in the format YYYY-MM-DD. + databaseInstallationFileNames Ordered list of installation files for the CEV. + opatchFileNames Ordered list of OPatch installers used for the Oracle DB engine. + psuRuPatchFileNames The PSU and RU patches for this CEV. + OtherPatchFileNames The patches that are not in the list of PSU and RU patches. Amazon RDS applies these patches after applying the PSU and RU patches. + For more information, see [Creating the CEV manifest](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.preparing.manifest) in the *Amazon RDS User Guide*. minLength: 1 maxLength: 51000 DBEngineVersionArn: type: string - description: The ARN of the custom engine version. + description: '' SourceCustomDbEngineVersionIdentifier: type: string - description: The identifier of the source custom engine version. + description: The ARN of a CEV to use as a source for creating a new CEV. You can specify a different Amazon Machine Imagine (AMI) by using either ``Source`` or ``UseAwsProvidedLatestImage``. You can't specify a different JSON manifest when you specify ``SourceCustomDbEngineVersionIdentifier``. UseAwsProvidedLatestImage: type: boolean - description: A value that indicates whether AWS provided latest image is applied automatically to the Custom Engine Version. By default, AWS provided latest image is applied automatically. This value is only applied on create. + description: Specifies whether to use the latest service-provided Amazon Machine Image (AMI) for the CEV. If you specify ``UseAwsProvidedLatestImage``, you can't also specify ``ImageId``. ImageId: type: string - description: The identifier of Amazon Machine Image (AMI) used for CEV. + description: A value that indicates the ID of the AMI. Status: type: string - description: The availability status to be assigned to the CEV. + description: A value that indicates the status of a custom engine version (CEV). default: available enum: - available - inactive - inactive-except-restore Tags: - description: An array of key-value pairs to apply to this resource. + description: A list of tags. For more information, see [Tagging Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide.* type: array uniqueItems: false x-insertionOrder: false @@ -471,7 +487,7 @@ components: - Engine - EngineVersion x-stackql-resource-name: customdb_engine_version - description: The AWS::RDS::CustomDBEngineVersion resource creates an Amazon RDS custom DB engine version. + description: Creates a custom DB engine version (CEV). x-type-name: AWS::RDS::CustomDBEngineVersion x-stackql-primary-identifier: - Engine @@ -497,6 +513,13 @@ components: - EngineVersion x-tagging: taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - rds:AddTagsToResource + - rds:RemoveTagsFromResource x-required-permissions: create: - ec2:CopySnapshot @@ -532,27 +555,19 @@ components: - rds:DescribeDBEngineVersions list: - rds:DescribeDBEngineVersions - MasterUserSecret: - description: |- - The ``MasterUserSecret`` return value specifies the secret managed by RDS in AWS Secrets Manager for the master user password. - For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide* and [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) in the *Amazon Aurora User Guide.* - additionalProperties: false + Endpoint: type: object + additionalProperties: false properties: - SecretArn: - description: The Amazon Resource Name (ARN) of the secret. + Address: type: string - KmsKeyId: - description: The AWS KMS key identifier that is used to encrypt the secret. - anyOf: - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/KeyId - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/Arn + description: Specifies the DNS address of the DB instance. + Port: type: string - Endpoint: + description: Specifies the port that the database engine is listening on. + HostedZoneId: + type: string + description: Specifies the ID that Amazon Route 53 assigns when you create a hosted zone. description: |- This data type represents the information you need to connect to an Amazon RDS DB instance. This data type is used as a response element in the following actions: + ``CreateDBInstance`` @@ -560,335 +575,663 @@ components: + ``DeleteDBInstance`` For the data structure that represents Amazon Aurora DB cluster endpoints, see ``DBClusterEndpoint``. - additionalProperties: false + ReadEndpoint: type: object + additionalProperties: false properties: Address: - description: Specifies the DNS address of the DB instance. + description: The host address of the reader endpoint. type: string - Port: - description: Specifies the port that the database engine is listening on. + description: |- + The ``ReadEndpoint`` return value specifies the reader endpoint for the DB cluster. + The reader endpoint for a DB cluster load-balances connections across the Aurora Replicas that are available in a DB cluster. As clients request new connections to the reader endpoint, Aurora distributes the connection requests among the Aurora Replicas in the DB cluster. This functionality can help balance your read workload across multiple Aurora Replicas in your DB cluster. + If a failover occurs, and the Aurora Replica that you are connected to is promoted to be the primary instance, your connection is dropped. To continue sending your read workload to other Aurora Replicas in the cluster, you can then reconnect to the reader endpoint. + For more information about Aurora endpoints, see [Amazon Aurora connection management](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.Endpoints.html) in the *Amazon Aurora User Guide*. + DBClusterRole: + description: Describes an AWS Identity and Access Management (IAM) role that is associated with a DB cluster. + type: object + additionalProperties: false + properties: + FeatureName: + description: The name of the feature associated with the AWS Identity and Access Management (IAM) role. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other AWS services on your behalf. For the list of supported feature names, see the ``SupportedFeatureNames`` description in [DBEngineVersion](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBEngineVersion.html) in the *Amazon RDS API Reference*. type: string - HostedZoneId: - description: Specifies the ID that Amazon Route 53 assigns when you create a hosted zone. + RoleArn: + description: The Amazon Resource Name (ARN) of the IAM role that is associated with the DB cluster. type: string + required: + - RoleArn ServerlessV2ScalingConfiguration: - description: Contains the scaling configuration of an Aurora Serverless v2 DB cluster. - additionalProperties: false + description: |- + The ``ServerlessV2ScalingConfiguration`` property type specifies the scaling configuration of an Aurora Serverless V2 DB cluster. For more information, see [Using Amazon Aurora Serverless v2](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) in the *Amazon Aurora User Guide*. + If you have an Aurora cluster, you must set this attribute before you add a DB instance that uses the ``db.serverless`` DB instance class. For more information, see [Clusters that use Aurora Serverless v2 must have a capacity range specified](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html#aurora-serverless-v2.requirements.capacity-range) in the *Amazon Aurora User Guide*. + This property is only supported for Aurora Serverless v2. For Aurora Serverless v1, use the ``ScalingConfiguration`` property. + Valid for: Aurora Serverless v2 DB clusters type: object + additionalProperties: false properties: MinCapacity: - description: The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5. + description: The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. For Aurora versions that support the Aurora Serverless v2 auto-pause feature, the smallest value that you can use is 0. For versions that don't support Aurora Serverless v2 auto-pause, the smallest value that you can use is 0.5. type: number MaxCapacity: - description: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128. + description: |- + The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128. + The maximum capacity must be higher than 0.5 ACUs. For more information, see [Choosing the maximum Aurora Serverless v2 capacity setting for a cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.setting-capacity.html#aurora-serverless-v2.max_capacity_considerations) in the *Amazon Aurora User Guide*. + Aurora automatically sets certain parameters for Aurora Serverless V2 DB instances to values that depend on the maximum ACU value in the capacity range. When you update the maximum capacity value, the ``ParameterApplyStatus`` value for the DB instance changes to ``pending-reboot``. You can update the parameter values by rebooting the DB instance after changing the capacity range. type: number + SecondsUntilAutoPause: + type: integer + description: |- + Specifies the number of seconds an Aurora Serverless v2 DB instance must be idle before Aurora attempts to automatically pause it. + Specify a value between 300 seconds (five minutes) and 86,400 seconds (one day). The default is 300 seconds. ScalingConfiguration: - description: The ScalingConfiguration property type specifies the scaling configuration of an Aurora Serverless DB cluster. - additionalProperties: false + description: |- + The ``ScalingConfiguration`` property type specifies the scaling configuration of an Aurora Serverless v1 DB cluster. + For more information, see [Using Amazon Aurora Serverless](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) in the *Amazon Aurora User Guide*. + This property is only supported for Aurora Serverless v1. For Aurora Serverless v2, Use the ``ServerlessV2ScalingConfiguration`` property. + Valid for: Aurora Serverless v1 DB clusters only type: object + additionalProperties: false properties: - TimeoutAction: + AutoPause: description: |- - The action to take when the timeout is reached, either ForceApplyCapacityChange or RollbackCapacityChange. - ForceApplyCapacityChange sets the capacity to the specified value as soon as possible. - RollbackCapacityChange, the default, ignores the capacity change if a scaling point isn't found in the timeout period. - - For more information, see Autoscaling for Aurora Serverless v1 in the Amazon Aurora User Guide. - type: string - SecondsBeforeTimeout: + Indicates whether to allow or disallow automatic pause for an Aurora DB cluster in ``serverless`` DB engine mode. A DB cluster can be paused only when it's idle (it has no connections). + If a DB cluster is paused for more than seven days, the DB cluster might be backed up with a snapshot. In this case, the DB cluster is restored when there is a request to connect to it. + type: boolean + MaxCapacity: description: |- - The amount of time, in seconds, that Aurora Serverless v1 tries to find a scaling point to perform seamless scaling before enforcing the timeout action. - The default is 300. - type: integer - SecondsUntilAutoPause: - description: The time, in seconds, before an Aurora DB cluster in serverless mode is paused. + The maximum capacity for an Aurora DB cluster in ``serverless`` DB engine mode. + For Aurora MySQL, valid capacity values are ``1``, ``2``, ``4``, ``8``, ``16``, ``32``, ``64``, ``128``, and ``256``. + For Aurora PostgreSQL, valid capacity values are ``2``, ``4``, ``8``, ``16``, ``32``, ``64``, ``192``, and ``384``. + The maximum capacity must be greater than or equal to the minimum capacity. type: integer - AutoPause: - description: A value that indicates whether to allow or disallow automatic pause for an Aurora DB cluster in serverless DB engine mode. A DB cluster can be paused only when it's idle (it has no connections). - type: boolean MinCapacity: description: |- - The minimum capacity for an Aurora DB cluster in serverless DB engine mode. - For Aurora MySQL, valid capacity values are 1, 2, 4, 8, 16, 32, 64, 128, and 256. - For Aurora PostgreSQL, valid capacity values are 2, 4, 8, 16, 32, 64, 192, and 384. - The minimum capacity must be less than or equal to the maximum capacity. + The minimum capacity for an Aurora DB cluster in ``serverless`` DB engine mode. + For Aurora MySQL, valid capacity values are ``1``, ``2``, ``4``, ``8``, ``16``, ``32``, ``64``, ``128``, and ``256``. + For Aurora PostgreSQL, valid capacity values are ``2``, ``4``, ``8``, ``16``, ``32``, ``64``, ``192``, and ``384``. + The minimum capacity must be less than or equal to the maximum capacity. type: integer - MaxCapacity: + SecondsBeforeTimeout: description: |- - The maximum capacity for an Aurora DB cluster in serverless DB engine mode. - For Aurora MySQL, valid capacity values are 1, 2, 4, 8, 16, 32, 64, 128, and 256. - For Aurora PostgreSQL, valid capacity values are 2, 4, 8, 16, 32, 64, 192, and 384. - The maximum capacity must be greater than or equal to the minimum capacity. + The amount of time, in seconds, that Aurora Serverless v1 tries to find a scaling point to perform seamless scaling before enforcing the timeout action. The default is 300. + Specify a value between 60 and 600 seconds. type: integer - ReadEndpoint: - additionalProperties: false - type: object - properties: - Address: - description: The reader endpoint for the DB cluster. + SecondsUntilAutoPause: + description: |- + The time, in seconds, before an Aurora DB cluster in ``serverless`` mode is paused. + Specify a value between 300 and 86,400 seconds. + type: integer + TimeoutAction: + description: |- + The action to take when the timeout is reached, either ``ForceApplyCapacityChange`` or ``RollbackCapacityChange``. + ``ForceApplyCapacityChange`` sets the capacity to the specified value as soon as possible. + ``RollbackCapacityChange``, the default, ignores the capacity change if a scaling point isn't found in the timeout period. + If you specify ``ForceApplyCapacityChange``, connections that prevent Aurora Serverless v1 from finding a scaling point might be dropped. + For more information, see [Autoscaling for Aurora Serverless v1](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.how-it-works.html#aurora-serverless.how-it-works.auto-scaling) in the *Amazon Aurora User Guide*. type: string - DBClusterRole: - description: Describes an AWS Identity and Access Management (IAM) role that is associated with a DB cluster. - additionalProperties: false + MasterUserSecret: type: object + additionalProperties: false properties: - RoleArn: - x-relationshipRef: - typeName: AWS::IAM::Role - propertyPath: /properties/Arn - description: The Amazon Resource Name (ARN) of the IAM role that is associated with the DB cluster. + SecretArn: type: string - FeatureName: - description: The name of the feature associated with the AWS Identity and Access Management (IAM) role. For the list of supported feature names, see DBEngineVersion in the Amazon RDS API Reference. + description: The Amazon Resource Name (ARN) of the secret. This parameter is a return value that you can retrieve using the ``Fn::GetAtt`` intrinsic function. For more information, see [Return values](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#aws-resource-rds-dbinstance-return-values). + KmsKeyId: type: string - required: - - RoleArn + description: The AWS KMS key identifier that is used to encrypt the secret. + description: |- + The ``MasterUserSecret`` return value specifies the secret managed by RDS in AWS Secrets Manager for the master user password. + For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide* and [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) in the *Amazon Aurora User Guide.* DBCluster: type: object properties: - StorageEncrypted: - description: |- - Indicates whether the DB instance is encrypted. - If you specify the DBClusterIdentifier, SnapshotIdentifier, or SourceDBInstanceIdentifier property, don't specify this property. The value is inherited from the cluster, snapshot, or source DB instance. - type: boolean - DBSystemId: - description: Reserved for future use. - type: string - RestoreToTime: - description: 'The date and time to restore the DB cluster to. Value must be a time in Universal Coordinated Time (UTC) format. An example: 2015-03-07T23:45:00Z' - type: string - EngineMode: - description: The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, global, or multimaster. - type: string - Port: - description: 'The port number on which the instances in the DB cluster accept connections. Default: 3306 if engine is set as aurora or 5432 if set to aurora-postgresql.' - type: integer - DBClusterIdentifier: - minLength: 1 - pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ - description: The DB cluster identifier. This parameter is stored as a lowercase string. - type: string - maxLength: 63 - StorageThroughput: - description: Specifies the storage throughput value for the DB cluster. This setting applies only to the gp3 storage type. - type: integer - MonitoringInterval: - default: 0 - description: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify 0. The default is 0. - type: integer Endpoint: $ref: '#/components/schemas/Endpoint' - ReplicationSourceIdentifier: - description: The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a Read Replica. - type: string - Engine: - description: 'The name of the database engine to be used for this DB cluster. Valid Values: aurora (for MySQL 5.6-compatible Aurora), aurora-mysql (for MySQL 5.7-compatible Aurora), and aurora-postgresql' - type: string - Tags: - maxItems: 50 + description: '' + ReadEndpoint: + $ref: '#/components/schemas/ReadEndpoint' + description: |- + This data type represents the information you need to connect to an Amazon RDS DB instance. This data type is used as a response element in the following actions: + + ``CreateDBInstance`` + + ``DescribeDBInstances`` + + ``DeleteDBInstance`` + + For the data structure that represents Amazon Aurora DB cluster endpoints, see ``DBClusterEndpoint``. + AllocatedStorage: + description: |- + The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster. + Valid for Cluster Type: Multi-AZ DB clusters only + This setting is required to create a Multi-AZ DB cluster. + type: integer + AssociatedRoles: + description: |- + Provides a list of the AWS Identity and Access Management (IAM) roles that are associated with the DB cluster. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other Amazon Web Services on your behalf. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: array uniqueItems: true - description: An array of key-value pairs to apply to this resource. - x-insertionOrder: false + items: + $ref: '#/components/schemas/DBClusterRole' + AvailabilityZones: + description: |- + A list of Availability Zones (AZs) where instances in the DB cluster can be created. For information on AWS Regions and Availability Zones, see [Choosing the Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html) in the *Amazon Aurora User Guide*. + Valid for: Aurora DB clusters only type: array + uniqueItems: true items: - $ref: '#/components/schemas/Tag' - EngineVersion: - description: The version number of the database engine to use. - type: string - StorageType: - description: Specifies the storage type to be associated with the DB cluster. - type: string - KmsKeyId: - description: The Amazon Resource Name (ARN) of the AWS Key Management Service master key that is used to encrypt the database instances in the DB cluster, such as arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. If you enable the StorageEncrypted property but don't specify this property, the default master key is used. If you specify this property, you must set the StorageEncrypted property to true. - anyOf: - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/Arn - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/KeyId - type: string - ServerlessV2ScalingConfiguration: - description: Contains the scaling configuration of an Aurora Serverless v2 DB cluster. - $ref: '#/components/schemas/ServerlessV2ScalingConfiguration' - PerformanceInsightsRetentionPeriod: - description: The amount of time, in days, to retain Performance Insights data. - type: integer - DatabaseName: - description: The name of your database. If you don't provide a name, then Amazon RDS won't create a database in this DB cluster. For naming constraints, see Naming Constraints in the Amazon RDS User Guide. - type: string - DBClusterResourceId: - description: The AWS Region-unique, immutable identifier for the DB cluster. - type: string + type: string AutoMinorVersionUpgrade: - description: A value that indicates whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically. + description: |- + Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB cluster type: boolean - DBSubnetGroupName: - description: A DB subnet group that you want to associate with this DB cluster. + BacktrackWindow: + description: |- + The target backtrack window, in seconds. To disable backtracking, set this value to ``0``. + Valid for Cluster Type: Aurora MySQL DB clusters only + Default: ``0`` + Constraints: + + If specified, this value must be set to a number from 0 to 259,200 (72 hours). + minimum: 0 + type: integer + BackupRetentionPeriod: + description: |- + The number of days for which automated backups are retained. + Default: 1 + Constraints: + + Must be a value from 1 to 35 + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + default: 1 + minimum: 1 + type: integer + ClusterScalabilityType: type: string - DeletionProtection: - description: A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. + description: Specifies the scalability mode of the Aurora DB cluster. When set to ``limitless``, the cluster operates as an Aurora Limitless Database, allowing you to create a DB shard group for horizontal scaling (sharding) capabilities. When set to ``standard`` (the default), the cluster uses normal DB instance creation. + CopyTagsToSnapshot: + description: |- + A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them. + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: boolean - AllocatedStorage: - description: The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster. - type: integer - MasterUserPassword: - description: The master password for the DB instance. + DatabaseInsightsMode: + description: |- + The mode of Database Insights to enable for the DB cluster. + If you set this value to ``advanced``, you must also set the ``PerformanceInsightsEnabled`` parameter to ``true`` and the ``PerformanceInsightsRetentionPeriod`` parameter to 465. + Valid for Cluster Type: Aurora DB clusters only type: string - MasterUserSecret: - description: Contains the secret managed by RDS in AWS Secrets Manager for the master user password. - $ref: '#/components/schemas/MasterUserSecret' - SourceDBClusterIdentifier: - description: The identifier of the source DB cluster from which to restore. + DatabaseName: + description: |- + The name of your database. If you don't provide a name, then Amazon RDS won't create a database in this DB cluster. For naming constraints, see [Naming Constraints](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon Aurora User Guide*. + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: string - MasterUsername: - minLength: 1 - pattern: ^[a-zA-Z]{1}[a-zA-Z0-9_]*$ - description: The name of the master user for the DB cluster. You must specify MasterUsername, unless you specify SnapshotIdentifier. In that case, don't specify MasterUsername. + DBClusterArn: type: string - ScalingConfiguration: - description: The ScalingConfiguration property type specifies the scaling configuration of an Aurora Serverless DB cluster. - $ref: '#/components/schemas/ScalingConfiguration' - ReadEndpoint: - $ref: '#/components/schemas/ReadEndpoint' - PerformanceInsightsKmsKeyId: - description: The Amazon Web Services KMS key identifier for encryption of Performance Insights data. + description: '' + DBClusterInstanceClass: + description: |- + The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example ``db.m6gd.xlarge``. Not all DB instance classes are available in all AWS-Regions, or for all database engines. + For the full list of DB instance classes and availability for your engine, see [DB instance class](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) in the *Amazon RDS User Guide*. + This setting is required to create a Multi-AZ DB cluster. + Valid for Cluster Type: Multi-AZ DB clusters only type: string - PubliclyAccessible: - description: A value that indicates whether the DB cluster is publicly accessible. - type: boolean - Domain: - description: The Active Directory directory ID to create the DB cluster in. + DBClusterResourceId: + description: '' type: string - BacktrackWindow: - default: 0 - description: The target backtrack window, in seconds. To disable backtracking, set this value to 0. - type: integer - minimum: 0 DBInstanceParameterGroupName: - description: The name of the DB parameter group to apply to all instances of the DB cluster. - type: string - EnableGlobalWriteForwarding: - description: Specifies whether to enable this DB cluster to forward write operations to the primary cluster of a global cluster (Aurora global database). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database. - type: boolean - MonitoringRoleArn: - description: The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. - type: string - AssociatedRoles: - uniqueItems: true - description: Provides a list of the AWS Identity and Access Management (IAM) roles that are associated with the DB cluster. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other AWS services on your behalf. - type: array - items: - $ref: '#/components/schemas/DBClusterRole' - EnableHttpEndpoint: - description: A value that indicates whether to enable the HTTP endpoint for DB cluster. By default, the HTTP endpoint is disabled. - type: boolean - SnapshotIdentifier: - description: >- - The identifier for the DB snapshot or DB cluster snapshot to restore from. - - You can use either the name or the Amazon Resource Name (ARN) to specify a DB cluster snapshot. However, you can use only the ARN to specify a DB snapshot. - - After you restore a DB cluster with a SnapshotIdentifier property, you must specify the same SnapshotIdentifier property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed. However, if you don't specify the SnapshotIdentifier property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different - from the previous snapshot restore property, the DB cluster is restored from the specified SnapshotIdentifier property, and the original DB cluster is deleted. - type: string - PreferredBackupWindow: - description: The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter. The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide. + description: |- + The name of the DB parameter group to apply to all instances of the DB cluster. + When you apply a parameter group using the ``DBInstanceParameterGroupName`` parameter, the DB cluster isn't rebooted automatically. Also, parameter changes are applied immediately rather than during the next maintenance window. + Valid for Cluster Type: Aurora DB clusters only + Default: The existing name setting + Constraints: + + The DB parameter group must be in the same DB parameter group family as this DB cluster. + + The ``DBInstanceParameterGroupName`` parameter is valid in combination with the ``AllowMajorVersionUpgrade`` parameter for a major version upgrade only. type: string - NetworkType: - description: The network type of the DB cluster. + DBSystemId: + description: Reserved for future use. type: string - VpcSecurityGroupIds: - uniqueItems: true - description: A list of EC2 VPC security groups to associate with this DB cluster. - type: array - items: - anyOf: - - relationshipRef: - typeName: AWS::EC2::SecurityGroup - propertyPath: /properties/GroupId - - relationshipRef: - typeName: AWS::EC2::SecurityGroup - propertyPath: /properties/Id - type: string - CopyTagsToSnapshot: - description: A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them. - type: boolean GlobalClusterIdentifier: - minLength: 0 - pattern: ^$|^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ description: |- - If you are configuring an Aurora global database cluster and want your Aurora DB cluster to be a secondary member in the global database cluster, specify the global cluster ID of the global database cluster. To define the primary database cluster of the global cluster, use the AWS::RDS::GlobalCluster resource. - - If you aren't configuring a global database cluster, don't specify this property. + If you are configuring an Aurora global database cluster and want your Aurora DB cluster to be a secondary member in the global database cluster, specify the global cluster ID of the global database cluster. To define the primary database cluster of the global cluster, use the [AWS::RDS::GlobalCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-globalcluster.html) resource. + If you aren't configuring a global database cluster, don't specify this property. + To remove the DB cluster from a global database cluster, specify an empty value for the ``GlobalClusterIdentifier`` property. + For information about Aurora global databases, see [Working with Amazon Aurora Global Databases](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html) in the *Amazon Aurora User Guide*. + Valid for: Aurora DB clusters only type: string + pattern: ^$|^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + minLength: 0 maxLength: 63 - RestoreType: - default: full-copy + DBClusterIdentifier: description: |- - The type of restore to be performed. You can specify one of the following values: - full-copy - The new DB cluster is restored as a full copy of the source DB cluster. - copy-on-write - The new DB cluster is restored as a clone of the source DB cluster. + The DB cluster identifier. This parameter is stored as a lowercase string. + Constraints: + + Must contain from 1 to 63 letters, numbers, or hyphens. + + First character must be a letter. + + Can't end with a hyphen or contain two consecutive hyphens. + + Example: ``my-cluster1`` + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: string - DomainIAMRoleName: - description: Specify the name of the IAM role to be used when making API calls to the Directory Service. + pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + minLength: 1 + maxLength: 63 + DBClusterParameterGroupName: + description: |- + The name of the DB cluster parameter group to associate with this DB cluster. + If you apply a parameter group to an existing DB cluster, then its DB instances might need to reboot. This can result in an outage while the DB instances are rebooting. + If you apply a change to parameter group associated with a stopped DB cluster, then the update stack waits until the DB cluster is started. + To list all of the available DB cluster parameter group names, use the following command: + ``aws rds describe-db-cluster-parameter-groups --query "DBClusterParameterGroups[].DBClusterParameterGroupName" --output text`` + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: string - DBClusterInstanceClass: - description: The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. + DBSubnetGroupName: + description: |- + A DB subnet group that you want to associate with this DB cluster. + If you are restoring a DB cluster to a point in time with ``RestoreType`` set to ``copy-on-write``, and don't specify a DB subnet group name, then the DB cluster is restored with a default DB subnet group. + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: string - AvailabilityZones: - uniqueItems: true - description: A list of Availability Zones (AZs) where instances in the DB cluster can be created. For information on AWS Regions and Availability Zones, see Choosing the Regions and Availability Zones in the Amazon Aurora User Guide. + DeletionProtection: + description: |- + A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: boolean + Domain: + description: |- + Indicates the directory ID of the Active Directory to create the DB cluster. + For Amazon Aurora DB clusters, Amazon RDS can use Kerberos authentication to authenticate users that connect to the DB cluster. + For more information, see [Kerberos authentication](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html) in the *Amazon Aurora User Guide*. + Valid for: Aurora DB clusters only + type: string + DomainIAMRoleName: + description: |- + Specifies the name of the IAM role to use when making API calls to the Directory Service. + Valid for: Aurora DB clusters only + type: string + EnableCloudwatchLogsExports: + description: |- + The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see [Publishing Database Logs to Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) in the *Amazon Aurora User Guide*. + *Aurora MySQL* + Valid values: ``audit``, ``error``, ``general``, ``slowquery`` + *Aurora PostgreSQL* + Valid values: ``postgresql`` + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: array + uniqueItems: true items: type: string - DBClusterArn: - description: The Amazon Resource Name (ARN) for the DB cluster. + EnableGlobalWriteForwarding: + description: |- + Specifies whether to enable this DB cluster to forward write operations to the primary cluster of a global cluster (Aurora global database). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database. + You can set this value only on Aurora DB clusters that are members of an Aurora global database. With this parameter enabled, a secondary cluster can forward writes to the current primary cluster, and the resulting changes are replicated back to this cluster. For the primary DB cluster of an Aurora global database, this value is used immediately if the primary is demoted by a global cluster API operation, but it does nothing until then. + Valid for Cluster Type: Aurora DB clusters only + type: boolean + EnableHttpEndpoint: + description: |- + Specifies whether to enable the HTTP endpoint for the DB cluster. By default, the HTTP endpoint isn't enabled. + When enabled, the HTTP endpoint provides a connectionless web service API (RDS Data API) for running SQL queries on the DB cluster. You can also query your database from inside the RDS console with the RDS query editor. + For more information, see [Using RDS Data API](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) in the *Amazon Aurora User Guide*. + Valid for Cluster Type: Aurora DB clusters only + type: boolean + EnableIAMDatabaseAuthentication: + description: |- + A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. + For more information, see [IAM Database Authentication](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) in the *Amazon Aurora User Guide.* + Valid for: Aurora DB clusters only + type: boolean + EnableLocalWriteForwarding: + description: |- + Specifies whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances. + Valid for: Aurora DB clusters only + type: boolean + Engine: + description: |- + The name of the database engine to be used for this DB cluster. + Valid Values: + + ``aurora-mysql`` + + ``aurora-postgresql`` + + ``mysql`` + + ``postgres`` + + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: string - PreferredMaintenanceWindow: - description: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide. + EngineLifecycleSupport: + description: |- + The life cycle type for this DB cluster. + By default, this value is set to ``open-source-rds-extended-support``, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to ``open-source-rds-extended-support-disabled``. In this case, creating the DB cluster will fail if the DB major version is past its end of standard support date. + You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections: + + Amazon Aurora - [Using Amazon RDS Extended Support](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) in the *Amazon Aurora User Guide* + + Amazon RDS - [Using Amazon RDS Extended Support](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) in the *Amazon RDS User Guide* + + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + Valid Values: ``open-source-rds-extended-support | open-source-rds-extended-support-disabled`` + Default: ``open-source-rds-extended-support`` + type: string + EngineMode: + description: |- + The DB engine mode of the DB cluster, either ``provisioned`` or ``serverless``. + The ``serverless`` engine mode only applies for Aurora Serverless v1 DB clusters. Aurora Serverless v2 DB clusters use the ``provisioned`` engine mode. + For information about limitations and requirements for Serverless DB clusters, see the following sections in the *Amazon Aurora User Guide*: + + [Limitations of Aurora Serverless v1](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations) + + [Requirements for Aurora Serverless v2](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html) + + Valid for Cluster Type: Aurora DB clusters only + type: string + EngineVersion: + description: |- + The version number of the database engine to use. + To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible) and version 3 (8.0-compatible), use the following command: + ``aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion"`` + You can supply either ``5.7`` or ``8.0`` to use the default engine version for Aurora MySQL version 2 or version 3, respectively. + To list all of the available engine versions for Aurora PostgreSQL, use the following command: + ``aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion"`` + To list all of the available engine versions for RDS for MySQL, use the following command: + ``aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion"`` + To list all of the available engine versions for RDS for PostgreSQL, use the following command: + ``aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"`` + *Aurora MySQL* + For information, see [Database engine updates for Amazon Aurora MySQL](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) in the *Amazon Aurora User Guide*. + *Aurora PostgreSQL* + For information, see [Amazon Aurora PostgreSQL releases and engine versions](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html) in the *Amazon Aurora User Guide*. + *MySQL* + For information, see [Amazon RDS for MySQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) in the *Amazon RDS User Guide*. + *PostgreSQL* + For information, see [Amazon RDS for PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) in the *Amazon RDS User Guide*. + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: string + ManageMasterUserPassword: + description: |- + Specifies whether to manage the master user password with AWS Secrets Manager. + For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide* and [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) in the *Amazon Aurora User Guide.* + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + Constraints: + + Can't manage the master user password with AWS Secrets Manager if ``MasterUserPassword`` is specified. + type: boolean Iops: - description: The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster. + description: |- + The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster. + For information about valid IOPS values, see [Provisioned IOPS storage](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) in the *Amazon RDS User Guide*. + This setting is required to create a Multi-AZ DB cluster. + Valid for Cluster Type: Multi-AZ DB clusters only + Constraints: + + Must be a multiple between .5 and 50 of the storage amount for the DB cluster. type: integer - SourceRegion: - description: The AWS Region which contains the source DB cluster when replicating a DB cluster. For example, us-east-1. + KmsKeyId: + description: |- + The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the database instances in the DB cluster, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef``. If you enable the ``StorageEncrypted`` property but don't specify this property, the default KMS key is used. If you specify this property, you must set the ``StorageEncrypted`` property to ``true``. + If you specify the ``SnapshotIdentifier`` property, the ``StorageEncrypted`` property value is inherited from the snapshot, and if the DB cluster is encrypted, the specified ``KmsKeyId`` property is used. + If you create a read replica of an encrypted DB cluster in another AWS Region, make sure to set ``KmsKeyId`` to a KMS key identifier that is valid in the destination AWS Region. This KMS key is used to encrypt the read replica in that AWS Region. + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: string - UseLatestRestorableTime: - description: A value that indicates whether to restore the DB cluster to the latest restorable backup time. By default, the DB cluster is not restored to the latest restorable backup time. - type: boolean - ManageMasterUserPassword: - description: A value that indicates whether to manage the master user password with AWS Secrets Manager. + MasterUsername: + description: |- + The name of the master user for the DB cluster. + If you specify the ``SourceDBClusterIdentifier``, ``SnapshotIdentifier``, or ``GlobalClusterIdentifier`` property, don't specify this property. The value is inherited from the source DB cluster, the snapshot, or the primary DB cluster for the global database cluster, respectively. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + pattern: ^[a-zA-Z]{1}[a-zA-Z0-9_]*$ + minLength: 1 + MasterUserPassword: + description: |- + The master password for the DB instance. + If you specify the ``SourceDBClusterIdentifier``, ``SnapshotIdentifier``, or ``GlobalClusterIdentifier`` property, don't specify this property. The value is inherited from the source DB cluster, the snapshot, or the primary DB cluster for the global database cluster, respectively. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + MasterUserSecret: + $ref: '#/components/schemas/MasterUserSecret' + description: |- + The secret managed by RDS in AWS Secrets Manager for the master user password. + When you restore a DB cluster from a snapshot, Amazon RDS generates a new secret instead of reusing the secret specified in the ``SecretArn`` property. This ensures that the restored DB cluster is securely managed with a dedicated secret. To maintain consistent integration with your application, you might need to update resource configurations to reference the newly created secret. + For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide* and [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) in the *Amazon Aurora User Guide.* + MonitoringInterval: + description: |- + The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify ``0``. + If ``MonitoringRoleArn`` is specified, also set ``MonitoringInterval`` to a value other than ``0``. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + Valid Values: ``0 | 1 | 5 | 10 | 15 | 30 | 60`` + Default: ``0`` + type: integer + MonitoringRoleArn: + description: |- + The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is ``arn:aws:iam:123456789012:role/emaccess``. For information on creating a monitoring role, see [Setting up and enabling Enhanced Monitoring](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) in the *Amazon RDS User Guide*. + If ``MonitoringInterval`` is set to a value other than ``0``, supply a ``MonitoringRoleArn`` value. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + type: string + NetworkType: + description: |- + The network type of the DB cluster. + Valid values: + + ``IPV4`` + + ``DUAL`` + + The network type is determined by the ``DBSubnetGroup`` specified for the DB cluster. A ``DBSubnetGroup`` can support only the IPv4 protocol or the IPv4 and IPv6 protocols (``DUAL``). + For more information, see [Working with a DB instance in a VPC](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) in the *Amazon Aurora User Guide.* + Valid for: Aurora DB clusters only + type: string + PerformanceInsightsEnabled: + description: |- + Specifies whether to turn on Performance Insights for the DB cluster. + For more information, see [Using Amazon Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) in the *Amazon RDS User Guide*. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters type: boolean - EnableIAMDatabaseAuthentication: - description: A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. + PerformanceInsightsKmsKeyId: + description: |- + The AWS KMS key identifier for encryption of Performance Insights data. + The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. + If you don't specify a value for ``PerformanceInsightsKMSKeyId``, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS-account. Your AWS-account has a different default KMS key for each AWS-Region. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + type: string + PerformanceInsightsRetentionPeriod: + description: |- + The number of days to retain Performance Insights data. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + Valid Values: + + ``7`` + + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) + + ``731`` + + Default: ``7`` days + If you specify a retention period that isn't valid, such as ``94``, Amazon RDS issues an error. + type: integer + Port: + description: |- + The port number on which the DB instances in the DB cluster accept connections. + Default: + + When ``EngineMode`` is ``provisioned``, ``3306`` (for both Aurora MySQL and Aurora PostgreSQL) + + When ``EngineMode`` is ``serverless``: + + ``3306`` when ``Engine`` is ``aurora`` or ``aurora-mysql`` + + ``5432`` when ``Engine`` is ``aurora-postgresql`` + + + The ``No interruption`` on update behavior only applies to DB clusters. If you are updating a DB instance, see [Port](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-port) for the AWS::RDS::DBInstance resource. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: integer + PreferredBackupWindow: + description: |- + The daily time range during which automated backups are created. For more information, see [Backup Window](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) in the *Amazon Aurora User Guide.* + Constraints: + + Must be in the format ``hh24:mi-hh24:mi``. + + Must be in Universal Coordinated Time (UTC). + + Must not conflict with the preferred maintenance window. + + Must be at least 30 minutes. + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + PreferredMaintenanceWindow: + description: |- + The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). + Format: ``ddd:hh24:mi-ddd:hh24:mi`` + The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Adjusting the Preferred DB Cluster Maintenance Window](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) in the *Amazon Aurora User Guide.* + Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. + Constraints: Minimum 30-minute window. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + PubliclyAccessible: + description: |- + Specifies whether the DB cluster is publicly accessible. + When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it. + When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address. + Valid for Cluster Type: Multi-AZ DB clusters only + Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified. + If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies: + + If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private. + + If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public. + + If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies: + + If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private. + + If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public. type: boolean - DBClusterParameterGroupName: - default: default.aurora5.6 - description: The name of the DB cluster parameter group to associate with this DB cluster. + ReplicationSourceIdentifier: + description: |- + The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica. + Valid for: Aurora DB clusters only type: string - PerformanceInsightsEnabled: - description: A value that indicates whether to turn on Performance Insights for the DB cluster. + RestoreToTime: + description: |- + The date and time to restore the DB cluster to. + Valid Values: Value must be a time in Universal Coordinated Time (UTC) format + Constraints: + + Must be before the latest restorable time for the DB instance + + Must be specified if ``UseLatestRestorableTime`` parameter isn't provided + + Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled + + Can't be specified if the ``RestoreType`` parameter is ``copy-on-write`` + + This property must be used with ``SourceDBClusterIdentifier`` property. The resulting cluster will have the identifier that matches the value of the ``DBclusterIdentifier`` property. + Example: ``2015-03-07T23:45:00Z`` + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + RestoreType: + description: |- + The type of restore to be performed. You can specify one of the following values: + + ``full-copy`` - The new DB cluster is restored as a full copy of the source DB cluster. + + ``copy-on-write`` - The new DB cluster is restored as a clone of the source DB cluster. + + If you don't specify a ``RestoreType`` value, then the new DB cluster is restored as a full copy of the source DB cluster. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + ServerlessV2ScalingConfiguration: + description: |- + The scaling configuration of an Aurora Serverless V2 DB cluster. + This property is only supported for Aurora Serverless v2. For Aurora Serverless v1, Use the ``ScalingConfiguration`` property. + Valid for: Aurora Serverless v2 DB clusters only + $ref: '#/components/schemas/ServerlessV2ScalingConfiguration' + ScalingConfiguration: + description: |- + The scaling configuration of an Aurora Serverless v1 DB cluster. + This property is only supported for Aurora Serverless v1. For Aurora Serverless v2, Use the ``ServerlessV2ScalingConfiguration`` property. + Valid for: Aurora Serverless v1 DB clusters only + $ref: '#/components/schemas/ScalingConfiguration' + SnapshotIdentifier: + description: |- + The identifier for the DB snapshot or DB cluster snapshot to restore from. + You can use either the name or the Amazon Resource Name (ARN) to specify a DB cluster snapshot. However, you can use only the ARN to specify a DB snapshot. + After you restore a DB cluster with a ``SnapshotIdentifier`` property, you must specify the same ``SnapshotIdentifier`` property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed. However, if you don't specify the ``SnapshotIdentifier`` property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB cluster is restored from the specified ``SnapshotIdentifier`` property, and the original DB cluster is deleted. + If you specify the ``SnapshotIdentifier`` property to restore a DB cluster (as opposed to specifying it for DB cluster updates), then don't specify the following properties: + + ``GlobalClusterIdentifier`` + + ``MasterUsername`` + + ``MasterUserPassword`` + + ``ReplicationSourceIdentifier`` + + ``RestoreType`` + + ``SourceDBClusterIdentifier`` + + ``SourceRegion`` + + ``StorageEncrypted`` (for an encrypted snapshot) + + ``UseLatestRestorableTime`` + + Constraints: + + Must match the identifier of an existing Snapshot. + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + SourceDBClusterIdentifier: + description: |- + When restoring a DB cluster to a point in time, the identifier of the source DB cluster from which to restore. + Constraints: + + Must match the identifier of an existing DBCluster. + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + SourceRegion: + description: |- + The AWS Region which contains the source DB cluster when replicating a DB cluster. For example, ``us-east-1``. + Valid for: Aurora DB clusters only + type: string + StorageEncrypted: + description: |- + Indicates whether the DB cluster is encrypted. + If you specify the ``KmsKeyId`` property, then you must enable encryption. + If you specify the ``SourceDBClusterIdentifier`` property, don't specify this property. The value is inherited from the source DB cluster, and if the DB cluster is encrypted, the specified ``KmsKeyId`` property is used. + If you specify the ``SnapshotIdentifier`` and the specified snapshot is encrypted, don't specify this property. The value is inherited from the snapshot, and the specified ``KmsKeyId`` property is used. + If you specify the ``SnapshotIdentifier`` and the specified snapshot isn't encrypted, you can use this property to specify that the restored DB cluster is encrypted. Specify the ``KmsKeyId`` property for the KMS key to use for encryption. If you don't want the restored DB cluster to be encrypted, then don't set this property or set it to ``false``. + If you specify both the ``StorageEncrypted`` and ``SnapshotIdentifier`` properties without specifying the ``KmsKeyId`` property, then the restored DB cluster inherits the encryption settings from the DB snapshot that provide. + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: boolean - BackupRetentionPeriod: - default: 1 - description: The number of days for which automated backups are retained. + StorageThroughput: + description: '' type: integer - minimum: 1 - EnableCloudwatchLogsExports: - uniqueItems: true - description: The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide. + StorageType: + description: |- + The storage type to associate with the DB cluster. + For information on storage types for Aurora DB clusters, see [Storage configurations for Amazon Aurora DB clusters](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.StorageReliability.html#aurora-storage-type). For information on storage types for Multi-AZ DB clusters, see [Settings for creating Multi-AZ DB clusters](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/create-multi-az-db-cluster.html#create-multi-az-db-cluster-settings). + This setting is required to create a Multi-AZ DB cluster. + When specified for a Multi-AZ DB cluster, a value for the ``Iops`` parameter is required. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + Valid Values: + + Aurora DB clusters - ``aurora | aurora-iopt1`` + + Multi-AZ DB clusters - ``io1 | io2 | gp3`` + + Default: + + Aurora DB clusters - ``aurora`` + + Multi-AZ DB clusters - ``io1`` + + When you create an Aurora DB cluster with the storage type set to ``aurora-iopt1``, the storage type is returned in the response. The storage type isn't returned when you set it to ``aurora``. + type: string + Tags: type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: |- + Tags to assign to the DB cluster. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + items: + $ref: '#/components/schemas/Tag' + UseLatestRestorableTime: + description: |- + A value that indicates whether to restore the DB cluster to the latest restorable backup time. By default, the DB cluster is not restored to the latest restorable backup time. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: boolean + VpcSecurityGroupIds: + description: |- + A list of EC2 VPC security groups to associate with this DB cluster. + If you plan to update the resource, don't specify VPC security groups in a shared VPC. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + uniqueItems: true items: type: string + type: array x-stackql-resource-name: db_cluster - description: The AWS::RDS::DBCluster resource creates an Amazon Aurora DB cluster. + description: |- + The ``AWS::RDS::DBCluster`` resource creates an Amazon Aurora DB cluster or Multi-AZ DB cluster. + For more information about creating an Aurora DB cluster, see [Creating an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html) in the *Amazon Aurora User Guide*. + For more information about creating a Multi-AZ DB cluster, see [Creating a Multi-AZ DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/create-multi-az-db-cluster.html) in the *Amazon RDS User Guide*. + You can only create this resource in AWS Regions where Amazon Aurora or Multi-AZ DB clusters are supported. + *Updating DB clusters* + When properties labeled "*Update requires:* [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)" are updated, AWS CloudFormation first creates a replacement DB cluster, then changes references from other dependent resources to point to the replacement DB cluster, and finally deletes the old DB cluster. + We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you lose the data when AWS CloudFormation replaces your DB cluster. To preserve your data, perform the following procedure: + 1. Deactivate any applications that are using the DB cluster so that there's no activity on the DB instance. + 1. Create a snapshot of the DB cluster. For more information, see [Creating a DB cluster snapshot](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_CreateSnapshotCluster.html). + 1. If you want to restore your DB cluster using a DB cluster snapshot, modify the updated template with your DB cluster changes and add the ``SnapshotIdentifier`` property with the ID of the DB cluster snapshot that you want to use. + After you restore a DB cluster with a ``SnapshotIdentifier`` property, you must specify the same ``SnapshotIdentifier`` property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the DB cluster snapshot again, and the data in the database is not changed. However, if you don't specify the ``SnapshotIdentifier`` property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB cluster is restored from the specified ``SnapshotIdentifier`` property, and the original DB cluster is deleted. + 1. Update the stack. + + Currently, when you are updating the stack for an Aurora Serverless DB cluster, you can't include changes to any other properties when you specify one of the following properties: ``PreferredBackupWindow``, ``PreferredMaintenanceWindow``, and ``Port``. This limitation doesn't apply to provisioned DB clusters. + For more information about updating other properties of this resource, see ``ModifyDBCluster``. For more information about updating stacks, see [CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html). + *Deleting DB clusters* + The default ``DeletionPolicy`` for ``AWS::RDS::DBCluster`` resources is ``Snapshot``. For more information about how AWS CloudFormation deletes resources, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html). x-type-name: AWS::RDS::DBCluster x-stackql-primary-identifier: - DBClusterIdentifier x-create-only-properties: - AvailabilityZones + - ClusterScalabilityType - DBClusterIdentifier - DBSubnetGroupName - DBSystemId @@ -908,6 +1251,7 @@ components: - GlobalClusterIdentifier - MasterUsername x-write-only-properties: + - ClusterScalabilityType - DBInstanceParameterGroupName - MasterUserPassword - RestoreToTime @@ -922,13 +1266,19 @@ components: - Endpoint - Endpoint/Address - Endpoint/Port - - ReadEndpoint/Port - ReadEndpoint/Address - MasterUserSecret/SecretArn - StorageThroughput + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - rds:AddTagsToResource + - rds:RemoveTagsFromResource x-required-permissions: - read: - - rds:DescribeDBClusters create: - iam:CreateServiceLinkedRole - iam:PassRole @@ -937,6 +1287,8 @@ components: - rds:CreateDBCluster - rds:CreateDBInstance - rds:DescribeDBClusters + - rds:DescribeDBClusterSnapshots + - rds:DescribeDBSnapshots - rds:DescribeEvents - rds:EnableHttpEndpoint - rds:ModifyDBCluster @@ -944,6 +1296,8 @@ components: - rds:RestoreDBClusterToPointInTime - secretsmanager:CreateSecret - secretsmanager:TagResource + read: + - rds:DescribeDBClusters update: - ec2:DescribeSecurityGroups - iam:PassRole @@ -962,32 +1316,58 @@ components: - rds:RemoveTagsFromResource - secretsmanager:CreateSecret - secretsmanager:TagResource - list: - - rds:DescribeDBClusters delete: + - rds:AddTagsToResource - rds:CreateDBClusterSnapshot - rds:DeleteDBCluster - rds:DeleteDBInstance - rds:DescribeDBClusters - rds:DescribeGlobalClusters - rds:RemoveFromGlobalCluster + list: + - rds:DescribeDBClusters DBClusterParameterGroup: type: object properties: Description: - description: A friendly description for this DB cluster parameter group. + description: The description for the DB cluster parameter group. type: string Family: - description: The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a DB engine and engine version compatible with that DB cluster parameter group family. + description: |- + The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family. + *Aurora MySQL* + Example: ``aurora-mysql5.7``, ``aurora-mysql8.0`` + *Aurora PostgreSQL* + Example: ``aurora-postgresql14`` + *RDS for MySQL* + Example: ``mysql8.0`` + *RDS for PostgreSQL* + Example: ``postgres13`` + To list all of the available parameter group families for a DB engine, use the following command: + ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine `` + For example, to list all of the available parameter group families for the Aurora PostgreSQL DB engine, use the following command: + ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine aurora-postgresql`` + The output contains duplicates. + The following are the valid DB engine values: + + ``aurora-mysql`` + + ``aurora-postgresql`` + + ``mysql`` + + ``postgres`` type: string Parameters: - description: An array of parameters to be modified. A maximum of 20 parameters can be modified in a single request. + description: Provides a list of parameters for the DB cluster parameter group. type: object DBClusterParameterGroupName: type: string pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9])*$ + description: |- + The name of the DB cluster parameter group. + Constraints: + + Must not match the name of an existing DB cluster parameter group. + + This value is stored as a lowercase string. Tags: - description: The list of tags for the cluster parameter group. + description: Tags to assign to the DB cluster parameter group. type: array maxItems: 50 x-insertionOrder: false @@ -998,7 +1378,11 @@ components: - Family - Parameters x-stackql-resource-name: db_cluster_parameter_group - description: The AWS::RDS::DBClusterParameterGroup resource creates a new Amazon RDS DB cluster parameter group. For more information, see Managing an Amazon Aurora DB Cluster in the Amazon Aurora User Guide. + description: |- + The ``AWS::RDS::DBClusterParameterGroup`` resource creates a new Amazon RDS DB cluster parameter group. + For information about configuring parameters for Amazon Aurora DB clusters, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*. + If you apply a parameter group to a DB cluster, then its DB instances might need to reboot. This can result in an outage while the DB instances are rebooting. + If you apply a change to parameter group associated with a stopped DB cluster, then the updated stack waits until the DB cluster is started. x-type-name: AWS::RDS::DBClusterParameterGroup x-stackql-primary-identifier: - DBClusterParameterGroupName @@ -1010,6 +1394,15 @@ components: - Description - Family - Parameters + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - rds:AddTagsToResource + - rds:RemoveTagsFromResource x-required-permissions: create: - iam:CreateServiceLinkedRole @@ -1042,305 +1435,52 @@ components: list: - rds:DescribeDBClusterParameterGroups CertificateDetails: - description: |- - Returns the details of the DB instance’s server certificate. - For more information, see [Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) in the *Amazon RDS User Guide* and [Using SSL/TLS to encrypt a connection to a DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) in the *Amazon Aurora User Guide*. - additionalProperties: false type: object + additionalProperties: false properties: - ValidTill: - format: date-time - description: The expiration date of the DB instance’s server certificate. - type: string CAIdentifier: + type: string description: The CA identifier of the CA certificate used for the DB instance's server certificate. + ValidTill: type: string + format: date-time + description: The expiration date of the DB instance’s server certificate. + description: |- + The details of the DB instance’s server certificate. + For more information, see [Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) in the *Amazon RDS User Guide* and [Using SSL/TLS to encrypt a connection to a DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) in the *Amazon Aurora User Guide*. DBInstanceRole: - description: Information about an AWS Identity and Access Management (IAM) role that is associated with a DB instance. - additionalProperties: false type: object + additionalProperties: false properties: - RoleArn: - description: The Amazon Resource Name (ARN) of the IAM role that is associated with the DB instance. - type: string FeatureName: + type: string description: The name of the feature associated with the AWS Identity and Access Management (IAM) role. IAM roles that are associated with a DB instance grant permission for the DB instance to access other AWS services on your behalf. For the list of supported feature names, see the ``SupportedFeatureNames`` description in [DBEngineVersion](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DBEngineVersion.html) in the *Amazon RDS API Reference*. + RoleArn: type: string + description: The Amazon Resource Name (ARN) of the IAM role that is associated with the DB instance. required: - FeatureName - RoleArn + description: Information about an AWS Identity and Access Management (IAM) role that is associated with a DB instance. ProcessorFeature: - description: The ``ProcessorFeature`` property type specifies the processor features of a DB instance class status. - additionalProperties: false type: object + additionalProperties: false properties: - Value: - description: The value of a processor feature name. - type: string Name: - description: The name of the processor feature. Valid names are ``coreCount`` and ``threadsPerCore``. type: string enum: - coreCount - threadsPerCore + description: The name of the processor feature. Valid names are ``coreCount`` and ``threadsPerCore``. + Value: + type: string + description: The value of a processor feature. + description: The ``ProcessorFeature`` property type specifies the processor features of a DB instance class. DBInstance: type: object properties: - StorageEncrypted: - description: |- - A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. - If you specify the ``KmsKeyId`` property, then you must enable encryption. - If you specify the ``SourceDBInstanceIdentifier`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. - If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot. - *Amazon Aurora* - Not applicable. The encryption for DB instances is managed by the DB cluster. - type: boolean - Timezone: - description: The time zone of the DB instance. The time zone parameter is currently supported only by [RDS for Db2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-time-zone) and [RDS for SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone). - type: string - DBSystemId: - description: The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term "Oracle database instance" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to ``RDSCDB``. The Oracle SID is also the name of your CDB. - type: string - CertificateDetails: - description: The details of the DB instance's server certificate. - $ref: '#/components/schemas/CertificateDetails' - Port: - pattern: ^\d*$ - description: |- - The port number on which the database accepts connections. - *Amazon Aurora* - Not applicable. The port number is managed by the DB cluster. - *Db2* - Default value: ``50000`` - type: string - DBClusterIdentifier: - description: The identifier of the DB cluster that the instance will belong to. - type: string - StorageThroughput: - description: |- - Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. - This setting doesn't apply to RDS Custom or Amazon Aurora. - type: integer - DbiResourceId: - description: '' - type: string - MonitoringInterval: - default: 0 - description: |- - The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0. - If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than 0. - This setting doesn't apply to RDS Custom. - Valid Values: ``0, 1, 5, 10, 15, 30, 60`` - type: integer - DBParameterGroupName: - description: |- - The name of an existing DB parameter group or a reference to an [AWS::RDS::DBParameterGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html) resource created in the template. - To list all of the available DB parameter group names, use the following command: - ``aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text`` - If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot. - If you don't specify a value for ``DBParameterGroupName`` property, the default DB parameter group for the specified engine and engine version is used. - type: string - DBInstanceArn: - description: '' - type: string - Endpoint: - description: |- - The connection endpoint for the DB instance. - The endpoint might not be shown for instances with the status of ``creating``. - $ref: '#/components/schemas/Endpoint' - TdeCredentialArn: - description: '' - type: string - AutomaticBackupReplicationKmsKeyId: - description: The AWS KMS key identifier for encryption of the replicated automated backups. The KMS key ID is the Amazon Resource Name (ARN) for the KMS encryption key in the destination AWS-Region, for example, ``arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE``. - type: string - MultiAZ: - description: |- - Specifies whether the database instance is a Multi-AZ DB instance deployment. You can't set the ``AvailabilityZone`` parameter if the ``MultiAZ`` parameter is set to true. - For more information, see [Multi-AZ deployments for high availability](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html) in the *Amazon RDS User Guide*. - *Amazon Aurora* - Not applicable. Amazon Aurora storage is replicated across all of the Availability Zones and doesn't require the ``MultiAZ`` option to be set. - type: boolean - Engine: - description: |- - The name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region. - This property is required when creating a DB instance. - You can convert an Oracle database from the non-CDB architecture to the container database (CDB) architecture by updating the ``Engine`` value in your templates from ``oracle-ee`` to ``oracle-ee-cdb`` or from ``oracle-se2`` to ``oracle-se2-cdb``. Converting to the CDB architecture requires an interruption. - Valid Values: - + ``aurora-mysql`` (for Aurora MySQL DB instances) - + ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) - + ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) - + ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) - + ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) - + ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) - + ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) - + ``db2-ae`` - + ``db2-se`` - + ``mariadb`` - + ``mysql`` - + ``oracle-ee`` - + ``oracle-ee-cdb`` - + ``oracle-se2`` - + ``oracle-se2-cdb`` - + ``postgres`` - + ``sqlserver-ee`` - + ``sqlserver-se`` - + ``sqlserver-ex`` - + ``sqlserver-web`` - type: string - Tags: - uniqueItems: false - description: An optional array of key-value pairs to apply to this DB instance. - x-insertionOrder: false - type: array - items: - $ref: '#/components/schemas/Tag' - PerformanceInsightsKMSKeyId: - description: |- - The AWS KMS key identifier for encryption of Performance Insights data. - The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. - If you do not specify a value for ``PerformanceInsightsKMSKeyId``, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region. - For information about enabling Performance Insights, see [EnablePerformanceInsights](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableperformanceinsights). - anyOf: - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/Arn - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/KeyId - type: string - TdeCredentialPassword: - description: '' - type: string - SourceDBInstanceIdentifier: - description: |- - If you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see [Working with Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/USER_ReadRepl.html) in the *Amazon RDS User Guide*. - For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*. - The ``SourceDBInstanceIdentifier`` property determines whether a DB instance is a read replica. If you remove the ``SourceDBInstanceIdentifier`` property from your template and then update your stack, AWS CloudFormation promotes the Read Replica to a standalone DB instance. - + If you specify a source DB instance that uses VPC security groups, we recommend that you specify the ``VPCSecurityGroups`` property. If you don't specify the property, the read replica inherits the value of the ``VPCSecurityGroups`` property from the source DB when you create the replica. However, if you update the stack, AWS CloudFormation reverts the replica's ``VPCSecurityGroups`` property to the default value because it's not defined in the stack's template. This change might cause unexpected issues. - + Read replicas don't support deletion policies. AWS CloudFormation ignores any deletion policy that's associated with a read replica. - + If you specify ``SourceDBInstanceIdentifier``, don't specify the ``DBSnapshotIdentifier`` property. You can't create a read replica from a snapshot. - + Don't set the ``BackupRetentionPeriod``, ``DBName``, ``MasterUsername``, ``MasterUserPassword``, and ``PreferredBackupWindow`` properties. The database attributes are inherited from the source DB instance, and backups are disabled for read replicas. - + If the source DB instance is in a different region than the read replica, specify the source region in ``SourceRegion``, and specify an ARN for a valid DB instance in ``SourceDBInstanceIdentifier``. For more information, see [Constructing a Amazon RDS Amazon Resource Name (ARN)](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.ARN) in the *Amazon RDS User Guide*. - + For DB instances in Amazon Aurora clusters, don't specify this property. Amazon RDS automatically assigns writer and reader DB instances. - type: string - EngineVersion: - description: |- - The version number of the database engine to use. - For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. - The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. - *Amazon Aurora* - Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. - *Db2* - See [Amazon RDS for Db2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* - *MariaDB* - See [MariaDB on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* - *Microsoft SQL Server* - See [Microsoft SQL Server Versions on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) in the *Amazon RDS User Guide.* - *MySQL* - See [MySQL on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* - *Oracle* - See [Oracle Database Engine Release Notes](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) in the *Amazon RDS User Guide.* - *PostgreSQL* - See [Supported PostgreSQL Database Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions) in the *Amazon RDS User Guide.* - type: string - StorageType: - description: |- - The storage type to associate with the DB instance. - If you specify ``io1``, ``io2``, or ``gp3``, you must also include a value for the ``Iops`` parameter. - This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. - Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` - Default: ``io1``, if the ``Iops`` parameter is specified. Otherwise, ``gp2``. - type: string - KmsKeyId: - description: |- - The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef``. If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. - If you specify the ``SourceDBInstanceIdentifier`` property, the value is inherited from the source DB instance if the read replica is created in the same region. - If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. - If you specify the ``DBSnapshotIdentifier`` property, don't specify this property. The ``StorageEncrypted`` property value is inherited from the snapshot. If the DB instance is encrypted, the specified ``KmsKeyId`` property is also inherited from the snapshot. - If you specify ``DBSecurityGroups``, AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see [Using Amazon RDS with Amazon VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. - *Amazon Aurora* - Not applicable. The KMS key identifier is managed by the DB cluster. - anyOf: - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/KeyId - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/Arn - type: string - DBInstanceClass: - description: >- - The compute and memory capacity of the DB instance, for example ``db.m5.large``. Not all DB instance classes are available in all AWS-Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see [DB instance classes](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) in the *Amazon RDS User Guide* or [Aurora DB instance - classes](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html) in the *Amazon Aurora User Guide*. - type: string - DeleteAutomatedBackups: - description: |- - A value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted. - *Amazon Aurora* - Not applicable. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the DB cluster are not deleted. - type: boolean - PerformanceInsightsRetentionPeriod: - description: |- - The number of days to retain Performance Insights data. - This setting doesn't apply to RDS Custom DB instances. - Valid Values: - + ``7`` - + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) - + ``731`` - - Default: ``7`` days - If you specify a retention period that isn't valid, such as ``94``, Amazon RDS returns an error. - type: integer - AvailabilityZone: - description: |- - The Availability Zone (AZ) where the database will be created. For information on AWS-Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). - For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one. - Default: A random, system-chosen Availability Zone in the endpoint's AWS-Region. - Constraints: - + The ``AvailabilityZone`` parameter can't be specified if the DB instance is a Multi-AZ deployment. - + The specified Availability Zone must be in the same AWS-Region as the current endpoint. - - Example: ``us-east-1d`` - type: string - OptionGroupName: - description: |- - Indicates that the DB instance should be associated with the specified option group. - Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance. - type: string - EnablePerformanceInsights: - description: |- - Specifies whether to enable Performance Insights for the DB instance. For more information, see [Using Amazon Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) in the *Amazon RDS User Guide*. - This setting doesn't apply to RDS Custom DB instances. - type: boolean - AutoMinorVersionUpgrade: - description: A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically. - type: boolean - DBSubnetGroupName: - description: |- - A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. - If there's no DB subnet group, then the DB instance isn't a VPC DB instance. - For more information about using Amazon RDS in a VPC, see [Using Amazon RDS with Amazon Virtual Private Cloud (VPC)](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. - *Amazon Aurora* - Not applicable. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting. - type: string - DeletionProtection: - description: |- - A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see [Deleting a DB Instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). - *Amazon Aurora* - Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster``. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster. - type: boolean - DBInstanceIdentifier: - minLength: 1 - pattern: ^$|^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ - description: |- - A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). - For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*. - If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. - type: string - maxLength: 63 AllocatedStorage: - pattern: ^[0-9]*$ + type: string description: |- The amount of storage in gibibytes (GiB) to be initially allocated for the database instance. If any value is set in the ``Iops`` parameter, ``AllocatedStorage`` must be at least 100 GiB, which corresponds to the minimum Iops value of 1,000. If you increase the ``Iops`` value (in 1,000 IOPS increments), then you must also increase the ``AllocatedStorage`` value (in 100-GiB increments). @@ -1388,46 +1528,185 @@ components: + Magnetic storage (standard): + Enterprise and Standard editions: Must be an integer from 20 to 1024. + Web and Express editions: Must be an integer from 20 to 1024. - type: string - MasterUserPassword: + pattern: ^[0-9]*$ + AllowMajorVersionUpgrade: + type: boolean description: |- - The password for the master user. The password can include any printable ASCII character except "/", """, or "@". + A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. + Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version. + AssociatedRoles: + type: array + items: + $ref: '#/components/schemas/DBInstanceRole' + description: |- + The IAMlong (IAM) roles associated with the DB instance. *Amazon Aurora* - Not applicable. The password for the master user is managed by the DB cluster. - *RDS for Db2* - Must contain from 8 to 255 characters. - *RDS for MariaDB* - Constraints: Must contain from 8 to 41 characters. - *RDS for Microsoft SQL Server* - Constraints: Must contain from 8 to 128 characters. - *RDS for MySQL* - Constraints: Must contain from 8 to 41 characters. - *RDS for Oracle* - Constraints: Must contain from 8 to 30 characters. - *RDS for PostgreSQL* - Constraints: Must contain from 8 to 128 characters. + Not applicable. The associated roles are managed by the DB cluster. + AutoMinorVersionUpgrade: + type: boolean + description: A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically. + AutomaticBackupReplicationRegion: + type: string + description: The AWS-Region associated with the automated backup. + AutomaticBackupReplicationKmsKeyId: + type: string + description: The AWS KMS key identifier for encryption of the replicated automated backups. The KMS key ID is the Amazon Resource Name (ARN) for the KMS encryption key in the destination AWS-Region, for example, ``arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE``. + AvailabilityZone: type: string - MasterUserSecret: description: |- - The secret managed by RDS in AWS Secrets Manager for the master user password. - For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.* - $ref: '#/components/schemas/MasterUserSecret' - NcharCharacterSetName: + The Availability Zone (AZ) where the database will be created. For information on AWS-Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). + For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one. + Default: A random, system-chosen Availability Zone in the endpoint's AWS-Region. + Constraints: + + The ``AvailabilityZone`` parameter can't be specified if the DB instance is a Multi-AZ deployment. + + The specified Availability Zone must be in the same AWS-Region as the current endpoint. + + Example: ``us-east-1d`` + BackupRetentionPeriod: + type: integer + minimum: 0 description: |- - The name of the NCHAR character set for the Oracle DB instance. + The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups. + *Amazon Aurora* + Not applicable. The retention period for automated backups is managed by the DB cluster. + Default: 1 + Constraints: + + Must be a value from 0 to 35 + + Can't be set to 0 if the DB instance is a source to read replicas + CACertificateIdentifier: + type: string + description: |- + The identifier of the CA certificate for this DB instance. + For more information, see [Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) in the *Amazon RDS User Guide* and [Using SSL/TLS to encrypt a connection to a DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) in the *Amazon Aurora User Guide*. + CertificateDetails: + $ref: '#/components/schemas/CertificateDetails' + description: The details of the DB instance's server certificate. + CertificateRotationRestart: + type: boolean + description: |- + Specifies whether the DB instance is restarted when you rotate your SSL/TLS certificate. + By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted. + Set this parameter only if you are *not* using SSL/TLS to connect to the DB instance. + If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate: + + For more information about rotating your SSL/TLS certificate for RDS DB engines, see [Rotating Your SSL/TLS Certificate.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide.* + + For more information about rotating your SSL/TLS certificate for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide*. + This setting doesn't apply to RDS Custom DB instances. + CharacterSetName: type: string - SourceDBClusterIdentifier: description: |- - The identifier of the Multi-AZ DB cluster that will act as the source for the read replica. Each DB cluster can have up to 15 read replicas. + For supported engines, indicates that the DB instance should be associated with the specified character set. + *Amazon Aurora* + Not applicable. The character set is managed by the DB cluster. For more information, see [AWS::RDS::DBCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html). + CopyTagsToSnapshot: + type: boolean + description: |- + Specifies whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied. + This setting doesn't apply to Amazon Aurora DB instances. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting. + CustomIAMInstanceProfile: + type: string + description: |- + The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. + This setting is required for RDS Custom. Constraints: - + Must be the identifier of an existing Multi-AZ DB cluster. - + Can't be specified if the ``SourceDBInstanceIdentifier`` parameter is also specified. - + The specified DB cluster must have automatic backups enabled, that is, its backup retention period must be greater than 0. - + The source DB cluster must be in the same AWS-Region as the read replica. Cross-Region replication isn't supported. + + The profile must exist in your account. + + The profile must have an IAM role that Amazon EC2 has permissions to assume. + + The instance profile name and the associated IAM role name must start with the prefix ``AWSRDSCustom``. + + For the list of permissions required for the IAM role, see [Configure IAM and your VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) in the *Amazon RDS User Guide*. + DatabaseInsightsMode: + description: '' + type: string + DBClusterIdentifier: + type: string + description: |- + The identifier of the DB cluster that this DB instance will belong to. + This setting doesn't apply to RDS Custom DB instances. + DBClusterSnapshotIdentifier: + type: string + description: |- + The identifier for the Multi-AZ DB cluster snapshot to restore from. + For more information on Multi-AZ DB clusters, see [Multi-AZ DB cluster deployments](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) in the *Amazon RDS User Guide*. + Constraints: + + Must match the identifier of an existing Multi-AZ DB cluster snapshot. + + Can't be specified when ``DBSnapshotIdentifier`` is specified. + + Must be specified when ``DBSnapshotIdentifier`` isn't specified. + + If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the ``DBClusterSnapshotIdentifier`` must be the ARN of the shared snapshot. + + Can't be the identifier of an Aurora DB cluster snapshot. + DBInstanceArn: + type: string + description: '' + DBInstanceClass: + type: string + description: >- + The compute and memory capacity of the DB instance, for example ``db.m5.large``. Not all DB instance classes are available in all AWS-Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see [DB instance classes](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) in the *Amazon RDS User Guide* or [Aurora DB instance + classes](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html) in the *Amazon Aurora User Guide*. + DBInstanceIdentifier: + type: string + pattern: ^$|^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + minLength: 1 + maxLength: 63 + description: |- + A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). + For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*. + If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + DbiResourceId: + type: string + description: '' + DBName: + type: string + description: |- + The meaning of this parameter differs according to the database engine you use. + If you specify the ``DBSnapshotIdentifier`` property, this property only applies to RDS for Oracle. + *Amazon Aurora* + Not applicable. The database name is managed by the DB cluster. + *Db2* + The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. + Constraints: + + Must contain 1 to 64 letters or numbers. + + Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). + + Can't be a word reserved by the specified database engine. + + *MySQL* + The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. + Constraints: + + Must contain 1 to 64 letters or numbers. + + Can't be a word reserved by the specified database engine + + *MariaDB* + The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. + Constraints: + + Must contain 1 to 64 letters or numbers. + + Can't be a word reserved by the specified database engine + + *PostgreSQL* + The name of the database to create when the DB instance is created. If this parameter is not specified, the default ``postgres`` database is created in the DB instance. + Constraints: + + Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). + + Must contain 1 to 63 characters. + + Can't be a word reserved by the specified database engine + + *Oracle* + The Oracle System ID (SID) of the created DB instance. If you specify ``null``, the default value ``ORCL`` is used. You can't specify the string NULL, or any other reserved word, for ``DBName``. + Default: ``ORCL`` + Constraints: + + Can't be longer than 8 characters + + *SQL Server* + Not applicable. Must be null. + DBParameterGroupName: type: string + description: |- + The name of an existing DB parameter group or a reference to an [AWS::RDS::DBParameterGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html) resource created in the template. + To list all of the available DB parameter group names, use the following command: + ``aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text`` + If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot. + If you don't specify a value for ``DBParameterGroupName`` property, the default DB parameter group for the specified engine and engine version is used. DBSecurityGroups: + type: array uniqueItems: true + items: + type: string description: |- A list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template. If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups. @@ -1454,145 +1733,386 @@ components: + ``PreferredMaintenanceWindow`` All other properties are ignored. Specify a virtual private cloud (VPC) security group if you want to submit other properties, such as ``StorageType``, ``StorageEncrypted``, or ``KmsKeyId``. If you're already using the ``DBSecurityGroups`` property, you can't use these other properties by updating your DB instance to use a VPC security group. You must recreate the DB instance. + DBSnapshotIdentifier: + type: string + description: |- + The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. + By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. + Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference*. + After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. + If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: + + ``CharacterSetName`` + + ``DBClusterIdentifier`` + + ``DBName`` + + ``KmsKeyId`` + + ``MasterUsername`` + + ``MasterUserPassword`` + + ``PromotionTier`` + + ``SourceDBInstanceIdentifier`` + + ``SourceRegion`` + + ``StorageEncrypted`` (for an unencrypted snapshot) + + ``Timezone`` + + *Amazon Aurora* + Not applicable. Snapshot restore is managed by the DB cluster. + DBSubnetGroupName: + type: string + description: |- + A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. + If there's no DB subnet group, then the DB instance isn't a VPC DB instance. + For more information about using Amazon RDS in a VPC, see [Amazon VPC and Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. + This setting doesn't apply to Amazon Aurora DB instances. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting. + DBSystemId: + type: string + description: The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term "Oracle database instance" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to ``RDSCDB``. The Oracle SID is also the name of your CDB. + DedicatedLogVolume: + type: boolean + description: Indicates whether the DB instance has a dedicated log volume (DLV) enabled. + DeleteAutomatedBackups: + type: boolean + description: |- + A value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted. + *Amazon Aurora* + Not applicable. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the DB cluster are not deleted. + DeletionProtection: + type: boolean + description: |- + Specifies whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see [Deleting a DB Instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). + This setting doesn't apply to Amazon Aurora DB instances. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster``. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster. + Domain: + type: string + description: |- + The Active Directory directory ID to create the DB instance in. Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. + For more information, see [Kerberos Authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) in the *Amazon RDS User Guide*. + DomainAuthSecretArn: + type: string + description: |- + The ARN for the Secrets Manager secret with the credentials for the user joining the domain. + Example: ``arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456`` + DomainDnsIps: type: array items: - relationshipRef: - typeName: AWS::RDS::DBSecurityGroup - propertyPath: /properties/Id type: string - MasterUsername: - minLength: 1 - pattern: ^[a-zA-Z][a-zA-Z0-9_]{0,127}$ description: |- - The master user name for the DB instance. - If you specify the ``SourceDBInstanceIdentifier`` or ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the source DB instance or snapshot. - When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name. - *Amazon Aurora* - Not applicable. The name for the master user is managed by the DB cluster. - *RDS for Db2* + The IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers. Constraints: - + Must be 1 to 16 letters or numbers. - + First character must be a letter. - + Can't be a reserved word for the chosen database engine. + + Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. - *RDS for MariaDB* + Example: ``123.124.125.126,234.235.236.237`` + DomainFqdn: + type: string + description: |- + The fully qualified domain name (FQDN) of an Active Directory domain. Constraints: - + Must be 1 to 16 letters or numbers. - + Can't be a reserved word for the chosen database engine. + + Can't be longer than 64 characters. - *RDS for Microsoft SQL Server* + Example: ``mymanagedADtest.mymanagedAD.mydomain`` + DomainIAMRoleName: + type: string + description: |- + The name of the IAM role to use when making API calls to the Directory Service. + This setting doesn't apply to the following DB instances: + + Amazon Aurora (The domain is managed by the DB cluster.) + + RDS Custom + DomainOu: + type: string + description: |- + The Active Directory organizational unit for your DB instance to join. Constraints: - + Must be 1 to 128 letters or numbers. - + First character must be a letter. - + Can't be a reserved word for the chosen database engine. + + Must be in the distinguished name format. + + Can't be longer than 64 characters. + + Example: ``OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain`` + EnableCloudwatchLogsExports: + type: array + items: + type: string + description: |- + The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see [Publishing Database Logs to Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) in the *Amazon Relational Database Service User Guide*. + *Amazon Aurora* + Not applicable. CloudWatch Logs exports are managed by the DB cluster. + *Db2* + Valid values: ``diag.log``, ``notify.log`` + *MariaDB* + Valid values: ``audit``, ``error``, ``general``, ``slowquery`` + *Microsoft SQL Server* + Valid values: ``agent``, ``error`` + *MySQL* + Valid values: ``audit``, ``error``, ``general``, ``slowquery`` + *Oracle* + Valid values: ``alert``, ``audit``, ``listener``, ``trace``, ``oemagent`` + *PostgreSQL* + Valid values: ``postgresql``, ``upgrade`` + EnableIAMDatabaseAuthentication: + type: boolean + description: |- + A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. + This property is supported for RDS for MariaDB, RDS for MySQL, and RDS for PostgreSQL. For more information, see [IAM Database Authentication for MariaDB, MySQL, and PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) in the *Amazon RDS User Guide.* + *Amazon Aurora* + Not applicable. Mapping AWS IAM accounts to database accounts is managed by the DB cluster. + EnablePerformanceInsights: + type: boolean + description: |- + Specifies whether to enable Performance Insights for the DB instance. For more information, see [Using Amazon Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) in the *Amazon RDS User Guide*. + This setting doesn't apply to RDS Custom DB instances. + Endpoint: + $ref: '#/components/schemas/Endpoint' + description: |- + The connection endpoint for the DB instance. + The endpoint might not be shown for instances with the status of ``creating``. + Engine: + type: string + description: |- + The name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region. + This property is required when creating a DB instance. + You can convert an Oracle database from the non-CDB architecture to the container database (CDB) architecture by updating the ``Engine`` value in your templates from ``oracle-ee`` to ``oracle-ee-cdb`` or from ``oracle-se2`` to ``oracle-se2-cdb``. Converting to the CDB architecture requires an interruption. + Valid Values: + + ``aurora-mysql`` (for Aurora MySQL DB instances) + + ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) + + ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) + + ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) + + ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) + + ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) + + ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) + + ``db2-ae`` + + ``db2-se`` + + ``mariadb`` + + ``mysql`` + + ``oracle-ee`` + + ``oracle-ee-cdb`` + + ``oracle-se2`` + + ``oracle-se2-cdb`` + + ``postgres`` + + ``sqlserver-ee`` + + ``sqlserver-se`` + + ``sqlserver-ex`` + + ``sqlserver-web`` + EngineLifecycleSupport: + type: string + description: |- + The life cycle type for this DB instance. + By default, this value is set to ``open-source-rds-extended-support``, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to ``open-source-rds-extended-support-disabled``. In this case, creating the DB instance will fail if the DB major version is past its end of standard support date. + This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster. + You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see [Using Amazon RDS Extended Support](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) in the *Amazon RDS User Guide*. + Valid Values: ``open-source-rds-extended-support | open-source-rds-extended-support-disabled`` + Default: ``open-source-rds-extended-support`` + EngineVersion: + type: string + description: |- + The version number of the database engine to use. + For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. + The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. + *Amazon Aurora* + Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. + *Db2* + See [Amazon RDS for Db2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* + *MariaDB* + See [MariaDB on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* + *Microsoft SQL Server* + See [Microsoft SQL Server Versions on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) in the *Amazon RDS User Guide.* + *MySQL* + See [MySQL on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* + *Oracle* + See [Oracle Database Engine Release Notes](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) in the *Amazon RDS User Guide.* + *PostgreSQL* + See [Supported PostgreSQL Database Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions) in the *Amazon RDS User Guide.* + ManageMasterUserPassword: + type: boolean + description: |- + Specifies whether to manage the master user password with AWS Secrets Manager. + For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.* + Constraints: + + Can't manage the master user password with AWS Secrets Manager if ``MasterUserPassword`` is specified. + Iops: + type: integer + description: |- + The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. + If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see [Amazon RDS Provisioned IOPS Storage to Improve Performance](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS) in the *Amazon RDS User Guide*. + If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property. + Constraints: + + For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance. + + For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance. + KmsKeyId: + type: string + description: |- + The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef``. If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. + If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. However, if the source DB instance is in a different AWS Region, you must specify a KMS key ID. + If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup, and if the automated backup is encrypted, the specified ``KmsKeyId`` property is used. + If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. + If you specify the ``DBSnapshotIdentifier`` property, don't specify this property. The ``StorageEncrypted`` property value is inherited from the snapshot. If the DB instance is encrypted, the specified ``KmsKeyId`` property is also inherited from the snapshot. + If you specify ``DBSecurityGroups``, AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see [Using Amazon RDS with Amazon VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. + *Amazon Aurora* + Not applicable. The KMS key identifier is managed by the DB cluster. + LicenseModel: + type: string + description: |- + License model information for this DB instance. + Valid Values: + + Aurora MySQL - ``general-public-license`` + + Aurora PostgreSQL - ``postgresql-license`` + + RDS for Db2 - ``bring-your-own-license``. For more information about RDS for Db2 licensing, see [](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html) in the *Amazon RDS User Guide.* + + RDS for MariaDB - ``general-public-license`` + + RDS for Microsoft SQL Server - ``license-included`` + + RDS for MySQL - ``general-public-license`` + + RDS for Oracle - ``bring-your-own-license`` or ``license-included`` + + RDS for PostgreSQL - ``postgresql-license`` + + If you've specified ``DBSecurityGroups`` and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability. + MasterUsername: + type: string + pattern: ^[a-zA-Z][a-zA-Z0-9_]{0,127}$ + description: |- + The master user name for the DB instance. + If you specify the ``SourceDBInstanceIdentifier`` or ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the source DB instance or snapshot. + When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name. + *Amazon Aurora* + Not applicable. The name for the master user is managed by the DB cluster. + *RDS for Db2* + Constraints: + + Must be 1 to 16 letters or numbers. + + First character must be a letter. + + Can't be a reserved word for the chosen database engine. + + *RDS for MariaDB* + Constraints: + + Must be 1 to 16 letters or numbers. + + Can't be a reserved word for the chosen database engine. + + *RDS for Microsoft SQL Server* + Constraints: + + Must be 1 to 128 letters or numbers. + + First character must be a letter. + + Can't be a reserved word for the chosen database engine. *RDS for MySQL* Constraints: - + Must be 1 to 16 letters or numbers. + + Must be 1 to 16 letters or numbers. + First character must be a letter. + Can't be a reserved word for the chosen database engine. *RDS for Oracle* Constraints: - + Must be 1 to 30 letters or numbers. + + Must be 1 to 30 letters or numbers. + First character must be a letter. + Can't be a reserved word for the chosen database engine. *RDS for PostgreSQL* Constraints: - + Must be 1 to 63 letters or numbers. + + Must be 1 to 63 letters or numbers. + First character must be a letter. + Can't be a reserved word for the chosen database engine. - type: string + minLength: 1 maxLength: 128 + MasterUserPassword: + type: string + description: |- + The password for the master user. The password can include any printable ASCII character except "/", """, or "@". + *Amazon Aurora* + Not applicable. The password for the master user is managed by the DB cluster. + *RDS for Db2* + Must contain from 8 to 255 characters. + *RDS for MariaDB* + Constraints: Must contain from 8 to 41 characters. + *RDS for Microsoft SQL Server* + Constraints: Must contain from 8 to 128 characters. + *RDS for MySQL* + Constraints: Must contain from 8 to 41 characters. + *RDS for Oracle* + Constraints: Must contain from 8 to 30 characters. + *RDS for PostgreSQL* + Constraints: Must contain from 8 to 128 characters. + MasterUserSecret: + $ref: '#/components/schemas/MasterUserSecret' + description: |- + The secret managed by RDS in AWS Secrets Manager for the master user password. + For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.* MaxAllocatedStorage: + type: integer description: |- The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance. For more information about this setting, including limitations that apply to it, see [Managing capacity automatically with Amazon RDS storage autoscaling](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) in the *Amazon RDS User Guide*. This setting doesn't apply to the following DB instances: + Amazon Aurora (Storage is managed by the DB cluster.) + RDS Custom + MonitoringInterval: type: integer - PromotionTier: - default: 1 description: |- - The order of priority in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see [Fault Tolerance for an Aurora DB Cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) in the *Amazon Aurora User Guide*. + The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify ``0``. + If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than ``0``. This setting doesn't apply to RDS Custom DB instances. - Default: ``1`` - Valid Values: ``0 - 15`` - type: integer - minimum: 0 - PubliclyAccessible: - description: |- - Indicates whether the DB instance is an internet-facing instance. If you specify true, AWS CloudFormation creates an instance with a publicly resolvable DNS name, which resolves to a public IP address. If you specify false, AWS CloudFormation creates an internal instance with a DNS name that resolves to a private IP address. - The default behavior value depends on your VPC setup and the database subnet group. For more information, see the ``PubliclyAccessible`` parameter in the [CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) in the *Amazon RDS API Reference*. - type: boolean - Domain: - description: |- - The Active Directory directory ID to create the DB instance in. Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. - For more information, see [Kerberos Authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) in the *Amazon RDS User Guide*. - type: string - DomainFqdn: - description: |- - The fully qualified domain name (FQDN) of an Active Directory domain. - Constraints: - + Can't be longer than 64 characters. - - Example: ``mymanagedADtest.mymanagedAD.mydomain`` - type: string - CharacterSetName: - description: |- - For supported engines, indicates that the DB instance should be associated with the specified character set. - *Amazon Aurora* - Not applicable. The character set is managed by the DB cluster. For more information, see [AWS::RDS::DBCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html). - type: string + Valid Values: ``0 | 1 | 5 | 10 | 15 | 30 | 60`` + Default: ``0`` MonitoringRoleArn: + type: string description: |- The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, ``arn:aws:iam:123456789012:role/emaccess``. For information on creating a monitoring role, see [Setting Up and Enabling Enhanced Monitoring](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) in the *Amazon RDS User Guide*. If ``MonitoringInterval`` is set to a value other than ``0``, then you must supply a ``MonitoringRoleArn`` value. This setting doesn't apply to RDS Custom DB instances. + MultiAZ: + type: boolean + description: |- + Specifies whether the DB instance is a Multi-AZ deployment. You can't set the ``AvailabilityZone`` parameter if the DB instance is a Multi-AZ deployment. + This setting doesn't apply to the following DB instances: + + Amazon Aurora (DB instance Availability Zones (AZs) are managed by the DB cluster.) + + RDS Custom + NcharCharacterSetName: type: string - AssociatedRoles: description: |- - The IAMlong (IAM) roles associated with the DB instance. - *Amazon Aurora* - Not applicable. The associated roles are managed by the DB cluster. - type: array - items: - $ref: '#/components/schemas/DBInstanceRole' - DomainOu: + The name of the NCHAR character set for the Oracle DB instance. + This setting doesn't apply to RDS Custom DB instances. + NetworkType: description: |- - The Active Directory organizational unit for your DB instance to join. - Constraints: - + Must be in the distinguished name format. - + Can't be longer than 64 characters. + The network type of the DB instance. + Valid values: + + ``IPV4`` + + ``DUAL`` - Example: ``OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain`` + The network type is determined by the ``DBSubnetGroup`` specified for the DB instance. A ``DBSubnetGroup`` can support only the IPv4 protocol or the IPv4 and IPv6 protocols (``DUAL``). + For more information, see [Working with a DB instance in a VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) in the *Amazon RDS User Guide.* + type: string + OptionGroupName: type: string - DBClusterSnapshotIdentifier: description: |- - The identifier for the Multi-AZ DB cluster snapshot to restore from. - For more information on Multi-AZ DB clusters, see [Multi-AZ DB cluster deployments](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) in the *Amazon RDS User Guide*. - Constraints: - + Must match the identifier of an existing Multi-AZ DB cluster snapshot. - + Can't be specified when ``DBSnapshotIdentifier`` is specified. - + Must be specified when ``DBSnapshotIdentifier`` isn't specified. - + If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the ``DBClusterSnapshotIdentifier`` must be the ARN of the shared snapshot. - + Can't be the identifier of an Aurora DB cluster snapshot. + Indicates that the DB instance should be associated with the specified option group. + Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance. + PerformanceInsightsKMSKeyId: type: string - SourceDBInstanceAutomatedBackupsArn: description: |- - The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, ``arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE``. - This setting doesn't apply to RDS Custom. + The AWS KMS key identifier for encryption of Performance Insights data. + The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. + If you do not specify a value for ``PerformanceInsightsKMSKeyId``, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region. + For information about enabling Performance Insights, see [EnablePerformanceInsights](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableperformanceinsights). + PerformanceInsightsRetentionPeriod: + type: integer + description: |- + The number of days to retain Performance Insights data. + This setting doesn't apply to RDS Custom DB instances. + Valid Values: + + ``7`` + + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) + + ``731`` + + Default: ``7`` days + If you specify a retention period that isn't valid, such as ``94``, Amazon RDS returns an error. + Port: type: string - ProcessorFeatures: description: |- - The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. - This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. - type: array - items: - $ref: '#/components/schemas/ProcessorFeature' + The port number on which the database accepts connections. + This setting doesn't apply to Aurora DB instances. The port number is managed by the cluster. + Valid Values: ``1150-65535`` + Default: + + RDS for Db2 - ``50000`` + + RDS for MariaDB - ``3306`` + + RDS for Microsoft SQL Server - ``1433`` + + RDS for MySQL - ``3306`` + + RDS for Oracle - ``1521`` + + RDS for PostgreSQL - ``5432`` + + Constraints: + + For RDS for Microsoft SQL Server, the value can't be ``1234``, ``1434``, ``3260``, ``3343``, ``3389``, ``47001``, or ``49152-49156``. + pattern: ^\d*$ PreferredBackupWindow: + type: string description: |- The daily time range during which automated backups are created if automated backups are enabled, using the ``BackupRetentionPeriod`` parameter. For more information, see [Backup Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) in the *Amazon RDS User Guide.* Constraints: @@ -1603,54 +2123,34 @@ components: *Amazon Aurora* Not applicable. The daily time range for creating automated backups is managed by the DB cluster. + PreferredMaintenanceWindow: type: string - RestoreTime: - format: date-time - description: |- - The date and time to restore from. - Constraints: - + Must be a time in Universal Coordinated Time (UTC) format. - + Must be before the latest restorable time for the DB instance. - + Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled. - - Example: ``2009-09-07T23:45:00Z`` - type: string - CertificateRotationRestart: description: |- - Specifies whether the DB instance is restarted when you rotate your SSL/TLS certificate. - By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted. - Set this parameter only if you are *not* using SSL/TLS to connect to the DB instance. - If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate: - + For more information about rotating your SSL/TLS certificate for RDS DB engines, see [Rotating Your SSL/TLS Certificate.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide.* - + For more information about rotating your SSL/TLS certificate for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide*. - - This setting doesn't apply to RDS Custom DB instances. - type: boolean - NetworkType: + The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). + Format: ``ddd:hh24:mi-ddd:hh24:mi`` + The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Adjusting the Preferred DB Instance Maintenance Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) in the *Amazon RDS User Guide.* + This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. + Constraints: Minimum 30-minute window. + ProcessorFeatures: + type: array + items: + $ref: '#/components/schemas/ProcessorFeature' description: |- - The network type of the DB instance. - Valid values: - + ``IPV4`` - + ``DUAL`` - - The network type is determined by the ``DBSubnetGroup`` specified for the DB instance. A ``DBSubnetGroup`` can support only the IPv4 protocol or the IPv4 and IPv6 protocols (``DUAL``). - For more information, see [Working with a DB instance in a VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) in the *Amazon RDS User Guide.* - type: string - DedicatedLogVolume: - description: Indicates whether the DB instance has a dedicated log volume (DLV) enabled. - type: boolean - CopyTagsToSnapshot: + The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. + This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. + PromotionTier: + type: integer + minimum: 0 description: |- - Specifies whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied. - This setting doesn't apply to Amazon Aurora DB instances. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting. + The order of priority in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see [Fault Tolerance for an Aurora DB Cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) in the *Amazon Aurora User Guide*. + This setting doesn't apply to RDS Custom DB instances. + Default: ``1`` + Valid Values: ``0 - 15`` + PubliclyAccessible: type: boolean - DomainIAMRoleName: description: |- - The name of the IAM role to use when making API calls to the Directory Service. - This setting doesn't apply to the following DB instances: - + Amazon Aurora (The domain is managed by the DB cluster.) - + RDS Custom - type: string + Indicates whether the DB instance is an internet-facing instance. If you specify true, AWS CloudFormation creates an instance with a publicly resolvable DNS name, which resolves to a public IP address. If you specify false, AWS CloudFormation creates an internal instance with a DNS name that resolves to a private IP address. + The default behavior value depends on your VPC setup and the database subnet group. For more information, see the ``PubliclyAccessible`` parameter in the [CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) in the *Amazon RDS API Reference*. ReplicaMode: description: |- The open mode of an Oracle read replica. For more information, see [Working with Oracle Read Replicas for Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) in the *Amazon RDS User Guide*. @@ -1658,82 +2158,105 @@ components: Default: ``open-read-only`` Valid Values: ``open-read-only`` or ``mounted`` type: string - LicenseModel: + RestoreTime: description: |- - License model information for this DB instance. - Valid Values: - + Aurora MySQL - ``general-public-license`` - + Aurora PostgreSQL - ``postgresql-license`` - + RDS for Db2 - ``bring-your-own-license``. For more information about RDS for Db2 licensing, see [](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html) in the *Amazon RDS User Guide.* - + RDS for MariaDB - ``general-public-license`` - + RDS for Microsoft SQL Server - ``license-included`` - + RDS for MySQL - ``general-public-license`` - + RDS for Oracle - ``bring-your-own-license`` or ``license-included`` - + RDS for PostgreSQL - ``postgresql-license`` + The date and time to restore from. This parameter applies to point-in-time recovery. For more information, see [Restoring a DB instance to a specified time](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIT.html) in the in the *Amazon RDS User Guide*. + Constraints: + + Must be a time in Universal Coordinated Time (UTC) format. + + Must be before the latest restorable time for the DB instance. + + Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled. - If you've specified ``DBSecurityGroups`` and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability. + Example: ``2009-09-07T23:45:00Z`` type: string - DomainDnsIps: + format: date-time + SourceDBClusterIdentifier: description: |- - The IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers. + The identifier of the Multi-AZ DB cluster that will act as the source for the read replica. Each DB cluster can have up to 15 read replicas. Constraints: - + Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. - - Example: ``123.124.125.126,234.235.236.237`` - type: array - items: - type: string - PreferredMaintenanceWindow: + + Must be the identifier of an existing Multi-AZ DB cluster. + + Can't be specified if the ``SourceDBInstanceIdentifier`` parameter is also specified. + + The specified DB cluster must have automatic backups enabled, that is, its backup retention period must be greater than 0. + + The source DB cluster must be in the same AWS-Region as the read replica. Cross-Region replication isn't supported. + type: string + SourceDbiResourceId: + type: string + description: The resource ID of the source DB instance from which to restore. + SourceDBInstanceAutomatedBackupsArn: + type: string description: |- - The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). - Format: ``ddd:hh24:mi-ddd:hh24:mi`` - The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Adjusting the Preferred DB Instance Maintenance Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) in the *Amazon RDS User Guide.* - This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. - Constraints: Minimum 30-minute window. + The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, ``arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE``. + This setting doesn't apply to RDS Custom. + SourceDBInstanceIdentifier: type: string - Iops: description: |- - The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. - If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see [Amazon RDS Provisioned IOPS Storage to Improve Performance](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS) in the *Amazon RDS User Guide*. - If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property. - Constraints: - + For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance. - + For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance. - type: integer + If you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see [Working with Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/USER_ReadRepl.html) in the *Amazon RDS User Guide*. + For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*. + The ``SourceDBInstanceIdentifier`` property determines whether a DB instance is a read replica. If you remove the ``SourceDBInstanceIdentifier`` property from your template and then update your stack, AWS CloudFormation promotes the read replica to a standalone DB instance. + If you specify the ``UseLatestRestorableTime`` or ``RestoreTime`` properties in conjunction with the ``SourceDBInstanceIdentifier`` property, RDS restores the DB instance to the requested point in time, thereby creating a new DB instance. + + If you specify a source DB instance that uses VPC security groups, we recommend that you specify the ``VPCSecurityGroups`` property. If you don't specify the property, the read replica inherits the value of the ``VPCSecurityGroups`` property from the source DB when you create the replica. However, if you update the stack, AWS CloudFormation reverts the replica's ``VPCSecurityGroups`` property to the default value because it's not defined in the stack's template. This change might cause unexpected issues. + + Read replicas don't support deletion policies. AWS CloudFormation ignores any deletion policy that's associated with a read replica. + + If you specify ``SourceDBInstanceIdentifier``, don't specify the ``DBSnapshotIdentifier`` property. You can't create a read replica from a snapshot. + + Don't set the ``BackupRetentionPeriod``, ``DBName``, ``MasterUsername``, ``MasterUserPassword``, and ``PreferredBackupWindow`` properties. The database attributes are inherited from the source DB instance, and backups are disabled for read replicas. + + If the source DB instance is in a different region than the read replica, specify the source region in ``SourceRegion``, and specify an ARN for a valid DB instance in ``SourceDBInstanceIdentifier``. For more information, see [Constructing a Amazon RDS Amazon Resource Name (ARN)](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.ARN) in the *Amazon RDS User Guide*. + + For DB instances in Amazon Aurora clusters, don't specify this property. Amazon RDS automatically assigns writer and reader DB instances. SourceRegion: - description: The ID of the region that contains the source DB instance for the read replica. type: string - UseLatestRestorableTime: - description: |- - Specifies whether the DB instance is restored from the latest backup time. By default, the DB instance isn't restored from the latest backup time. - Constraints: - + Can't be specified if the ``RestoreTime`` parameter is provided. + description: The ID of the region that contains the source DB instance for the read replica. + StorageEncrypted: type: boolean - CACertificateIdentifier: description: |- - The identifier of the CA certificate for this DB instance. - For more information, see [Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) in the *Amazon RDS User Guide* and [Using SSL/TLS to encrypt a connection to a DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) in the *Amazon Aurora User Guide*. + A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. + If you specify the ``KmsKeyId`` property, then you must enable encryption. + If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. + If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup. + If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot. + *Amazon Aurora* + Not applicable. The encryption for DB instances is managed by the DB cluster. + StorageType: type: string - ManageMasterUserPassword: description: |- - Specifies whether to manage the master user password with AWS Secrets Manager. - For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.* - Constraints: - + Can't manage the master user password with AWS Secrets Manager if ``MasterUserPassword`` is specified. - type: boolean - SourceDbiResourceId: - description: The resource ID of the source DB instance from which to restore. - type: string - DomainAuthSecretArn: + The storage type to associate with the DB instance. + If you specify ``io1``, ``io2``, or ``gp3``, you must also include a value for the ``Iops`` parameter. + This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. + Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` + Default: ``io1``, if the ``Iops`` parameter is specified. Otherwise, ``gp2``. + StorageThroughput: + type: integer description: |- - The ARN for the Secrets Manager secret with the credentials for the user joining the domain. - Example: ``arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456`` + Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. + This setting doesn't apply to RDS Custom or Amazon Aurora. + Tags: + type: array + x-insertionOrder: false + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + description: Tags to assign to the DB instance. + TdeCredentialArn: type: string - AutomaticBackupReplicationRegion: - description: The destination region for the backup replication of the DB instance. For more info, see [Replicating automated backups to another Region](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html) in the *Amazon RDS User Guide*. + description: '' + TdeCredentialPassword: + type: string + description: '' + Timezone: type: string + description: The time zone of the DB instance. The time zone parameter is currently supported only by [RDS for Db2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-time-zone) and [RDS for SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone). + UseDefaultProcessorFeatures: + type: boolean + description: |- + Specifies whether the DB instance class of the DB instance uses its default processor features. + This setting doesn't apply to RDS Custom DB instances. + UseLatestRestorableTime: + type: boolean + description: |- + Specifies whether the DB instance is restored from the latest backup time. By default, the DB instance isn't restored from the latest backup time. This parameter applies to point-in-time recovery. For more information, see [Restoring a DB instance to a specified time](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIT.html) in the in the *Amazon RDS User Guide*. + Constraints: + + Can't be specified if the ``RestoreTime`` parameter is provided. VPCSecurityGroups: + type: array uniqueItems: true + items: + type: string description: |- A list of the VPC security group IDs to assign to the DB instance. The list can include both the physical IDs of existing VPC security groups and references to [AWS::EC2::SecurityGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html) resources created in the template. If you plan to update the resource, don't specify VPC security groups in a shared VPC. @@ -1746,139 +2269,6 @@ components: To avoid this situation, migrate your DB instance to using VPC security groups only when that is the only change in your stack template. *Amazon Aurora* Not applicable. The associated list of EC2 VPC security groups is managed by the DB cluster. If specified, the setting must match the DB cluster setting. - type: array - items: - relationshipRef: - typeName: AWS::EC2::SecurityGroup - propertyPath: /properties/GroupId - type: string - AllowMajorVersionUpgrade: - description: |- - A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. - Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version. - type: boolean - DBName: - description: |- - The meaning of this parameter differs according to the database engine you use. - If you specify the ``DBSnapshotIdentifier`` property, this property only applies to RDS for Oracle. - *Amazon Aurora* - Not applicable. The database name is managed by the DB cluster. - *Db2* - The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. - Constraints: - + Must contain 1 to 64 letters or numbers. - + Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - + Can't be a word reserved by the specified database engine. - - *MySQL* - The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. - Constraints: - + Must contain 1 to 64 letters or numbers. - + Can't be a word reserved by the specified database engine - - *MariaDB* - The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. - Constraints: - + Must contain 1 to 64 letters or numbers. - + Can't be a word reserved by the specified database engine - - *PostgreSQL* - The name of the database to create when the DB instance is created. If this parameter is not specified, the default ``postgres`` database is created in the DB instance. - Constraints: - + Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - + Must contain 1 to 63 characters. - + Can't be a word reserved by the specified database engine - - *Oracle* - The Oracle System ID (SID) of the created DB instance. If you specify ``null``, the default value ``ORCL`` is used. You can't specify the string NULL, or any other reserved word, for ``DBName``. - Default: ``ORCL`` - Constraints: - + Can't be longer than 8 characters - - *SQL Server* - Not applicable. Must be null. - type: string - EnableIAMDatabaseAuthentication: - description: |- - A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. - This property is supported for RDS for MariaDB, RDS for MySQL, and RDS for PostgreSQL. For more information, see [IAM Database Authentication for MariaDB, MySQL, and PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) in the *Amazon RDS User Guide.* - *Amazon Aurora* - Not applicable. Mapping AWS IAM accounts to database accounts is managed by the DB cluster. - type: boolean - BackupRetentionPeriod: - default: 1 - description: |- - The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups. - *Amazon Aurora* - Not applicable. The retention period for automated backups is managed by the DB cluster. - Default: 1 - Constraints: - + Must be a value from 0 to 35 - + Can't be set to 0 if the DB instance is a source to read replicas - type: integer - minimum: 0 - CustomIAMInstanceProfile: - description: |- - The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. - This setting is required for RDS Custom. - Constraints: - + The profile must exist in your account. - + The profile must have an IAM role that Amazon EC2 has permissions to assume. - + The instance profile name and the associated IAM role name must start with the prefix ``AWSRDSCustom``. - - For the list of permissions required for the IAM role, see [Configure IAM and your VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) in the *Amazon RDS User Guide*. - type: string - DBSnapshotIdentifier: - description: |- - The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. - By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. - Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference*. - After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. - If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: - + ``CharacterSetName`` - + ``DBClusterIdentifier`` - + ``DBName`` - + ``DeleteAutomatedBackups`` - + ``EnablePerformanceInsights`` - + ``KmsKeyId`` - + ``MasterUsername`` - + ``MasterUserPassword`` - + ``PerformanceInsightsKMSKeyId`` - + ``PerformanceInsightsRetentionPeriod`` - + ``PromotionTier`` - + ``SourceDBInstanceIdentifier`` - + ``SourceRegion`` - + ``StorageEncrypted`` (for an encrypted snapshot) - + ``Timezone`` - - *Amazon Aurora* - Not applicable. Snapshot restore is managed by the DB cluster. - type: string - EnableCloudwatchLogsExports: - description: |- - The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see [Publishing Database Logs to Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) in the *Amazon Relational Database Service User Guide*. - *Amazon Aurora* - Not applicable. CloudWatch Logs exports are managed by the DB cluster. - *Db2* - Valid values: ``diag.log``, ``notify.log`` - *MariaDB* - Valid values: ``audit``, ``error``, ``general``, ``slowquery`` - *Microsoft SQL Server* - Valid values: ``agent``, ``error`` - *MySQL* - Valid values: ``audit``, ``error``, ``general``, ``slowquery`` - *Oracle* - Valid values: ``alert``, ``audit``, ``listener``, ``trace``, ``oemagent`` - *PostgreSQL* - Valid values: ``postgresql``, ``upgrade`` - type: array - items: - type: string - UseDefaultProcessorFeatures: - description: |- - Specifies whether the DB instance class of the DB instance uses its default processor features. - This setting doesn't apply to RDS Custom DB instances. - type: boolean x-stackql-resource-name: db_instance description: |- The ``AWS::RDS::DBInstance`` resource creates an Amazon DB instance. The new DB instance can be an RDS DB instance, or it can be a DB instance in an Aurora DB cluster. @@ -1886,7 +2276,7 @@ components: For more information about creating a DB instance in an Aurora DB cluster, see [Creating an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html) in the *Amazon Aurora User Guide*. If you import an existing DB instance, and the template configuration doesn't match the actual configuration of the DB instance, AWS CloudFormation applies the changes in the template during the import operation. If a DB instance is deleted or replaced during an update, AWS CloudFormation deletes all automated snapshots. However, it retains manual DB snapshots. During an update that requires replacement, you can apply a stack policy to prevent DB instances from being replaced. For more information, see [Prevent Updates to Stack Resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html). - *Updating DB instances* + *Updating DB instances* When properties labeled "*Update requires:* [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)" are updated, AWS CloudFormation first creates a replacement DB instance, then changes references from other dependent resources to point to the replacement DB instance, and finally deletes the old DB instance. We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you lose the data when AWS CloudFormation replaces your DB instance. To preserve your data, perform the following procedure: 1. Deactivate any applications that are using the DB instance so that there's no activity on the DB instance. @@ -1912,10 +2302,10 @@ components: - DBInstanceIdentifier - DBName - DBSubnetGroupName + - DBSystemId - KmsKeyId - MasterUsername - NcharCharacterSetName - - Port - SourceRegion - StorageEncrypted - Timezone @@ -1944,7 +2334,6 @@ components: - DBSnapshotIdentifier - DeleteAutomatedBackups - MasterUserPassword - - Port - RestoreTime - SourceDBInstanceAutomatedBackupsArn - SourceDBInstanceIdentifier @@ -1959,20 +2348,20 @@ components: - Endpoint/HostedZoneId - DbiResourceId - DBInstanceArn - - DBSystemId - MasterUserSecret/SecretArn - CertificateDetails/CAIdentifier - CertificateDetails/ValidTill + - DatabaseInsightsMode + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - rds:AddTagsToResource + - rds:RemoveTagsFromResource x-required-permissions: - read: - - ec2:DescribeAccountAttributes - - ec2:DescribeAvailabilityZones - - ec2:DescribeInternetGateways - - ec2:DescribeSecurityGroups - - ec2:DescribeSubnets - - ec2:DescribeVpcAttribute - - ec2:DescribeVpcs - - rds:DescribeDBInstances create: - ec2:DescribeAccountAttributes - ec2:DescribeAvailabilityZones @@ -2004,6 +2393,15 @@ components: - rds:StartDBInstanceAutomatedBackupsReplication - secretsmanager:CreateSecret - secretsmanager:TagResource + read: + - ec2:DescribeAccountAttributes + - ec2:DescribeAvailabilityZones + - ec2:DescribeInternetGateways + - ec2:DescribeSecurityGroups + - ec2:DescribeSubnets + - ec2:DescribeVpcAttribute + - ec2:DescribeVpcs + - rds:DescribeDBInstances update: - ec2:DescribeAccountAttributes - ec2:DescribeAvailabilityZones @@ -2034,12 +2432,13 @@ components: - rds:StopDBInstanceAutomatedBackupsReplication - secretsmanager:CreateSecret - secretsmanager:TagResource - list: - - rds:DescribeDBInstances delete: + - rds:AddTagsToResource - rds:CreateDBSnapshot - rds:DeleteDBInstance - rds:DescribeDBInstances + list: + - rds:DescribeDBInstances DBParameterGroup: type: object properties: @@ -2060,25 +2459,36 @@ components: type: string Family: description: |- - The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family. - The DB parameter group family can't be changed when updating a DB parameter group. - To list all of the available parameter group families, use the following command: - ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"`` - The output contains duplicates. - For more information, see ``CreateDBParameterGroup``. + The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a database engine and engine version compatible with that DB parameter group family. + To list all of the available parameter group families for a DB engine, use the following command: + ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine `` + For example, to list all of the available parameter group families for the MySQL DB engine, use the following command: + ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine mysql`` + The output contains duplicates. + The following are the valid DB engine values: + + ``aurora-mysql`` + + ``aurora-postgresql`` + + ``db2-ae`` + + ``db2-se`` + + ``mysql`` + + ``oracle-ee`` + + ``oracle-ee-cdb`` + + ``oracle-se2`` + + ``oracle-se2-cdb`` + + ``postgres`` + + ``sqlserver-ee`` + + ``sqlserver-se`` + + ``sqlserver-ex`` + + ``sqlserver-web`` type: string Parameters: description: |- - An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional. - RDS for Db2 requires you to bring your own Db2 license. You must enter your IBM customer ID (``rds.ibm_customer_id``) and site number (``rds.ibm_site_id``) before starting a Db2 instance. - For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see [Working with DB Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*. - For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see [Working with DB Parameter Groups and DB Cluster Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*. + An array of parameter names and values for the parameter update. You must specify at least one parameter name and value. + For more information about parameter groups, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*, or [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*. AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used. type: object Tags: - description: |- - An optional array of key-value pairs to apply to this DB parameter group. - Currently, this is the only property that supports drift detection. + description: Tags to assign to the DB parameter group. type: array maxItems: 50 uniqueItems: false @@ -2105,6 +2515,15 @@ components: x-required-properties: - Family - Description + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - rds:AddTagsToResource + - rds:RemoveTagsFromResource x-required-permissions: create: - iam:CreateServiceLinkedRole @@ -2477,6 +2896,99 @@ components: - rds:DeregisterDBProxyTargets list: - rds:DescribeDBProxyTargetGroups + DBShardGroup: + type: object + properties: + DBShardGroupResourceId: + description: The Amazon Web Services Region-unique, immutable identifier for the DB shard group. + type: string + DBShardGroupIdentifier: + description: The name of the DB shard group. + type: string + minLength: 1 + maxLength: 63 + DBClusterIdentifier: + description: The name of the primary DB cluster for the DB shard group. + type: string + minLength: 1 + maxLength: 63 + ComputeRedundancy: + description: Specifies whether to create standby instances for the DB shard group. + minimum: 0 + type: integer + MaxACU: + description: The maximum capacity of the DB shard group in Aurora capacity units (ACUs). + type: number + MinACU: + description: The minimum capacity of the DB shard group in Aurora capacity units (ACUs). + type: number + PubliclyAccessible: + description: Indicates whether the DB shard group is publicly accessible. + type: boolean + Endpoint: + description: The connection endpoint for the DB shard group. + type: string + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + required: + - DBClusterIdentifier + - MaxACU + x-stackql-resource-name: db_shard_group + description: The AWS::RDS::DBShardGroup resource creates an Amazon Aurora Limitless DB Shard Group. + x-type-name: AWS::RDS::DBShardGroup + x-stackql-primary-identifier: + - DBShardGroupIdentifier + x-create-only-properties: + - DBClusterIdentifier + - DBShardGroupIdentifier + - PubliclyAccessible + x-write-only-properties: + - MinACU + x-read-only-properties: + - DBShardGroupResourceId + - Endpoint + x-required-properties: + - DBClusterIdentifier + - MaxACU + x-tagging: + cloudFormationSystemTags: true + permissions: + - rds:AddTagsToResource + - rds:RemoveTagsFromResource + taggable: true + tagOnCreate: false + tagUpdatable: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - rds:AddTagsToResource + - rds:CreateDBShardGroup + - rds:DescribeDBClusters + - rds:DescribeDBShardGroups + - rds:ListTagsForResource + read: + - rds:DescribeDBShardGroups + - rds:ListTagsForResource + update: + - rds:AddTagsToResource + - rds:DescribeDBShardGroups + - rds:DescribeDBClusters + - rds:RemoveTagsFromResource + - rds:ModifyDBShardGroup + - rds:ListTagsForResource + delete: + - rds:DeleteDBShardGroup + - rds:DescribeDBClusters + - rds:DescribeDbShardGroups + list: + - rds:DescribeDBShardGroups + - rds:ListTagsForResource DBSubnetGroup: type: object properties: @@ -2485,14 +2997,18 @@ components: description: The description for the DB subnet group. DBSubnetGroupName: type: string - pattern: ^(?!default$)[a-zA-Z]{1}[a-zA-Z0-9-_\.\s]{0,254}$ description: |- The name for the DB subnet group. This value is stored as a lowercase string. - Constraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be "Default". - Example: ``mysubnetgroup`` + Constraints: + + Must contain no more than 255 letters, numbers, periods, underscores, spaces, or hyphens. + + Must not be default. + + First character must be a letter. + + Example: ``mydbsubnetgroup`` SubnetIds: type: array uniqueItems: false + x-insertionOrder: false items: type: string description: The EC2 Subnet IDs for the DB subnet group. @@ -2501,7 +3017,7 @@ components: maxItems: 50 uniqueItems: false x-insertionOrder: false - description: An optional array of key-value pairs to apply to this DB subnet group. + description: Tags to assign to the DB subnet group. items: $ref: '#/components/schemas/Tag' required: @@ -2516,11 +3032,18 @@ components: - DBSubnetGroupName x-create-only-properties: - DBSubnetGroupName - x-write-only-properties: - - SubnetIds x-required-properties: - DBSubnetGroupDescription - SubnetIds + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - rds:AddTagsToResource + - rds:RemoveTagsFromResource x-required-permissions: create: - iam:CreateServiceLinkedRole @@ -2548,7 +3071,7 @@ components: type: object properties: Tags: - description: An array of key-value pairs to apply to this resource. + description: An optional array of key-value pairs to apply to this subscription. type: array maxItems: 50 uniqueItems: false @@ -2556,36 +3079,54 @@ components: items: $ref: '#/components/schemas/Tag' SubscriptionName: - description: The name of the subscription. + description: |- + The name of the subscription. + Constraints: The name must be less than 255 characters. type: string maxLength: 255 Enabled: - description: A Boolean value; set to true to activate the subscription, set to false to create the subscription but not active it. + description: Specifies whether to activate the subscription. If the event notification subscription isn't activated, the subscription is created but not active. type: boolean default: true EventCategories: - description: A list of event categories for a SourceType that you want to subscribe to. You can see a list of the categories for a given SourceType in the Events topic in the Amazon RDS User Guide or by using the DescribeEventCategories action. + description: >- + A list of event categories for a particular source type (``SourceType``) that you want to subscribe to. You can see a list of the categories for a given source type in the "Amazon RDS event categories and event messages" section of the [Amazon RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html) or the [Amazon Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html). You can also see this + list by using the ``DescribeEventCategories`` operation. type: array uniqueItems: true items: type: string SnsTopicArn: - description: The Amazon Resource Name (ARN) of the SNS topic created for event notification. The ARN is created by Amazon SNS when you create a topic and subscribe to it. + description: |- + The Amazon Resource Name (ARN) of the SNS topic created for event notification. SNS automatically creates the ARN when you create a topic and subscribe to it. + RDS doesn't support FIFO (first in, first out) topics. For more information, see [Message ordering and deduplication (FIFO topics)](https://docs.aws.amazon.com/sns/latest/dg/sns-fifo-topics.html) in the *Amazon Simple Notification Service Developer Guide*. type: string SourceIds: - description: The list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it cannot end with a hyphen or contain two consecutive hyphens. + description: |- + The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens. + Constraints: + + If ``SourceIds`` are supplied, ``SourceType`` must also be provided. + + If the source type is a DB instance, a ``DBInstanceIdentifier`` value must be supplied. + + If the source type is a DB cluster, a ``DBClusterIdentifier`` value must be supplied. + + If the source type is a DB parameter group, a ``DBParameterGroupName`` value must be supplied. + + If the source type is a DB security group, a ``DBSecurityGroupName`` value must be supplied. + + If the source type is a DB snapshot, a ``DBSnapshotIdentifier`` value must be supplied. + + If the source type is a DB cluster snapshot, a ``DBClusterSnapshotIdentifier`` value must be supplied. + + If the source type is an RDS Proxy, a ``DBProxyName`` value must be supplied. type: array uniqueItems: true x-insertionOrder: false items: type: string SourceType: - description: The type of source that will be generating the events. For example, if you want to be notified of events generated by a DB instance, you would set this parameter to db-instance. if this value is not specified, all events are returned. + description: |- + The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you set this parameter to ``db-instance``. For RDS Proxy events, specify ``db-proxy``. If this value isn't specified, all events are returned. + Valid Values:``db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot | db-proxy | zero-etl | custom-engine-version | blue-green-deployment`` type: string required: - SnsTopicArn x-stackql-resource-name: event_subscription - description: The AWS::RDS::EventSubscription resource allows you to receive notifications for Amazon Relational Database Service events through the Amazon Simple Notification Service (Amazon SNS). For more information, see Using Amazon RDS Event Notification in the Amazon RDS User Guide. + description: The ``AWS::RDS::EventSubscription`` resource allows you to receive notifications for Amazon Relational Database Service events through the Amazon Simple Notification Service (Amazon SNS). For more information, see [Using Amazon RDS Event Notification](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) in the *Amazon RDS User Guide*. x-type-name: AWS::RDS::EventSubscription x-stackql-primary-identifier: - SubscriptionName @@ -2594,6 +3135,15 @@ components: - SnsTopicArn x-required-properties: - SnsTopicArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - rds:AddTagsToResource + - rds:RemoveTagsFromResource x-required-permissions: create: - iam:CreateServiceLinkedRole @@ -2618,6 +3168,13 @@ components: - rds:DescribeEventSubscriptions list: - rds:DescribeEventSubscriptions + GlobalEndpoint: + type: object + additionalProperties: false + properties: + Address: + description: The writer endpoint for the global database cluster. This endpoint always points to the writer DB instance in the current primary cluster. + type: string GlobalCluster: type: object properties: @@ -2630,6 +3187,17 @@ components: - aurora - aurora-mysql - aurora-postgresql + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + EngineLifecycleSupport: + description: The life cycle type of the global cluster. You can use this setting to enroll your global cluster into Amazon RDS Extended Support. + type: string EngineVersion: description: The version number of the database engine to use. If you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster. type: string @@ -2640,6 +3208,8 @@ components: description: The cluster identifier of the new global database cluster. This parameter is stored as a lowercase string. type: string pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + minLength: 1 + maxLength: 63 SourceDBClusterIdentifier: description: The Amazon Resource Name (ARN) to use as the primary cluster of the global database. This parameter is optional. This parameter is stored as a lowercase string. type: string @@ -2651,6 +3221,8 @@ components: The storage encryption setting for the new global database cluster. If you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster. type: boolean + GlobalEndpoint: + $ref: '#/components/schemas/GlobalEndpoint' x-stackql-resource-name: global_cluster description: Resource Type definition for AWS::RDS::GlobalCluster x-type-name: AWS::RDS::GlobalCluster @@ -2661,6 +3233,15 @@ components: - SourceDBClusterIdentifier - StorageEncrypted - Engine + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - rds:AddTagsToResource + - rds:RemoveTagsFromResource x-required-permissions: create: - rds:CreateGlobalCluster @@ -2671,6 +3252,8 @@ components: update: - rds:ModifyGlobalCluster - rds:DescribeGlobalClusters + - rds:AddTagsToResource + - rds:RemoveTagsFromResource delete: - rds:DescribeGlobalClusters - rds:DeleteGlobalCluster @@ -2705,7 +3288,7 @@ components: maxLength: 64 Description: type: string - description: The description of the integration. + description: A description of the integration. minLength: 1 maxLength: 1000 Tags: @@ -2713,36 +3296,40 @@ components: maxItems: 50 uniqueItems: true x-insertionOrder: false - description: An array of key-value pairs to apply to this resource. + description: A list of tags. For more information, see [Tagging Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide.*. items: $ref: '#/components/schemas/Tag' DataFilter: type: string - description: The data filter for the integration. + description: Data filters for the integration. These filters determine which tables from the source database are sent to the target Amazon Redshift data warehouse. minLength: 1 maxLength: 25600 pattern: '[a-zA-Z0-9_ "\\\-$,*.:?+\/]*' SourceArn: type: string - description: The Amazon Resource Name (ARN) of the Aurora DB cluster to use as the source for replication. + description: The Amazon Resource Name (ARN) of the database to use as the source for replication. TargetArn: type: string description: The ARN of the Redshift data warehouse to use as the target for replication. IntegrationArn: type: string - description: The ARN of the integration. + description: '' KMSKeyId: type: string - description: An optional AWS Key Management System (AWS KMS) key ARN for the key used to to encrypt the integration. The resource accepts the key ID and the key ARN forms. The key ID form can be used if the KMS key is owned by te same account. If the KMS key belongs to a different account than the calling account, the full key ARN must be specified. Do not use the key alias or the key alias ARN as this will cause a false drift of the resource. + description: The AWS Key Management System (AWS KMS) key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, RDS uses a default AWS owned key. AdditionalEncryptionContext: $ref: '#/components/schemas/EncryptionContextMap' + description: |- + An optional set of non-secret key–value pairs that contains additional contextual information about the data. For more information, see [Encryption context](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the *Key Management Service Developer Guide*. + You can only include this parameter if you specify the ``KMSKeyId`` parameter. CreateTime: type: string + description: '' required: - SourceArn - TargetArn x-stackql-resource-name: integration - description: Creates a zero-ETL integration with Amazon Redshift. + description: A zero-ETL integration with Amazon Redshift. x-type-name: AWS::RDS::Integration x-stackql-primary-identifier: - IntegrationArn @@ -2762,6 +3349,9 @@ components: tagOnCreate: true tagUpdatable: true tagProperty: /properties/Tags + permissions: + - rds:AddTagsToResource + - rds:RemoveTagsFromResource x-required-permissions: create: - rds:CreateIntegration @@ -2783,11 +3373,11 @@ components: list: - rds:DescribeIntegrations OptionConfiguration: - description: The OptionConfiguration property type specifies an individual option, and its settings, within an AWS::RDS::OptionGroup resource. + description: The ``OptionConfiguration`` property type specifies an individual option, and its settings, within an ``AWS::RDS::OptionGroup`` resource. type: object properties: DBSecurityGroupMemberships: - description: A list of DBSecurityGroupMembership name strings used for this option. + description: A list of DB security groups used for this option. type: array uniqueItems: true x-insertionOrder: false @@ -2809,7 +3399,7 @@ components: description: The optional port for the option. type: integer VpcSecurityGroupMemberships: - description: A list of VpcSecurityGroupMembership name strings used for this option. + description: A list of VPC security group names used for this option. type: array uniqueItems: true x-insertionOrder: false @@ -2819,7 +3409,7 @@ components: required: - OptionName OptionSetting: - description: The OptionSetting property type specifies the value for an option within an OptionSetting property. + description: The ``OptionSetting`` property type specifies the value for an option within an ``OptionSetting`` property. type: object properties: Name: @@ -2833,19 +3423,41 @@ components: type: object properties: OptionGroupName: - description: Specifies the name of the option group. + description: |- + The name of the option group to be created. + Constraints: + + Must be 1 to 255 letters, numbers, or hyphens + + First character must be a letter + + Can't end with a hyphen or contain two consecutive hyphens + + Example: ``myoptiongroup`` + If you don't specify a value for ``OptionGroupName`` property, a name is automatically created for the option group. + This value is stored as a lowercase string. type: string OptionGroupDescription: - description: Provides a description of the option group. + description: The description of the option group. type: string EngineName: - description: Indicates the name of the engine that this option group can be applied to. + description: |- + Specifies the name of the engine that this option group should be associated with. + Valid Values: + + ``mariadb`` + + ``mysql`` + + ``oracle-ee`` + + ``oracle-ee-cdb`` + + ``oracle-se2`` + + ``oracle-se2-cdb`` + + ``postgres`` + + ``sqlserver-ee`` + + ``sqlserver-se`` + + ``sqlserver-ex`` + + ``sqlserver-web`` type: string MajorEngineVersion: - description: Indicates the major engine version associated with this option group. + description: Specifies the major version of the engine that this option group should be associated with. type: string OptionConfigurations: - description: Indicates what options are available in the option group. + description: A list of all available options for an option group. type: array x-arrayType: AttributeList x-insertionOrder: false @@ -2853,7 +3465,7 @@ components: $ref: '#/components/schemas/OptionConfiguration' Tags: type: array - description: An array of key-value pairs to apply to this resource. + description: Tags to assign to the option group. x-insertionOrder: false items: $ref: '#/components/schemas/Tag' @@ -2862,7 +3474,7 @@ components: - MajorEngineVersion - OptionGroupDescription x-stackql-resource-name: option_group - description: The AWS::RDS::OptionGroup resource creates an option group, to enable and configure features that are specific to a particular DB engine. + description: The ``AWS::RDS::OptionGroup`` resource creates or updates an option group, to enable and configure features that are specific to a particular DB engine. x-type-name: AWS::RDS::OptionGroup x-stackql-primary-identifier: - OptionGroupName @@ -2875,6 +3487,15 @@ components: - EngineName - MajorEngineVersion - OptionGroupDescription + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - rds:AddTagsToResource + - rds:RemoveTagsFromResource x-required-permissions: create: - iam:CreateServiceLinkedRole @@ -2915,12 +3536,12 @@ components: properties: DatabaseInstallationFilesS3BucketName: type: string - description: The name of an Amazon S3 bucket that contains database installation files for your CEV. For example, a valid bucket name is `my-custom-installation-files`. + description: The name of an Amazon S3 bucket that contains database installation files for your CEV. For example, a valid bucket name is ``my-custom-installation-files``. minLength: 3 maxLength: 63 DatabaseInstallationFilesS3Prefix: type: string - description: The Amazon S3 directory that contains the database installation files for your CEV. For example, a valid bucket name is `123456789012/cev1`. If this setting isn't specified, no prefix is assumed. + description: The Amazon S3 directory that contains the database installation files for your CEV. For example, a valid bucket name is ``123456789012/cev1``. If this setting isn't specified, no prefix is assumed. minLength: 1 maxLength: 255 Description: @@ -2930,46 +3551,60 @@ components: maxLength: 1000 Engine: type: string - description: The database engine to use for your custom engine version (CEV). The only supported value is `custom-oracle-ee`. + description: |- + The database engine to use for your custom engine version (CEV). + Valid values: + + ``custom-oracle-ee`` + + ``custom-oracle-ee-cdb`` minLength: 1 maxLength: 35 EngineVersion: type: string - description: The name of your CEV. The name format is 19.customized_string . For example, a valid name is 19.my_cev1. This setting is required for RDS Custom for Oracle, but optional for Amazon RDS. The combination of Engine and EngineVersion is unique per customer per Region. + description: |- + The name of your CEV. The name format is ``major version.customized_string``. For example, a valid CEV name is ``19.my_cev1``. This setting is required for RDS Custom for Oracle, but optional for Amazon RDS. The combination of ``Engine`` and ``EngineVersion`` is unique per customer per Region. + *Constraints:* Minimum length is 1. Maximum length is 60. + *Pattern:* ``^[a-z0-9_.-]{1,60$``} minLength: 1 maxLength: 60 KMSKeyId: type: string - description: The AWS KMS key identifier for an encrypted CEV. A symmetric KMS key is required for RDS Custom, but optional for Amazon RDS. + description: |- + The AWS KMS key identifier for an encrypted CEV. A symmetric encryption KMS key is required for RDS Custom, but optional for Amazon RDS. + If you have an existing symmetric encryption KMS key in your account, you can use it with RDS Custom. No further action is necessary. If you don't already have a symmetric encryption KMS key in your account, follow the instructions in [Creating a symmetric encryption KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html#create-symmetric-cmk) in the *Key Management Service Developer Guide*. + You can choose the same symmetric encryption key when you create a CEV and a DB instance, or choose different keys. minLength: 1 maxLength: 2048 Manifest: type: string - description: The CEV manifest, which is a JSON document that describes the installation .zip files stored in Amazon S3. Specify the name/value pairs in a file or a quoted string. RDS Custom applies the patches in the order in which they are listed. + description: |- + The CEV manifest, which is a JSON document that describes the installation .zip files stored in Amazon S3. Specify the name/value pairs in a file or a quoted string. RDS Custom applies the patches in the order in which they are listed. + The following JSON fields are valid: + + MediaImportTemplateVersion Version of the CEV manifest. The date is in the format YYYY-MM-DD. + databaseInstallationFileNames Ordered list of installation files for the CEV. + opatchFileNames Ordered list of OPatch installers used for the Oracle DB engine. + psuRuPatchFileNames The PSU and RU patches for this CEV. + OtherPatchFileNames The patches that are not in the list of PSU and RU patches. Amazon RDS applies these patches after applying the PSU and RU patches. + For more information, see [Creating the CEV manifest](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.preparing.manifest) in the *Amazon RDS User Guide*. minLength: 1 maxLength: 51000 DBEngineVersionArn: type: string - description: The ARN of the custom engine version. + description: '' SourceCustomDbEngineVersionIdentifier: type: string - description: The identifier of the source custom engine version. + description: The ARN of a CEV to use as a source for creating a new CEV. You can specify a different Amazon Machine Imagine (AMI) by using either ``Source`` or ``UseAwsProvidedLatestImage``. You can't specify a different JSON manifest when you specify ``SourceCustomDbEngineVersionIdentifier``. UseAwsProvidedLatestImage: type: boolean - description: A value that indicates whether AWS provided latest image is applied automatically to the Custom Engine Version. By default, AWS provided latest image is applied automatically. This value is only applied on create. + description: Specifies whether to use the latest service-provided Amazon Machine Image (AMI) for the CEV. If you specify ``UseAwsProvidedLatestImage``, you can't also specify ``ImageId``. ImageId: type: string - description: The identifier of Amazon Machine Image (AMI) used for CEV. + description: A value that indicates the ID of the AMI. Status: type: string - description: The availability status to be assigned to the CEV. + description: A value that indicates the status of a custom engine version (CEV). default: available enum: - available - inactive - inactive-except-restore Tags: - description: An array of key-value pairs to apply to this resource. + description: A list of tags. For more information, see [Tagging Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide.* type: array uniqueItems: false x-insertionOrder: false @@ -2992,241 +3627,528 @@ components: DesiredState: type: object properties: - StorageEncrypted: - description: |- - Indicates whether the DB instance is encrypted. - If you specify the DBClusterIdentifier, SnapshotIdentifier, or SourceDBInstanceIdentifier property, don't specify this property. The value is inherited from the cluster, snapshot, or source DB instance. - type: boolean - DBSystemId: - description: Reserved for future use. - type: string - RestoreToTime: - description: 'The date and time to restore the DB cluster to. Value must be a time in Universal Coordinated Time (UTC) format. An example: 2015-03-07T23:45:00Z' - type: string - EngineMode: - description: The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, global, or multimaster. - type: string - Port: - description: 'The port number on which the instances in the DB cluster accept connections. Default: 3306 if engine is set as aurora or 5432 if set to aurora-postgresql.' - type: integer - DBClusterIdentifier: - minLength: 1 - pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ - description: The DB cluster identifier. This parameter is stored as a lowercase string. - type: string - maxLength: 63 - StorageThroughput: - description: Specifies the storage throughput value for the DB cluster. This setting applies only to the gp3 storage type. - type: integer - MonitoringInterval: - default: 0 - description: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify 0. The default is 0. - type: integer Endpoint: $ref: '#/components/schemas/Endpoint' - ReplicationSourceIdentifier: - description: The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a Read Replica. - type: string - Engine: - description: 'The name of the database engine to be used for this DB cluster. Valid Values: aurora (for MySQL 5.6-compatible Aurora), aurora-mysql (for MySQL 5.7-compatible Aurora), and aurora-postgresql' - type: string - Tags: - maxItems: 50 + description: '' + ReadEndpoint: + $ref: '#/components/schemas/ReadEndpoint' + description: |- + This data type represents the information you need to connect to an Amazon RDS DB instance. This data type is used as a response element in the following actions: + + ``CreateDBInstance`` + + ``DescribeDBInstances`` + + ``DeleteDBInstance`` + + For the data structure that represents Amazon Aurora DB cluster endpoints, see ``DBClusterEndpoint``. + AllocatedStorage: + description: |- + The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster. + Valid for Cluster Type: Multi-AZ DB clusters only + This setting is required to create a Multi-AZ DB cluster. + type: integer + AssociatedRoles: + description: |- + Provides a list of the AWS Identity and Access Management (IAM) roles that are associated with the DB cluster. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other Amazon Web Services on your behalf. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: array uniqueItems: true - description: An array of key-value pairs to apply to this resource. - x-insertionOrder: false + items: + $ref: '#/components/schemas/DBClusterRole' + AvailabilityZones: + description: |- + A list of Availability Zones (AZs) where instances in the DB cluster can be created. For information on AWS Regions and Availability Zones, see [Choosing the Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html) in the *Amazon Aurora User Guide*. + Valid for: Aurora DB clusters only type: array + uniqueItems: true items: - $ref: '#/components/schemas/Tag' - EngineVersion: - description: The version number of the database engine to use. - type: string - StorageType: - description: Specifies the storage type to be associated with the DB cluster. - type: string - KmsKeyId: - description: The Amazon Resource Name (ARN) of the AWS Key Management Service master key that is used to encrypt the database instances in the DB cluster, such as arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. If you enable the StorageEncrypted property but don't specify this property, the default master key is used. If you specify this property, you must set the StorageEncrypted property to true. - anyOf: - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/Arn - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/KeyId - type: string - ServerlessV2ScalingConfiguration: - description: Contains the scaling configuration of an Aurora Serverless v2 DB cluster. - $ref: '#/components/schemas/ServerlessV2ScalingConfiguration' - PerformanceInsightsRetentionPeriod: - description: The amount of time, in days, to retain Performance Insights data. - type: integer - DatabaseName: - description: The name of your database. If you don't provide a name, then Amazon RDS won't create a database in this DB cluster. For naming constraints, see Naming Constraints in the Amazon RDS User Guide. - type: string - DBClusterResourceId: - description: The AWS Region-unique, immutable identifier for the DB cluster. - type: string + type: string AutoMinorVersionUpgrade: - description: A value that indicates whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically. + description: |- + Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB cluster type: boolean - DBSubnetGroupName: - description: A DB subnet group that you want to associate with this DB cluster. + BacktrackWindow: + description: |- + The target backtrack window, in seconds. To disable backtracking, set this value to ``0``. + Valid for Cluster Type: Aurora MySQL DB clusters only + Default: ``0`` + Constraints: + + If specified, this value must be set to a number from 0 to 259,200 (72 hours). + minimum: 0 + type: integer + BackupRetentionPeriod: + description: |- + The number of days for which automated backups are retained. + Default: 1 + Constraints: + + Must be a value from 1 to 35 + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + default: 1 + minimum: 1 + type: integer + ClusterScalabilityType: type: string - DeletionProtection: - description: A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. + description: Specifies the scalability mode of the Aurora DB cluster. When set to ``limitless``, the cluster operates as an Aurora Limitless Database, allowing you to create a DB shard group for horizontal scaling (sharding) capabilities. When set to ``standard`` (the default), the cluster uses normal DB instance creation. + CopyTagsToSnapshot: + description: |- + A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them. + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: boolean - AllocatedStorage: - description: The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster. - type: integer - MasterUserPassword: - description: The master password for the DB instance. + DatabaseInsightsMode: + description: |- + The mode of Database Insights to enable for the DB cluster. + If you set this value to ``advanced``, you must also set the ``PerformanceInsightsEnabled`` parameter to ``true`` and the ``PerformanceInsightsRetentionPeriod`` parameter to 465. + Valid for Cluster Type: Aurora DB clusters only type: string - MasterUserSecret: - description: Contains the secret managed by RDS in AWS Secrets Manager for the master user password. - $ref: '#/components/schemas/MasterUserSecret' - SourceDBClusterIdentifier: - description: The identifier of the source DB cluster from which to restore. + DatabaseName: + description: |- + The name of your database. If you don't provide a name, then Amazon RDS won't create a database in this DB cluster. For naming constraints, see [Naming Constraints](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon Aurora User Guide*. + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: string - MasterUsername: - minLength: 1 - pattern: ^[a-zA-Z]{1}[a-zA-Z0-9_]*$ - description: The name of the master user for the DB cluster. You must specify MasterUsername, unless you specify SnapshotIdentifier. In that case, don't specify MasterUsername. + DBClusterArn: type: string - ScalingConfiguration: - description: The ScalingConfiguration property type specifies the scaling configuration of an Aurora Serverless DB cluster. - $ref: '#/components/schemas/ScalingConfiguration' - ReadEndpoint: - $ref: '#/components/schemas/ReadEndpoint' - PerformanceInsightsKmsKeyId: - description: The Amazon Web Services KMS key identifier for encryption of Performance Insights data. + description: '' + DBClusterInstanceClass: + description: |- + The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example ``db.m6gd.xlarge``. Not all DB instance classes are available in all AWS-Regions, or for all database engines. + For the full list of DB instance classes and availability for your engine, see [DB instance class](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) in the *Amazon RDS User Guide*. + This setting is required to create a Multi-AZ DB cluster. + Valid for Cluster Type: Multi-AZ DB clusters only type: string - PubliclyAccessible: - description: A value that indicates whether the DB cluster is publicly accessible. - type: boolean - Domain: - description: The Active Directory directory ID to create the DB cluster in. + DBClusterResourceId: + description: '' type: string - BacktrackWindow: - default: 0 - description: The target backtrack window, in seconds. To disable backtracking, set this value to 0. - type: integer - minimum: 0 DBInstanceParameterGroupName: - description: The name of the DB parameter group to apply to all instances of the DB cluster. - type: string - EnableGlobalWriteForwarding: - description: Specifies whether to enable this DB cluster to forward write operations to the primary cluster of a global cluster (Aurora global database). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database. - type: boolean - MonitoringRoleArn: - description: The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. - type: string - AssociatedRoles: - uniqueItems: true - description: Provides a list of the AWS Identity and Access Management (IAM) roles that are associated with the DB cluster. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other AWS services on your behalf. - type: array - items: - $ref: '#/components/schemas/DBClusterRole' - EnableHttpEndpoint: - description: A value that indicates whether to enable the HTTP endpoint for DB cluster. By default, the HTTP endpoint is disabled. - type: boolean - SnapshotIdentifier: - description: >- - The identifier for the DB snapshot or DB cluster snapshot to restore from. - - You can use either the name or the Amazon Resource Name (ARN) to specify a DB cluster snapshot. However, you can use only the ARN to specify a DB snapshot. - - After you restore a DB cluster with a SnapshotIdentifier property, you must specify the same SnapshotIdentifier property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed. However, if you don't specify the SnapshotIdentifier property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is - different from the previous snapshot restore property, the DB cluster is restored from the specified SnapshotIdentifier property, and the original DB cluster is deleted. - type: string - PreferredBackupWindow: - description: The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter. The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide. + description: |- + The name of the DB parameter group to apply to all instances of the DB cluster. + When you apply a parameter group using the ``DBInstanceParameterGroupName`` parameter, the DB cluster isn't rebooted automatically. Also, parameter changes are applied immediately rather than during the next maintenance window. + Valid for Cluster Type: Aurora DB clusters only + Default: The existing name setting + Constraints: + + The DB parameter group must be in the same DB parameter group family as this DB cluster. + + The ``DBInstanceParameterGroupName`` parameter is valid in combination with the ``AllowMajorVersionUpgrade`` parameter for a major version upgrade only. type: string - NetworkType: - description: The network type of the DB cluster. + DBSystemId: + description: Reserved for future use. type: string - VpcSecurityGroupIds: - uniqueItems: true - description: A list of EC2 VPC security groups to associate with this DB cluster. - type: array - items: - anyOf: - - relationshipRef: - typeName: AWS::EC2::SecurityGroup - propertyPath: /properties/GroupId - - relationshipRef: - typeName: AWS::EC2::SecurityGroup - propertyPath: /properties/Id - type: string - CopyTagsToSnapshot: - description: A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them. - type: boolean GlobalClusterIdentifier: - minLength: 0 + description: |- + If you are configuring an Aurora global database cluster and want your Aurora DB cluster to be a secondary member in the global database cluster, specify the global cluster ID of the global database cluster. To define the primary database cluster of the global cluster, use the [AWS::RDS::GlobalCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-globalcluster.html) resource. + If you aren't configuring a global database cluster, don't specify this property. + To remove the DB cluster from a global database cluster, specify an empty value for the ``GlobalClusterIdentifier`` property. + For information about Aurora global databases, see [Working with Amazon Aurora Global Databases](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html) in the *Amazon Aurora User Guide*. + Valid for: Aurora DB clusters only + type: string pattern: ^$|^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + minLength: 0 + maxLength: 63 + DBClusterIdentifier: description: |- - If you are configuring an Aurora global database cluster and want your Aurora DB cluster to be a secondary member in the global database cluster, specify the global cluster ID of the global database cluster. To define the primary database cluster of the global cluster, use the AWS::RDS::GlobalCluster resource. - - If you aren't configuring a global database cluster, don't specify this property. + The DB cluster identifier. This parameter is stored as a lowercase string. + Constraints: + + Must contain from 1 to 63 letters, numbers, or hyphens. + + First character must be a letter. + + Can't end with a hyphen or contain two consecutive hyphens. + + Example: ``my-cluster1`` + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: string + pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + minLength: 1 maxLength: 63 - RestoreType: - default: full-copy + DBClusterParameterGroupName: description: |- - The type of restore to be performed. You can specify one of the following values: - full-copy - The new DB cluster is restored as a full copy of the source DB cluster. - copy-on-write - The new DB cluster is restored as a clone of the source DB cluster. + The name of the DB cluster parameter group to associate with this DB cluster. + If you apply a parameter group to an existing DB cluster, then its DB instances might need to reboot. This can result in an outage while the DB instances are rebooting. + If you apply a change to parameter group associated with a stopped DB cluster, then the update stack waits until the DB cluster is started. + To list all of the available DB cluster parameter group names, use the following command: + ``aws rds describe-db-cluster-parameter-groups --query "DBClusterParameterGroups[].DBClusterParameterGroupName" --output text`` + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: string - DomainIAMRoleName: - description: Specify the name of the IAM role to be used when making API calls to the Directory Service. + DBSubnetGroupName: + description: |- + A DB subnet group that you want to associate with this DB cluster. + If you are restoring a DB cluster to a point in time with ``RestoreType`` set to ``copy-on-write``, and don't specify a DB subnet group name, then the DB cluster is restored with a default DB subnet group. + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: string - DBClusterInstanceClass: - description: The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. + DeletionProtection: + description: |- + A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: boolean + Domain: + description: |- + Indicates the directory ID of the Active Directory to create the DB cluster. + For Amazon Aurora DB clusters, Amazon RDS can use Kerberos authentication to authenticate users that connect to the DB cluster. + For more information, see [Kerberos authentication](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html) in the *Amazon Aurora User Guide*. + Valid for: Aurora DB clusters only type: string - AvailabilityZones: - uniqueItems: true - description: A list of Availability Zones (AZs) where instances in the DB cluster can be created. For information on AWS Regions and Availability Zones, see Choosing the Regions and Availability Zones in the Amazon Aurora User Guide. + DomainIAMRoleName: + description: |- + Specifies the name of the IAM role to use when making API calls to the Directory Service. + Valid for: Aurora DB clusters only + type: string + EnableCloudwatchLogsExports: + description: |- + The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see [Publishing Database Logs to Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) in the *Amazon Aurora User Guide*. + *Aurora MySQL* + Valid values: ``audit``, ``error``, ``general``, ``slowquery`` + *Aurora PostgreSQL* + Valid values: ``postgresql`` + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: array + uniqueItems: true items: type: string - DBClusterArn: - description: The Amazon Resource Name (ARN) for the DB cluster. - type: string - PreferredMaintenanceWindow: - description: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide. - type: string - Iops: - description: The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster. - type: integer - SourceRegion: - description: The AWS Region which contains the source DB cluster when replicating a DB cluster. For example, us-east-1. - type: string - UseLatestRestorableTime: - description: A value that indicates whether to restore the DB cluster to the latest restorable backup time. By default, the DB cluster is not restored to the latest restorable backup time. + EnableGlobalWriteForwarding: + description: |- + Specifies whether to enable this DB cluster to forward write operations to the primary cluster of a global cluster (Aurora global database). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database. + You can set this value only on Aurora DB clusters that are members of an Aurora global database. With this parameter enabled, a secondary cluster can forward writes to the current primary cluster, and the resulting changes are replicated back to this cluster. For the primary DB cluster of an Aurora global database, this value is used immediately if the primary is demoted by a global cluster API operation, but it does nothing until then. + Valid for Cluster Type: Aurora DB clusters only type: boolean - ManageMasterUserPassword: - description: A value that indicates whether to manage the master user password with AWS Secrets Manager. + EnableHttpEndpoint: + description: |- + Specifies whether to enable the HTTP endpoint for the DB cluster. By default, the HTTP endpoint isn't enabled. + When enabled, the HTTP endpoint provides a connectionless web service API (RDS Data API) for running SQL queries on the DB cluster. You can also query your database from inside the RDS console with the RDS query editor. + For more information, see [Using RDS Data API](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) in the *Amazon Aurora User Guide*. + Valid for Cluster Type: Aurora DB clusters only type: boolean EnableIAMDatabaseAuthentication: - description: A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. + description: |- + A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. + For more information, see [IAM Database Authentication](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) in the *Amazon Aurora User Guide.* + Valid for: Aurora DB clusters only type: boolean - DBClusterParameterGroupName: - default: default.aurora5.6 - description: The name of the DB cluster parameter group to associate with this DB cluster. + EnableLocalWriteForwarding: + description: |- + Specifies whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances. + Valid for: Aurora DB clusters only + type: boolean + Engine: + description: |- + The name of the database engine to be used for this DB cluster. + Valid Values: + + ``aurora-mysql`` + + ``aurora-postgresql`` + + ``mysql`` + + ``postgres`` + + Valid for: Aurora DB clusters and Multi-AZ DB clusters type: string - PerformanceInsightsEnabled: - description: A value that indicates whether to turn on Performance Insights for the DB cluster. + EngineLifecycleSupport: + description: |- + The life cycle type for this DB cluster. + By default, this value is set to ``open-source-rds-extended-support``, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to ``open-source-rds-extended-support-disabled``. In this case, creating the DB cluster will fail if the DB major version is past its end of standard support date. + You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections: + + Amazon Aurora - [Using Amazon RDS Extended Support](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) in the *Amazon Aurora User Guide* + + Amazon RDS - [Using Amazon RDS Extended Support](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) in the *Amazon RDS User Guide* + + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + Valid Values: ``open-source-rds-extended-support | open-source-rds-extended-support-disabled`` + Default: ``open-source-rds-extended-support`` + type: string + EngineMode: + description: |- + The DB engine mode of the DB cluster, either ``provisioned`` or ``serverless``. + The ``serverless`` engine mode only applies for Aurora Serverless v1 DB clusters. Aurora Serverless v2 DB clusters use the ``provisioned`` engine mode. + For information about limitations and requirements for Serverless DB clusters, see the following sections in the *Amazon Aurora User Guide*: + + [Limitations of Aurora Serverless v1](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations) + + [Requirements for Aurora Serverless v2](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html) + + Valid for Cluster Type: Aurora DB clusters only + type: string + EngineVersion: + description: |- + The version number of the database engine to use. + To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible) and version 3 (8.0-compatible), use the following command: + ``aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion"`` + You can supply either ``5.7`` or ``8.0`` to use the default engine version for Aurora MySQL version 2 or version 3, respectively. + To list all of the available engine versions for Aurora PostgreSQL, use the following command: + ``aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion"`` + To list all of the available engine versions for RDS for MySQL, use the following command: + ``aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion"`` + To list all of the available engine versions for RDS for PostgreSQL, use the following command: + ``aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"`` + *Aurora MySQL* + For information, see [Database engine updates for Amazon Aurora MySQL](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) in the *Amazon Aurora User Guide*. + *Aurora PostgreSQL* + For information, see [Amazon Aurora PostgreSQL releases and engine versions](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html) in the *Amazon Aurora User Guide*. + *MySQL* + For information, see [Amazon RDS for MySQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) in the *Amazon RDS User Guide*. + *PostgreSQL* + For information, see [Amazon RDS for PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) in the *Amazon RDS User Guide*. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + ManageMasterUserPassword: + description: |- + Specifies whether to manage the master user password with AWS Secrets Manager. + For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide* and [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) in the *Amazon Aurora User Guide.* + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + Constraints: + + Can't manage the master user password with AWS Secrets Manager if ``MasterUserPassword`` is specified. type: boolean - BackupRetentionPeriod: - default: 1 - description: The number of days for which automated backups are retained. + Iops: + description: |- + The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster. + For information about valid IOPS values, see [Provisioned IOPS storage](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) in the *Amazon RDS User Guide*. + This setting is required to create a Multi-AZ DB cluster. + Valid for Cluster Type: Multi-AZ DB clusters only + Constraints: + + Must be a multiple between .5 and 50 of the storage amount for the DB cluster. type: integer - minimum: 1 - EnableCloudwatchLogsExports: - uniqueItems: true - description: The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide. + KmsKeyId: + description: |- + The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the database instances in the DB cluster, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef``. If you enable the ``StorageEncrypted`` property but don't specify this property, the default KMS key is used. If you specify this property, you must set the ``StorageEncrypted`` property to ``true``. + If you specify the ``SnapshotIdentifier`` property, the ``StorageEncrypted`` property value is inherited from the snapshot, and if the DB cluster is encrypted, the specified ``KmsKeyId`` property is used. + If you create a read replica of an encrypted DB cluster in another AWS Region, make sure to set ``KmsKeyId`` to a KMS key identifier that is valid in the destination AWS Region. This KMS key is used to encrypt the read replica in that AWS Region. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + MasterUsername: + description: |- + The name of the master user for the DB cluster. + If you specify the ``SourceDBClusterIdentifier``, ``SnapshotIdentifier``, or ``GlobalClusterIdentifier`` property, don't specify this property. The value is inherited from the source DB cluster, the snapshot, or the primary DB cluster for the global database cluster, respectively. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + pattern: ^[a-zA-Z]{1}[a-zA-Z0-9_]*$ + minLength: 1 + MasterUserPassword: + description: |- + The master password for the DB instance. + If you specify the ``SourceDBClusterIdentifier``, ``SnapshotIdentifier``, or ``GlobalClusterIdentifier`` property, don't specify this property. The value is inherited from the source DB cluster, the snapshot, or the primary DB cluster for the global database cluster, respectively. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + MasterUserSecret: + $ref: '#/components/schemas/MasterUserSecret' + description: |- + The secret managed by RDS in AWS Secrets Manager for the master user password. + When you restore a DB cluster from a snapshot, Amazon RDS generates a new secret instead of reusing the secret specified in the ``SecretArn`` property. This ensures that the restored DB cluster is securely managed with a dedicated secret. To maintain consistent integration with your application, you might need to update resource configurations to reference the newly created secret. + For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide* and [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) in the *Amazon Aurora User Guide.* + MonitoringInterval: + description: |- + The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify ``0``. + If ``MonitoringRoleArn`` is specified, also set ``MonitoringInterval`` to a value other than ``0``. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + Valid Values: ``0 | 1 | 5 | 10 | 15 | 30 | 60`` + Default: ``0`` + type: integer + MonitoringRoleArn: + description: |- + The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is ``arn:aws:iam:123456789012:role/emaccess``. For information on creating a monitoring role, see [Setting up and enabling Enhanced Monitoring](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) in the *Amazon RDS User Guide*. + If ``MonitoringInterval`` is set to a value other than ``0``, supply a ``MonitoringRoleArn`` value. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + type: string + NetworkType: + description: |- + The network type of the DB cluster. + Valid values: + + ``IPV4`` + + ``DUAL`` + + The network type is determined by the ``DBSubnetGroup`` specified for the DB cluster. A ``DBSubnetGroup`` can support only the IPv4 protocol or the IPv4 and IPv6 protocols (``DUAL``). + For more information, see [Working with a DB instance in a VPC](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) in the *Amazon Aurora User Guide.* + Valid for: Aurora DB clusters only + type: string + PerformanceInsightsEnabled: + description: |- + Specifies whether to turn on Performance Insights for the DB cluster. + For more information, see [Using Amazon Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) in the *Amazon RDS User Guide*. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + type: boolean + PerformanceInsightsKmsKeyId: + description: |- + The AWS KMS key identifier for encryption of Performance Insights data. + The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. + If you don't specify a value for ``PerformanceInsightsKMSKeyId``, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS-account. Your AWS-account has a different default KMS key for each AWS-Region. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + type: string + PerformanceInsightsRetentionPeriod: + description: |- + The number of days to retain Performance Insights data. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + Valid Values: + + ``7`` + + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) + + ``731`` + + Default: ``7`` days + If you specify a retention period that isn't valid, such as ``94``, Amazon RDS issues an error. + type: integer + Port: + description: |- + The port number on which the DB instances in the DB cluster accept connections. + Default: + + When ``EngineMode`` is ``provisioned``, ``3306`` (for both Aurora MySQL and Aurora PostgreSQL) + + When ``EngineMode`` is ``serverless``: + + ``3306`` when ``Engine`` is ``aurora`` or ``aurora-mysql`` + + ``5432`` when ``Engine`` is ``aurora-postgresql`` + + + The ``No interruption`` on update behavior only applies to DB clusters. If you are updating a DB instance, see [Port](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-port) for the AWS::RDS::DBInstance resource. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: integer + PreferredBackupWindow: + description: |- + The daily time range during which automated backups are created. For more information, see [Backup Window](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) in the *Amazon Aurora User Guide.* + Constraints: + + Must be in the format ``hh24:mi-hh24:mi``. + + Must be in Universal Coordinated Time (UTC). + + Must not conflict with the preferred maintenance window. + + Must be at least 30 minutes. + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + PreferredMaintenanceWindow: + description: |- + The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). + Format: ``ddd:hh24:mi-ddd:hh24:mi`` + The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Adjusting the Preferred DB Cluster Maintenance Window](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) in the *Amazon Aurora User Guide.* + Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. + Constraints: Minimum 30-minute window. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + PubliclyAccessible: + description: |- + Specifies whether the DB cluster is publicly accessible. + When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it. + When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address. + Valid for Cluster Type: Multi-AZ DB clusters only + Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified. + If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies: + + If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private. + + If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public. + + If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies: + + If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private. + + If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public. + type: boolean + ReplicationSourceIdentifier: + description: |- + The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica. + Valid for: Aurora DB clusters only + type: string + RestoreToTime: + description: |- + The date and time to restore the DB cluster to. + Valid Values: Value must be a time in Universal Coordinated Time (UTC) format + Constraints: + + Must be before the latest restorable time for the DB instance + + Must be specified if ``UseLatestRestorableTime`` parameter isn't provided + + Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled + + Can't be specified if the ``RestoreType`` parameter is ``copy-on-write`` + + This property must be used with ``SourceDBClusterIdentifier`` property. The resulting cluster will have the identifier that matches the value of the ``DBclusterIdentifier`` property. + Example: ``2015-03-07T23:45:00Z`` + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + RestoreType: + description: |- + The type of restore to be performed. You can specify one of the following values: + + ``full-copy`` - The new DB cluster is restored as a full copy of the source DB cluster. + + ``copy-on-write`` - The new DB cluster is restored as a clone of the source DB cluster. + + If you don't specify a ``RestoreType`` value, then the new DB cluster is restored as a full copy of the source DB cluster. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + ServerlessV2ScalingConfiguration: + description: |- + The scaling configuration of an Aurora Serverless V2 DB cluster. + This property is only supported for Aurora Serverless v2. For Aurora Serverless v1, Use the ``ScalingConfiguration`` property. + Valid for: Aurora Serverless v2 DB clusters only + $ref: '#/components/schemas/ServerlessV2ScalingConfiguration' + ScalingConfiguration: + description: |- + The scaling configuration of an Aurora Serverless v1 DB cluster. + This property is only supported for Aurora Serverless v1. For Aurora Serverless v2, Use the ``ServerlessV2ScalingConfiguration`` property. + Valid for: Aurora Serverless v1 DB clusters only + $ref: '#/components/schemas/ScalingConfiguration' + SnapshotIdentifier: + description: |- + The identifier for the DB snapshot or DB cluster snapshot to restore from. + You can use either the name or the Amazon Resource Name (ARN) to specify a DB cluster snapshot. However, you can use only the ARN to specify a DB snapshot. + After you restore a DB cluster with a ``SnapshotIdentifier`` property, you must specify the same ``SnapshotIdentifier`` property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed. However, if you don't specify the ``SnapshotIdentifier`` property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB cluster is restored from the specified ``SnapshotIdentifier`` property, and the original DB cluster is deleted. + If you specify the ``SnapshotIdentifier`` property to restore a DB cluster (as opposed to specifying it for DB cluster updates), then don't specify the following properties: + + ``GlobalClusterIdentifier`` + + ``MasterUsername`` + + ``MasterUserPassword`` + + ``ReplicationSourceIdentifier`` + + ``RestoreType`` + + ``SourceDBClusterIdentifier`` + + ``SourceRegion`` + + ``StorageEncrypted`` (for an encrypted snapshot) + + ``UseLatestRestorableTime`` + + Constraints: + + Must match the identifier of an existing Snapshot. + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + SourceDBClusterIdentifier: + description: |- + When restoring a DB cluster to a point in time, the identifier of the source DB cluster from which to restore. + Constraints: + + Must match the identifier of an existing DBCluster. + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + SourceRegion: + description: |- + The AWS Region which contains the source DB cluster when replicating a DB cluster. For example, ``us-east-1``. + Valid for: Aurora DB clusters only + type: string + StorageEncrypted: + description: |- + Indicates whether the DB cluster is encrypted. + If you specify the ``KmsKeyId`` property, then you must enable encryption. + If you specify the ``SourceDBClusterIdentifier`` property, don't specify this property. The value is inherited from the source DB cluster, and if the DB cluster is encrypted, the specified ``KmsKeyId`` property is used. + If you specify the ``SnapshotIdentifier`` and the specified snapshot is encrypted, don't specify this property. The value is inherited from the snapshot, and the specified ``KmsKeyId`` property is used. + If you specify the ``SnapshotIdentifier`` and the specified snapshot isn't encrypted, you can use this property to specify that the restored DB cluster is encrypted. Specify the ``KmsKeyId`` property for the KMS key to use for encryption. If you don't want the restored DB cluster to be encrypted, then don't set this property or set it to ``false``. + If you specify both the ``StorageEncrypted`` and ``SnapshotIdentifier`` properties without specifying the ``KmsKeyId`` property, then the restored DB cluster inherits the encryption settings from the DB snapshot that provide. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: boolean + StorageThroughput: + description: '' + type: integer + StorageType: + description: |- + The storage type to associate with the DB cluster. + For information on storage types for Aurora DB clusters, see [Storage configurations for Amazon Aurora DB clusters](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.StorageReliability.html#aurora-storage-type). For information on storage types for Multi-AZ DB clusters, see [Settings for creating Multi-AZ DB clusters](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/create-multi-az-db-cluster.html#create-multi-az-db-cluster-settings). + This setting is required to create a Multi-AZ DB cluster. + When specified for a Multi-AZ DB cluster, a value for the ``Iops`` parameter is required. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + Valid Values: + + Aurora DB clusters - ``aurora | aurora-iopt1`` + + Multi-AZ DB clusters - ``io1 | io2 | gp3`` + + Default: + + Aurora DB clusters - ``aurora`` + + Multi-AZ DB clusters - ``io1`` + + When you create an Aurora DB cluster with the storage type set to ``aurora-iopt1``, the storage type is returned in the response. The storage type isn't returned when you set it to ``aurora``. + type: string + Tags: type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: |- + Tags to assign to the DB cluster. + Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + items: + $ref: '#/components/schemas/Tag' + UseLatestRestorableTime: + description: |- + A value that indicates whether to restore the DB cluster to the latest restorable backup time. By default, the DB cluster is not restored to the latest restorable backup time. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: boolean + VpcSecurityGroupIds: + description: |- + A list of EC2 VPC security groups to associate with this DB cluster. + If you plan to update the resource, don't specify VPC security groups in a shared VPC. + Valid for: Aurora DB clusters and Multi-AZ DB clusters + uniqueItems: true items: type: string + type: array x-stackQL-stringOnly: true x-title: CreateDBClusterRequest type: object @@ -3245,19 +4167,44 @@ components: type: object properties: Description: - description: A friendly description for this DB cluster parameter group. + description: The description for the DB cluster parameter group. type: string Family: - description: The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a DB engine and engine version compatible with that DB cluster parameter group family. + description: |- + The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family. + *Aurora MySQL* + Example: ``aurora-mysql5.7``, ``aurora-mysql8.0`` + *Aurora PostgreSQL* + Example: ``aurora-postgresql14`` + *RDS for MySQL* + Example: ``mysql8.0`` + *RDS for PostgreSQL* + Example: ``postgres13`` + To list all of the available parameter group families for a DB engine, use the following command: + ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine `` + For example, to list all of the available parameter group families for the Aurora PostgreSQL DB engine, use the following command: + ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine aurora-postgresql`` + The output contains duplicates. + The following are the valid DB engine values: + + ``aurora-mysql`` + + ``aurora-postgresql`` + + ``mysql`` + + ``postgres`` type: string Parameters: - description: An array of parameters to be modified. A maximum of 20 parameters can be modified in a single request. + description: Provides a list of parameters for the DB cluster parameter group. type: object DBClusterParameterGroupName: type: string pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9])*$ + description: |- + The name of the DB cluster parameter group. + Constraints: + + Must not match the name of an existing DB cluster parameter group. + + This value is stored as a lowercase string. Tags: - description: The list of tags for the cluster parameter group. + description: Tags to assign to the DB cluster parameter group. type: array maxItems: 50 x-insertionOrder: false @@ -3280,382 +4227,487 @@ components: DesiredState: type: object properties: - StorageEncrypted: + AllocatedStorage: + type: string description: |- - A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. - If you specify the ``KmsKeyId`` property, then you must enable encryption. - If you specify the ``SourceDBInstanceIdentifier`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. - If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot. - *Amazon Aurora* - Not applicable. The encryption for DB instances is managed by the DB cluster. + The amount of storage in gibibytes (GiB) to be initially allocated for the database instance. + If any value is set in the ``Iops`` parameter, ``AllocatedStorage`` must be at least 100 GiB, which corresponds to the minimum Iops value of 1,000. If you increase the ``Iops`` value (in 1,000 IOPS increments), then you must also increase the ``AllocatedStorage`` value (in 100-GiB increments). + *Amazon Aurora* + Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume. + *Db2* + Constraints to the amount of storage for each storage type are the following: + + General Purpose (SSD) storage (gp3): Must be an integer from 20 to 64000. + + Provisioned IOPS storage (io1): Must be an integer from 100 to 64000. + + *MySQL* + Constraints to the amount of storage for each storage type are the following: + + General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. + + Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + + Magnetic storage (standard): Must be an integer from 5 to 3072. + + *MariaDB* + Constraints to the amount of storage for each storage type are the following: + + General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. + + Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + + Magnetic storage (standard): Must be an integer from 5 to 3072. + + *PostgreSQL* + Constraints to the amount of storage for each storage type are the following: + + General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. + + Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + + Magnetic storage (standard): Must be an integer from 5 to 3072. + + *Oracle* + Constraints to the amount of storage for each storage type are the following: + + General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. + + Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + + Magnetic storage (standard): Must be an integer from 10 to 3072. + + *SQL Server* + Constraints to the amount of storage for each storage type are the following: + + General Purpose (SSD) storage (gp2): + + Enterprise and Standard editions: Must be an integer from 20 to 16384. + + Web and Express editions: Must be an integer from 20 to 16384. + + + Provisioned IOPS storage (io1): + + Enterprise and Standard editions: Must be an integer from 20 to 16384. + + Web and Express editions: Must be an integer from 20 to 16384. + + + Magnetic storage (standard): + + Enterprise and Standard editions: Must be an integer from 20 to 1024. + + Web and Express editions: Must be an integer from 20 to 1024. + pattern: ^[0-9]*$ + AllowMajorVersionUpgrade: type: boolean - Timezone: - description: The time zone of the DB instance. The time zone parameter is currently supported only by [RDS for Db2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-time-zone) and [RDS for SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone). - type: string - DBSystemId: - description: The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term "Oracle database instance" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to ``RDSCDB``. The Oracle SID is also the name of your CDB. - type: string - CertificateDetails: - description: The details of the DB instance's server certificate. - $ref: '#/components/schemas/CertificateDetails' - Port: - pattern: ^\d*$ description: |- - The port number on which the database accepts connections. + A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. + Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version. + AssociatedRoles: + type: array + items: + $ref: '#/components/schemas/DBInstanceRole' + description: |- + The IAMlong (IAM) roles associated with the DB instance. *Amazon Aurora* - Not applicable. The port number is managed by the DB cluster. - *Db2* - Default value: ``50000`` + Not applicable. The associated roles are managed by the DB cluster. + AutoMinorVersionUpgrade: + type: boolean + description: A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically. + AutomaticBackupReplicationRegion: type: string - DBClusterIdentifier: - description: The identifier of the DB cluster that the instance will belong to. + description: The AWS-Region associated with the automated backup. + AutomaticBackupReplicationKmsKeyId: type: string - StorageThroughput: - description: |- - Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. - This setting doesn't apply to RDS Custom or Amazon Aurora. - type: integer - DbiResourceId: - description: '' + description: The AWS KMS key identifier for encryption of the replicated automated backups. The KMS key ID is the Amazon Resource Name (ARN) for the KMS encryption key in the destination AWS-Region, for example, ``arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE``. + AvailabilityZone: type: string - MonitoringInterval: - default: 0 description: |- - The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0. - If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than 0. - This setting doesn't apply to RDS Custom. - Valid Values: ``0, 1, 5, 10, 15, 30, 60`` + The Availability Zone (AZ) where the database will be created. For information on AWS-Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). + For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one. + Default: A random, system-chosen Availability Zone in the endpoint's AWS-Region. + Constraints: + + The ``AvailabilityZone`` parameter can't be specified if the DB instance is a Multi-AZ deployment. + + The specified Availability Zone must be in the same AWS-Region as the current endpoint. + + Example: ``us-east-1d`` + BackupRetentionPeriod: type: integer - DBParameterGroupName: + minimum: 0 description: |- - The name of an existing DB parameter group or a reference to an [AWS::RDS::DBParameterGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html) resource created in the template. - To list all of the available DB parameter group names, use the following command: - ``aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text`` - If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot. - If you don't specify a value for ``DBParameterGroupName`` property, the default DB parameter group for the specified engine and engine version is used. - type: string - DBInstanceArn: - description: '' + The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups. + *Amazon Aurora* + Not applicable. The retention period for automated backups is managed by the DB cluster. + Default: 1 + Constraints: + + Must be a value from 0 to 35 + + Can't be set to 0 if the DB instance is a source to read replicas + CACertificateIdentifier: type: string - Endpoint: description: |- - The connection endpoint for the DB instance. - The endpoint might not be shown for instances with the status of ``creating``. - $ref: '#/components/schemas/Endpoint' - TdeCredentialArn: - description: '' - type: string - AutomaticBackupReplicationKmsKeyId: - description: The AWS KMS key identifier for encryption of the replicated automated backups. The KMS key ID is the Amazon Resource Name (ARN) for the KMS encryption key in the destination AWS-Region, for example, ``arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE``. + The identifier of the CA certificate for this DB instance. + For more information, see [Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) in the *Amazon RDS User Guide* and [Using SSL/TLS to encrypt a connection to a DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) in the *Amazon Aurora User Guide*. + CertificateDetails: + $ref: '#/components/schemas/CertificateDetails' + description: The details of the DB instance's server certificate. + CertificateRotationRestart: + type: boolean + description: |- + Specifies whether the DB instance is restarted when you rotate your SSL/TLS certificate. + By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted. + Set this parameter only if you are *not* using SSL/TLS to connect to the DB instance. + If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate: + + For more information about rotating your SSL/TLS certificate for RDS DB engines, see [Rotating Your SSL/TLS Certificate.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide.* + + For more information about rotating your SSL/TLS certificate for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide*. + + This setting doesn't apply to RDS Custom DB instances. + CharacterSetName: type: string - MultiAZ: description: |- - Specifies whether the database instance is a Multi-AZ DB instance deployment. You can't set the ``AvailabilityZone`` parameter if the ``MultiAZ`` parameter is set to true. - For more information, see [Multi-AZ deployments for high availability](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html) in the *Amazon RDS User Guide*. + For supported engines, indicates that the DB instance should be associated with the specified character set. *Amazon Aurora* - Not applicable. Amazon Aurora storage is replicated across all of the Availability Zones and doesn't require the ``MultiAZ`` option to be set. + Not applicable. The character set is managed by the DB cluster. For more information, see [AWS::RDS::DBCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html). + CopyTagsToSnapshot: type: boolean - Engine: description: |- - The name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region. - This property is required when creating a DB instance. - You can convert an Oracle database from the non-CDB architecture to the container database (CDB) architecture by updating the ``Engine`` value in your templates from ``oracle-ee`` to ``oracle-ee-cdb`` or from ``oracle-se2`` to ``oracle-se2-cdb``. Converting to the CDB architecture requires an interruption. - Valid Values: - + ``aurora-mysql`` (for Aurora MySQL DB instances) - + ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) - + ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) - + ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) - + ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) - + ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) - + ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) - + ``db2-ae`` - + ``db2-se`` - + ``mariadb`` - + ``mysql`` - + ``oracle-ee`` - + ``oracle-ee-cdb`` - + ``oracle-se2`` - + ``oracle-se2-cdb`` - + ``postgres`` - + ``sqlserver-ee`` - + ``sqlserver-se`` - + ``sqlserver-ex`` - + ``sqlserver-web`` + Specifies whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied. + This setting doesn't apply to Amazon Aurora DB instances. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting. + CustomIAMInstanceProfile: type: string - Tags: - uniqueItems: false - description: An optional array of key-value pairs to apply to this DB instance. - x-insertionOrder: false - type: array - items: - $ref: '#/components/schemas/Tag' - PerformanceInsightsKMSKeyId: description: |- - The AWS KMS key identifier for encryption of Performance Insights data. - The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. - If you do not specify a value for ``PerformanceInsightsKMSKeyId``, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region. - For information about enabling Performance Insights, see [EnablePerformanceInsights](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableperformanceinsights). - anyOf: - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/Arn - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/KeyId + The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. + This setting is required for RDS Custom. + Constraints: + + The profile must exist in your account. + + The profile must have an IAM role that Amazon EC2 has permissions to assume. + + The instance profile name and the associated IAM role name must start with the prefix ``AWSRDSCustom``. + + For the list of permissions required for the IAM role, see [Configure IAM and your VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) in the *Amazon RDS User Guide*. + DatabaseInsightsMode: + description: '' + type: string + DBClusterIdentifier: + type: string + description: |- + The identifier of the DB cluster that this DB instance will belong to. + This setting doesn't apply to RDS Custom DB instances. + DBClusterSnapshotIdentifier: + type: string + description: |- + The identifier for the Multi-AZ DB cluster snapshot to restore from. + For more information on Multi-AZ DB clusters, see [Multi-AZ DB cluster deployments](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) in the *Amazon RDS User Guide*. + Constraints: + + Must match the identifier of an existing Multi-AZ DB cluster snapshot. + + Can't be specified when ``DBSnapshotIdentifier`` is specified. + + Must be specified when ``DBSnapshotIdentifier`` isn't specified. + + If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the ``DBClusterSnapshotIdentifier`` must be the ARN of the shared snapshot. + + Can't be the identifier of an Aurora DB cluster snapshot. + DBInstanceArn: type: string - TdeCredentialPassword: description: '' + DBInstanceClass: type: string - SourceDBInstanceIdentifier: + description: >- + The compute and memory capacity of the DB instance, for example ``db.m5.large``. Not all DB instance classes are available in all AWS-Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see [DB instance classes](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) in the *Amazon RDS User Guide* or [Aurora DB instance + classes](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html) in the *Amazon Aurora User Guide*. + DBInstanceIdentifier: + type: string + pattern: ^$|^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + minLength: 1 + maxLength: 63 description: |- - If you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see [Working with Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/USER_ReadRepl.html) in the *Amazon RDS User Guide*. + A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*. - The ``SourceDBInstanceIdentifier`` property determines whether a DB instance is a read replica. If you remove the ``SourceDBInstanceIdentifier`` property from your template and then update your stack, AWS CloudFormation promotes the Read Replica to a standalone DB instance. - + If you specify a source DB instance that uses VPC security groups, we recommend that you specify the ``VPCSecurityGroups`` property. If you don't specify the property, the read replica inherits the value of the ``VPCSecurityGroups`` property from the source DB when you create the replica. However, if you update the stack, AWS CloudFormation reverts the replica's ``VPCSecurityGroups`` property to the default value because it's not defined in the stack's template. This change might cause unexpected issues. - + Read replicas don't support deletion policies. AWS CloudFormation ignores any deletion policy that's associated with a read replica. - + If you specify ``SourceDBInstanceIdentifier``, don't specify the ``DBSnapshotIdentifier`` property. You can't create a read replica from a snapshot. - + Don't set the ``BackupRetentionPeriod``, ``DBName``, ``MasterUsername``, ``MasterUserPassword``, and ``PreferredBackupWindow`` properties. The database attributes are inherited from the source DB instance, and backups are disabled for read replicas. - + If the source DB instance is in a different region than the read replica, specify the source region in ``SourceRegion``, and specify an ARN for a valid DB instance in ``SourceDBInstanceIdentifier``. For more information, see [Constructing a Amazon RDS Amazon Resource Name (ARN)](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.ARN) in the *Amazon RDS User Guide*. - + For DB instances in Amazon Aurora clusters, don't specify this property. Amazon RDS automatically assigns writer and reader DB instances. + If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + DbiResourceId: + type: string + description: '' + DBName: type: string - EngineVersion: description: |- - The version number of the database engine to use. - For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. - The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. - *Amazon Aurora* - Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. + The meaning of this parameter differs according to the database engine you use. + If you specify the ``DBSnapshotIdentifier`` property, this property only applies to RDS for Oracle. + *Amazon Aurora* + Not applicable. The database name is managed by the DB cluster. *Db2* - See [Amazon RDS for Db2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* - *MariaDB* - See [MariaDB on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* - *Microsoft SQL Server* - See [Microsoft SQL Server Versions on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) in the *Amazon RDS User Guide.* + The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. + Constraints: + + Must contain 1 to 64 letters or numbers. + + Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). + + Can't be a word reserved by the specified database engine. + *MySQL* - See [MySQL on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* - *Oracle* - See [Oracle Database Engine Release Notes](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) in the *Amazon RDS User Guide.* + The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. + Constraints: + + Must contain 1 to 64 letters or numbers. + + Can't be a word reserved by the specified database engine + + *MariaDB* + The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. + Constraints: + + Must contain 1 to 64 letters or numbers. + + Can't be a word reserved by the specified database engine + *PostgreSQL* - See [Supported PostgreSQL Database Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions) in the *Amazon RDS User Guide.* + The name of the database to create when the DB instance is created. If this parameter is not specified, the default ``postgres`` database is created in the DB instance. + Constraints: + + Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). + + Must contain 1 to 63 characters. + + Can't be a word reserved by the specified database engine + + *Oracle* + The Oracle System ID (SID) of the created DB instance. If you specify ``null``, the default value ``ORCL`` is used. You can't specify the string NULL, or any other reserved word, for ``DBName``. + Default: ``ORCL`` + Constraints: + + Can't be longer than 8 characters + + *SQL Server* + Not applicable. Must be null. + DBParameterGroupName: type: string - StorageType: description: |- - The storage type to associate with the DB instance. - If you specify ``io1``, ``io2``, or ``gp3``, you must also include a value for the ``Iops`` parameter. - This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. - Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` - Default: ``io1``, if the ``Iops`` parameter is specified. Otherwise, ``gp2``. + The name of an existing DB parameter group or a reference to an [AWS::RDS::DBParameterGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html) resource created in the template. + To list all of the available DB parameter group names, use the following command: + ``aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text`` + If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot. + If you don't specify a value for ``DBParameterGroupName`` property, the default DB parameter group for the specified engine and engine version is used. + DBSecurityGroups: + type: array + uniqueItems: true + items: + type: string + description: |- + A list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template. + If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups. + If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS during create operations: + + ``AllocatedStorage`` + + ``AutoMinorVersionUpgrade`` + + ``AvailabilityZone`` + + ``BackupRetentionPeriod`` + + ``CharacterSetName`` + + ``DBInstanceClass`` + + ``DBName`` + + ``DBParameterGroupName`` + + ``DBSecurityGroups`` + + ``DBSubnetGroupName`` + + ``Engine`` + + ``EngineVersion`` + + ``Iops`` + + ``LicenseModel`` + + ``MasterUsername`` + + ``MasterUserPassword`` + + ``MultiAZ`` + + ``OptionGroupName`` + + ``PreferredBackupWindow`` + + ``PreferredMaintenanceWindow`` + + All other properties are ignored. Specify a virtual private cloud (VPC) security group if you want to submit other properties, such as ``StorageType``, ``StorageEncrypted``, or ``KmsKeyId``. If you're already using the ``DBSecurityGroups`` property, you can't use these other properties by updating your DB instance to use a VPC security group. You must recreate the DB instance. + DBSnapshotIdentifier: type: string - KmsKeyId: description: |- - The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef``. If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. - If you specify the ``SourceDBInstanceIdentifier`` property, the value is inherited from the source DB instance if the read replica is created in the same region. - If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. - If you specify the ``DBSnapshotIdentifier`` property, don't specify this property. The ``StorageEncrypted`` property value is inherited from the snapshot. If the DB instance is encrypted, the specified ``KmsKeyId`` property is also inherited from the snapshot. - If you specify ``DBSecurityGroups``, AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see [Using Amazon RDS with Amazon VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. + The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. + By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. + Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference*. + After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. + If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: + + ``CharacterSetName`` + + ``DBClusterIdentifier`` + + ``DBName`` + + ``KmsKeyId`` + + ``MasterUsername`` + + ``MasterUserPassword`` + + ``PromotionTier`` + + ``SourceDBInstanceIdentifier`` + + ``SourceRegion`` + + ``StorageEncrypted`` (for an unencrypted snapshot) + + ``Timezone`` + *Amazon Aurora* - Not applicable. The KMS key identifier is managed by the DB cluster. - anyOf: - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/KeyId - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/Arn + Not applicable. Snapshot restore is managed by the DB cluster. + DBSubnetGroupName: type: string - DBInstanceClass: - description: >- - The compute and memory capacity of the DB instance, for example ``db.m5.large``. Not all DB instance classes are available in all AWS-Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see [DB instance classes](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) in the *Amazon RDS User Guide* or [Aurora DB instance - classes](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html) in the *Amazon Aurora User Guide*. + description: |- + A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. + If there's no DB subnet group, then the DB instance isn't a VPC DB instance. + For more information about using Amazon RDS in a VPC, see [Amazon VPC and Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. + This setting doesn't apply to Amazon Aurora DB instances. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting. + DBSystemId: type: string + description: The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term "Oracle database instance" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to ``RDSCDB``. The Oracle SID is also the name of your CDB. + DedicatedLogVolume: + type: boolean + description: Indicates whether the DB instance has a dedicated log volume (DLV) enabled. DeleteAutomatedBackups: + type: boolean description: |- A value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted. *Amazon Aurora* Not applicable. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the DB cluster are not deleted. + DeletionProtection: type: boolean - PerformanceInsightsRetentionPeriod: description: |- - The number of days to retain Performance Insights data. - This setting doesn't apply to RDS Custom DB instances. - Valid Values: - + ``7`` - + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) - + ``731`` - - Default: ``7`` days - If you specify a retention period that isn't valid, such as ``94``, Amazon RDS returns an error. - type: integer - AvailabilityZone: - description: |- - The Availability Zone (AZ) where the database will be created. For information on AWS-Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). - For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one. - Default: A random, system-chosen Availability Zone in the endpoint's AWS-Region. - Constraints: - + The ``AvailabilityZone`` parameter can't be specified if the DB instance is a Multi-AZ deployment. - + The specified Availability Zone must be in the same AWS-Region as the current endpoint. - - Example: ``us-east-1d`` + Specifies whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see [Deleting a DB Instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). + This setting doesn't apply to Amazon Aurora DB instances. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster``. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster. + Domain: type: string - OptionGroupName: description: |- - Indicates that the DB instance should be associated with the specified option group. - Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance. + The Active Directory directory ID to create the DB instance in. Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. + For more information, see [Kerberos Authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) in the *Amazon RDS User Guide*. + DomainAuthSecretArn: type: string - EnablePerformanceInsights: description: |- - Specifies whether to enable Performance Insights for the DB instance. For more information, see [Using Amazon Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) in the *Amazon RDS User Guide*. - This setting doesn't apply to RDS Custom DB instances. - type: boolean - AutoMinorVersionUpgrade: - description: A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically. - type: boolean - DBSubnetGroupName: + The ARN for the Secrets Manager secret with the credentials for the user joining the domain. + Example: ``arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456`` + DomainDnsIps: + type: array + items: + type: string description: |- - A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. - If there's no DB subnet group, then the DB instance isn't a VPC DB instance. - For more information about using Amazon RDS in a VPC, see [Using Amazon RDS with Amazon Virtual Private Cloud (VPC)](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. - *Amazon Aurora* - Not applicable. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting. + The IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers. + Constraints: + + Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. + + Example: ``123.124.125.126,234.235.236.237`` + DomainFqdn: type: string - DeletionProtection: description: |- - A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see [Deleting a DB Instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). - *Amazon Aurora* - Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster``. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster. - type: boolean - DBInstanceIdentifier: - minLength: 1 - pattern: ^$|^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + The fully qualified domain name (FQDN) of an Active Directory domain. + Constraints: + + Can't be longer than 64 characters. + + Example: ``mymanagedADtest.mymanagedAD.mydomain`` + DomainIAMRoleName: + type: string description: |- - A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). - For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*. - If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. + The name of the IAM role to use when making API calls to the Directory Service. + This setting doesn't apply to the following DB instances: + + Amazon Aurora (The domain is managed by the DB cluster.) + + RDS Custom + DomainOu: type: string - maxLength: 63 - AllocatedStorage: - pattern: ^[0-9]*$ description: |- - The amount of storage in gibibytes (GiB) to be initially allocated for the database instance. - If any value is set in the ``Iops`` parameter, ``AllocatedStorage`` must be at least 100 GiB, which corresponds to the minimum Iops value of 1,000. If you increase the ``Iops`` value (in 1,000 IOPS increments), then you must also increase the ``AllocatedStorage`` value (in 100-GiB increments). - *Amazon Aurora* - Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume. - *Db2* - Constraints to the amount of storage for each storage type are the following: - + General Purpose (SSD) storage (gp3): Must be an integer from 20 to 64000. - + Provisioned IOPS storage (io1): Must be an integer from 100 to 64000. - - *MySQL* - Constraints to the amount of storage for each storage type are the following: - + General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - + Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - + Magnetic storage (standard): Must be an integer from 5 to 3072. + The Active Directory organizational unit for your DB instance to join. + Constraints: + + Must be in the distinguished name format. + + Can't be longer than 64 characters. + Example: ``OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain`` + EnableCloudwatchLogsExports: + type: array + items: + type: string + description: |- + The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see [Publishing Database Logs to Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) in the *Amazon Relational Database Service User Guide*. + *Amazon Aurora* + Not applicable. CloudWatch Logs exports are managed by the DB cluster. + *Db2* + Valid values: ``diag.log``, ``notify.log`` *MariaDB* - Constraints to the amount of storage for each storage type are the following: - + General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - + Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - + Magnetic storage (standard): Must be an integer from 5 to 3072. - - *PostgreSQL* - Constraints to the amount of storage for each storage type are the following: - + General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - + Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - + Magnetic storage (standard): Must be an integer from 5 to 3072. - + Valid values: ``audit``, ``error``, ``general``, ``slowquery`` + *Microsoft SQL Server* + Valid values: ``agent``, ``error`` + *MySQL* + Valid values: ``audit``, ``error``, ``general``, ``slowquery`` *Oracle* - Constraints to the amount of storage for each storage type are the following: - + General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - + Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - + Magnetic storage (standard): Must be an integer from 10 to 3072. - - *SQL Server* - Constraints to the amount of storage for each storage type are the following: - + General Purpose (SSD) storage (gp2): - + Enterprise and Standard editions: Must be an integer from 20 to 16384. - + Web and Express editions: Must be an integer from 20 to 16384. - - + Provisioned IOPS storage (io1): - + Enterprise and Standard editions: Must be an integer from 20 to 16384. - + Web and Express editions: Must be an integer from 20 to 16384. - - + Magnetic storage (standard): - + Enterprise and Standard editions: Must be an integer from 20 to 1024. - + Web and Express editions: Must be an integer from 20 to 1024. - type: string - MasterUserPassword: + Valid values: ``alert``, ``audit``, ``listener``, ``trace``, ``oemagent`` + *PostgreSQL* + Valid values: ``postgresql``, ``upgrade`` + EnableIAMDatabaseAuthentication: + type: boolean description: |- - The password for the master user. The password can include any printable ASCII character except "/", """, or "@". + A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. + This property is supported for RDS for MariaDB, RDS for MySQL, and RDS for PostgreSQL. For more information, see [IAM Database Authentication for MariaDB, MySQL, and PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) in the *Amazon RDS User Guide.* *Amazon Aurora* - Not applicable. The password for the master user is managed by the DB cluster. - *RDS for Db2* - Must contain from 8 to 255 characters. - *RDS for MariaDB* - Constraints: Must contain from 8 to 41 characters. - *RDS for Microsoft SQL Server* - Constraints: Must contain from 8 to 128 characters. - *RDS for MySQL* - Constraints: Must contain from 8 to 41 characters. - *RDS for Oracle* - Constraints: Must contain from 8 to 30 characters. - *RDS for PostgreSQL* - Constraints: Must contain from 8 to 128 characters. + Not applicable. Mapping AWS IAM accounts to database accounts is managed by the DB cluster. + EnablePerformanceInsights: + type: boolean + description: |- + Specifies whether to enable Performance Insights for the DB instance. For more information, see [Using Amazon Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) in the *Amazon RDS User Guide*. + This setting doesn't apply to RDS Custom DB instances. + Endpoint: + $ref: '#/components/schemas/Endpoint' + description: |- + The connection endpoint for the DB instance. + The endpoint might not be shown for instances with the status of ``creating``. + Engine: type: string - MasterUserSecret: description: |- - The secret managed by RDS in AWS Secrets Manager for the master user password. - For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.* - $ref: '#/components/schemas/MasterUserSecret' - NcharCharacterSetName: + The name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region. + This property is required when creating a DB instance. + You can convert an Oracle database from the non-CDB architecture to the container database (CDB) architecture by updating the ``Engine`` value in your templates from ``oracle-ee`` to ``oracle-ee-cdb`` or from ``oracle-se2`` to ``oracle-se2-cdb``. Converting to the CDB architecture requires an interruption. + Valid Values: + + ``aurora-mysql`` (for Aurora MySQL DB instances) + + ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) + + ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) + + ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) + + ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) + + ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) + + ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) + + ``db2-ae`` + + ``db2-se`` + + ``mariadb`` + + ``mysql`` + + ``oracle-ee`` + + ``oracle-ee-cdb`` + + ``oracle-se2`` + + ``oracle-se2-cdb`` + + ``postgres`` + + ``sqlserver-ee`` + + ``sqlserver-se`` + + ``sqlserver-ex`` + + ``sqlserver-web`` + EngineLifecycleSupport: + type: string description: |- - The name of the NCHAR character set for the Oracle DB instance. - This setting doesn't apply to RDS Custom DB instances. + The life cycle type for this DB instance. + By default, this value is set to ``open-source-rds-extended-support``, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to ``open-source-rds-extended-support-disabled``. In this case, creating the DB instance will fail if the DB major version is past its end of standard support date. + This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster. + You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see [Using Amazon RDS Extended Support](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) in the *Amazon RDS User Guide*. + Valid Values: ``open-source-rds-extended-support | open-source-rds-extended-support-disabled`` + Default: ``open-source-rds-extended-support`` + EngineVersion: type: string - SourceDBClusterIdentifier: description: |- - The identifier of the Multi-AZ DB cluster that will act as the source for the read replica. Each DB cluster can have up to 15 read replicas. + The version number of the database engine to use. + For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. + The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. + *Amazon Aurora* + Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. + *Db2* + See [Amazon RDS for Db2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* + *MariaDB* + See [MariaDB on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* + *Microsoft SQL Server* + See [Microsoft SQL Server Versions on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) in the *Amazon RDS User Guide.* + *MySQL* + See [MySQL on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* + *Oracle* + See [Oracle Database Engine Release Notes](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) in the *Amazon RDS User Guide.* + *PostgreSQL* + See [Supported PostgreSQL Database Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions) in the *Amazon RDS User Guide.* + ManageMasterUserPassword: + type: boolean + description: |- + Specifies whether to manage the master user password with AWS Secrets Manager. + For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.* Constraints: - + Must be the identifier of an existing Multi-AZ DB cluster. - + Can't be specified if the ``SourceDBInstanceIdentifier`` parameter is also specified. - + The specified DB cluster must have automatic backups enabled, that is, its backup retention period must be greater than 0. - + The source DB cluster must be in the same AWS-Region as the read replica. Cross-Region replication isn't supported. + + Can't manage the master user password with AWS Secrets Manager if ``MasterUserPassword`` is specified. + Iops: + type: integer + description: |- + The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. + If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see [Amazon RDS Provisioned IOPS Storage to Improve Performance](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS) in the *Amazon RDS User Guide*. + If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property. + Constraints: + + For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance. + + For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance. + KmsKeyId: type: string - DBSecurityGroups: - uniqueItems: true description: |- - A list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template. - If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups. - If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS during create operations: - + ``AllocatedStorage`` - + ``AutoMinorVersionUpgrade`` - + ``AvailabilityZone`` - + ``BackupRetentionPeriod`` - + ``CharacterSetName`` - + ``DBInstanceClass`` - + ``DBName`` - + ``DBParameterGroupName`` - + ``DBSecurityGroups`` - + ``DBSubnetGroupName`` - + ``Engine`` - + ``EngineVersion`` - + ``Iops`` - + ``LicenseModel`` - + ``MasterUsername`` - + ``MasterUserPassword`` - + ``MultiAZ`` - + ``OptionGroupName`` - + ``PreferredBackupWindow`` - + ``PreferredMaintenanceWindow`` + The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef``. If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. + If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. However, if the source DB instance is in a different AWS Region, you must specify a KMS key ID. + If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup, and if the automated backup is encrypted, the specified ``KmsKeyId`` property is used. + If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. + If you specify the ``DBSnapshotIdentifier`` property, don't specify this property. The ``StorageEncrypted`` property value is inherited from the snapshot. If the DB instance is encrypted, the specified ``KmsKeyId`` property is also inherited from the snapshot. + If you specify ``DBSecurityGroups``, AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see [Using Amazon RDS with Amazon VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. + *Amazon Aurora* + Not applicable. The KMS key identifier is managed by the DB cluster. + LicenseModel: + type: string + description: |- + License model information for this DB instance. + Valid Values: + + Aurora MySQL - ``general-public-license`` + + Aurora PostgreSQL - ``postgresql-license`` + + RDS for Db2 - ``bring-your-own-license``. For more information about RDS for Db2 licensing, see [](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html) in the *Amazon RDS User Guide.* + + RDS for MariaDB - ``general-public-license`` + + RDS for Microsoft SQL Server - ``license-included`` + + RDS for MySQL - ``general-public-license`` + + RDS for Oracle - ``bring-your-own-license`` or ``license-included`` + + RDS for PostgreSQL - ``postgresql-license`` - All other properties are ignored. Specify a virtual private cloud (VPC) security group if you want to submit other properties, such as ``StorageType``, ``StorageEncrypted``, or ``KmsKeyId``. If you're already using the ``DBSecurityGroups`` property, you can't use these other properties by updating your DB instance to use a VPC security group. You must recreate the DB instance. - type: array - items: - relationshipRef: - typeName: AWS::RDS::DBSecurityGroup - propertyPath: /properties/Id - type: string + If you've specified ``DBSecurityGroups`` and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability. MasterUsername: - minLength: 1 + type: string pattern: ^[a-zA-Z][a-zA-Z0-9_]{0,127}$ description: |- The master user name for the DB instance. @@ -3671,155 +4723,91 @@ components: *RDS for MariaDB* Constraints: - + Must be 1 to 16 letters or numbers. + + Must be 1 to 16 letters or numbers. + Can't be a reserved word for the chosen database engine. *RDS for Microsoft SQL Server* Constraints: - + Must be 1 to 128 letters or numbers. + + Must be 1 to 128 letters or numbers. + First character must be a letter. + Can't be a reserved word for the chosen database engine. *RDS for MySQL* Constraints: - + Must be 1 to 16 letters or numbers. + + Must be 1 to 16 letters or numbers. + First character must be a letter. + Can't be a reserved word for the chosen database engine. *RDS for Oracle* Constraints: - + Must be 1 to 30 letters or numbers. - + First character must be a letter. - + Can't be a reserved word for the chosen database engine. - - *RDS for PostgreSQL* - Constraints: - + Must be 1 to 63 letters or numbers. - + First character must be a letter. - + Can't be a reserved word for the chosen database engine. - type: string - maxLength: 128 - MaxAllocatedStorage: - description: |- - The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance. - For more information about this setting, including limitations that apply to it, see [Managing capacity automatically with Amazon RDS storage autoscaling](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) in the *Amazon RDS User Guide*. - This setting doesn't apply to the following DB instances: - + Amazon Aurora (Storage is managed by the DB cluster.) - + RDS Custom - type: integer - PromotionTier: - default: 1 - description: |- - The order of priority in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see [Fault Tolerance for an Aurora DB Cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) in the *Amazon Aurora User Guide*. - This setting doesn't apply to RDS Custom DB instances. - Default: ``1`` - Valid Values: ``0 - 15`` - type: integer - minimum: 0 - PubliclyAccessible: - description: |- - Indicates whether the DB instance is an internet-facing instance. If you specify true, AWS CloudFormation creates an instance with a publicly resolvable DNS name, which resolves to a public IP address. If you specify false, AWS CloudFormation creates an internal instance with a DNS name that resolves to a private IP address. - The default behavior value depends on your VPC setup and the database subnet group. For more information, see the ``PubliclyAccessible`` parameter in the [CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) in the *Amazon RDS API Reference*. - type: boolean - Domain: - description: |- - The Active Directory directory ID to create the DB instance in. Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. - For more information, see [Kerberos Authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) in the *Amazon RDS User Guide*. - type: string - DomainFqdn: - description: |- - The fully qualified domain name (FQDN) of an Active Directory domain. - Constraints: - + Can't be longer than 64 characters. - - Example: ``mymanagedADtest.mymanagedAD.mydomain`` - type: string - CharacterSetName: - description: |- - For supported engines, indicates that the DB instance should be associated with the specified character set. - *Amazon Aurora* - Not applicable. The character set is managed by the DB cluster. For more information, see [AWS::RDS::DBCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html). - type: string - MonitoringRoleArn: - description: |- - The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, ``arn:aws:iam:123456789012:role/emaccess``. For information on creating a monitoring role, see [Setting Up and Enabling Enhanced Monitoring](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) in the *Amazon RDS User Guide*. - If ``MonitoringInterval`` is set to a value other than ``0``, then you must supply a ``MonitoringRoleArn`` value. - This setting doesn't apply to RDS Custom DB instances. - type: string - AssociatedRoles: - description: |- - The IAMlong (IAM) roles associated with the DB instance. - *Amazon Aurora* - Not applicable. The associated roles are managed by the DB cluster. - type: array - items: - $ref: '#/components/schemas/DBInstanceRole' - DomainOu: - description: |- - The Active Directory organizational unit for your DB instance to join. - Constraints: - + Must be in the distinguished name format. - + Can't be longer than 64 characters. - - Example: ``OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain`` - type: string - DBClusterSnapshotIdentifier: - description: |- - The identifier for the Multi-AZ DB cluster snapshot to restore from. - For more information on Multi-AZ DB clusters, see [Multi-AZ DB cluster deployments](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) in the *Amazon RDS User Guide*. - Constraints: - + Must match the identifier of an existing Multi-AZ DB cluster snapshot. - + Can't be specified when ``DBSnapshotIdentifier`` is specified. - + Must be specified when ``DBSnapshotIdentifier`` isn't specified. - + If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the ``DBClusterSnapshotIdentifier`` must be the ARN of the shared snapshot. - + Can't be the identifier of an Aurora DB cluster snapshot. - type: string - SourceDBInstanceAutomatedBackupsArn: - description: |- - The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, ``arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE``. - This setting doesn't apply to RDS Custom. - type: string - ProcessorFeatures: - description: |- - The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. - This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. - type: array - items: - $ref: '#/components/schemas/ProcessorFeature' - PreferredBackupWindow: - description: |- - The daily time range during which automated backups are created if automated backups are enabled, using the ``BackupRetentionPeriod`` parameter. For more information, see [Backup Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) in the *Amazon RDS User Guide.* - Constraints: - + Must be in the format ``hh24:mi-hh24:mi``. - + Must be in Universal Coordinated Time (UTC). - + Must not conflict with the preferred maintenance window. - + Must be at least 30 minutes. + + Must be 1 to 30 letters or numbers. + + First character must be a letter. + + Can't be a reserved word for the chosen database engine. - *Amazon Aurora* - Not applicable. The daily time range for creating automated backups is managed by the DB cluster. + *RDS for PostgreSQL* + Constraints: + + Must be 1 to 63 letters or numbers. + + First character must be a letter. + + Can't be a reserved word for the chosen database engine. + minLength: 1 + maxLength: 128 + MasterUserPassword: type: string - RestoreTime: - format: date-time description: |- - The date and time to restore from. - Constraints: - + Must be a time in Universal Coordinated Time (UTC) format. - + Must be before the latest restorable time for the DB instance. - + Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled. - - Example: ``2009-09-07T23:45:00Z`` + The password for the master user. The password can include any printable ASCII character except "/", """, or "@". + *Amazon Aurora* + Not applicable. The password for the master user is managed by the DB cluster. + *RDS for Db2* + Must contain from 8 to 255 characters. + *RDS for MariaDB* + Constraints: Must contain from 8 to 41 characters. + *RDS for Microsoft SQL Server* + Constraints: Must contain from 8 to 128 characters. + *RDS for MySQL* + Constraints: Must contain from 8 to 41 characters. + *RDS for Oracle* + Constraints: Must contain from 8 to 30 characters. + *RDS for PostgreSQL* + Constraints: Must contain from 8 to 128 characters. + MasterUserSecret: + $ref: '#/components/schemas/MasterUserSecret' + description: |- + The secret managed by RDS in AWS Secrets Manager for the master user password. + For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.* + MaxAllocatedStorage: + type: integer + description: |- + The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance. + For more information about this setting, including limitations that apply to it, see [Managing capacity automatically with Amazon RDS storage autoscaling](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) in the *Amazon RDS User Guide*. + This setting doesn't apply to the following DB instances: + + Amazon Aurora (Storage is managed by the DB cluster.) + + RDS Custom + MonitoringInterval: + type: integer + description: |- + The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify ``0``. + If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than ``0``. + This setting doesn't apply to RDS Custom DB instances. + Valid Values: ``0 | 1 | 5 | 10 | 15 | 30 | 60`` + Default: ``0`` + MonitoringRoleArn: type: string - CertificateRotationRestart: description: |- - Specifies whether the DB instance is restarted when you rotate your SSL/TLS certificate. - By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted. - Set this parameter only if you are *not* using SSL/TLS to connect to the DB instance. - If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate: - + For more information about rotating your SSL/TLS certificate for RDS DB engines, see [Rotating Your SSL/TLS Certificate.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide.* - + For more information about rotating your SSL/TLS certificate for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide*. - + The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, ``arn:aws:iam:123456789012:role/emaccess``. For information on creating a monitoring role, see [Setting Up and Enabling Enhanced Monitoring](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) in the *Amazon RDS User Guide*. + If ``MonitoringInterval`` is set to a value other than ``0``, then you must supply a ``MonitoringRoleArn`` value. This setting doesn't apply to RDS Custom DB instances. + MultiAZ: type: boolean + description: |- + Specifies whether the DB instance is a Multi-AZ deployment. You can't set the ``AvailabilityZone`` parameter if the DB instance is a Multi-AZ deployment. + This setting doesn't apply to the following DB instances: + + Amazon Aurora (DB instance Availability Zones (AZs) are managed by the DB cluster.) + + RDS Custom + NcharCharacterSetName: + type: string + description: |- + The name of the NCHAR character set for the Oracle DB instance. + This setting doesn't apply to RDS Custom DB instances. NetworkType: description: |- The network type of the DB instance. @@ -3830,249 +4818,205 @@ components: The network type is determined by the ``DBSubnetGroup`` specified for the DB instance. A ``DBSubnetGroup`` can support only the IPv4 protocol or the IPv4 and IPv6 protocols (``DUAL``). For more information, see [Working with a DB instance in a VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) in the *Amazon RDS User Guide.* type: string - DedicatedLogVolume: - description: Indicates whether the DB instance has a dedicated log volume (DLV) enabled. - type: boolean - CopyTagsToSnapshot: - description: |- - Specifies whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied. - This setting doesn't apply to Amazon Aurora DB instances. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting. - type: boolean - DomainIAMRoleName: + OptionGroupName: + type: string description: |- - The name of the IAM role to use when making API calls to the Directory Service. - This setting doesn't apply to the following DB instances: - + Amazon Aurora (The domain is managed by the DB cluster.) - + RDS Custom + Indicates that the DB instance should be associated with the specified option group. + Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance. + PerformanceInsightsKMSKeyId: type: string - ReplicaMode: description: |- - The open mode of an Oracle read replica. For more information, see [Working with Oracle Read Replicas for Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) in the *Amazon RDS User Guide*. - This setting is only supported in RDS for Oracle. - Default: ``open-read-only`` - Valid Values: ``open-read-only`` or ``mounted`` + The AWS KMS key identifier for encryption of Performance Insights data. + The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. + If you do not specify a value for ``PerformanceInsightsKMSKeyId``, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region. + For information about enabling Performance Insights, see [EnablePerformanceInsights](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableperformanceinsights). + PerformanceInsightsRetentionPeriod: + type: integer + description: |- + The number of days to retain Performance Insights data. + This setting doesn't apply to RDS Custom DB instances. + Valid Values: + + ``7`` + + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) + + ``731`` + + Default: ``7`` days + If you specify a retention period that isn't valid, such as ``94``, Amazon RDS returns an error. + Port: type: string - LicenseModel: description: |- - License model information for this DB instance. - Valid Values: - + Aurora MySQL - ``general-public-license`` - + Aurora PostgreSQL - ``postgresql-license`` - + RDS for Db2 - ``bring-your-own-license``. For more information about RDS for Db2 licensing, see [](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html) in the *Amazon RDS User Guide.* - + RDS for MariaDB - ``general-public-license`` - + RDS for Microsoft SQL Server - ``license-included`` - + RDS for MySQL - ``general-public-license`` - + RDS for Oracle - ``bring-your-own-license`` or ``license-included`` - + RDS for PostgreSQL - ``postgresql-license`` + The port number on which the database accepts connections. + This setting doesn't apply to Aurora DB instances. The port number is managed by the cluster. + Valid Values: ``1150-65535`` + Default: + + RDS for Db2 - ``50000`` + + RDS for MariaDB - ``3306`` + + RDS for Microsoft SQL Server - ``1433`` + + RDS for MySQL - ``3306`` + + RDS for Oracle - ``1521`` + + RDS for PostgreSQL - ``5432`` - If you've specified ``DBSecurityGroups`` and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability. + Constraints: + + For RDS for Microsoft SQL Server, the value can't be ``1234``, ``1434``, ``3260``, ``3343``, ``3389``, ``47001``, or ``49152-49156``. + pattern: ^\d*$ + PreferredBackupWindow: type: string - DomainDnsIps: description: |- - The IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers. + The daily time range during which automated backups are created if automated backups are enabled, using the ``BackupRetentionPeriod`` parameter. For more information, see [Backup Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) in the *Amazon RDS User Guide.* Constraints: - + Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. + + Must be in the format ``hh24:mi-hh24:mi``. + + Must be in Universal Coordinated Time (UTC). + + Must not conflict with the preferred maintenance window. + + Must be at least 30 minutes. - Example: ``123.124.125.126,234.235.236.237`` - type: array - items: - type: string + *Amazon Aurora* + Not applicable. The daily time range for creating automated backups is managed by the DB cluster. PreferredMaintenanceWindow: + type: string description: |- The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Adjusting the Preferred DB Instance Maintenance Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) in the *Amazon RDS User Guide.* This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. Constraints: Minimum 30-minute window. - type: string - Iops: + ProcessorFeatures: + type: array + items: + $ref: '#/components/schemas/ProcessorFeature' description: |- - The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. - If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see [Amazon RDS Provisioned IOPS Storage to Improve Performance](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS) in the *Amazon RDS User Guide*. - If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property. - Constraints: - + For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance. - + For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance. + The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. + This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. + PromotionTier: type: integer - SourceRegion: - description: The ID of the region that contains the source DB instance for the read replica. - type: string - UseLatestRestorableTime: + minimum: 0 description: |- - Specifies whether the DB instance is restored from the latest backup time. By default, the DB instance isn't restored from the latest backup time. - Constraints: - + Can't be specified if the ``RestoreTime`` parameter is provided. + The order of priority in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see [Fault Tolerance for an Aurora DB Cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) in the *Amazon Aurora User Guide*. + This setting doesn't apply to RDS Custom DB instances. + Default: ``1`` + Valid Values: ``0 - 15`` + PubliclyAccessible: type: boolean - CACertificateIdentifier: - description: |- - The identifier of the CA certificate for this DB instance. - For more information, see [Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) in the *Amazon RDS User Guide* and [Using SSL/TLS to encrypt a connection to a DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) in the *Amazon Aurora User Guide*. - type: string - ManageMasterUserPassword: description: |- - Specifies whether to manage the master user password with AWS Secrets Manager. - For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.* - Constraints: - + Can't manage the master user password with AWS Secrets Manager if ``MasterUserPassword`` is specified. - type: boolean - SourceDbiResourceId: - description: The resource ID of the source DB instance from which to restore. - type: string - DomainAuthSecretArn: + Indicates whether the DB instance is an internet-facing instance. If you specify true, AWS CloudFormation creates an instance with a publicly resolvable DNS name, which resolves to a public IP address. If you specify false, AWS CloudFormation creates an internal instance with a DNS name that resolves to a private IP address. + The default behavior value depends on your VPC setup and the database subnet group. For more information, see the ``PubliclyAccessible`` parameter in the [CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) in the *Amazon RDS API Reference*. + ReplicaMode: description: |- - The ARN for the Secrets Manager secret with the credentials for the user joining the domain. - Example: ``arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456`` - type: string - AutomaticBackupReplicationRegion: - description: The destination region for the backup replication of the DB instance. For more info, see [Replicating automated backups to another Region](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html) in the *Amazon RDS User Guide*. + The open mode of an Oracle read replica. For more information, see [Working with Oracle Read Replicas for Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) in the *Amazon RDS User Guide*. + This setting is only supported in RDS for Oracle. + Default: ``open-read-only`` + Valid Values: ``open-read-only`` or ``mounted`` type: string - VPCSecurityGroups: - uniqueItems: true - description: |- - A list of the VPC security group IDs to assign to the DB instance. The list can include both the physical IDs of existing VPC security groups and references to [AWS::EC2::SecurityGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html) resources created in the template. - If you plan to update the resource, don't specify VPC security groups in a shared VPC. - If you set ``VPCSecurityGroups``, you must not set [DBSecurityGroups](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsecuritygroups), and vice versa. - You can migrate a DB instance in your stack from an RDS DB security group to a VPC security group, but keep the following in mind: - + You can't revert to using an RDS security group after you establish a VPC security group membership. - + When you migrate your DB instance to VPC security groups, if your stack update rolls back because the DB instance update fails or because an update fails in another AWS CloudFormation resource, the rollback fails because it can't revert to an RDS security group. - + To use the properties that are available when you use a VPC security group, you must recreate the DB instance. If you don't, AWS CloudFormation submits only the property values that are listed in the [DBSecurityGroups](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsecuritygroups) property. - - To avoid this situation, migrate your DB instance to using VPC security groups only when that is the only change in your stack template. - *Amazon Aurora* - Not applicable. The associated list of EC2 VPC security groups is managed by the DB cluster. If specified, the setting must match the DB cluster setting. - type: array - items: - relationshipRef: - typeName: AWS::EC2::SecurityGroup - propertyPath: /properties/GroupId - type: string - AllowMajorVersionUpgrade: - description: |- - A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. - Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version. - type: boolean - DBName: + RestoreTime: description: |- - The meaning of this parameter differs according to the database engine you use. - If you specify the ``DBSnapshotIdentifier`` property, this property only applies to RDS for Oracle. - *Amazon Aurora* - Not applicable. The database name is managed by the DB cluster. - *Db2* - The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. - Constraints: - + Must contain 1 to 64 letters or numbers. - + Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - + Can't be a word reserved by the specified database engine. - - *MySQL* - The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. - Constraints: - + Must contain 1 to 64 letters or numbers. - + Can't be a word reserved by the specified database engine - - *MariaDB* - The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. - Constraints: - + Must contain 1 to 64 letters or numbers. - + Can't be a word reserved by the specified database engine - - *PostgreSQL* - The name of the database to create when the DB instance is created. If this parameter is not specified, the default ``postgres`` database is created in the DB instance. - Constraints: - + Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - + Must contain 1 to 63 characters. - + Can't be a word reserved by the specified database engine - - *Oracle* - The Oracle System ID (SID) of the created DB instance. If you specify ``null``, the default value ``ORCL`` is used. You can't specify the string NULL, or any other reserved word, for ``DBName``. - Default: ``ORCL`` + The date and time to restore from. This parameter applies to point-in-time recovery. For more information, see [Restoring a DB instance to a specified time](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIT.html) in the in the *Amazon RDS User Guide*. Constraints: - + Can't be longer than 8 characters + + Must be a time in Universal Coordinated Time (UTC) format. + + Must be before the latest restorable time for the DB instance. + + Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled. - *SQL Server* - Not applicable. Must be null. + Example: ``2009-09-07T23:45:00Z`` type: string - EnableIAMDatabaseAuthentication: - description: |- - A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. - This property is supported for RDS for MariaDB, RDS for MySQL, and RDS for PostgreSQL. For more information, see [IAM Database Authentication for MariaDB, MySQL, and PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) in the *Amazon RDS User Guide.* - *Amazon Aurora* - Not applicable. Mapping AWS IAM accounts to database accounts is managed by the DB cluster. - type: boolean - BackupRetentionPeriod: - default: 1 + format: date-time + SourceDBClusterIdentifier: description: |- - The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups. - *Amazon Aurora* - Not applicable. The retention period for automated backups is managed by the DB cluster. - Default: 1 + The identifier of the Multi-AZ DB cluster that will act as the source for the read replica. Each DB cluster can have up to 15 read replicas. Constraints: - + Must be a value from 0 to 35 - + Can't be set to 0 if the DB instance is a source to read replicas - type: integer - minimum: 0 - CustomIAMInstanceProfile: + + Must be the identifier of an existing Multi-AZ DB cluster. + + Can't be specified if the ``SourceDBInstanceIdentifier`` parameter is also specified. + + The specified DB cluster must have automatic backups enabled, that is, its backup retention period must be greater than 0. + + The source DB cluster must be in the same AWS-Region as the read replica. Cross-Region replication isn't supported. + type: string + SourceDbiResourceId: + type: string + description: The resource ID of the source DB instance from which to restore. + SourceDBInstanceAutomatedBackupsArn: + type: string description: |- - The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. - This setting is required for RDS Custom. - Constraints: - + The profile must exist in your account. - + The profile must have an IAM role that Amazon EC2 has permissions to assume. - + The instance profile name and the associated IAM role name must start with the prefix ``AWSRDSCustom``. - - For the list of permissions required for the IAM role, see [Configure IAM and your VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) in the *Amazon RDS User Guide*. + The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, ``arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE``. + This setting doesn't apply to RDS Custom. + SourceDBInstanceIdentifier: type: string - DBSnapshotIdentifier: description: |- - The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. - By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. - Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference*. - After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. - If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: - + ``CharacterSetName`` - + ``DBClusterIdentifier`` - + ``DBName`` - + ``DeleteAutomatedBackups`` - + ``EnablePerformanceInsights`` - + ``KmsKeyId`` - + ``MasterUsername`` - + ``MasterUserPassword`` - + ``PerformanceInsightsKMSKeyId`` - + ``PerformanceInsightsRetentionPeriod`` - + ``PromotionTier`` - + ``SourceDBInstanceIdentifier`` - + ``SourceRegion`` - + ``StorageEncrypted`` (for an encrypted snapshot) - + ``Timezone`` - - *Amazon Aurora* - Not applicable. Snapshot restore is managed by the DB cluster. + If you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see [Working with Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/USER_ReadRepl.html) in the *Amazon RDS User Guide*. + For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*. + The ``SourceDBInstanceIdentifier`` property determines whether a DB instance is a read replica. If you remove the ``SourceDBInstanceIdentifier`` property from your template and then update your stack, AWS CloudFormation promotes the read replica to a standalone DB instance. + If you specify the ``UseLatestRestorableTime`` or ``RestoreTime`` properties in conjunction with the ``SourceDBInstanceIdentifier`` property, RDS restores the DB instance to the requested point in time, thereby creating a new DB instance. + + If you specify a source DB instance that uses VPC security groups, we recommend that you specify the ``VPCSecurityGroups`` property. If you don't specify the property, the read replica inherits the value of the ``VPCSecurityGroups`` property from the source DB when you create the replica. However, if you update the stack, AWS CloudFormation reverts the replica's ``VPCSecurityGroups`` property to the default value because it's not defined in the stack's template. This change might cause unexpected issues. + + Read replicas don't support deletion policies. AWS CloudFormation ignores any deletion policy that's associated with a read replica. + + If you specify ``SourceDBInstanceIdentifier``, don't specify the ``DBSnapshotIdentifier`` property. You can't create a read replica from a snapshot. + + Don't set the ``BackupRetentionPeriod``, ``DBName``, ``MasterUsername``, ``MasterUserPassword``, and ``PreferredBackupWindow`` properties. The database attributes are inherited from the source DB instance, and backups are disabled for read replicas. + + If the source DB instance is in a different region than the read replica, specify the source region in ``SourceRegion``, and specify an ARN for a valid DB instance in ``SourceDBInstanceIdentifier``. For more information, see [Constructing a Amazon RDS Amazon Resource Name (ARN)](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.ARN) in the *Amazon RDS User Guide*. + + For DB instances in Amazon Aurora clusters, don't specify this property. Amazon RDS automatically assigns writer and reader DB instances. + SourceRegion: type: string - EnableCloudwatchLogsExports: + description: The ID of the region that contains the source DB instance for the read replica. + StorageEncrypted: + type: boolean description: |- - The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see [Publishing Database Logs to Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) in the *Amazon Relational Database Service User Guide*. + A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. + If you specify the ``KmsKeyId`` property, then you must enable encryption. + If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. + If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup. + If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot. *Amazon Aurora* - Not applicable. CloudWatch Logs exports are managed by the DB cluster. - *Db2* - Valid values: ``diag.log``, ``notify.log`` - *MariaDB* - Valid values: ``audit``, ``error``, ``general``, ``slowquery`` - *Microsoft SQL Server* - Valid values: ``agent``, ``error`` - *MySQL* - Valid values: ``audit``, ``error``, ``general``, ``slowquery`` - *Oracle* - Valid values: ``alert``, ``audit``, ``listener``, ``trace``, ``oemagent`` - *PostgreSQL* - Valid values: ``postgresql``, ``upgrade`` + Not applicable. The encryption for DB instances is managed by the DB cluster. + StorageType: + type: string + description: |- + The storage type to associate with the DB instance. + If you specify ``io1``, ``io2``, or ``gp3``, you must also include a value for the ``Iops`` parameter. + This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. + Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` + Default: ``io1``, if the ``Iops`` parameter is specified. Otherwise, ``gp2``. + StorageThroughput: + type: integer + description: |- + Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. + This setting doesn't apply to RDS Custom or Amazon Aurora. + Tags: type: array + x-insertionOrder: false + uniqueItems: false items: - type: string + $ref: '#/components/schemas/Tag' + description: Tags to assign to the DB instance. + TdeCredentialArn: + type: string + description: '' + TdeCredentialPassword: + type: string + description: '' + Timezone: + type: string + description: The time zone of the DB instance. The time zone parameter is currently supported only by [RDS for Db2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-time-zone) and [RDS for SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone). UseDefaultProcessorFeatures: + type: boolean description: |- Specifies whether the DB instance class of the DB instance uses its default processor features. This setting doesn't apply to RDS Custom DB instances. + UseLatestRestorableTime: type: boolean + description: |- + Specifies whether the DB instance is restored from the latest backup time. By default, the DB instance isn't restored from the latest backup time. This parameter applies to point-in-time recovery. For more information, see [Restoring a DB instance to a specified time](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIT.html) in the in the *Amazon RDS User Guide*. + Constraints: + + Can't be specified if the ``RestoreTime`` parameter is provided. + VPCSecurityGroups: + type: array + uniqueItems: true + items: + type: string + description: |- + A list of the VPC security group IDs to assign to the DB instance. The list can include both the physical IDs of existing VPC security groups and references to [AWS::EC2::SecurityGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html) resources created in the template. + If you plan to update the resource, don't specify VPC security groups in a shared VPC. + If you set ``VPCSecurityGroups``, you must not set [DBSecurityGroups](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsecuritygroups), and vice versa. + You can migrate a DB instance in your stack from an RDS DB security group to a VPC security group, but keep the following in mind: + + You can't revert to using an RDS security group after you establish a VPC security group membership. + + When you migrate your DB instance to VPC security groups, if your stack update rolls back because the DB instance update fails or because an update fails in another AWS CloudFormation resource, the rollback fails because it can't revert to an RDS security group. + + To use the properties that are available when you use a VPC security group, you must recreate the DB instance. If you don't, AWS CloudFormation submits only the property values that are listed in the [DBSecurityGroups](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsecuritygroups) property. + + To avoid this situation, migrate your DB instance to using VPC security groups only when that is the only change in your stack template. + *Amazon Aurora* + Not applicable. The associated list of EC2 VPC security groups is managed by the DB cluster. If specified, the setting must match the DB cluster setting. x-stackQL-stringOnly: true x-title: CreateDBInstanceRequest type: object @@ -4107,25 +5051,36 @@ components: type: string Family: description: |- - The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family. - The DB parameter group family can't be changed when updating a DB parameter group. - To list all of the available parameter group families, use the following command: - ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"`` - The output contains duplicates. - For more information, see ``CreateDBParameterGroup``. + The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a database engine and engine version compatible with that DB parameter group family. + To list all of the available parameter group families for a DB engine, use the following command: + ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine `` + For example, to list all of the available parameter group families for the MySQL DB engine, use the following command: + ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine mysql`` + The output contains duplicates. + The following are the valid DB engine values: + + ``aurora-mysql`` + + ``aurora-postgresql`` + + ``db2-ae`` + + ``db2-se`` + + ``mysql`` + + ``oracle-ee`` + + ``oracle-ee-cdb`` + + ``oracle-se2`` + + ``oracle-se2-cdb`` + + ``postgres`` + + ``sqlserver-ee`` + + ``sqlserver-se`` + + ``sqlserver-ex`` + + ``sqlserver-web`` type: string Parameters: description: |- - An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional. - RDS for Db2 requires you to bring your own Db2 license. You must enter your IBM customer ID (``rds.ibm_customer_id``) and site number (``rds.ibm_site_id``) before starting a Db2 instance. - For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see [Working with DB Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*. - For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see [Working with DB Parameter Groups and DB Cluster Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*. + An array of parameter names and values for the parameter update. You must specify at least one parameter name and value. + For more information about parameter groups, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*, or [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*. AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used. type: object Tags: - description: |- - An optional array of key-value pairs to apply to this DB parameter group. - Currently, this is the only property that supports drift detection. + description: Tags to assign to the DB parameter group. type: array maxItems: 50 uniqueItems: false @@ -4322,6 +5277,60 @@ components: x-title: CreateDBProxyTargetGroupRequest type: object required: [] + CreateDBShardGroupRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DBShardGroupResourceId: + description: The Amazon Web Services Region-unique, immutable identifier for the DB shard group. + type: string + DBShardGroupIdentifier: + description: The name of the DB shard group. + type: string + minLength: 1 + maxLength: 63 + DBClusterIdentifier: + description: The name of the primary DB cluster for the DB shard group. + type: string + minLength: 1 + maxLength: 63 + ComputeRedundancy: + description: Specifies whether to create standby instances for the DB shard group. + minimum: 0 + type: integer + MaxACU: + description: The maximum capacity of the DB shard group in Aurora capacity units (ACUs). + type: number + MinACU: + description: The minimum capacity of the DB shard group in Aurora capacity units (ACUs). + type: number + PubliclyAccessible: + description: Indicates whether the DB shard group is publicly accessible. + type: boolean + Endpoint: + description: The connection endpoint for the DB shard group. + type: string + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateDBShardGroupRequest + type: object + required: [] CreateDBSubnetGroupRequest: properties: ClientToken: @@ -4340,14 +5349,18 @@ components: description: The description for the DB subnet group. DBSubnetGroupName: type: string - pattern: ^(?!default$)[a-zA-Z]{1}[a-zA-Z0-9-_\.\s]{0,254}$ description: |- The name for the DB subnet group. This value is stored as a lowercase string. - Constraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be "Default". - Example: ``mysubnetgroup`` + Constraints: + + Must contain no more than 255 letters, numbers, periods, underscores, spaces, or hyphens. + + Must not be default. + + First character must be a letter. + + Example: ``mydbsubnetgroup`` SubnetIds: type: array uniqueItems: false + x-insertionOrder: false items: type: string description: The EC2 Subnet IDs for the DB subnet group. @@ -4356,7 +5369,7 @@ components: maxItems: 50 uniqueItems: false x-insertionOrder: false - description: An optional array of key-value pairs to apply to this DB subnet group. + description: Tags to assign to the DB subnet group. items: $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true @@ -4377,7 +5390,7 @@ components: type: object properties: Tags: - description: An array of key-value pairs to apply to this resource. + description: An optional array of key-value pairs to apply to this subscription. type: array maxItems: 50 uniqueItems: false @@ -4385,31 +5398,49 @@ components: items: $ref: '#/components/schemas/Tag' SubscriptionName: - description: The name of the subscription. + description: |- + The name of the subscription. + Constraints: The name must be less than 255 characters. type: string maxLength: 255 Enabled: - description: A Boolean value; set to true to activate the subscription, set to false to create the subscription but not active it. + description: Specifies whether to activate the subscription. If the event notification subscription isn't activated, the subscription is created but not active. type: boolean default: true EventCategories: - description: A list of event categories for a SourceType that you want to subscribe to. You can see a list of the categories for a given SourceType in the Events topic in the Amazon RDS User Guide or by using the DescribeEventCategories action. + description: >- + A list of event categories for a particular source type (``SourceType``) that you want to subscribe to. You can see a list of the categories for a given source type in the "Amazon RDS event categories and event messages" section of the [Amazon RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html) or the [Amazon Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html). You can also see + this list by using the ``DescribeEventCategories`` operation. type: array uniqueItems: true items: type: string SnsTopicArn: - description: The Amazon Resource Name (ARN) of the SNS topic created for event notification. The ARN is created by Amazon SNS when you create a topic and subscribe to it. + description: |- + The Amazon Resource Name (ARN) of the SNS topic created for event notification. SNS automatically creates the ARN when you create a topic and subscribe to it. + RDS doesn't support FIFO (first in, first out) topics. For more information, see [Message ordering and deduplication (FIFO topics)](https://docs.aws.amazon.com/sns/latest/dg/sns-fifo-topics.html) in the *Amazon Simple Notification Service Developer Guide*. type: string SourceIds: - description: The list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it cannot end with a hyphen or contain two consecutive hyphens. + description: |- + The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens. + Constraints: + + If ``SourceIds`` are supplied, ``SourceType`` must also be provided. + + If the source type is a DB instance, a ``DBInstanceIdentifier`` value must be supplied. + + If the source type is a DB cluster, a ``DBClusterIdentifier`` value must be supplied. + + If the source type is a DB parameter group, a ``DBParameterGroupName`` value must be supplied. + + If the source type is a DB security group, a ``DBSecurityGroupName`` value must be supplied. + + If the source type is a DB snapshot, a ``DBSnapshotIdentifier`` value must be supplied. + + If the source type is a DB cluster snapshot, a ``DBClusterSnapshotIdentifier`` value must be supplied. + + If the source type is an RDS Proxy, a ``DBProxyName`` value must be supplied. type: array uniqueItems: true x-insertionOrder: false items: type: string SourceType: - description: The type of source that will be generating the events. For example, if you want to be notified of events generated by a DB instance, you would set this parameter to db-instance. if this value is not specified, all events are returned. + description: |- + The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you set this parameter to ``db-instance``. For RDS Proxy events, specify ``db-proxy``. If this value isn't specified, all events are returned. + Valid Values:``db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot | db-proxy | zero-etl | custom-engine-version | blue-green-deployment`` type: string x-stackQL-stringOnly: true x-title: CreateEventSubscriptionRequest @@ -4437,6 +5468,17 @@ components: - aurora - aurora-mysql - aurora-postgresql + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + EngineLifecycleSupport: + description: The life cycle type of the global cluster. You can use this setting to enroll your global cluster into Amazon RDS Extended Support. + type: string EngineVersion: description: The version number of the database engine to use. If you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster. type: string @@ -4447,6 +5489,8 @@ components: description: The cluster identifier of the new global database cluster. This parameter is stored as a lowercase string. type: string pattern: ^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$ + minLength: 1 + maxLength: 63 SourceDBClusterIdentifier: description: The Amazon Resource Name (ARN) to use as the primary cluster of the global database. This parameter is optional. This parameter is stored as a lowercase string. type: string @@ -4458,6 +5502,8 @@ components: The storage encryption setting for the new global database cluster. If you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster. type: boolean + GlobalEndpoint: + $ref: '#/components/schemas/GlobalEndpoint' x-stackQL-stringOnly: true x-title: CreateGlobalClusterRequest type: object @@ -4482,7 +5528,7 @@ components: maxLength: 64 Description: type: string - description: The description of the integration. + description: A description of the integration. minLength: 1 maxLength: 1000 Tags: @@ -4490,31 +5536,35 @@ components: maxItems: 50 uniqueItems: true x-insertionOrder: false - description: An array of key-value pairs to apply to this resource. + description: A list of tags. For more information, see [Tagging Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide.*. items: $ref: '#/components/schemas/Tag' DataFilter: type: string - description: The data filter for the integration. + description: Data filters for the integration. These filters determine which tables from the source database are sent to the target Amazon Redshift data warehouse. minLength: 1 maxLength: 25600 pattern: '[a-zA-Z0-9_ "\\\-$,*.:?+\/]*' SourceArn: type: string - description: The Amazon Resource Name (ARN) of the Aurora DB cluster to use as the source for replication. + description: The Amazon Resource Name (ARN) of the database to use as the source for replication. TargetArn: type: string description: The ARN of the Redshift data warehouse to use as the target for replication. IntegrationArn: type: string - description: The ARN of the integration. + description: '' KMSKeyId: type: string - description: An optional AWS Key Management System (AWS KMS) key ARN for the key used to to encrypt the integration. The resource accepts the key ID and the key ARN forms. The key ID form can be used if the KMS key is owned by te same account. If the KMS key belongs to a different account than the calling account, the full key ARN must be specified. Do not use the key alias or the key alias ARN as this will cause a false drift of the resource. + description: The AWS Key Management System (AWS KMS) key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, RDS uses a default AWS owned key. AdditionalEncryptionContext: $ref: '#/components/schemas/EncryptionContextMap' + description: |- + An optional set of non-secret key–value pairs that contains additional contextual information about the data. For more information, see [Encryption context](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the *Key Management Service Developer Guide*. + You can only include this parameter if you specify the ``KMSKeyId`` parameter. CreateTime: type: string + description: '' x-stackQL-stringOnly: true x-title: CreateIntegrationRequest type: object @@ -4533,19 +5583,41 @@ components: type: object properties: OptionGroupName: - description: Specifies the name of the option group. + description: |- + The name of the option group to be created. + Constraints: + + Must be 1 to 255 letters, numbers, or hyphens + + First character must be a letter + + Can't end with a hyphen or contain two consecutive hyphens + + Example: ``myoptiongroup`` + If you don't specify a value for ``OptionGroupName`` property, a name is automatically created for the option group. + This value is stored as a lowercase string. type: string OptionGroupDescription: - description: Provides a description of the option group. + description: The description of the option group. type: string EngineName: - description: Indicates the name of the engine that this option group can be applied to. + description: |- + Specifies the name of the engine that this option group should be associated with. + Valid Values: + + ``mariadb`` + + ``mysql`` + + ``oracle-ee`` + + ``oracle-ee-cdb`` + + ``oracle-se2`` + + ``oracle-se2-cdb`` + + ``postgres`` + + ``sqlserver-ee`` + + ``sqlserver-se`` + + ``sqlserver-ex`` + + ``sqlserver-web`` type: string MajorEngineVersion: - description: Indicates the major engine version associated with this option group. + description: Specifies the major version of the engine that this option group should be associated with. type: string OptionConfigurations: - description: Indicates what options are available in the option group. + description: A list of all available options for an option group. type: array x-arrayType: AttributeList x-insertionOrder: false @@ -4553,7 +5625,7 @@ components: $ref: '#/components/schemas/OptionConfiguration' Tags: type: array - description: An array of key-value pairs to apply to this resource. + description: Tags to assign to the option group. x-insertionOrder: false items: $ref: '#/components/schemas/Tag' @@ -4881,69 +5953,73 @@ components: views: select: predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] - ddl: |- - SELECT - region, - data__Identifier, - JSON_EXTRACT(Properties, '$.StorageEncrypted') as storage_encrypted, - JSON_EXTRACT(Properties, '$.DBSystemId') as db_system_id, - JSON_EXTRACT(Properties, '$.RestoreToTime') as restore_to_time, - JSON_EXTRACT(Properties, '$.EngineMode') as engine_mode, - JSON_EXTRACT(Properties, '$.Port') as port, - JSON_EXTRACT(Properties, '$.DBClusterIdentifier') as db_cluster_identifier, - JSON_EXTRACT(Properties, '$.StorageThroughput') as storage_throughput, - JSON_EXTRACT(Properties, '$.MonitoringInterval') as monitoring_interval, + ddl: |- + SELECT + region, + data__Identifier, JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, - JSON_EXTRACT(Properties, '$.ReplicationSourceIdentifier') as replication_source_identifier, - JSON_EXTRACT(Properties, '$.Engine') as engine, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, - JSON_EXTRACT(Properties, '$.StorageType') as storage_type, - JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, - JSON_EXTRACT(Properties, '$.ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, - JSON_EXTRACT(Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + JSON_EXTRACT(Properties, '$.ReadEndpoint') as read_endpoint, + JSON_EXTRACT(Properties, '$.AllocatedStorage') as allocated_storage, + JSON_EXTRACT(Properties, '$.AssociatedRoles') as associated_roles, + JSON_EXTRACT(Properties, '$.AvailabilityZones') as availability_zones, + JSON_EXTRACT(Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + JSON_EXTRACT(Properties, '$.BacktrackWindow') as backtrack_window, + JSON_EXTRACT(Properties, '$.BackupRetentionPeriod') as backup_retention_period, + JSON_EXTRACT(Properties, '$.ClusterScalabilityType') as cluster_scalability_type, + JSON_EXTRACT(Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, + JSON_EXTRACT(Properties, '$.DatabaseInsightsMode') as database_insights_mode, JSON_EXTRACT(Properties, '$.DatabaseName') as database_name, + JSON_EXTRACT(Properties, '$.DBClusterArn') as db_cluster_arn, + JSON_EXTRACT(Properties, '$.DBClusterInstanceClass') as db_cluster_instance_class, JSON_EXTRACT(Properties, '$.DBClusterResourceId') as db_cluster_resource_id, - JSON_EXTRACT(Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + JSON_EXTRACT(Properties, '$.DBInstanceParameterGroupName') as db_instance_parameter_group_name, + JSON_EXTRACT(Properties, '$.DBSystemId') as db_system_id, + JSON_EXTRACT(Properties, '$.GlobalClusterIdentifier') as global_cluster_identifier, + JSON_EXTRACT(Properties, '$.DBClusterIdentifier') as db_cluster_identifier, + JSON_EXTRACT(Properties, '$.DBClusterParameterGroupName') as db_cluster_parameter_group_name, JSON_EXTRACT(Properties, '$.DBSubnetGroupName') as db_subnet_group_name, JSON_EXTRACT(Properties, '$.DeletionProtection') as deletion_protection, - JSON_EXTRACT(Properties, '$.AllocatedStorage') as allocated_storage, - JSON_EXTRACT(Properties, '$.MasterUserPassword') as master_user_password, - JSON_EXTRACT(Properties, '$.MasterUserSecret') as master_user_secret, - JSON_EXTRACT(Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, - JSON_EXTRACT(Properties, '$.MasterUsername') as master_username, - JSON_EXTRACT(Properties, '$.ScalingConfiguration') as scaling_configuration, - JSON_EXTRACT(Properties, '$.ReadEndpoint') as read_endpoint, - JSON_EXTRACT(Properties, '$.PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, - JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, JSON_EXTRACT(Properties, '$.Domain') as domain, - JSON_EXTRACT(Properties, '$.BacktrackWindow') as backtrack_window, - JSON_EXTRACT(Properties, '$.DBInstanceParameterGroupName') as db_instance_parameter_group_name, + JSON_EXTRACT(Properties, '$.DomainIAMRoleName') as domain_iam_role_name, + JSON_EXTRACT(Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, JSON_EXTRACT(Properties, '$.EnableGlobalWriteForwarding') as enable_global_write_forwarding, - JSON_EXTRACT(Properties, '$.MonitoringRoleArn') as monitoring_role_arn, - JSON_EXTRACT(Properties, '$.AssociatedRoles') as associated_roles, JSON_EXTRACT(Properties, '$.EnableHttpEndpoint') as enable_http_endpoint, - JSON_EXTRACT(Properties, '$.SnapshotIdentifier') as snapshot_identifier, - JSON_EXTRACT(Properties, '$.PreferredBackupWindow') as preferred_backup_window, + JSON_EXTRACT(Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + JSON_EXTRACT(Properties, '$.EnableLocalWriteForwarding') as enable_local_write_forwarding, + JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.EngineLifecycleSupport') as engine_lifecycle_support, + JSON_EXTRACT(Properties, '$.EngineMode') as engine_mode, + JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(Properties, '$.ManageMasterUserPassword') as manage_master_user_password, + JSON_EXTRACT(Properties, '$.Iops') as iops, + JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.MasterUsername') as master_username, + JSON_EXTRACT(Properties, '$.MasterUserPassword') as master_user_password, + JSON_EXTRACT(Properties, '$.MasterUserSecret') as master_user_secret, + JSON_EXTRACT(Properties, '$.MonitoringInterval') as monitoring_interval, + JSON_EXTRACT(Properties, '$.MonitoringRoleArn') as monitoring_role_arn, JSON_EXTRACT(Properties, '$.NetworkType') as network_type, - JSON_EXTRACT(Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids, - JSON_EXTRACT(Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, - JSON_EXTRACT(Properties, '$.GlobalClusterIdentifier') as global_cluster_identifier, - JSON_EXTRACT(Properties, '$.RestoreType') as restore_type, - JSON_EXTRACT(Properties, '$.DomainIAMRoleName') as domain_iam_role_name, - JSON_EXTRACT(Properties, '$.DBClusterInstanceClass') as db_cluster_instance_class, - JSON_EXTRACT(Properties, '$.AvailabilityZones') as availability_zones, - JSON_EXTRACT(Properties, '$.DBClusterArn') as db_cluster_arn, + JSON_EXTRACT(Properties, '$.PerformanceInsightsEnabled') as performance_insights_enabled, + JSON_EXTRACT(Properties, '$.PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, + JSON_EXTRACT(Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.PreferredBackupWindow') as preferred_backup_window, JSON_EXTRACT(Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, - JSON_EXTRACT(Properties, '$.Iops') as iops, + JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(Properties, '$.ReplicationSourceIdentifier') as replication_source_identifier, + JSON_EXTRACT(Properties, '$.RestoreToTime') as restore_to_time, + JSON_EXTRACT(Properties, '$.RestoreType') as restore_type, + JSON_EXTRACT(Properties, '$.ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, + JSON_EXTRACT(Properties, '$.ScalingConfiguration') as scaling_configuration, + JSON_EXTRACT(Properties, '$.SnapshotIdentifier') as snapshot_identifier, + JSON_EXTRACT(Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, JSON_EXTRACT(Properties, '$.SourceRegion') as source_region, + JSON_EXTRACT(Properties, '$.StorageEncrypted') as storage_encrypted, + JSON_EXTRACT(Properties, '$.StorageThroughput') as storage_throughput, + JSON_EXTRACT(Properties, '$.StorageType') as storage_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.UseLatestRestorableTime') as use_latest_restorable_time, - JSON_EXTRACT(Properties, '$.ManageMasterUserPassword') as manage_master_user_password, - JSON_EXTRACT(Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, - JSON_EXTRACT(Properties, '$.DBClusterParameterGroupName') as db_cluster_parameter_group_name, - JSON_EXTRACT(Properties, '$.PerformanceInsightsEnabled') as performance_insights_enabled, - JSON_EXTRACT(Properties, '$.BackupRetentionPeriod') as backup_retention_period, - JSON_EXTRACT(Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports + JSON_EXTRACT(Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBCluster' AND data__Identifier = '' AND region = 'us-east-1' @@ -4952,65 +6028,69 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.StorageEncrypted') as storage_encrypted, - JSON_EXTRACT(detail.Properties, '$.DBSystemId') as db_system_id, - JSON_EXTRACT(detail.Properties, '$.RestoreToTime') as restore_to_time, - JSON_EXTRACT(detail.Properties, '$.EngineMode') as engine_mode, - JSON_EXTRACT(detail.Properties, '$.Port') as port, - JSON_EXTRACT(detail.Properties, '$.DBClusterIdentifier') as db_cluster_identifier, - JSON_EXTRACT(detail.Properties, '$.StorageThroughput') as storage_throughput, - JSON_EXTRACT(detail.Properties, '$.MonitoringInterval') as monitoring_interval, JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, - JSON_EXTRACT(detail.Properties, '$.ReplicationSourceIdentifier') as replication_source_identifier, - JSON_EXTRACT(detail.Properties, '$.Engine') as engine, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, - JSON_EXTRACT(detail.Properties, '$.StorageType') as storage_type, - JSON_EXTRACT(detail.Properties, '$.KmsKeyId') as kms_key_id, - JSON_EXTRACT(detail.Properties, '$.ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, - JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + JSON_EXTRACT(detail.Properties, '$.ReadEndpoint') as read_endpoint, + JSON_EXTRACT(detail.Properties, '$.AllocatedStorage') as allocated_storage, + JSON_EXTRACT(detail.Properties, '$.AssociatedRoles') as associated_roles, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZones') as availability_zones, + JSON_EXTRACT(detail.Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + JSON_EXTRACT(detail.Properties, '$.BacktrackWindow') as backtrack_window, + JSON_EXTRACT(detail.Properties, '$.BackupRetentionPeriod') as backup_retention_period, + JSON_EXTRACT(detail.Properties, '$.ClusterScalabilityType') as cluster_scalability_type, + JSON_EXTRACT(detail.Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, + JSON_EXTRACT(detail.Properties, '$.DatabaseInsightsMode') as database_insights_mode, JSON_EXTRACT(detail.Properties, '$.DatabaseName') as database_name, + JSON_EXTRACT(detail.Properties, '$.DBClusterArn') as db_cluster_arn, + JSON_EXTRACT(detail.Properties, '$.DBClusterInstanceClass') as db_cluster_instance_class, JSON_EXTRACT(detail.Properties, '$.DBClusterResourceId') as db_cluster_resource_id, - JSON_EXTRACT(detail.Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + JSON_EXTRACT(detail.Properties, '$.DBInstanceParameterGroupName') as db_instance_parameter_group_name, + JSON_EXTRACT(detail.Properties, '$.DBSystemId') as db_system_id, + JSON_EXTRACT(detail.Properties, '$.GlobalClusterIdentifier') as global_cluster_identifier, + JSON_EXTRACT(detail.Properties, '$.DBClusterIdentifier') as db_cluster_identifier, + JSON_EXTRACT(detail.Properties, '$.DBClusterParameterGroupName') as db_cluster_parameter_group_name, JSON_EXTRACT(detail.Properties, '$.DBSubnetGroupName') as db_subnet_group_name, JSON_EXTRACT(detail.Properties, '$.DeletionProtection') as deletion_protection, - JSON_EXTRACT(detail.Properties, '$.AllocatedStorage') as allocated_storage, - JSON_EXTRACT(detail.Properties, '$.MasterUserPassword') as master_user_password, - JSON_EXTRACT(detail.Properties, '$.MasterUserSecret') as master_user_secret, - JSON_EXTRACT(detail.Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, - JSON_EXTRACT(detail.Properties, '$.MasterUsername') as master_username, - JSON_EXTRACT(detail.Properties, '$.ScalingConfiguration') as scaling_configuration, - JSON_EXTRACT(detail.Properties, '$.ReadEndpoint') as read_endpoint, - JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, - JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, JSON_EXTRACT(detail.Properties, '$.Domain') as domain, - JSON_EXTRACT(detail.Properties, '$.BacktrackWindow') as backtrack_window, - JSON_EXTRACT(detail.Properties, '$.DBInstanceParameterGroupName') as db_instance_parameter_group_name, + JSON_EXTRACT(detail.Properties, '$.DomainIAMRoleName') as domain_iam_role_name, + JSON_EXTRACT(detail.Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, JSON_EXTRACT(detail.Properties, '$.EnableGlobalWriteForwarding') as enable_global_write_forwarding, - JSON_EXTRACT(detail.Properties, '$.MonitoringRoleArn') as monitoring_role_arn, - JSON_EXTRACT(detail.Properties, '$.AssociatedRoles') as associated_roles, JSON_EXTRACT(detail.Properties, '$.EnableHttpEndpoint') as enable_http_endpoint, - JSON_EXTRACT(detail.Properties, '$.SnapshotIdentifier') as snapshot_identifier, - JSON_EXTRACT(detail.Properties, '$.PreferredBackupWindow') as preferred_backup_window, + JSON_EXTRACT(detail.Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + JSON_EXTRACT(detail.Properties, '$.EnableLocalWriteForwarding') as enable_local_write_forwarding, + JSON_EXTRACT(detail.Properties, '$.Engine') as engine, + JSON_EXTRACT(detail.Properties, '$.EngineLifecycleSupport') as engine_lifecycle_support, + JSON_EXTRACT(detail.Properties, '$.EngineMode') as engine_mode, + JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(detail.Properties, '$.ManageMasterUserPassword') as manage_master_user_password, + JSON_EXTRACT(detail.Properties, '$.Iops') as iops, + JSON_EXTRACT(detail.Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(detail.Properties, '$.MasterUsername') as master_username, + JSON_EXTRACT(detail.Properties, '$.MasterUserPassword') as master_user_password, + JSON_EXTRACT(detail.Properties, '$.MasterUserSecret') as master_user_secret, + JSON_EXTRACT(detail.Properties, '$.MonitoringInterval') as monitoring_interval, + JSON_EXTRACT(detail.Properties, '$.MonitoringRoleArn') as monitoring_role_arn, JSON_EXTRACT(detail.Properties, '$.NetworkType') as network_type, - JSON_EXTRACT(detail.Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids, - JSON_EXTRACT(detail.Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, - JSON_EXTRACT(detail.Properties, '$.GlobalClusterIdentifier') as global_cluster_identifier, - JSON_EXTRACT(detail.Properties, '$.RestoreType') as restore_type, - JSON_EXTRACT(detail.Properties, '$.DomainIAMRoleName') as domain_iam_role_name, - JSON_EXTRACT(detail.Properties, '$.DBClusterInstanceClass') as db_cluster_instance_class, - JSON_EXTRACT(detail.Properties, '$.AvailabilityZones') as availability_zones, - JSON_EXTRACT(detail.Properties, '$.DBClusterArn') as db_cluster_arn, + JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsEnabled') as performance_insights_enabled, + JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, + JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + JSON_EXTRACT(detail.Properties, '$.Port') as port, + JSON_EXTRACT(detail.Properties, '$.PreferredBackupWindow') as preferred_backup_window, JSON_EXTRACT(detail.Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, - JSON_EXTRACT(detail.Properties, '$.Iops') as iops, + JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(detail.Properties, '$.ReplicationSourceIdentifier') as replication_source_identifier, + JSON_EXTRACT(detail.Properties, '$.RestoreToTime') as restore_to_time, + JSON_EXTRACT(detail.Properties, '$.RestoreType') as restore_type, + JSON_EXTRACT(detail.Properties, '$.ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, + JSON_EXTRACT(detail.Properties, '$.ScalingConfiguration') as scaling_configuration, + JSON_EXTRACT(detail.Properties, '$.SnapshotIdentifier') as snapshot_identifier, + JSON_EXTRACT(detail.Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, JSON_EXTRACT(detail.Properties, '$.SourceRegion') as source_region, + JSON_EXTRACT(detail.Properties, '$.StorageEncrypted') as storage_encrypted, + JSON_EXTRACT(detail.Properties, '$.StorageThroughput') as storage_throughput, + JSON_EXTRACT(detail.Properties, '$.StorageType') as storage_type, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.UseLatestRestorableTime') as use_latest_restorable_time, - JSON_EXTRACT(detail.Properties, '$.ManageMasterUserPassword') as manage_master_user_password, - JSON_EXTRACT(detail.Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, - JSON_EXTRACT(detail.Properties, '$.DBClusterParameterGroupName') as db_cluster_parameter_group_name, - JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsEnabled') as performance_insights_enabled, - JSON_EXTRACT(detail.Properties, '$.BackupRetentionPeriod') as backup_retention_period, - JSON_EXTRACT(detail.Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports + JSON_EXTRACT(detail.Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -5024,65 +6104,69 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'StorageEncrypted') as storage_encrypted, - json_extract_path_text(Properties, 'DBSystemId') as db_system_id, - json_extract_path_text(Properties, 'RestoreToTime') as restore_to_time, - json_extract_path_text(Properties, 'EngineMode') as engine_mode, - json_extract_path_text(Properties, 'Port') as port, - json_extract_path_text(Properties, 'DBClusterIdentifier') as db_cluster_identifier, - json_extract_path_text(Properties, 'StorageThroughput') as storage_throughput, - json_extract_path_text(Properties, 'MonitoringInterval') as monitoring_interval, json_extract_path_text(Properties, 'Endpoint') as endpoint, - json_extract_path_text(Properties, 'ReplicationSourceIdentifier') as replication_source_identifier, - json_extract_path_text(Properties, 'Engine') as engine, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'EngineVersion') as engine_version, - json_extract_path_text(Properties, 'StorageType') as storage_type, - json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, - json_extract_path_text(Properties, 'ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, - json_extract_path_text(Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + json_extract_path_text(Properties, 'ReadEndpoint') as read_endpoint, + json_extract_path_text(Properties, 'AllocatedStorage') as allocated_storage, + json_extract_path_text(Properties, 'AssociatedRoles') as associated_roles, + json_extract_path_text(Properties, 'AvailabilityZones') as availability_zones, + json_extract_path_text(Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + json_extract_path_text(Properties, 'BacktrackWindow') as backtrack_window, + json_extract_path_text(Properties, 'BackupRetentionPeriod') as backup_retention_period, + json_extract_path_text(Properties, 'ClusterScalabilityType') as cluster_scalability_type, + json_extract_path_text(Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, + json_extract_path_text(Properties, 'DatabaseInsightsMode') as database_insights_mode, json_extract_path_text(Properties, 'DatabaseName') as database_name, + json_extract_path_text(Properties, 'DBClusterArn') as db_cluster_arn, + json_extract_path_text(Properties, 'DBClusterInstanceClass') as db_cluster_instance_class, json_extract_path_text(Properties, 'DBClusterResourceId') as db_cluster_resource_id, - json_extract_path_text(Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + json_extract_path_text(Properties, 'DBInstanceParameterGroupName') as db_instance_parameter_group_name, + json_extract_path_text(Properties, 'DBSystemId') as db_system_id, + json_extract_path_text(Properties, 'GlobalClusterIdentifier') as global_cluster_identifier, + json_extract_path_text(Properties, 'DBClusterIdentifier') as db_cluster_identifier, + json_extract_path_text(Properties, 'DBClusterParameterGroupName') as db_cluster_parameter_group_name, json_extract_path_text(Properties, 'DBSubnetGroupName') as db_subnet_group_name, json_extract_path_text(Properties, 'DeletionProtection') as deletion_protection, - json_extract_path_text(Properties, 'AllocatedStorage') as allocated_storage, - json_extract_path_text(Properties, 'MasterUserPassword') as master_user_password, - json_extract_path_text(Properties, 'MasterUserSecret') as master_user_secret, - json_extract_path_text(Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, - json_extract_path_text(Properties, 'MasterUsername') as master_username, - json_extract_path_text(Properties, 'ScalingConfiguration') as scaling_configuration, - json_extract_path_text(Properties, 'ReadEndpoint') as read_endpoint, - json_extract_path_text(Properties, 'PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, - json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, json_extract_path_text(Properties, 'Domain') as domain, - json_extract_path_text(Properties, 'BacktrackWindow') as backtrack_window, - json_extract_path_text(Properties, 'DBInstanceParameterGroupName') as db_instance_parameter_group_name, + json_extract_path_text(Properties, 'DomainIAMRoleName') as domain_iam_role_name, + json_extract_path_text(Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, json_extract_path_text(Properties, 'EnableGlobalWriteForwarding') as enable_global_write_forwarding, - json_extract_path_text(Properties, 'MonitoringRoleArn') as monitoring_role_arn, - json_extract_path_text(Properties, 'AssociatedRoles') as associated_roles, json_extract_path_text(Properties, 'EnableHttpEndpoint') as enable_http_endpoint, - json_extract_path_text(Properties, 'SnapshotIdentifier') as snapshot_identifier, - json_extract_path_text(Properties, 'PreferredBackupWindow') as preferred_backup_window, + json_extract_path_text(Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + json_extract_path_text(Properties, 'EnableLocalWriteForwarding') as enable_local_write_forwarding, + json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'EngineLifecycleSupport') as engine_lifecycle_support, + json_extract_path_text(Properties, 'EngineMode') as engine_mode, + json_extract_path_text(Properties, 'EngineVersion') as engine_version, + json_extract_path_text(Properties, 'ManageMasterUserPassword') as manage_master_user_password, + json_extract_path_text(Properties, 'Iops') as iops, + json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(Properties, 'MasterUsername') as master_username, + json_extract_path_text(Properties, 'MasterUserPassword') as master_user_password, + json_extract_path_text(Properties, 'MasterUserSecret') as master_user_secret, + json_extract_path_text(Properties, 'MonitoringInterval') as monitoring_interval, + json_extract_path_text(Properties, 'MonitoringRoleArn') as monitoring_role_arn, json_extract_path_text(Properties, 'NetworkType') as network_type, - json_extract_path_text(Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids, - json_extract_path_text(Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, - json_extract_path_text(Properties, 'GlobalClusterIdentifier') as global_cluster_identifier, - json_extract_path_text(Properties, 'RestoreType') as restore_type, - json_extract_path_text(Properties, 'DomainIAMRoleName') as domain_iam_role_name, - json_extract_path_text(Properties, 'DBClusterInstanceClass') as db_cluster_instance_class, - json_extract_path_text(Properties, 'AvailabilityZones') as availability_zones, - json_extract_path_text(Properties, 'DBClusterArn') as db_cluster_arn, + json_extract_path_text(Properties, 'PerformanceInsightsEnabled') as performance_insights_enabled, + json_extract_path_text(Properties, 'PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, + json_extract_path_text(Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'PreferredBackupWindow') as preferred_backup_window, json_extract_path_text(Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, - json_extract_path_text(Properties, 'Iops') as iops, + json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(Properties, 'ReplicationSourceIdentifier') as replication_source_identifier, + json_extract_path_text(Properties, 'RestoreToTime') as restore_to_time, + json_extract_path_text(Properties, 'RestoreType') as restore_type, + json_extract_path_text(Properties, 'ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, + json_extract_path_text(Properties, 'ScalingConfiguration') as scaling_configuration, + json_extract_path_text(Properties, 'SnapshotIdentifier') as snapshot_identifier, + json_extract_path_text(Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, json_extract_path_text(Properties, 'SourceRegion') as source_region, + json_extract_path_text(Properties, 'StorageEncrypted') as storage_encrypted, + json_extract_path_text(Properties, 'StorageThroughput') as storage_throughput, + json_extract_path_text(Properties, 'StorageType') as storage_type, + json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'UseLatestRestorableTime') as use_latest_restorable_time, - json_extract_path_text(Properties, 'ManageMasterUserPassword') as manage_master_user_password, - json_extract_path_text(Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, - json_extract_path_text(Properties, 'DBClusterParameterGroupName') as db_cluster_parameter_group_name, - json_extract_path_text(Properties, 'PerformanceInsightsEnabled') as performance_insights_enabled, - json_extract_path_text(Properties, 'BackupRetentionPeriod') as backup_retention_period, - json_extract_path_text(Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports + json_extract_path_text(Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBCluster' AND data__Identifier = '' AND region = 'us-east-1' @@ -5091,65 +6175,69 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'StorageEncrypted') as storage_encrypted, - json_extract_path_text(detail.Properties, 'DBSystemId') as db_system_id, - json_extract_path_text(detail.Properties, 'RestoreToTime') as restore_to_time, - json_extract_path_text(detail.Properties, 'EngineMode') as engine_mode, - json_extract_path_text(detail.Properties, 'Port') as port, - json_extract_path_text(detail.Properties, 'DBClusterIdentifier') as db_cluster_identifier, - json_extract_path_text(detail.Properties, 'StorageThroughput') as storage_throughput, - json_extract_path_text(detail.Properties, 'MonitoringInterval') as monitoring_interval, json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, - json_extract_path_text(detail.Properties, 'ReplicationSourceIdentifier') as replication_source_identifier, - json_extract_path_text(detail.Properties, 'Engine') as engine, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, - json_extract_path_text(detail.Properties, 'StorageType') as storage_type, - json_extract_path_text(detail.Properties, 'KmsKeyId') as kms_key_id, - json_extract_path_text(detail.Properties, 'ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, - json_extract_path_text(detail.Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + json_extract_path_text(detail.Properties, 'ReadEndpoint') as read_endpoint, + json_extract_path_text(detail.Properties, 'AllocatedStorage') as allocated_storage, + json_extract_path_text(detail.Properties, 'AssociatedRoles') as associated_roles, + json_extract_path_text(detail.Properties, 'AvailabilityZones') as availability_zones, + json_extract_path_text(detail.Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + json_extract_path_text(detail.Properties, 'BacktrackWindow') as backtrack_window, + json_extract_path_text(detail.Properties, 'BackupRetentionPeriod') as backup_retention_period, + json_extract_path_text(detail.Properties, 'ClusterScalabilityType') as cluster_scalability_type, + json_extract_path_text(detail.Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, + json_extract_path_text(detail.Properties, 'DatabaseInsightsMode') as database_insights_mode, json_extract_path_text(detail.Properties, 'DatabaseName') as database_name, + json_extract_path_text(detail.Properties, 'DBClusterArn') as db_cluster_arn, + json_extract_path_text(detail.Properties, 'DBClusterInstanceClass') as db_cluster_instance_class, json_extract_path_text(detail.Properties, 'DBClusterResourceId') as db_cluster_resource_id, - json_extract_path_text(detail.Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + json_extract_path_text(detail.Properties, 'DBInstanceParameterGroupName') as db_instance_parameter_group_name, + json_extract_path_text(detail.Properties, 'DBSystemId') as db_system_id, + json_extract_path_text(detail.Properties, 'GlobalClusterIdentifier') as global_cluster_identifier, + json_extract_path_text(detail.Properties, 'DBClusterIdentifier') as db_cluster_identifier, + json_extract_path_text(detail.Properties, 'DBClusterParameterGroupName') as db_cluster_parameter_group_name, json_extract_path_text(detail.Properties, 'DBSubnetGroupName') as db_subnet_group_name, json_extract_path_text(detail.Properties, 'DeletionProtection') as deletion_protection, - json_extract_path_text(detail.Properties, 'AllocatedStorage') as allocated_storage, - json_extract_path_text(detail.Properties, 'MasterUserPassword') as master_user_password, - json_extract_path_text(detail.Properties, 'MasterUserSecret') as master_user_secret, - json_extract_path_text(detail.Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, - json_extract_path_text(detail.Properties, 'MasterUsername') as master_username, - json_extract_path_text(detail.Properties, 'ScalingConfiguration') as scaling_configuration, - json_extract_path_text(detail.Properties, 'ReadEndpoint') as read_endpoint, - json_extract_path_text(detail.Properties, 'PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, - json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, json_extract_path_text(detail.Properties, 'Domain') as domain, - json_extract_path_text(detail.Properties, 'BacktrackWindow') as backtrack_window, - json_extract_path_text(detail.Properties, 'DBInstanceParameterGroupName') as db_instance_parameter_group_name, + json_extract_path_text(detail.Properties, 'DomainIAMRoleName') as domain_iam_role_name, + json_extract_path_text(detail.Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, json_extract_path_text(detail.Properties, 'EnableGlobalWriteForwarding') as enable_global_write_forwarding, - json_extract_path_text(detail.Properties, 'MonitoringRoleArn') as monitoring_role_arn, - json_extract_path_text(detail.Properties, 'AssociatedRoles') as associated_roles, json_extract_path_text(detail.Properties, 'EnableHttpEndpoint') as enable_http_endpoint, - json_extract_path_text(detail.Properties, 'SnapshotIdentifier') as snapshot_identifier, - json_extract_path_text(detail.Properties, 'PreferredBackupWindow') as preferred_backup_window, + json_extract_path_text(detail.Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + json_extract_path_text(detail.Properties, 'EnableLocalWriteForwarding') as enable_local_write_forwarding, + json_extract_path_text(detail.Properties, 'Engine') as engine, + json_extract_path_text(detail.Properties, 'EngineLifecycleSupport') as engine_lifecycle_support, + json_extract_path_text(detail.Properties, 'EngineMode') as engine_mode, + json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, + json_extract_path_text(detail.Properties, 'ManageMasterUserPassword') as manage_master_user_password, + json_extract_path_text(detail.Properties, 'Iops') as iops, + json_extract_path_text(detail.Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(detail.Properties, 'MasterUsername') as master_username, + json_extract_path_text(detail.Properties, 'MasterUserPassword') as master_user_password, + json_extract_path_text(detail.Properties, 'MasterUserSecret') as master_user_secret, + json_extract_path_text(detail.Properties, 'MonitoringInterval') as monitoring_interval, + json_extract_path_text(detail.Properties, 'MonitoringRoleArn') as monitoring_role_arn, json_extract_path_text(detail.Properties, 'NetworkType') as network_type, - json_extract_path_text(detail.Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids, - json_extract_path_text(detail.Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, - json_extract_path_text(detail.Properties, 'GlobalClusterIdentifier') as global_cluster_identifier, - json_extract_path_text(detail.Properties, 'RestoreType') as restore_type, - json_extract_path_text(detail.Properties, 'DomainIAMRoleName') as domain_iam_role_name, - json_extract_path_text(detail.Properties, 'DBClusterInstanceClass') as db_cluster_instance_class, - json_extract_path_text(detail.Properties, 'AvailabilityZones') as availability_zones, - json_extract_path_text(detail.Properties, 'DBClusterArn') as db_cluster_arn, + json_extract_path_text(detail.Properties, 'PerformanceInsightsEnabled') as performance_insights_enabled, + json_extract_path_text(detail.Properties, 'PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, + json_extract_path_text(detail.Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + json_extract_path_text(detail.Properties, 'Port') as port, + json_extract_path_text(detail.Properties, 'PreferredBackupWindow') as preferred_backup_window, json_extract_path_text(detail.Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, - json_extract_path_text(detail.Properties, 'Iops') as iops, + json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(detail.Properties, 'ReplicationSourceIdentifier') as replication_source_identifier, + json_extract_path_text(detail.Properties, 'RestoreToTime') as restore_to_time, + json_extract_path_text(detail.Properties, 'RestoreType') as restore_type, + json_extract_path_text(detail.Properties, 'ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, + json_extract_path_text(detail.Properties, 'ScalingConfiguration') as scaling_configuration, + json_extract_path_text(detail.Properties, 'SnapshotIdentifier') as snapshot_identifier, + json_extract_path_text(detail.Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, json_extract_path_text(detail.Properties, 'SourceRegion') as source_region, + json_extract_path_text(detail.Properties, 'StorageEncrypted') as storage_encrypted, + json_extract_path_text(detail.Properties, 'StorageThroughput') as storage_throughput, + json_extract_path_text(detail.Properties, 'StorageType') as storage_type, + json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'UseLatestRestorableTime') as use_latest_restorable_time, - json_extract_path_text(detail.Properties, 'ManageMasterUserPassword') as manage_master_user_password, - json_extract_path_text(detail.Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, - json_extract_path_text(detail.Properties, 'DBClusterParameterGroupName') as db_cluster_parameter_group_name, - json_extract_path_text(detail.Properties, 'PerformanceInsightsEnabled') as performance_insights_enabled, - json_extract_path_text(detail.Properties, 'BackupRetentionPeriod') as backup_retention_period, - json_extract_path_text(detail.Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports + json_extract_path_text(detail.Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -5208,64 +6296,68 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.StorageEncrypted') as storage_encrypted, - JSON_EXTRACT(detail.Properties, '$.DBSystemId') as db_system_id, - JSON_EXTRACT(detail.Properties, '$.RestoreToTime') as restore_to_time, - JSON_EXTRACT(detail.Properties, '$.EngineMode') as engine_mode, - JSON_EXTRACT(detail.Properties, '$.Port') as port, - JSON_EXTRACT(detail.Properties, '$.DBClusterIdentifier') as db_cluster_identifier, - JSON_EXTRACT(detail.Properties, '$.StorageThroughput') as storage_throughput, - JSON_EXTRACT(detail.Properties, '$.MonitoringInterval') as monitoring_interval, JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, - JSON_EXTRACT(detail.Properties, '$.ReplicationSourceIdentifier') as replication_source_identifier, - JSON_EXTRACT(detail.Properties, '$.Engine') as engine, - JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, - JSON_EXTRACT(detail.Properties, '$.StorageType') as storage_type, - JSON_EXTRACT(detail.Properties, '$.KmsKeyId') as kms_key_id, - JSON_EXTRACT(detail.Properties, '$.ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, - JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + JSON_EXTRACT(detail.Properties, '$.ReadEndpoint') as read_endpoint, + JSON_EXTRACT(detail.Properties, '$.AllocatedStorage') as allocated_storage, + JSON_EXTRACT(detail.Properties, '$.AssociatedRoles') as associated_roles, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZones') as availability_zones, + JSON_EXTRACT(detail.Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + JSON_EXTRACT(detail.Properties, '$.BacktrackWindow') as backtrack_window, + JSON_EXTRACT(detail.Properties, '$.BackupRetentionPeriod') as backup_retention_period, + JSON_EXTRACT(detail.Properties, '$.ClusterScalabilityType') as cluster_scalability_type, + JSON_EXTRACT(detail.Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, + JSON_EXTRACT(detail.Properties, '$.DatabaseInsightsMode') as database_insights_mode, JSON_EXTRACT(detail.Properties, '$.DatabaseName') as database_name, + JSON_EXTRACT(detail.Properties, '$.DBClusterArn') as db_cluster_arn, + JSON_EXTRACT(detail.Properties, '$.DBClusterInstanceClass') as db_cluster_instance_class, JSON_EXTRACT(detail.Properties, '$.DBClusterResourceId') as db_cluster_resource_id, - JSON_EXTRACT(detail.Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + JSON_EXTRACT(detail.Properties, '$.DBInstanceParameterGroupName') as db_instance_parameter_group_name, + JSON_EXTRACT(detail.Properties, '$.DBSystemId') as db_system_id, + JSON_EXTRACT(detail.Properties, '$.GlobalClusterIdentifier') as global_cluster_identifier, + JSON_EXTRACT(detail.Properties, '$.DBClusterIdentifier') as db_cluster_identifier, + JSON_EXTRACT(detail.Properties, '$.DBClusterParameterGroupName') as db_cluster_parameter_group_name, JSON_EXTRACT(detail.Properties, '$.DBSubnetGroupName') as db_subnet_group_name, JSON_EXTRACT(detail.Properties, '$.DeletionProtection') as deletion_protection, - JSON_EXTRACT(detail.Properties, '$.AllocatedStorage') as allocated_storage, - JSON_EXTRACT(detail.Properties, '$.MasterUserPassword') as master_user_password, - JSON_EXTRACT(detail.Properties, '$.MasterUserSecret') as master_user_secret, - JSON_EXTRACT(detail.Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, - JSON_EXTRACT(detail.Properties, '$.MasterUsername') as master_username, - JSON_EXTRACT(detail.Properties, '$.ScalingConfiguration') as scaling_configuration, - JSON_EXTRACT(detail.Properties, '$.ReadEndpoint') as read_endpoint, - JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, - JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, JSON_EXTRACT(detail.Properties, '$.Domain') as domain, - JSON_EXTRACT(detail.Properties, '$.BacktrackWindow') as backtrack_window, - JSON_EXTRACT(detail.Properties, '$.DBInstanceParameterGroupName') as db_instance_parameter_group_name, + JSON_EXTRACT(detail.Properties, '$.DomainIAMRoleName') as domain_iam_role_name, + JSON_EXTRACT(detail.Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, JSON_EXTRACT(detail.Properties, '$.EnableGlobalWriteForwarding') as enable_global_write_forwarding, - JSON_EXTRACT(detail.Properties, '$.MonitoringRoleArn') as monitoring_role_arn, - JSON_EXTRACT(detail.Properties, '$.AssociatedRoles') as associated_roles, JSON_EXTRACT(detail.Properties, '$.EnableHttpEndpoint') as enable_http_endpoint, - JSON_EXTRACT(detail.Properties, '$.SnapshotIdentifier') as snapshot_identifier, - JSON_EXTRACT(detail.Properties, '$.PreferredBackupWindow') as preferred_backup_window, + JSON_EXTRACT(detail.Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + JSON_EXTRACT(detail.Properties, '$.EnableLocalWriteForwarding') as enable_local_write_forwarding, + JSON_EXTRACT(detail.Properties, '$.Engine') as engine, + JSON_EXTRACT(detail.Properties, '$.EngineLifecycleSupport') as engine_lifecycle_support, + JSON_EXTRACT(detail.Properties, '$.EngineMode') as engine_mode, + JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(detail.Properties, '$.ManageMasterUserPassword') as manage_master_user_password, + JSON_EXTRACT(detail.Properties, '$.Iops') as iops, + JSON_EXTRACT(detail.Properties, '$.KmsKeyId') as kms_key_id, + JSON_EXTRACT(detail.Properties, '$.MasterUsername') as master_username, + JSON_EXTRACT(detail.Properties, '$.MasterUserPassword') as master_user_password, + JSON_EXTRACT(detail.Properties, '$.MasterUserSecret') as master_user_secret, + JSON_EXTRACT(detail.Properties, '$.MonitoringInterval') as monitoring_interval, + JSON_EXTRACT(detail.Properties, '$.MonitoringRoleArn') as monitoring_role_arn, JSON_EXTRACT(detail.Properties, '$.NetworkType') as network_type, - JSON_EXTRACT(detail.Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids, - JSON_EXTRACT(detail.Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, - JSON_EXTRACT(detail.Properties, '$.GlobalClusterIdentifier') as global_cluster_identifier, - JSON_EXTRACT(detail.Properties, '$.RestoreType') as restore_type, - JSON_EXTRACT(detail.Properties, '$.DomainIAMRoleName') as domain_iam_role_name, - JSON_EXTRACT(detail.Properties, '$.DBClusterInstanceClass') as db_cluster_instance_class, - JSON_EXTRACT(detail.Properties, '$.AvailabilityZones') as availability_zones, - JSON_EXTRACT(detail.Properties, '$.DBClusterArn') as db_cluster_arn, + JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsEnabled') as performance_insights_enabled, + JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, + JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + JSON_EXTRACT(detail.Properties, '$.Port') as port, + JSON_EXTRACT(detail.Properties, '$.PreferredBackupWindow') as preferred_backup_window, JSON_EXTRACT(detail.Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, - JSON_EXTRACT(detail.Properties, '$.Iops') as iops, + JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(detail.Properties, '$.ReplicationSourceIdentifier') as replication_source_identifier, + JSON_EXTRACT(detail.Properties, '$.RestoreToTime') as restore_to_time, + JSON_EXTRACT(detail.Properties, '$.RestoreType') as restore_type, + JSON_EXTRACT(detail.Properties, '$.ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, + JSON_EXTRACT(detail.Properties, '$.ScalingConfiguration') as scaling_configuration, + JSON_EXTRACT(detail.Properties, '$.SnapshotIdentifier') as snapshot_identifier, + JSON_EXTRACT(detail.Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, JSON_EXTRACT(detail.Properties, '$.SourceRegion') as source_region, + JSON_EXTRACT(detail.Properties, '$.StorageEncrypted') as storage_encrypted, + JSON_EXTRACT(detail.Properties, '$.StorageThroughput') as storage_throughput, + JSON_EXTRACT(detail.Properties, '$.StorageType') as storage_type, JSON_EXTRACT(detail.Properties, '$.UseLatestRestorableTime') as use_latest_restorable_time, - JSON_EXTRACT(detail.Properties, '$.ManageMasterUserPassword') as manage_master_user_password, - JSON_EXTRACT(detail.Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, - JSON_EXTRACT(detail.Properties, '$.DBClusterParameterGroupName') as db_cluster_parameter_group_name, - JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsEnabled') as performance_insights_enabled, - JSON_EXTRACT(detail.Properties, '$.BackupRetentionPeriod') as backup_retention_period, - JSON_EXTRACT(detail.Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports + JSON_EXTRACT(detail.Properties, '$.VpcSecurityGroupIds') as vpc_security_group_ids FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -5281,64 +6373,68 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'StorageEncrypted') as storage_encrypted, - json_extract_path_text(detail.Properties, 'DBSystemId') as db_system_id, - json_extract_path_text(detail.Properties, 'RestoreToTime') as restore_to_time, - json_extract_path_text(detail.Properties, 'EngineMode') as engine_mode, - json_extract_path_text(detail.Properties, 'Port') as port, - json_extract_path_text(detail.Properties, 'DBClusterIdentifier') as db_cluster_identifier, - json_extract_path_text(detail.Properties, 'StorageThroughput') as storage_throughput, - json_extract_path_text(detail.Properties, 'MonitoringInterval') as monitoring_interval, json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, - json_extract_path_text(detail.Properties, 'ReplicationSourceIdentifier') as replication_source_identifier, - json_extract_path_text(detail.Properties, 'Engine') as engine, - json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, - json_extract_path_text(detail.Properties, 'StorageType') as storage_type, - json_extract_path_text(detail.Properties, 'KmsKeyId') as kms_key_id, - json_extract_path_text(detail.Properties, 'ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, - json_extract_path_text(detail.Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + json_extract_path_text(detail.Properties, 'ReadEndpoint') as read_endpoint, + json_extract_path_text(detail.Properties, 'AllocatedStorage') as allocated_storage, + json_extract_path_text(detail.Properties, 'AssociatedRoles') as associated_roles, + json_extract_path_text(detail.Properties, 'AvailabilityZones') as availability_zones, + json_extract_path_text(detail.Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + json_extract_path_text(detail.Properties, 'BacktrackWindow') as backtrack_window, + json_extract_path_text(detail.Properties, 'BackupRetentionPeriod') as backup_retention_period, + json_extract_path_text(detail.Properties, 'ClusterScalabilityType') as cluster_scalability_type, + json_extract_path_text(detail.Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, + json_extract_path_text(detail.Properties, 'DatabaseInsightsMode') as database_insights_mode, json_extract_path_text(detail.Properties, 'DatabaseName') as database_name, + json_extract_path_text(detail.Properties, 'DBClusterArn') as db_cluster_arn, + json_extract_path_text(detail.Properties, 'DBClusterInstanceClass') as db_cluster_instance_class, json_extract_path_text(detail.Properties, 'DBClusterResourceId') as db_cluster_resource_id, - json_extract_path_text(detail.Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + json_extract_path_text(detail.Properties, 'DBInstanceParameterGroupName') as db_instance_parameter_group_name, + json_extract_path_text(detail.Properties, 'DBSystemId') as db_system_id, + json_extract_path_text(detail.Properties, 'GlobalClusterIdentifier') as global_cluster_identifier, + json_extract_path_text(detail.Properties, 'DBClusterIdentifier') as db_cluster_identifier, + json_extract_path_text(detail.Properties, 'DBClusterParameterGroupName') as db_cluster_parameter_group_name, json_extract_path_text(detail.Properties, 'DBSubnetGroupName') as db_subnet_group_name, json_extract_path_text(detail.Properties, 'DeletionProtection') as deletion_protection, - json_extract_path_text(detail.Properties, 'AllocatedStorage') as allocated_storage, - json_extract_path_text(detail.Properties, 'MasterUserPassword') as master_user_password, - json_extract_path_text(detail.Properties, 'MasterUserSecret') as master_user_secret, - json_extract_path_text(detail.Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, - json_extract_path_text(detail.Properties, 'MasterUsername') as master_username, - json_extract_path_text(detail.Properties, 'ScalingConfiguration') as scaling_configuration, - json_extract_path_text(detail.Properties, 'ReadEndpoint') as read_endpoint, - json_extract_path_text(detail.Properties, 'PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, - json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, json_extract_path_text(detail.Properties, 'Domain') as domain, - json_extract_path_text(detail.Properties, 'BacktrackWindow') as backtrack_window, - json_extract_path_text(detail.Properties, 'DBInstanceParameterGroupName') as db_instance_parameter_group_name, + json_extract_path_text(detail.Properties, 'DomainIAMRoleName') as domain_iam_role_name, + json_extract_path_text(detail.Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, json_extract_path_text(detail.Properties, 'EnableGlobalWriteForwarding') as enable_global_write_forwarding, - json_extract_path_text(detail.Properties, 'MonitoringRoleArn') as monitoring_role_arn, - json_extract_path_text(detail.Properties, 'AssociatedRoles') as associated_roles, json_extract_path_text(detail.Properties, 'EnableHttpEndpoint') as enable_http_endpoint, - json_extract_path_text(detail.Properties, 'SnapshotIdentifier') as snapshot_identifier, - json_extract_path_text(detail.Properties, 'PreferredBackupWindow') as preferred_backup_window, + json_extract_path_text(detail.Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + json_extract_path_text(detail.Properties, 'EnableLocalWriteForwarding') as enable_local_write_forwarding, + json_extract_path_text(detail.Properties, 'Engine') as engine, + json_extract_path_text(detail.Properties, 'EngineLifecycleSupport') as engine_lifecycle_support, + json_extract_path_text(detail.Properties, 'EngineMode') as engine_mode, + json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, + json_extract_path_text(detail.Properties, 'ManageMasterUserPassword') as manage_master_user_password, + json_extract_path_text(detail.Properties, 'Iops') as iops, + json_extract_path_text(detail.Properties, 'KmsKeyId') as kms_key_id, + json_extract_path_text(detail.Properties, 'MasterUsername') as master_username, + json_extract_path_text(detail.Properties, 'MasterUserPassword') as master_user_password, + json_extract_path_text(detail.Properties, 'MasterUserSecret') as master_user_secret, + json_extract_path_text(detail.Properties, 'MonitoringInterval') as monitoring_interval, + json_extract_path_text(detail.Properties, 'MonitoringRoleArn') as monitoring_role_arn, json_extract_path_text(detail.Properties, 'NetworkType') as network_type, - json_extract_path_text(detail.Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids, - json_extract_path_text(detail.Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, - json_extract_path_text(detail.Properties, 'GlobalClusterIdentifier') as global_cluster_identifier, - json_extract_path_text(detail.Properties, 'RestoreType') as restore_type, - json_extract_path_text(detail.Properties, 'DomainIAMRoleName') as domain_iam_role_name, - json_extract_path_text(detail.Properties, 'DBClusterInstanceClass') as db_cluster_instance_class, - json_extract_path_text(detail.Properties, 'AvailabilityZones') as availability_zones, - json_extract_path_text(detail.Properties, 'DBClusterArn') as db_cluster_arn, + json_extract_path_text(detail.Properties, 'PerformanceInsightsEnabled') as performance_insights_enabled, + json_extract_path_text(detail.Properties, 'PerformanceInsightsKmsKeyId') as performance_insights_kms_key_id, + json_extract_path_text(detail.Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + json_extract_path_text(detail.Properties, 'Port') as port, + json_extract_path_text(detail.Properties, 'PreferredBackupWindow') as preferred_backup_window, json_extract_path_text(detail.Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, - json_extract_path_text(detail.Properties, 'Iops') as iops, + json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(detail.Properties, 'ReplicationSourceIdentifier') as replication_source_identifier, + json_extract_path_text(detail.Properties, 'RestoreToTime') as restore_to_time, + json_extract_path_text(detail.Properties, 'RestoreType') as restore_type, + json_extract_path_text(detail.Properties, 'ServerlessV2ScalingConfiguration') as serverless_v2_scaling_configuration, + json_extract_path_text(detail.Properties, 'ScalingConfiguration') as scaling_configuration, + json_extract_path_text(detail.Properties, 'SnapshotIdentifier') as snapshot_identifier, + json_extract_path_text(detail.Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, json_extract_path_text(detail.Properties, 'SourceRegion') as source_region, + json_extract_path_text(detail.Properties, 'StorageEncrypted') as storage_encrypted, + json_extract_path_text(detail.Properties, 'StorageThroughput') as storage_throughput, + json_extract_path_text(detail.Properties, 'StorageType') as storage_type, json_extract_path_text(detail.Properties, 'UseLatestRestorableTime') as use_latest_restorable_time, - json_extract_path_text(detail.Properties, 'ManageMasterUserPassword') as manage_master_user_password, - json_extract_path_text(detail.Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, - json_extract_path_text(detail.Properties, 'DBClusterParameterGroupName') as db_cluster_parameter_group_name, - json_extract_path_text(detail.Properties, 'PerformanceInsightsEnabled') as performance_insights_enabled, - json_extract_path_text(detail.Properties, 'BackupRetentionPeriod') as backup_retention_period, - json_extract_path_text(detail.Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports + json_extract_path_text(detail.Properties, 'VpcSecurityGroupIds') as vpc_security_group_ids FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -5611,86 +6707,88 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.StorageEncrypted') as storage_encrypted, - JSON_EXTRACT(Properties, '$.Timezone') as timezone, - JSON_EXTRACT(Properties, '$.DBSystemId') as db_system_id, + JSON_EXTRACT(Properties, '$.AllocatedStorage') as allocated_storage, + JSON_EXTRACT(Properties, '$.AllowMajorVersionUpgrade') as allow_major_version_upgrade, + JSON_EXTRACT(Properties, '$.AssociatedRoles') as associated_roles, + JSON_EXTRACT(Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + JSON_EXTRACT(Properties, '$.AutomaticBackupReplicationRegion') as automatic_backup_replication_region, + JSON_EXTRACT(Properties, '$.AutomaticBackupReplicationKmsKeyId') as automatic_backup_replication_kms_key_id, + JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(Properties, '$.BackupRetentionPeriod') as backup_retention_period, + JSON_EXTRACT(Properties, '$.CACertificateIdentifier') as ca_certificate_identifier, JSON_EXTRACT(Properties, '$.CertificateDetails') as certificate_details, - JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.CertificateRotationRestart') as certificate_rotation_restart, + JSON_EXTRACT(Properties, '$.CharacterSetName') as character_set_name, + JSON_EXTRACT(Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, + JSON_EXTRACT(Properties, '$.CustomIAMInstanceProfile') as custom_iam_instance_profile, + JSON_EXTRACT(Properties, '$.DatabaseInsightsMode') as database_insights_mode, JSON_EXTRACT(Properties, '$.DBClusterIdentifier') as db_cluster_identifier, - JSON_EXTRACT(Properties, '$.StorageThroughput') as storage_throughput, + JSON_EXTRACT(Properties, '$.DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, + JSON_EXTRACT(Properties, '$.DBInstanceArn') as db_instance_arn, + JSON_EXTRACT(Properties, '$.DBInstanceClass') as db_instance_class, + JSON_EXTRACT(Properties, '$.DBInstanceIdentifier') as db_instance_identifier, JSON_EXTRACT(Properties, '$.DbiResourceId') as dbi_resource_id, - JSON_EXTRACT(Properties, '$.MonitoringInterval') as monitoring_interval, + JSON_EXTRACT(Properties, '$.DBName') as db_name, JSON_EXTRACT(Properties, '$.DBParameterGroupName') as db_parameter_group_name, - JSON_EXTRACT(Properties, '$.DBInstanceArn') as db_instance_arn, + JSON_EXTRACT(Properties, '$.DBSecurityGroups') as db_security_groups, + JSON_EXTRACT(Properties, '$.DBSnapshotIdentifier') as db_snapshot_identifier, + JSON_EXTRACT(Properties, '$.DBSubnetGroupName') as db_subnet_group_name, + JSON_EXTRACT(Properties, '$.DBSystemId') as db_system_id, + JSON_EXTRACT(Properties, '$.DedicatedLogVolume') as dedicated_log_volume, + JSON_EXTRACT(Properties, '$.DeleteAutomatedBackups') as delete_automated_backups, + JSON_EXTRACT(Properties, '$.DeletionProtection') as deletion_protection, + JSON_EXTRACT(Properties, '$.Domain') as domain, + JSON_EXTRACT(Properties, '$.DomainAuthSecretArn') as domain_auth_secret_arn, + JSON_EXTRACT(Properties, '$.DomainDnsIps') as domain_dns_ips, + JSON_EXTRACT(Properties, '$.DomainFqdn') as domain_fqdn, + JSON_EXTRACT(Properties, '$.DomainIAMRoleName') as domain_iam_role_name, + JSON_EXTRACT(Properties, '$.DomainOu') as domain_ou, + JSON_EXTRACT(Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, + JSON_EXTRACT(Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + JSON_EXTRACT(Properties, '$.EnablePerformanceInsights') as enable_performance_insights, JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, - JSON_EXTRACT(Properties, '$.TdeCredentialArn') as tde_credential_arn, - JSON_EXTRACT(Properties, '$.AutomaticBackupReplicationKmsKeyId') as automatic_backup_replication_kms_key_id, - JSON_EXTRACT(Properties, '$.MultiAZ') as multi_az, JSON_EXTRACT(Properties, '$.Engine') as engine, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, - JSON_EXTRACT(Properties, '$.TdeCredentialPassword') as tde_credential_password, - JSON_EXTRACT(Properties, '$.SourceDBInstanceIdentifier') as source_db_instance_identifier, + JSON_EXTRACT(Properties, '$.EngineLifecycleSupport') as engine_lifecycle_support, JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, - JSON_EXTRACT(Properties, '$.StorageType') as storage_type, + JSON_EXTRACT(Properties, '$.ManageMasterUserPassword') as manage_master_user_password, + JSON_EXTRACT(Properties, '$.Iops') as iops, JSON_EXTRACT(Properties, '$.KmsKeyId') as kms_key_id, - JSON_EXTRACT(Properties, '$.DBInstanceClass') as db_instance_class, - JSON_EXTRACT(Properties, '$.DeleteAutomatedBackups') as delete_automated_backups, - JSON_EXTRACT(Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, - JSON_EXTRACT(Properties, '$.AvailabilityZone') as availability_zone, - JSON_EXTRACT(Properties, '$.OptionGroupName') as option_group_name, - JSON_EXTRACT(Properties, '$.EnablePerformanceInsights') as enable_performance_insights, - JSON_EXTRACT(Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, - JSON_EXTRACT(Properties, '$.DBSubnetGroupName') as db_subnet_group_name, - JSON_EXTRACT(Properties, '$.DeletionProtection') as deletion_protection, - JSON_EXTRACT(Properties, '$.DBInstanceIdentifier') as db_instance_identifier, - JSON_EXTRACT(Properties, '$.AllocatedStorage') as allocated_storage, + JSON_EXTRACT(Properties, '$.LicenseModel') as license_model, + JSON_EXTRACT(Properties, '$.MasterUsername') as master_username, JSON_EXTRACT(Properties, '$.MasterUserPassword') as master_user_password, JSON_EXTRACT(Properties, '$.MasterUserSecret') as master_user_secret, - JSON_EXTRACT(Properties, '$.NcharCharacterSetName') as nchar_character_set_name, - JSON_EXTRACT(Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, - JSON_EXTRACT(Properties, '$.DBSecurityGroups') as db_security_groups, - JSON_EXTRACT(Properties, '$.MasterUsername') as master_username, JSON_EXTRACT(Properties, '$.MaxAllocatedStorage') as max_allocated_storage, - JSON_EXTRACT(Properties, '$.PromotionTier') as promotion_tier, - JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, - JSON_EXTRACT(Properties, '$.Domain') as domain, - JSON_EXTRACT(Properties, '$.DomainFqdn') as domain_fqdn, - JSON_EXTRACT(Properties, '$.CharacterSetName') as character_set_name, + JSON_EXTRACT(Properties, '$.MonitoringInterval') as monitoring_interval, JSON_EXTRACT(Properties, '$.MonitoringRoleArn') as monitoring_role_arn, - JSON_EXTRACT(Properties, '$.AssociatedRoles') as associated_roles, - JSON_EXTRACT(Properties, '$.DomainOu') as domain_ou, - JSON_EXTRACT(Properties, '$.DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, - JSON_EXTRACT(Properties, '$.SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, - JSON_EXTRACT(Properties, '$.ProcessorFeatures') as processor_features, - JSON_EXTRACT(Properties, '$.PreferredBackupWindow') as preferred_backup_window, - JSON_EXTRACT(Properties, '$.RestoreTime') as restore_time, - JSON_EXTRACT(Properties, '$.CertificateRotationRestart') as certificate_rotation_restart, + JSON_EXTRACT(Properties, '$.MultiAZ') as multi_az, + JSON_EXTRACT(Properties, '$.NcharCharacterSetName') as nchar_character_set_name, JSON_EXTRACT(Properties, '$.NetworkType') as network_type, - JSON_EXTRACT(Properties, '$.DedicatedLogVolume') as dedicated_log_volume, - JSON_EXTRACT(Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, - JSON_EXTRACT(Properties, '$.DomainIAMRoleName') as domain_iam_role_name, - JSON_EXTRACT(Properties, '$.ReplicaMode') as replica_mode, - JSON_EXTRACT(Properties, '$.LicenseModel') as license_model, - JSON_EXTRACT(Properties, '$.DomainDnsIps') as domain_dns_ips, + JSON_EXTRACT(Properties, '$.OptionGroupName') as option_group_name, + JSON_EXTRACT(Properties, '$.PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, + JSON_EXTRACT(Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.PreferredBackupWindow') as preferred_backup_window, JSON_EXTRACT(Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, - JSON_EXTRACT(Properties, '$.Iops') as iops, + JSON_EXTRACT(Properties, '$.ProcessorFeatures') as processor_features, + JSON_EXTRACT(Properties, '$.PromotionTier') as promotion_tier, + JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(Properties, '$.ReplicaMode') as replica_mode, + JSON_EXTRACT(Properties, '$.RestoreTime') as restore_time, + JSON_EXTRACT(Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, + JSON_EXTRACT(Properties, '$.SourceDbiResourceId') as source_dbi_resource_id, + JSON_EXTRACT(Properties, '$.SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, + JSON_EXTRACT(Properties, '$.SourceDBInstanceIdentifier') as source_db_instance_identifier, JSON_EXTRACT(Properties, '$.SourceRegion') as source_region, + JSON_EXTRACT(Properties, '$.StorageEncrypted') as storage_encrypted, + JSON_EXTRACT(Properties, '$.StorageType') as storage_type, + JSON_EXTRACT(Properties, '$.StorageThroughput') as storage_throughput, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TdeCredentialArn') as tde_credential_arn, + JSON_EXTRACT(Properties, '$.TdeCredentialPassword') as tde_credential_password, + JSON_EXTRACT(Properties, '$.Timezone') as timezone, + JSON_EXTRACT(Properties, '$.UseDefaultProcessorFeatures') as use_default_processor_features, JSON_EXTRACT(Properties, '$.UseLatestRestorableTime') as use_latest_restorable_time, - JSON_EXTRACT(Properties, '$.CACertificateIdentifier') as ca_certificate_identifier, - JSON_EXTRACT(Properties, '$.ManageMasterUserPassword') as manage_master_user_password, - JSON_EXTRACT(Properties, '$.SourceDbiResourceId') as source_dbi_resource_id, - JSON_EXTRACT(Properties, '$.DomainAuthSecretArn') as domain_auth_secret_arn, - JSON_EXTRACT(Properties, '$.AutomaticBackupReplicationRegion') as automatic_backup_replication_region, - JSON_EXTRACT(Properties, '$.VPCSecurityGroups') as vpc_security_groups, - JSON_EXTRACT(Properties, '$.AllowMajorVersionUpgrade') as allow_major_version_upgrade, - JSON_EXTRACT(Properties, '$.DBName') as db_name, - JSON_EXTRACT(Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, - JSON_EXTRACT(Properties, '$.BackupRetentionPeriod') as backup_retention_period, - JSON_EXTRACT(Properties, '$.CustomIAMInstanceProfile') as custom_iam_instance_profile, - JSON_EXTRACT(Properties, '$.DBSnapshotIdentifier') as db_snapshot_identifier, - JSON_EXTRACT(Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, - JSON_EXTRACT(Properties, '$.UseDefaultProcessorFeatures') as use_default_processor_features + JSON_EXTRACT(Properties, '$.VPCSecurityGroups') as vpc_security_groups FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBInstance' AND data__Identifier = '' AND region = 'us-east-1' @@ -5699,86 +6797,88 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.StorageEncrypted') as storage_encrypted, - JSON_EXTRACT(detail.Properties, '$.Timezone') as timezone, - JSON_EXTRACT(detail.Properties, '$.DBSystemId') as db_system_id, + JSON_EXTRACT(detail.Properties, '$.AllocatedStorage') as allocated_storage, + JSON_EXTRACT(detail.Properties, '$.AllowMajorVersionUpgrade') as allow_major_version_upgrade, + JSON_EXTRACT(detail.Properties, '$.AssociatedRoles') as associated_roles, + JSON_EXTRACT(detail.Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + JSON_EXTRACT(detail.Properties, '$.AutomaticBackupReplicationRegion') as automatic_backup_replication_region, + JSON_EXTRACT(detail.Properties, '$.AutomaticBackupReplicationKmsKeyId') as automatic_backup_replication_kms_key_id, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(detail.Properties, '$.BackupRetentionPeriod') as backup_retention_period, + JSON_EXTRACT(detail.Properties, '$.CACertificateIdentifier') as ca_certificate_identifier, JSON_EXTRACT(detail.Properties, '$.CertificateDetails') as certificate_details, - JSON_EXTRACT(detail.Properties, '$.Port') as port, + JSON_EXTRACT(detail.Properties, '$.CertificateRotationRestart') as certificate_rotation_restart, + JSON_EXTRACT(detail.Properties, '$.CharacterSetName') as character_set_name, + JSON_EXTRACT(detail.Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, + JSON_EXTRACT(detail.Properties, '$.CustomIAMInstanceProfile') as custom_iam_instance_profile, + JSON_EXTRACT(detail.Properties, '$.DatabaseInsightsMode') as database_insights_mode, JSON_EXTRACT(detail.Properties, '$.DBClusterIdentifier') as db_cluster_identifier, - JSON_EXTRACT(detail.Properties, '$.StorageThroughput') as storage_throughput, + JSON_EXTRACT(detail.Properties, '$.DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, + JSON_EXTRACT(detail.Properties, '$.DBInstanceArn') as db_instance_arn, + JSON_EXTRACT(detail.Properties, '$.DBInstanceClass') as db_instance_class, + JSON_EXTRACT(detail.Properties, '$.DBInstanceIdentifier') as db_instance_identifier, JSON_EXTRACT(detail.Properties, '$.DbiResourceId') as dbi_resource_id, - JSON_EXTRACT(detail.Properties, '$.MonitoringInterval') as monitoring_interval, + JSON_EXTRACT(detail.Properties, '$.DBName') as db_name, JSON_EXTRACT(detail.Properties, '$.DBParameterGroupName') as db_parameter_group_name, - JSON_EXTRACT(detail.Properties, '$.DBInstanceArn') as db_instance_arn, + JSON_EXTRACT(detail.Properties, '$.DBSecurityGroups') as db_security_groups, + JSON_EXTRACT(detail.Properties, '$.DBSnapshotIdentifier') as db_snapshot_identifier, + JSON_EXTRACT(detail.Properties, '$.DBSubnetGroupName') as db_subnet_group_name, + JSON_EXTRACT(detail.Properties, '$.DBSystemId') as db_system_id, + JSON_EXTRACT(detail.Properties, '$.DedicatedLogVolume') as dedicated_log_volume, + JSON_EXTRACT(detail.Properties, '$.DeleteAutomatedBackups') as delete_automated_backups, + JSON_EXTRACT(detail.Properties, '$.DeletionProtection') as deletion_protection, + JSON_EXTRACT(detail.Properties, '$.Domain') as domain, + JSON_EXTRACT(detail.Properties, '$.DomainAuthSecretArn') as domain_auth_secret_arn, + JSON_EXTRACT(detail.Properties, '$.DomainDnsIps') as domain_dns_ips, + JSON_EXTRACT(detail.Properties, '$.DomainFqdn') as domain_fqdn, + JSON_EXTRACT(detail.Properties, '$.DomainIAMRoleName') as domain_iam_role_name, + JSON_EXTRACT(detail.Properties, '$.DomainOu') as domain_ou, + JSON_EXTRACT(detail.Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, + JSON_EXTRACT(detail.Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + JSON_EXTRACT(detail.Properties, '$.EnablePerformanceInsights') as enable_performance_insights, JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, - JSON_EXTRACT(detail.Properties, '$.TdeCredentialArn') as tde_credential_arn, - JSON_EXTRACT(detail.Properties, '$.AutomaticBackupReplicationKmsKeyId') as automatic_backup_replication_kms_key_id, - JSON_EXTRACT(detail.Properties, '$.MultiAZ') as multi_az, JSON_EXTRACT(detail.Properties, '$.Engine') as engine, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, - JSON_EXTRACT(detail.Properties, '$.TdeCredentialPassword') as tde_credential_password, - JSON_EXTRACT(detail.Properties, '$.SourceDBInstanceIdentifier') as source_db_instance_identifier, + JSON_EXTRACT(detail.Properties, '$.EngineLifecycleSupport') as engine_lifecycle_support, JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, - JSON_EXTRACT(detail.Properties, '$.StorageType') as storage_type, + JSON_EXTRACT(detail.Properties, '$.ManageMasterUserPassword') as manage_master_user_password, + JSON_EXTRACT(detail.Properties, '$.Iops') as iops, JSON_EXTRACT(detail.Properties, '$.KmsKeyId') as kms_key_id, - JSON_EXTRACT(detail.Properties, '$.DBInstanceClass') as db_instance_class, - JSON_EXTRACT(detail.Properties, '$.DeleteAutomatedBackups') as delete_automated_backups, - JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, - JSON_EXTRACT(detail.Properties, '$.AvailabilityZone') as availability_zone, - JSON_EXTRACT(detail.Properties, '$.OptionGroupName') as option_group_name, - JSON_EXTRACT(detail.Properties, '$.EnablePerformanceInsights') as enable_performance_insights, - JSON_EXTRACT(detail.Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, - JSON_EXTRACT(detail.Properties, '$.DBSubnetGroupName') as db_subnet_group_name, - JSON_EXTRACT(detail.Properties, '$.DeletionProtection') as deletion_protection, - JSON_EXTRACT(detail.Properties, '$.DBInstanceIdentifier') as db_instance_identifier, - JSON_EXTRACT(detail.Properties, '$.AllocatedStorage') as allocated_storage, + JSON_EXTRACT(detail.Properties, '$.LicenseModel') as license_model, + JSON_EXTRACT(detail.Properties, '$.MasterUsername') as master_username, JSON_EXTRACT(detail.Properties, '$.MasterUserPassword') as master_user_password, JSON_EXTRACT(detail.Properties, '$.MasterUserSecret') as master_user_secret, - JSON_EXTRACT(detail.Properties, '$.NcharCharacterSetName') as nchar_character_set_name, - JSON_EXTRACT(detail.Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, - JSON_EXTRACT(detail.Properties, '$.DBSecurityGroups') as db_security_groups, - JSON_EXTRACT(detail.Properties, '$.MasterUsername') as master_username, JSON_EXTRACT(detail.Properties, '$.MaxAllocatedStorage') as max_allocated_storage, - JSON_EXTRACT(detail.Properties, '$.PromotionTier') as promotion_tier, - JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, - JSON_EXTRACT(detail.Properties, '$.Domain') as domain, - JSON_EXTRACT(detail.Properties, '$.DomainFqdn') as domain_fqdn, - JSON_EXTRACT(detail.Properties, '$.CharacterSetName') as character_set_name, + JSON_EXTRACT(detail.Properties, '$.MonitoringInterval') as monitoring_interval, JSON_EXTRACT(detail.Properties, '$.MonitoringRoleArn') as monitoring_role_arn, - JSON_EXTRACT(detail.Properties, '$.AssociatedRoles') as associated_roles, - JSON_EXTRACT(detail.Properties, '$.DomainOu') as domain_ou, - JSON_EXTRACT(detail.Properties, '$.DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, - JSON_EXTRACT(detail.Properties, '$.SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, - JSON_EXTRACT(detail.Properties, '$.ProcessorFeatures') as processor_features, - JSON_EXTRACT(detail.Properties, '$.PreferredBackupWindow') as preferred_backup_window, - JSON_EXTRACT(detail.Properties, '$.RestoreTime') as restore_time, - JSON_EXTRACT(detail.Properties, '$.CertificateRotationRestart') as certificate_rotation_restart, + JSON_EXTRACT(detail.Properties, '$.MultiAZ') as multi_az, + JSON_EXTRACT(detail.Properties, '$.NcharCharacterSetName') as nchar_character_set_name, JSON_EXTRACT(detail.Properties, '$.NetworkType') as network_type, - JSON_EXTRACT(detail.Properties, '$.DedicatedLogVolume') as dedicated_log_volume, - JSON_EXTRACT(detail.Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, - JSON_EXTRACT(detail.Properties, '$.DomainIAMRoleName') as domain_iam_role_name, - JSON_EXTRACT(detail.Properties, '$.ReplicaMode') as replica_mode, - JSON_EXTRACT(detail.Properties, '$.LicenseModel') as license_model, - JSON_EXTRACT(detail.Properties, '$.DomainDnsIps') as domain_dns_ips, + JSON_EXTRACT(detail.Properties, '$.OptionGroupName') as option_group_name, + JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, + JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + JSON_EXTRACT(detail.Properties, '$.Port') as port, + JSON_EXTRACT(detail.Properties, '$.PreferredBackupWindow') as preferred_backup_window, JSON_EXTRACT(detail.Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, - JSON_EXTRACT(detail.Properties, '$.Iops') as iops, + JSON_EXTRACT(detail.Properties, '$.ProcessorFeatures') as processor_features, + JSON_EXTRACT(detail.Properties, '$.PromotionTier') as promotion_tier, + JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(detail.Properties, '$.ReplicaMode') as replica_mode, + JSON_EXTRACT(detail.Properties, '$.RestoreTime') as restore_time, + JSON_EXTRACT(detail.Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, + JSON_EXTRACT(detail.Properties, '$.SourceDbiResourceId') as source_dbi_resource_id, + JSON_EXTRACT(detail.Properties, '$.SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, + JSON_EXTRACT(detail.Properties, '$.SourceDBInstanceIdentifier') as source_db_instance_identifier, JSON_EXTRACT(detail.Properties, '$.SourceRegion') as source_region, + JSON_EXTRACT(detail.Properties, '$.StorageEncrypted') as storage_encrypted, + JSON_EXTRACT(detail.Properties, '$.StorageType') as storage_type, + JSON_EXTRACT(detail.Properties, '$.StorageThroughput') as storage_throughput, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.TdeCredentialArn') as tde_credential_arn, + JSON_EXTRACT(detail.Properties, '$.TdeCredentialPassword') as tde_credential_password, + JSON_EXTRACT(detail.Properties, '$.Timezone') as timezone, + JSON_EXTRACT(detail.Properties, '$.UseDefaultProcessorFeatures') as use_default_processor_features, JSON_EXTRACT(detail.Properties, '$.UseLatestRestorableTime') as use_latest_restorable_time, - JSON_EXTRACT(detail.Properties, '$.CACertificateIdentifier') as ca_certificate_identifier, - JSON_EXTRACT(detail.Properties, '$.ManageMasterUserPassword') as manage_master_user_password, - JSON_EXTRACT(detail.Properties, '$.SourceDbiResourceId') as source_dbi_resource_id, - JSON_EXTRACT(detail.Properties, '$.DomainAuthSecretArn') as domain_auth_secret_arn, - JSON_EXTRACT(detail.Properties, '$.AutomaticBackupReplicationRegion') as automatic_backup_replication_region, - JSON_EXTRACT(detail.Properties, '$.VPCSecurityGroups') as vpc_security_groups, - JSON_EXTRACT(detail.Properties, '$.AllowMajorVersionUpgrade') as allow_major_version_upgrade, - JSON_EXTRACT(detail.Properties, '$.DBName') as db_name, - JSON_EXTRACT(detail.Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, - JSON_EXTRACT(detail.Properties, '$.BackupRetentionPeriod') as backup_retention_period, - JSON_EXTRACT(detail.Properties, '$.CustomIAMInstanceProfile') as custom_iam_instance_profile, - JSON_EXTRACT(detail.Properties, '$.DBSnapshotIdentifier') as db_snapshot_identifier, - JSON_EXTRACT(detail.Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, - JSON_EXTRACT(detail.Properties, '$.UseDefaultProcessorFeatures') as use_default_processor_features + JSON_EXTRACT(detail.Properties, '$.VPCSecurityGroups') as vpc_security_groups FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -5792,86 +6892,88 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'StorageEncrypted') as storage_encrypted, - json_extract_path_text(Properties, 'Timezone') as timezone, - json_extract_path_text(Properties, 'DBSystemId') as db_system_id, + json_extract_path_text(Properties, 'AllocatedStorage') as allocated_storage, + json_extract_path_text(Properties, 'AllowMajorVersionUpgrade') as allow_major_version_upgrade, + json_extract_path_text(Properties, 'AssociatedRoles') as associated_roles, + json_extract_path_text(Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + json_extract_path_text(Properties, 'AutomaticBackupReplicationRegion') as automatic_backup_replication_region, + json_extract_path_text(Properties, 'AutomaticBackupReplicationKmsKeyId') as automatic_backup_replication_kms_key_id, + json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(Properties, 'BackupRetentionPeriod') as backup_retention_period, + json_extract_path_text(Properties, 'CACertificateIdentifier') as ca_certificate_identifier, json_extract_path_text(Properties, 'CertificateDetails') as certificate_details, - json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'CertificateRotationRestart') as certificate_rotation_restart, + json_extract_path_text(Properties, 'CharacterSetName') as character_set_name, + json_extract_path_text(Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, + json_extract_path_text(Properties, 'CustomIAMInstanceProfile') as custom_iam_instance_profile, + json_extract_path_text(Properties, 'DatabaseInsightsMode') as database_insights_mode, json_extract_path_text(Properties, 'DBClusterIdentifier') as db_cluster_identifier, - json_extract_path_text(Properties, 'StorageThroughput') as storage_throughput, + json_extract_path_text(Properties, 'DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, + json_extract_path_text(Properties, 'DBInstanceArn') as db_instance_arn, + json_extract_path_text(Properties, 'DBInstanceClass') as db_instance_class, + json_extract_path_text(Properties, 'DBInstanceIdentifier') as db_instance_identifier, json_extract_path_text(Properties, 'DbiResourceId') as dbi_resource_id, - json_extract_path_text(Properties, 'MonitoringInterval') as monitoring_interval, + json_extract_path_text(Properties, 'DBName') as db_name, json_extract_path_text(Properties, 'DBParameterGroupName') as db_parameter_group_name, - json_extract_path_text(Properties, 'DBInstanceArn') as db_instance_arn, + json_extract_path_text(Properties, 'DBSecurityGroups') as db_security_groups, + json_extract_path_text(Properties, 'DBSnapshotIdentifier') as db_snapshot_identifier, + json_extract_path_text(Properties, 'DBSubnetGroupName') as db_subnet_group_name, + json_extract_path_text(Properties, 'DBSystemId') as db_system_id, + json_extract_path_text(Properties, 'DedicatedLogVolume') as dedicated_log_volume, + json_extract_path_text(Properties, 'DeleteAutomatedBackups') as delete_automated_backups, + json_extract_path_text(Properties, 'DeletionProtection') as deletion_protection, + json_extract_path_text(Properties, 'Domain') as domain, + json_extract_path_text(Properties, 'DomainAuthSecretArn') as domain_auth_secret_arn, + json_extract_path_text(Properties, 'DomainDnsIps') as domain_dns_ips, + json_extract_path_text(Properties, 'DomainFqdn') as domain_fqdn, + json_extract_path_text(Properties, 'DomainIAMRoleName') as domain_iam_role_name, + json_extract_path_text(Properties, 'DomainOu') as domain_ou, + json_extract_path_text(Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, + json_extract_path_text(Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + json_extract_path_text(Properties, 'EnablePerformanceInsights') as enable_performance_insights, json_extract_path_text(Properties, 'Endpoint') as endpoint, - json_extract_path_text(Properties, 'TdeCredentialArn') as tde_credential_arn, - json_extract_path_text(Properties, 'AutomaticBackupReplicationKmsKeyId') as automatic_backup_replication_kms_key_id, - json_extract_path_text(Properties, 'MultiAZ') as multi_az, json_extract_path_text(Properties, 'Engine') as engine, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, - json_extract_path_text(Properties, 'TdeCredentialPassword') as tde_credential_password, - json_extract_path_text(Properties, 'SourceDBInstanceIdentifier') as source_db_instance_identifier, + json_extract_path_text(Properties, 'EngineLifecycleSupport') as engine_lifecycle_support, json_extract_path_text(Properties, 'EngineVersion') as engine_version, - json_extract_path_text(Properties, 'StorageType') as storage_type, + json_extract_path_text(Properties, 'ManageMasterUserPassword') as manage_master_user_password, + json_extract_path_text(Properties, 'Iops') as iops, json_extract_path_text(Properties, 'KmsKeyId') as kms_key_id, - json_extract_path_text(Properties, 'DBInstanceClass') as db_instance_class, - json_extract_path_text(Properties, 'DeleteAutomatedBackups') as delete_automated_backups, - json_extract_path_text(Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, - json_extract_path_text(Properties, 'AvailabilityZone') as availability_zone, - json_extract_path_text(Properties, 'OptionGroupName') as option_group_name, - json_extract_path_text(Properties, 'EnablePerformanceInsights') as enable_performance_insights, - json_extract_path_text(Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, - json_extract_path_text(Properties, 'DBSubnetGroupName') as db_subnet_group_name, - json_extract_path_text(Properties, 'DeletionProtection') as deletion_protection, - json_extract_path_text(Properties, 'DBInstanceIdentifier') as db_instance_identifier, - json_extract_path_text(Properties, 'AllocatedStorage') as allocated_storage, + json_extract_path_text(Properties, 'LicenseModel') as license_model, + json_extract_path_text(Properties, 'MasterUsername') as master_username, json_extract_path_text(Properties, 'MasterUserPassword') as master_user_password, json_extract_path_text(Properties, 'MasterUserSecret') as master_user_secret, - json_extract_path_text(Properties, 'NcharCharacterSetName') as nchar_character_set_name, - json_extract_path_text(Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, - json_extract_path_text(Properties, 'DBSecurityGroups') as db_security_groups, - json_extract_path_text(Properties, 'MasterUsername') as master_username, json_extract_path_text(Properties, 'MaxAllocatedStorage') as max_allocated_storage, - json_extract_path_text(Properties, 'PromotionTier') as promotion_tier, - json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, - json_extract_path_text(Properties, 'Domain') as domain, - json_extract_path_text(Properties, 'DomainFqdn') as domain_fqdn, - json_extract_path_text(Properties, 'CharacterSetName') as character_set_name, + json_extract_path_text(Properties, 'MonitoringInterval') as monitoring_interval, json_extract_path_text(Properties, 'MonitoringRoleArn') as monitoring_role_arn, - json_extract_path_text(Properties, 'AssociatedRoles') as associated_roles, - json_extract_path_text(Properties, 'DomainOu') as domain_ou, - json_extract_path_text(Properties, 'DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, - json_extract_path_text(Properties, 'SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, - json_extract_path_text(Properties, 'ProcessorFeatures') as processor_features, - json_extract_path_text(Properties, 'PreferredBackupWindow') as preferred_backup_window, - json_extract_path_text(Properties, 'RestoreTime') as restore_time, - json_extract_path_text(Properties, 'CertificateRotationRestart') as certificate_rotation_restart, + json_extract_path_text(Properties, 'MultiAZ') as multi_az, + json_extract_path_text(Properties, 'NcharCharacterSetName') as nchar_character_set_name, json_extract_path_text(Properties, 'NetworkType') as network_type, - json_extract_path_text(Properties, 'DedicatedLogVolume') as dedicated_log_volume, - json_extract_path_text(Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, - json_extract_path_text(Properties, 'DomainIAMRoleName') as domain_iam_role_name, - json_extract_path_text(Properties, 'ReplicaMode') as replica_mode, - json_extract_path_text(Properties, 'LicenseModel') as license_model, - json_extract_path_text(Properties, 'DomainDnsIps') as domain_dns_ips, + json_extract_path_text(Properties, 'OptionGroupName') as option_group_name, + json_extract_path_text(Properties, 'PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, + json_extract_path_text(Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'PreferredBackupWindow') as preferred_backup_window, json_extract_path_text(Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, - json_extract_path_text(Properties, 'Iops') as iops, + json_extract_path_text(Properties, 'ProcessorFeatures') as processor_features, + json_extract_path_text(Properties, 'PromotionTier') as promotion_tier, + json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(Properties, 'ReplicaMode') as replica_mode, + json_extract_path_text(Properties, 'RestoreTime') as restore_time, + json_extract_path_text(Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, + json_extract_path_text(Properties, 'SourceDbiResourceId') as source_dbi_resource_id, + json_extract_path_text(Properties, 'SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, + json_extract_path_text(Properties, 'SourceDBInstanceIdentifier') as source_db_instance_identifier, json_extract_path_text(Properties, 'SourceRegion') as source_region, + json_extract_path_text(Properties, 'StorageEncrypted') as storage_encrypted, + json_extract_path_text(Properties, 'StorageType') as storage_type, + json_extract_path_text(Properties, 'StorageThroughput') as storage_throughput, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TdeCredentialArn') as tde_credential_arn, + json_extract_path_text(Properties, 'TdeCredentialPassword') as tde_credential_password, + json_extract_path_text(Properties, 'Timezone') as timezone, + json_extract_path_text(Properties, 'UseDefaultProcessorFeatures') as use_default_processor_features, json_extract_path_text(Properties, 'UseLatestRestorableTime') as use_latest_restorable_time, - json_extract_path_text(Properties, 'CACertificateIdentifier') as ca_certificate_identifier, - json_extract_path_text(Properties, 'ManageMasterUserPassword') as manage_master_user_password, - json_extract_path_text(Properties, 'SourceDbiResourceId') as source_dbi_resource_id, - json_extract_path_text(Properties, 'DomainAuthSecretArn') as domain_auth_secret_arn, - json_extract_path_text(Properties, 'AutomaticBackupReplicationRegion') as automatic_backup_replication_region, - json_extract_path_text(Properties, 'VPCSecurityGroups') as vpc_security_groups, - json_extract_path_text(Properties, 'AllowMajorVersionUpgrade') as allow_major_version_upgrade, - json_extract_path_text(Properties, 'DBName') as db_name, - json_extract_path_text(Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, - json_extract_path_text(Properties, 'BackupRetentionPeriod') as backup_retention_period, - json_extract_path_text(Properties, 'CustomIAMInstanceProfile') as custom_iam_instance_profile, - json_extract_path_text(Properties, 'DBSnapshotIdentifier') as db_snapshot_identifier, - json_extract_path_text(Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, - json_extract_path_text(Properties, 'UseDefaultProcessorFeatures') as use_default_processor_features + json_extract_path_text(Properties, 'VPCSecurityGroups') as vpc_security_groups FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBInstance' AND data__Identifier = '' AND region = 'us-east-1' @@ -5880,86 +6982,88 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'StorageEncrypted') as storage_encrypted, - json_extract_path_text(detail.Properties, 'Timezone') as timezone, - json_extract_path_text(detail.Properties, 'DBSystemId') as db_system_id, + json_extract_path_text(detail.Properties, 'AllocatedStorage') as allocated_storage, + json_extract_path_text(detail.Properties, 'AllowMajorVersionUpgrade') as allow_major_version_upgrade, + json_extract_path_text(detail.Properties, 'AssociatedRoles') as associated_roles, + json_extract_path_text(detail.Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + json_extract_path_text(detail.Properties, 'AutomaticBackupReplicationRegion') as automatic_backup_replication_region, + json_extract_path_text(detail.Properties, 'AutomaticBackupReplicationKmsKeyId') as automatic_backup_replication_kms_key_id, + json_extract_path_text(detail.Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(detail.Properties, 'BackupRetentionPeriod') as backup_retention_period, + json_extract_path_text(detail.Properties, 'CACertificateIdentifier') as ca_certificate_identifier, json_extract_path_text(detail.Properties, 'CertificateDetails') as certificate_details, - json_extract_path_text(detail.Properties, 'Port') as port, + json_extract_path_text(detail.Properties, 'CertificateRotationRestart') as certificate_rotation_restart, + json_extract_path_text(detail.Properties, 'CharacterSetName') as character_set_name, + json_extract_path_text(detail.Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, + json_extract_path_text(detail.Properties, 'CustomIAMInstanceProfile') as custom_iam_instance_profile, + json_extract_path_text(detail.Properties, 'DatabaseInsightsMode') as database_insights_mode, json_extract_path_text(detail.Properties, 'DBClusterIdentifier') as db_cluster_identifier, - json_extract_path_text(detail.Properties, 'StorageThroughput') as storage_throughput, + json_extract_path_text(detail.Properties, 'DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, + json_extract_path_text(detail.Properties, 'DBInstanceArn') as db_instance_arn, + json_extract_path_text(detail.Properties, 'DBInstanceClass') as db_instance_class, + json_extract_path_text(detail.Properties, 'DBInstanceIdentifier') as db_instance_identifier, json_extract_path_text(detail.Properties, 'DbiResourceId') as dbi_resource_id, - json_extract_path_text(detail.Properties, 'MonitoringInterval') as monitoring_interval, + json_extract_path_text(detail.Properties, 'DBName') as db_name, json_extract_path_text(detail.Properties, 'DBParameterGroupName') as db_parameter_group_name, - json_extract_path_text(detail.Properties, 'DBInstanceArn') as db_instance_arn, + json_extract_path_text(detail.Properties, 'DBSecurityGroups') as db_security_groups, + json_extract_path_text(detail.Properties, 'DBSnapshotIdentifier') as db_snapshot_identifier, + json_extract_path_text(detail.Properties, 'DBSubnetGroupName') as db_subnet_group_name, + json_extract_path_text(detail.Properties, 'DBSystemId') as db_system_id, + json_extract_path_text(detail.Properties, 'DedicatedLogVolume') as dedicated_log_volume, + json_extract_path_text(detail.Properties, 'DeleteAutomatedBackups') as delete_automated_backups, + json_extract_path_text(detail.Properties, 'DeletionProtection') as deletion_protection, + json_extract_path_text(detail.Properties, 'Domain') as domain, + json_extract_path_text(detail.Properties, 'DomainAuthSecretArn') as domain_auth_secret_arn, + json_extract_path_text(detail.Properties, 'DomainDnsIps') as domain_dns_ips, + json_extract_path_text(detail.Properties, 'DomainFqdn') as domain_fqdn, + json_extract_path_text(detail.Properties, 'DomainIAMRoleName') as domain_iam_role_name, + json_extract_path_text(detail.Properties, 'DomainOu') as domain_ou, + json_extract_path_text(detail.Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, + json_extract_path_text(detail.Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + json_extract_path_text(detail.Properties, 'EnablePerformanceInsights') as enable_performance_insights, json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, - json_extract_path_text(detail.Properties, 'TdeCredentialArn') as tde_credential_arn, - json_extract_path_text(detail.Properties, 'AutomaticBackupReplicationKmsKeyId') as automatic_backup_replication_kms_key_id, - json_extract_path_text(detail.Properties, 'MultiAZ') as multi_az, json_extract_path_text(detail.Properties, 'Engine') as engine, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, - json_extract_path_text(detail.Properties, 'TdeCredentialPassword') as tde_credential_password, - json_extract_path_text(detail.Properties, 'SourceDBInstanceIdentifier') as source_db_instance_identifier, + json_extract_path_text(detail.Properties, 'EngineLifecycleSupport') as engine_lifecycle_support, json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, - json_extract_path_text(detail.Properties, 'StorageType') as storage_type, + json_extract_path_text(detail.Properties, 'ManageMasterUserPassword') as manage_master_user_password, + json_extract_path_text(detail.Properties, 'Iops') as iops, json_extract_path_text(detail.Properties, 'KmsKeyId') as kms_key_id, - json_extract_path_text(detail.Properties, 'DBInstanceClass') as db_instance_class, - json_extract_path_text(detail.Properties, 'DeleteAutomatedBackups') as delete_automated_backups, - json_extract_path_text(detail.Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, - json_extract_path_text(detail.Properties, 'AvailabilityZone') as availability_zone, - json_extract_path_text(detail.Properties, 'OptionGroupName') as option_group_name, - json_extract_path_text(detail.Properties, 'EnablePerformanceInsights') as enable_performance_insights, - json_extract_path_text(detail.Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, - json_extract_path_text(detail.Properties, 'DBSubnetGroupName') as db_subnet_group_name, - json_extract_path_text(detail.Properties, 'DeletionProtection') as deletion_protection, - json_extract_path_text(detail.Properties, 'DBInstanceIdentifier') as db_instance_identifier, - json_extract_path_text(detail.Properties, 'AllocatedStorage') as allocated_storage, + json_extract_path_text(detail.Properties, 'LicenseModel') as license_model, + json_extract_path_text(detail.Properties, 'MasterUsername') as master_username, json_extract_path_text(detail.Properties, 'MasterUserPassword') as master_user_password, json_extract_path_text(detail.Properties, 'MasterUserSecret') as master_user_secret, - json_extract_path_text(detail.Properties, 'NcharCharacterSetName') as nchar_character_set_name, - json_extract_path_text(detail.Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, - json_extract_path_text(detail.Properties, 'DBSecurityGroups') as db_security_groups, - json_extract_path_text(detail.Properties, 'MasterUsername') as master_username, json_extract_path_text(detail.Properties, 'MaxAllocatedStorage') as max_allocated_storage, - json_extract_path_text(detail.Properties, 'PromotionTier') as promotion_tier, - json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, - json_extract_path_text(detail.Properties, 'Domain') as domain, - json_extract_path_text(detail.Properties, 'DomainFqdn') as domain_fqdn, - json_extract_path_text(detail.Properties, 'CharacterSetName') as character_set_name, + json_extract_path_text(detail.Properties, 'MonitoringInterval') as monitoring_interval, json_extract_path_text(detail.Properties, 'MonitoringRoleArn') as monitoring_role_arn, - json_extract_path_text(detail.Properties, 'AssociatedRoles') as associated_roles, - json_extract_path_text(detail.Properties, 'DomainOu') as domain_ou, - json_extract_path_text(detail.Properties, 'DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, - json_extract_path_text(detail.Properties, 'SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, - json_extract_path_text(detail.Properties, 'ProcessorFeatures') as processor_features, - json_extract_path_text(detail.Properties, 'PreferredBackupWindow') as preferred_backup_window, - json_extract_path_text(detail.Properties, 'RestoreTime') as restore_time, - json_extract_path_text(detail.Properties, 'CertificateRotationRestart') as certificate_rotation_restart, + json_extract_path_text(detail.Properties, 'MultiAZ') as multi_az, + json_extract_path_text(detail.Properties, 'NcharCharacterSetName') as nchar_character_set_name, json_extract_path_text(detail.Properties, 'NetworkType') as network_type, - json_extract_path_text(detail.Properties, 'DedicatedLogVolume') as dedicated_log_volume, - json_extract_path_text(detail.Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, - json_extract_path_text(detail.Properties, 'DomainIAMRoleName') as domain_iam_role_name, - json_extract_path_text(detail.Properties, 'ReplicaMode') as replica_mode, - json_extract_path_text(detail.Properties, 'LicenseModel') as license_model, - json_extract_path_text(detail.Properties, 'DomainDnsIps') as domain_dns_ips, + json_extract_path_text(detail.Properties, 'OptionGroupName') as option_group_name, + json_extract_path_text(detail.Properties, 'PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, + json_extract_path_text(detail.Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + json_extract_path_text(detail.Properties, 'Port') as port, + json_extract_path_text(detail.Properties, 'PreferredBackupWindow') as preferred_backup_window, json_extract_path_text(detail.Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, - json_extract_path_text(detail.Properties, 'Iops') as iops, + json_extract_path_text(detail.Properties, 'ProcessorFeatures') as processor_features, + json_extract_path_text(detail.Properties, 'PromotionTier') as promotion_tier, + json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(detail.Properties, 'ReplicaMode') as replica_mode, + json_extract_path_text(detail.Properties, 'RestoreTime') as restore_time, + json_extract_path_text(detail.Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, + json_extract_path_text(detail.Properties, 'SourceDbiResourceId') as source_dbi_resource_id, + json_extract_path_text(detail.Properties, 'SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, + json_extract_path_text(detail.Properties, 'SourceDBInstanceIdentifier') as source_db_instance_identifier, json_extract_path_text(detail.Properties, 'SourceRegion') as source_region, + json_extract_path_text(detail.Properties, 'StorageEncrypted') as storage_encrypted, + json_extract_path_text(detail.Properties, 'StorageType') as storage_type, + json_extract_path_text(detail.Properties, 'StorageThroughput') as storage_throughput, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'TdeCredentialArn') as tde_credential_arn, + json_extract_path_text(detail.Properties, 'TdeCredentialPassword') as tde_credential_password, + json_extract_path_text(detail.Properties, 'Timezone') as timezone, + json_extract_path_text(detail.Properties, 'UseDefaultProcessorFeatures') as use_default_processor_features, json_extract_path_text(detail.Properties, 'UseLatestRestorableTime') as use_latest_restorable_time, - json_extract_path_text(detail.Properties, 'CACertificateIdentifier') as ca_certificate_identifier, - json_extract_path_text(detail.Properties, 'ManageMasterUserPassword') as manage_master_user_password, - json_extract_path_text(detail.Properties, 'SourceDbiResourceId') as source_dbi_resource_id, - json_extract_path_text(detail.Properties, 'DomainAuthSecretArn') as domain_auth_secret_arn, - json_extract_path_text(detail.Properties, 'AutomaticBackupReplicationRegion') as automatic_backup_replication_region, - json_extract_path_text(detail.Properties, 'VPCSecurityGroups') as vpc_security_groups, - json_extract_path_text(detail.Properties, 'AllowMajorVersionUpgrade') as allow_major_version_upgrade, - json_extract_path_text(detail.Properties, 'DBName') as db_name, - json_extract_path_text(detail.Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, - json_extract_path_text(detail.Properties, 'BackupRetentionPeriod') as backup_retention_period, - json_extract_path_text(detail.Properties, 'CustomIAMInstanceProfile') as custom_iam_instance_profile, - json_extract_path_text(detail.Properties, 'DBSnapshotIdentifier') as db_snapshot_identifier, - json_extract_path_text(detail.Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, - json_extract_path_text(detail.Properties, 'UseDefaultProcessorFeatures') as use_default_processor_features + json_extract_path_text(detail.Properties, 'VPCSecurityGroups') as vpc_security_groups FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -6018,85 +7122,87 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.StorageEncrypted') as storage_encrypted, - JSON_EXTRACT(detail.Properties, '$.Timezone') as timezone, - JSON_EXTRACT(detail.Properties, '$.DBSystemId') as db_system_id, + JSON_EXTRACT(detail.Properties, '$.AllocatedStorage') as allocated_storage, + JSON_EXTRACT(detail.Properties, '$.AllowMajorVersionUpgrade') as allow_major_version_upgrade, + JSON_EXTRACT(detail.Properties, '$.AssociatedRoles') as associated_roles, + JSON_EXTRACT(detail.Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + JSON_EXTRACT(detail.Properties, '$.AutomaticBackupReplicationRegion') as automatic_backup_replication_region, + JSON_EXTRACT(detail.Properties, '$.AutomaticBackupReplicationKmsKeyId') as automatic_backup_replication_kms_key_id, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZone') as availability_zone, + JSON_EXTRACT(detail.Properties, '$.BackupRetentionPeriod') as backup_retention_period, + JSON_EXTRACT(detail.Properties, '$.CACertificateIdentifier') as ca_certificate_identifier, JSON_EXTRACT(detail.Properties, '$.CertificateDetails') as certificate_details, - JSON_EXTRACT(detail.Properties, '$.Port') as port, + JSON_EXTRACT(detail.Properties, '$.CertificateRotationRestart') as certificate_rotation_restart, + JSON_EXTRACT(detail.Properties, '$.CharacterSetName') as character_set_name, + JSON_EXTRACT(detail.Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, + JSON_EXTRACT(detail.Properties, '$.CustomIAMInstanceProfile') as custom_iam_instance_profile, + JSON_EXTRACT(detail.Properties, '$.DatabaseInsightsMode') as database_insights_mode, JSON_EXTRACT(detail.Properties, '$.DBClusterIdentifier') as db_cluster_identifier, - JSON_EXTRACT(detail.Properties, '$.StorageThroughput') as storage_throughput, + JSON_EXTRACT(detail.Properties, '$.DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, + JSON_EXTRACT(detail.Properties, '$.DBInstanceArn') as db_instance_arn, + JSON_EXTRACT(detail.Properties, '$.DBInstanceClass') as db_instance_class, + JSON_EXTRACT(detail.Properties, '$.DBInstanceIdentifier') as db_instance_identifier, JSON_EXTRACT(detail.Properties, '$.DbiResourceId') as dbi_resource_id, - JSON_EXTRACT(detail.Properties, '$.MonitoringInterval') as monitoring_interval, + JSON_EXTRACT(detail.Properties, '$.DBName') as db_name, JSON_EXTRACT(detail.Properties, '$.DBParameterGroupName') as db_parameter_group_name, - JSON_EXTRACT(detail.Properties, '$.DBInstanceArn') as db_instance_arn, + JSON_EXTRACT(detail.Properties, '$.DBSecurityGroups') as db_security_groups, + JSON_EXTRACT(detail.Properties, '$.DBSnapshotIdentifier') as db_snapshot_identifier, + JSON_EXTRACT(detail.Properties, '$.DBSubnetGroupName') as db_subnet_group_name, + JSON_EXTRACT(detail.Properties, '$.DBSystemId') as db_system_id, + JSON_EXTRACT(detail.Properties, '$.DedicatedLogVolume') as dedicated_log_volume, + JSON_EXTRACT(detail.Properties, '$.DeleteAutomatedBackups') as delete_automated_backups, + JSON_EXTRACT(detail.Properties, '$.DeletionProtection') as deletion_protection, + JSON_EXTRACT(detail.Properties, '$.Domain') as domain, + JSON_EXTRACT(detail.Properties, '$.DomainAuthSecretArn') as domain_auth_secret_arn, + JSON_EXTRACT(detail.Properties, '$.DomainDnsIps') as domain_dns_ips, + JSON_EXTRACT(detail.Properties, '$.DomainFqdn') as domain_fqdn, + JSON_EXTRACT(detail.Properties, '$.DomainIAMRoleName') as domain_iam_role_name, + JSON_EXTRACT(detail.Properties, '$.DomainOu') as domain_ou, + JSON_EXTRACT(detail.Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, + JSON_EXTRACT(detail.Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + JSON_EXTRACT(detail.Properties, '$.EnablePerformanceInsights') as enable_performance_insights, JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, - JSON_EXTRACT(detail.Properties, '$.TdeCredentialArn') as tde_credential_arn, - JSON_EXTRACT(detail.Properties, '$.AutomaticBackupReplicationKmsKeyId') as automatic_backup_replication_kms_key_id, - JSON_EXTRACT(detail.Properties, '$.MultiAZ') as multi_az, JSON_EXTRACT(detail.Properties, '$.Engine') as engine, - JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, - JSON_EXTRACT(detail.Properties, '$.TdeCredentialPassword') as tde_credential_password, - JSON_EXTRACT(detail.Properties, '$.SourceDBInstanceIdentifier') as source_db_instance_identifier, + JSON_EXTRACT(detail.Properties, '$.EngineLifecycleSupport') as engine_lifecycle_support, JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, - JSON_EXTRACT(detail.Properties, '$.StorageType') as storage_type, + JSON_EXTRACT(detail.Properties, '$.ManageMasterUserPassword') as manage_master_user_password, + JSON_EXTRACT(detail.Properties, '$.Iops') as iops, JSON_EXTRACT(detail.Properties, '$.KmsKeyId') as kms_key_id, - JSON_EXTRACT(detail.Properties, '$.DBInstanceClass') as db_instance_class, - JSON_EXTRACT(detail.Properties, '$.DeleteAutomatedBackups') as delete_automated_backups, - JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, - JSON_EXTRACT(detail.Properties, '$.AvailabilityZone') as availability_zone, - JSON_EXTRACT(detail.Properties, '$.OptionGroupName') as option_group_name, - JSON_EXTRACT(detail.Properties, '$.EnablePerformanceInsights') as enable_performance_insights, - JSON_EXTRACT(detail.Properties, '$.AutoMinorVersionUpgrade') as auto_minor_version_upgrade, - JSON_EXTRACT(detail.Properties, '$.DBSubnetGroupName') as db_subnet_group_name, - JSON_EXTRACT(detail.Properties, '$.DeletionProtection') as deletion_protection, - JSON_EXTRACT(detail.Properties, '$.DBInstanceIdentifier') as db_instance_identifier, - JSON_EXTRACT(detail.Properties, '$.AllocatedStorage') as allocated_storage, + JSON_EXTRACT(detail.Properties, '$.LicenseModel') as license_model, + JSON_EXTRACT(detail.Properties, '$.MasterUsername') as master_username, JSON_EXTRACT(detail.Properties, '$.MasterUserPassword') as master_user_password, JSON_EXTRACT(detail.Properties, '$.MasterUserSecret') as master_user_secret, - JSON_EXTRACT(detail.Properties, '$.NcharCharacterSetName') as nchar_character_set_name, - JSON_EXTRACT(detail.Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, - JSON_EXTRACT(detail.Properties, '$.DBSecurityGroups') as db_security_groups, - JSON_EXTRACT(detail.Properties, '$.MasterUsername') as master_username, JSON_EXTRACT(detail.Properties, '$.MaxAllocatedStorage') as max_allocated_storage, - JSON_EXTRACT(detail.Properties, '$.PromotionTier') as promotion_tier, - JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, - JSON_EXTRACT(detail.Properties, '$.Domain') as domain, - JSON_EXTRACT(detail.Properties, '$.DomainFqdn') as domain_fqdn, - JSON_EXTRACT(detail.Properties, '$.CharacterSetName') as character_set_name, + JSON_EXTRACT(detail.Properties, '$.MonitoringInterval') as monitoring_interval, JSON_EXTRACT(detail.Properties, '$.MonitoringRoleArn') as monitoring_role_arn, - JSON_EXTRACT(detail.Properties, '$.AssociatedRoles') as associated_roles, - JSON_EXTRACT(detail.Properties, '$.DomainOu') as domain_ou, - JSON_EXTRACT(detail.Properties, '$.DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, - JSON_EXTRACT(detail.Properties, '$.SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, - JSON_EXTRACT(detail.Properties, '$.ProcessorFeatures') as processor_features, - JSON_EXTRACT(detail.Properties, '$.PreferredBackupWindow') as preferred_backup_window, - JSON_EXTRACT(detail.Properties, '$.RestoreTime') as restore_time, - JSON_EXTRACT(detail.Properties, '$.CertificateRotationRestart') as certificate_rotation_restart, + JSON_EXTRACT(detail.Properties, '$.MultiAZ') as multi_az, + JSON_EXTRACT(detail.Properties, '$.NcharCharacterSetName') as nchar_character_set_name, JSON_EXTRACT(detail.Properties, '$.NetworkType') as network_type, - JSON_EXTRACT(detail.Properties, '$.DedicatedLogVolume') as dedicated_log_volume, - JSON_EXTRACT(detail.Properties, '$.CopyTagsToSnapshot') as copy_tags_to_snapshot, - JSON_EXTRACT(detail.Properties, '$.DomainIAMRoleName') as domain_iam_role_name, - JSON_EXTRACT(detail.Properties, '$.ReplicaMode') as replica_mode, - JSON_EXTRACT(detail.Properties, '$.LicenseModel') as license_model, - JSON_EXTRACT(detail.Properties, '$.DomainDnsIps') as domain_dns_ips, + JSON_EXTRACT(detail.Properties, '$.OptionGroupName') as option_group_name, + JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, + JSON_EXTRACT(detail.Properties, '$.PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + JSON_EXTRACT(detail.Properties, '$.Port') as port, + JSON_EXTRACT(detail.Properties, '$.PreferredBackupWindow') as preferred_backup_window, JSON_EXTRACT(detail.Properties, '$.PreferredMaintenanceWindow') as preferred_maintenance_window, - JSON_EXTRACT(detail.Properties, '$.Iops') as iops, + JSON_EXTRACT(detail.Properties, '$.ProcessorFeatures') as processor_features, + JSON_EXTRACT(detail.Properties, '$.PromotionTier') as promotion_tier, + JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(detail.Properties, '$.ReplicaMode') as replica_mode, + JSON_EXTRACT(detail.Properties, '$.RestoreTime') as restore_time, + JSON_EXTRACT(detail.Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, + JSON_EXTRACT(detail.Properties, '$.SourceDbiResourceId') as source_dbi_resource_id, + JSON_EXTRACT(detail.Properties, '$.SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, + JSON_EXTRACT(detail.Properties, '$.SourceDBInstanceIdentifier') as source_db_instance_identifier, JSON_EXTRACT(detail.Properties, '$.SourceRegion') as source_region, + JSON_EXTRACT(detail.Properties, '$.StorageEncrypted') as storage_encrypted, + JSON_EXTRACT(detail.Properties, '$.StorageType') as storage_type, + JSON_EXTRACT(detail.Properties, '$.StorageThroughput') as storage_throughput, + JSON_EXTRACT(detail.Properties, '$.TdeCredentialArn') as tde_credential_arn, + JSON_EXTRACT(detail.Properties, '$.TdeCredentialPassword') as tde_credential_password, + JSON_EXTRACT(detail.Properties, '$.Timezone') as timezone, + JSON_EXTRACT(detail.Properties, '$.UseDefaultProcessorFeatures') as use_default_processor_features, JSON_EXTRACT(detail.Properties, '$.UseLatestRestorableTime') as use_latest_restorable_time, - JSON_EXTRACT(detail.Properties, '$.CACertificateIdentifier') as ca_certificate_identifier, - JSON_EXTRACT(detail.Properties, '$.ManageMasterUserPassword') as manage_master_user_password, - JSON_EXTRACT(detail.Properties, '$.SourceDbiResourceId') as source_dbi_resource_id, - JSON_EXTRACT(detail.Properties, '$.DomainAuthSecretArn') as domain_auth_secret_arn, - JSON_EXTRACT(detail.Properties, '$.AutomaticBackupReplicationRegion') as automatic_backup_replication_region, - JSON_EXTRACT(detail.Properties, '$.VPCSecurityGroups') as vpc_security_groups, - JSON_EXTRACT(detail.Properties, '$.AllowMajorVersionUpgrade') as allow_major_version_upgrade, - JSON_EXTRACT(detail.Properties, '$.DBName') as db_name, - JSON_EXTRACT(detail.Properties, '$.EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, - JSON_EXTRACT(detail.Properties, '$.BackupRetentionPeriod') as backup_retention_period, - JSON_EXTRACT(detail.Properties, '$.CustomIAMInstanceProfile') as custom_iam_instance_profile, - JSON_EXTRACT(detail.Properties, '$.DBSnapshotIdentifier') as db_snapshot_identifier, - JSON_EXTRACT(detail.Properties, '$.EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, - JSON_EXTRACT(detail.Properties, '$.UseDefaultProcessorFeatures') as use_default_processor_features + JSON_EXTRACT(detail.Properties, '$.VPCSecurityGroups') as vpc_security_groups FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -6112,85 +7218,87 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'StorageEncrypted') as storage_encrypted, - json_extract_path_text(detail.Properties, 'Timezone') as timezone, - json_extract_path_text(detail.Properties, 'DBSystemId') as db_system_id, + json_extract_path_text(detail.Properties, 'AllocatedStorage') as allocated_storage, + json_extract_path_text(detail.Properties, 'AllowMajorVersionUpgrade') as allow_major_version_upgrade, + json_extract_path_text(detail.Properties, 'AssociatedRoles') as associated_roles, + json_extract_path_text(detail.Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, + json_extract_path_text(detail.Properties, 'AutomaticBackupReplicationRegion') as automatic_backup_replication_region, + json_extract_path_text(detail.Properties, 'AutomaticBackupReplicationKmsKeyId') as automatic_backup_replication_kms_key_id, + json_extract_path_text(detail.Properties, 'AvailabilityZone') as availability_zone, + json_extract_path_text(detail.Properties, 'BackupRetentionPeriod') as backup_retention_period, + json_extract_path_text(detail.Properties, 'CACertificateIdentifier') as ca_certificate_identifier, json_extract_path_text(detail.Properties, 'CertificateDetails') as certificate_details, - json_extract_path_text(detail.Properties, 'Port') as port, + json_extract_path_text(detail.Properties, 'CertificateRotationRestart') as certificate_rotation_restart, + json_extract_path_text(detail.Properties, 'CharacterSetName') as character_set_name, + json_extract_path_text(detail.Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, + json_extract_path_text(detail.Properties, 'CustomIAMInstanceProfile') as custom_iam_instance_profile, + json_extract_path_text(detail.Properties, 'DatabaseInsightsMode') as database_insights_mode, json_extract_path_text(detail.Properties, 'DBClusterIdentifier') as db_cluster_identifier, - json_extract_path_text(detail.Properties, 'StorageThroughput') as storage_throughput, + json_extract_path_text(detail.Properties, 'DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, + json_extract_path_text(detail.Properties, 'DBInstanceArn') as db_instance_arn, + json_extract_path_text(detail.Properties, 'DBInstanceClass') as db_instance_class, + json_extract_path_text(detail.Properties, 'DBInstanceIdentifier') as db_instance_identifier, json_extract_path_text(detail.Properties, 'DbiResourceId') as dbi_resource_id, - json_extract_path_text(detail.Properties, 'MonitoringInterval') as monitoring_interval, + json_extract_path_text(detail.Properties, 'DBName') as db_name, json_extract_path_text(detail.Properties, 'DBParameterGroupName') as db_parameter_group_name, - json_extract_path_text(detail.Properties, 'DBInstanceArn') as db_instance_arn, + json_extract_path_text(detail.Properties, 'DBSecurityGroups') as db_security_groups, + json_extract_path_text(detail.Properties, 'DBSnapshotIdentifier') as db_snapshot_identifier, + json_extract_path_text(detail.Properties, 'DBSubnetGroupName') as db_subnet_group_name, + json_extract_path_text(detail.Properties, 'DBSystemId') as db_system_id, + json_extract_path_text(detail.Properties, 'DedicatedLogVolume') as dedicated_log_volume, + json_extract_path_text(detail.Properties, 'DeleteAutomatedBackups') as delete_automated_backups, + json_extract_path_text(detail.Properties, 'DeletionProtection') as deletion_protection, + json_extract_path_text(detail.Properties, 'Domain') as domain, + json_extract_path_text(detail.Properties, 'DomainAuthSecretArn') as domain_auth_secret_arn, + json_extract_path_text(detail.Properties, 'DomainDnsIps') as domain_dns_ips, + json_extract_path_text(detail.Properties, 'DomainFqdn') as domain_fqdn, + json_extract_path_text(detail.Properties, 'DomainIAMRoleName') as domain_iam_role_name, + json_extract_path_text(detail.Properties, 'DomainOu') as domain_ou, + json_extract_path_text(detail.Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, + json_extract_path_text(detail.Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, + json_extract_path_text(detail.Properties, 'EnablePerformanceInsights') as enable_performance_insights, json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, - json_extract_path_text(detail.Properties, 'TdeCredentialArn') as tde_credential_arn, - json_extract_path_text(detail.Properties, 'AutomaticBackupReplicationKmsKeyId') as automatic_backup_replication_kms_key_id, - json_extract_path_text(detail.Properties, 'MultiAZ') as multi_az, json_extract_path_text(detail.Properties, 'Engine') as engine, - json_extract_path_text(detail.Properties, 'PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, - json_extract_path_text(detail.Properties, 'TdeCredentialPassword') as tde_credential_password, - json_extract_path_text(detail.Properties, 'SourceDBInstanceIdentifier') as source_db_instance_identifier, + json_extract_path_text(detail.Properties, 'EngineLifecycleSupport') as engine_lifecycle_support, json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, - json_extract_path_text(detail.Properties, 'StorageType') as storage_type, + json_extract_path_text(detail.Properties, 'ManageMasterUserPassword') as manage_master_user_password, + json_extract_path_text(detail.Properties, 'Iops') as iops, json_extract_path_text(detail.Properties, 'KmsKeyId') as kms_key_id, - json_extract_path_text(detail.Properties, 'DBInstanceClass') as db_instance_class, - json_extract_path_text(detail.Properties, 'DeleteAutomatedBackups') as delete_automated_backups, - json_extract_path_text(detail.Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, - json_extract_path_text(detail.Properties, 'AvailabilityZone') as availability_zone, - json_extract_path_text(detail.Properties, 'OptionGroupName') as option_group_name, - json_extract_path_text(detail.Properties, 'EnablePerformanceInsights') as enable_performance_insights, - json_extract_path_text(detail.Properties, 'AutoMinorVersionUpgrade') as auto_minor_version_upgrade, - json_extract_path_text(detail.Properties, 'DBSubnetGroupName') as db_subnet_group_name, - json_extract_path_text(detail.Properties, 'DeletionProtection') as deletion_protection, - json_extract_path_text(detail.Properties, 'DBInstanceIdentifier') as db_instance_identifier, - json_extract_path_text(detail.Properties, 'AllocatedStorage') as allocated_storage, + json_extract_path_text(detail.Properties, 'LicenseModel') as license_model, + json_extract_path_text(detail.Properties, 'MasterUsername') as master_username, json_extract_path_text(detail.Properties, 'MasterUserPassword') as master_user_password, json_extract_path_text(detail.Properties, 'MasterUserSecret') as master_user_secret, - json_extract_path_text(detail.Properties, 'NcharCharacterSetName') as nchar_character_set_name, - json_extract_path_text(detail.Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, - json_extract_path_text(detail.Properties, 'DBSecurityGroups') as db_security_groups, - json_extract_path_text(detail.Properties, 'MasterUsername') as master_username, json_extract_path_text(detail.Properties, 'MaxAllocatedStorage') as max_allocated_storage, - json_extract_path_text(detail.Properties, 'PromotionTier') as promotion_tier, - json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, - json_extract_path_text(detail.Properties, 'Domain') as domain, - json_extract_path_text(detail.Properties, 'DomainFqdn') as domain_fqdn, - json_extract_path_text(detail.Properties, 'CharacterSetName') as character_set_name, + json_extract_path_text(detail.Properties, 'MonitoringInterval') as monitoring_interval, json_extract_path_text(detail.Properties, 'MonitoringRoleArn') as monitoring_role_arn, - json_extract_path_text(detail.Properties, 'AssociatedRoles') as associated_roles, - json_extract_path_text(detail.Properties, 'DomainOu') as domain_ou, - json_extract_path_text(detail.Properties, 'DBClusterSnapshotIdentifier') as db_cluster_snapshot_identifier, - json_extract_path_text(detail.Properties, 'SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, - json_extract_path_text(detail.Properties, 'ProcessorFeatures') as processor_features, - json_extract_path_text(detail.Properties, 'PreferredBackupWindow') as preferred_backup_window, - json_extract_path_text(detail.Properties, 'RestoreTime') as restore_time, - json_extract_path_text(detail.Properties, 'CertificateRotationRestart') as certificate_rotation_restart, + json_extract_path_text(detail.Properties, 'MultiAZ') as multi_az, + json_extract_path_text(detail.Properties, 'NcharCharacterSetName') as nchar_character_set_name, json_extract_path_text(detail.Properties, 'NetworkType') as network_type, - json_extract_path_text(detail.Properties, 'DedicatedLogVolume') as dedicated_log_volume, - json_extract_path_text(detail.Properties, 'CopyTagsToSnapshot') as copy_tags_to_snapshot, - json_extract_path_text(detail.Properties, 'DomainIAMRoleName') as domain_iam_role_name, - json_extract_path_text(detail.Properties, 'ReplicaMode') as replica_mode, - json_extract_path_text(detail.Properties, 'LicenseModel') as license_model, - json_extract_path_text(detail.Properties, 'DomainDnsIps') as domain_dns_ips, + json_extract_path_text(detail.Properties, 'OptionGroupName') as option_group_name, + json_extract_path_text(detail.Properties, 'PerformanceInsightsKMSKeyId') as performance_insights_kms_key_id, + json_extract_path_text(detail.Properties, 'PerformanceInsightsRetentionPeriod') as performance_insights_retention_period, + json_extract_path_text(detail.Properties, 'Port') as port, + json_extract_path_text(detail.Properties, 'PreferredBackupWindow') as preferred_backup_window, json_extract_path_text(detail.Properties, 'PreferredMaintenanceWindow') as preferred_maintenance_window, - json_extract_path_text(detail.Properties, 'Iops') as iops, - json_extract_path_text(detail.Properties, 'SourceRegion') as source_region, - json_extract_path_text(detail.Properties, 'UseLatestRestorableTime') as use_latest_restorable_time, - json_extract_path_text(detail.Properties, 'CACertificateIdentifier') as ca_certificate_identifier, - json_extract_path_text(detail.Properties, 'ManageMasterUserPassword') as manage_master_user_password, + json_extract_path_text(detail.Properties, 'ProcessorFeatures') as processor_features, + json_extract_path_text(detail.Properties, 'PromotionTier') as promotion_tier, + json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(detail.Properties, 'ReplicaMode') as replica_mode, + json_extract_path_text(detail.Properties, 'RestoreTime') as restore_time, + json_extract_path_text(detail.Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, json_extract_path_text(detail.Properties, 'SourceDbiResourceId') as source_dbi_resource_id, - json_extract_path_text(detail.Properties, 'DomainAuthSecretArn') as domain_auth_secret_arn, - json_extract_path_text(detail.Properties, 'AutomaticBackupReplicationRegion') as automatic_backup_replication_region, - json_extract_path_text(detail.Properties, 'VPCSecurityGroups') as vpc_security_groups, - json_extract_path_text(detail.Properties, 'AllowMajorVersionUpgrade') as allow_major_version_upgrade, - json_extract_path_text(detail.Properties, 'DBName') as db_name, - json_extract_path_text(detail.Properties, 'EnableIAMDatabaseAuthentication') as enable_iam_database_authentication, - json_extract_path_text(detail.Properties, 'BackupRetentionPeriod') as backup_retention_period, - json_extract_path_text(detail.Properties, 'CustomIAMInstanceProfile') as custom_iam_instance_profile, - json_extract_path_text(detail.Properties, 'DBSnapshotIdentifier') as db_snapshot_identifier, - json_extract_path_text(detail.Properties, 'EnableCloudwatchLogsExports') as enable_cloudwatch_logs_exports, - json_extract_path_text(detail.Properties, 'UseDefaultProcessorFeatures') as use_default_processor_features + json_extract_path_text(detail.Properties, 'SourceDBInstanceAutomatedBackupsArn') as source_db_instance_automated_backups_arn, + json_extract_path_text(detail.Properties, 'SourceDBInstanceIdentifier') as source_db_instance_identifier, + json_extract_path_text(detail.Properties, 'SourceRegion') as source_region, + json_extract_path_text(detail.Properties, 'StorageEncrypted') as storage_encrypted, + json_extract_path_text(detail.Properties, 'StorageType') as storage_type, + json_extract_path_text(detail.Properties, 'StorageThroughput') as storage_throughput, + json_extract_path_text(detail.Properties, 'TdeCredentialArn') as tde_credential_arn, + json_extract_path_text(detail.Properties, 'TdeCredentialPassword') as tde_credential_password, + json_extract_path_text(detail.Properties, 'Timezone') as timezone, + json_extract_path_text(detail.Properties, 'UseDefaultProcessorFeatures') as use_default_processor_features, + json_extract_path_text(detail.Properties, 'UseLatestRestorableTime') as use_latest_restorable_time, + json_extract_path_text(detail.Properties, 'VPCSecurityGroups') as vpc_security_groups FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -7034,6 +8142,231 @@ components: json_extract_path_text(Properties, 'TargetGroupArn') as target_group_arn FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBProxyTargetGroup' AND region = 'us-east-1' + db_shard_groups: + name: db_shard_groups + id: aws.rds.db_shard_groups + x-cfn-schema-name: DBShardGroup + x-cfn-type-name: AWS::RDS::DBShardGroup + x-identifiers: + - DBShardGroupIdentifier + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DBShardGroup&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::RDS::DBShardGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::RDS::DBShardGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::RDS::DBShardGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/db_shard_groups/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/db_shard_groups/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/db_shard_groups/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DBShardGroupResourceId') as db_shard_group_resource_id, + JSON_EXTRACT(Properties, '$.DBShardGroupIdentifier') as db_shard_group_identifier, + JSON_EXTRACT(Properties, '$.DBClusterIdentifier') as db_cluster_identifier, + JSON_EXTRACT(Properties, '$.ComputeRedundancy') as compute_redundancy, + JSON_EXTRACT(Properties, '$.MaxACU') as max_ac_u, + JSON_EXTRACT(Properties, '$.MinACU') as min_ac_u, + JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBShardGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.DBShardGroupResourceId') as db_shard_group_resource_id, + JSON_EXTRACT(detail.Properties, '$.DBShardGroupIdentifier') as db_shard_group_identifier, + JSON_EXTRACT(detail.Properties, '$.DBClusterIdentifier') as db_cluster_identifier, + JSON_EXTRACT(detail.Properties, '$.ComputeRedundancy') as compute_redundancy, + JSON_EXTRACT(detail.Properties, '$.MaxACU') as max_ac_u, + JSON_EXTRACT(detail.Properties, '$.MinACU') as min_ac_u, + JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::RDS::DBShardGroup' + AND detail.data__TypeName = 'AWS::RDS::DBShardGroup' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DBShardGroupResourceId') as db_shard_group_resource_id, + json_extract_path_text(Properties, 'DBShardGroupIdentifier') as db_shard_group_identifier, + json_extract_path_text(Properties, 'DBClusterIdentifier') as db_cluster_identifier, + json_extract_path_text(Properties, 'ComputeRedundancy') as compute_redundancy, + json_extract_path_text(Properties, 'MaxACU') as max_ac_u, + json_extract_path_text(Properties, 'MinACU') as min_ac_u, + json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(Properties, 'Endpoint') as endpoint, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::DBShardGroup' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'DBShardGroupResourceId') as db_shard_group_resource_id, + json_extract_path_text(detail.Properties, 'DBShardGroupIdentifier') as db_shard_group_identifier, + json_extract_path_text(detail.Properties, 'DBClusterIdentifier') as db_cluster_identifier, + json_extract_path_text(detail.Properties, 'ComputeRedundancy') as compute_redundancy, + json_extract_path_text(detail.Properties, 'MaxACU') as max_ac_u, + json_extract_path_text(detail.Properties, 'MinACU') as min_ac_u, + json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(detail.Properties, 'Endpoint') as endpoint, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::RDS::DBShardGroup' + AND detail.data__TypeName = 'AWS::RDS::DBShardGroup' + AND listing.region = 'us-east-1' + db_shard_groups_list_only: + name: db_shard_groups_list_only + id: aws.rds.db_shard_groups_list_only + x-cfn-schema-name: DBShardGroup + x-cfn-type-name: AWS::RDS::DBShardGroup + x-identifiers: + - DBShardGroupIdentifier + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DBShardGroupIdentifier') as db_shard_group_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBShardGroup' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DBShardGroupIdentifier') as db_shard_group_identifier + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::DBShardGroup' + AND region = 'us-east-1' + db_shard_group_tags: + name: db_shard_group_tags + id: aws.rds.db_shard_group_tags + x-cfn-schema-name: DBShardGroup + x-cfn-type-name: AWS::RDS::DBShardGroup + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.DBShardGroupResourceId') as db_shard_group_resource_id, + JSON_EXTRACT(detail.Properties, '$.DBShardGroupIdentifier') as db_shard_group_identifier, + JSON_EXTRACT(detail.Properties, '$.DBClusterIdentifier') as db_cluster_identifier, + JSON_EXTRACT(detail.Properties, '$.ComputeRedundancy') as compute_redundancy, + JSON_EXTRACT(detail.Properties, '$.MaxACU') as max_ac_u, + JSON_EXTRACT(detail.Properties, '$.MinACU') as min_ac_u, + JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, + JSON_EXTRACT(detail.Properties, '$.Endpoint') as endpoint + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::RDS::DBShardGroup' + AND detail.data__TypeName = 'AWS::RDS::DBShardGroup' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'DBShardGroupResourceId') as db_shard_group_resource_id, + json_extract_path_text(detail.Properties, 'DBShardGroupIdentifier') as db_shard_group_identifier, + json_extract_path_text(detail.Properties, 'DBClusterIdentifier') as db_cluster_identifier, + json_extract_path_text(detail.Properties, 'ComputeRedundancy') as compute_redundancy, + json_extract_path_text(detail.Properties, 'MaxACU') as max_ac_u, + json_extract_path_text(detail.Properties, 'MinACU') as min_ac_u, + json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, + json_extract_path_text(detail.Properties, 'Endpoint') as endpoint + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::RDS::DBShardGroup' + AND detail.data__TypeName = 'AWS::RDS::DBShardGroup' + AND listing.region = 'us-east-1' db_subnet_groups: name: db_subnet_groups id: aws.rds.db_subnet_groups @@ -7506,11 +8839,14 @@ components: region, data__Identifier, JSON_EXTRACT(Properties, '$.Engine') as engine, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.EngineLifecycleSupport') as engine_lifecycle_support, JSON_EXTRACT(Properties, '$.EngineVersion') as engine_version, JSON_EXTRACT(Properties, '$.DeletionProtection') as deletion_protection, JSON_EXTRACT(Properties, '$.GlobalClusterIdentifier') as global_cluster_identifier, JSON_EXTRACT(Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, - JSON_EXTRACT(Properties, '$.StorageEncrypted') as storage_encrypted + JSON_EXTRACT(Properties, '$.StorageEncrypted') as storage_encrypted, + JSON_EXTRACT(Properties, '$.GlobalEndpoint') as global_endpoint FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::GlobalCluster' AND data__Identifier = '' AND region = 'us-east-1' @@ -7520,11 +8856,14 @@ components: SELECT detail.region, JSON_EXTRACT(detail.Properties, '$.Engine') as engine, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.EngineLifecycleSupport') as engine_lifecycle_support, JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, JSON_EXTRACT(detail.Properties, '$.DeletionProtection') as deletion_protection, JSON_EXTRACT(detail.Properties, '$.GlobalClusterIdentifier') as global_cluster_identifier, JSON_EXTRACT(detail.Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, - JSON_EXTRACT(detail.Properties, '$.StorageEncrypted') as storage_encrypted + JSON_EXTRACT(detail.Properties, '$.StorageEncrypted') as storage_encrypted, + JSON_EXTRACT(detail.Properties, '$.GlobalEndpoint') as global_endpoint FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -7539,11 +8878,14 @@ components: region, data__Identifier, json_extract_path_text(Properties, 'Engine') as engine, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'EngineLifecycleSupport') as engine_lifecycle_support, json_extract_path_text(Properties, 'EngineVersion') as engine_version, json_extract_path_text(Properties, 'DeletionProtection') as deletion_protection, json_extract_path_text(Properties, 'GlobalClusterIdentifier') as global_cluster_identifier, json_extract_path_text(Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, - json_extract_path_text(Properties, 'StorageEncrypted') as storage_encrypted + json_extract_path_text(Properties, 'StorageEncrypted') as storage_encrypted, + json_extract_path_text(Properties, 'GlobalEndpoint') as global_endpoint FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RDS::GlobalCluster' AND data__Identifier = '' AND region = 'us-east-1' @@ -7553,11 +8895,14 @@ components: SELECT detail.region, json_extract_path_text(detail.Properties, 'Engine') as engine, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'EngineLifecycleSupport') as engine_lifecycle_support, json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, json_extract_path_text(detail.Properties, 'DeletionProtection') as deletion_protection, json_extract_path_text(detail.Properties, 'GlobalClusterIdentifier') as global_cluster_identifier, json_extract_path_text(detail.Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, - json_extract_path_text(detail.Properties, 'StorageEncrypted') as storage_encrypted + json_extract_path_text(detail.Properties, 'StorageEncrypted') as storage_encrypted, + json_extract_path_text(detail.Properties, 'GlobalEndpoint') as global_endpoint FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -7596,6 +8941,65 @@ components: json_extract_path_text(Properties, 'GlobalClusterIdentifier') as global_cluster_identifier FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::RDS::GlobalCluster' AND region = 'us-east-1' + global_cluster_tags: + name: global_cluster_tags + id: aws.rds.global_cluster_tags + x-cfn-schema-name: GlobalCluster + x-cfn-type-name: AWS::RDS::GlobalCluster + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Engine') as engine, + JSON_EXTRACT(detail.Properties, '$.EngineLifecycleSupport') as engine_lifecycle_support, + JSON_EXTRACT(detail.Properties, '$.EngineVersion') as engine_version, + JSON_EXTRACT(detail.Properties, '$.DeletionProtection') as deletion_protection, + JSON_EXTRACT(detail.Properties, '$.GlobalClusterIdentifier') as global_cluster_identifier, + JSON_EXTRACT(detail.Properties, '$.SourceDBClusterIdentifier') as source_db_cluster_identifier, + JSON_EXTRACT(detail.Properties, '$.StorageEncrypted') as storage_encrypted, + JSON_EXTRACT(detail.Properties, '$.GlobalEndpoint') as global_endpoint + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::RDS::GlobalCluster' + AND detail.data__TypeName = 'AWS::RDS::GlobalCluster' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Engine') as engine, + json_extract_path_text(detail.Properties, 'EngineLifecycleSupport') as engine_lifecycle_support, + json_extract_path_text(detail.Properties, 'EngineVersion') as engine_version, + json_extract_path_text(detail.Properties, 'DeletionProtection') as deletion_protection, + json_extract_path_text(detail.Properties, 'GlobalClusterIdentifier') as global_cluster_identifier, + json_extract_path_text(detail.Properties, 'SourceDBClusterIdentifier') as source_db_cluster_identifier, + json_extract_path_text(detail.Properties, 'StorageEncrypted') as storage_encrypted, + json_extract_path_text(detail.Properties, 'GlobalEndpoint') as global_endpoint + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::RDS::GlobalCluster' + AND detail.data__TypeName = 'AWS::RDS::GlobalCluster' + AND listing.region = 'us-east-1' integrations: name: integrations id: aws.rds.integrations @@ -8513,6 +9917,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__DBShardGroup&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDBShardGroup + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDBShardGroupRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__DBSubnetGroup&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/redshift.yaml b/providers/src/aws/v00.00.00000/services/redshift.yaml index db4fea0e..7a98fbf6 100644 --- a/providers/src/aws/v00.00.00000/services/redshift.yaml +++ b/providers/src/aws/v00.00.00000/services/redshift.yaml @@ -404,24 +404,31 @@ components: type: string S3KeyPrefix: type: string + LogDestinationType: + type: string + LogExports: + maxItems: 3 + x-insertionOrder: false + type: array + items: + type: string Tag: description: A key-value pair to associate with a resource. - additionalProperties: false type: object + additionalProperties: false properties: - Value: - minLength: 0 - description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' - type: string - maxLength: 256 Key: - minLength: 1 - description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' type: string + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 1 maxLength: 128 + Value: + type: string + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ' + minLength: 0 + maxLength: 256 required: - Key - - Value Cluster: type: object properties: @@ -1413,6 +1420,114 @@ components: - redshift:DeleteEventSubscription - redshift:DescribeTags - redshift:DeleteTags + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + EncryptionContextMap: + type: object + x-patternProperties: + ^[\s\S]*$: + type: string + maxLength: 131072 + minLength: 0 + description: An optional set of non-secret key–value pairs that contains additional contextual information about the data. + additionalProperties: false + Integration: + type: object + properties: + IntegrationArn: + type: string + description: The Amazon Resource Name (ARN) of the integration. + IntegrationName: + description: The name of the integration. + type: string + minLength: 1 + maxLength: 64 + SourceArn: + type: string + description: The Amazon Resource Name (ARN) of the database to use as the source for replication + TargetArn: + type: string + description: The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + CreateTime: + type: string + description: The time (UTC) when the integration was created. + KMSKeyId: + type: string + description: An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + AdditionalEncryptionContext: + $ref: '#/components/schemas/EncryptionContextMap' + required: + - SourceArn + - TargetArn + x-stackql-resource-name: integration + description: Integration from a source AWS service to a Redshift cluster + x-type-name: AWS::Redshift::Integration + x-stackql-primary-identifier: + - IntegrationArn + x-create-only-properties: + - SourceArn + - TargetArn + - KMSKeyId + - AdditionalEncryptionContext + x-read-only-properties: + - IntegrationArn + - CreateTime + x-required-properties: + - SourceArn + - TargetArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - redshift:CreateTags + - redshift:DeleteTags + - redshift:DescribeTags + x-required-permissions: + create: + - redshift:CreateIntegration + - redshift:DescribeIntegrations + - redshift:CreateTags + - redshift:DescribeTags + - redshift:DescribeClusters + - redshift:CreateInboundIntegration + - redshift-serverless:ListNamespaces + - kms:CreateGrant + - kms:DescribeKey + read: + - redshift:DescribeIntegrations + - redshift:DescribeTags + update: + - redshift:DescribeIntegrations + - redshift:ModifyIntegration + - redshift:CreateTags + - redshift:DeleteTags + - redshift:DescribeClusters + - redshift:DescribeTags + - redshift-serverless:ListNamespaces + delete: + - redshift:DeleteTags + - redshift:DeleteIntegration + - redshift:DescribeIntegrations + list: + - redshift:DescribeTags + - redshift:DescribeIntegrations ScheduledActionType: oneOf: - additionalProperties: false @@ -2125,6 +2240,53 @@ components: x-title: CreateEventSubscriptionRequest type: object required: [] + CreateIntegrationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + IntegrationArn: + type: string + description: The Amazon Resource Name (ARN) of the integration. + IntegrationName: + description: The name of the integration. + type: string + minLength: 1 + maxLength: 64 + SourceArn: + type: string + description: The Amazon Resource Name (ARN) of the database to use as the source for replication + TargetArn: + type: string + description: The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication + Tags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to this resource. + items: + $ref: '#/components/schemas/Tag' + CreateTime: + type: string + description: The time (UTC) when the integration was created. + KMSKeyId: + type: string + description: An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + AdditionalEncryptionContext: + $ref: '#/components/schemas/EncryptionContextMap' + x-stackQL-stringOnly: true + x-title: CreateIntegrationRequest + type: object + required: [] CreateScheduledActionRequest: properties: ClientToken: @@ -3694,6 +3856,225 @@ components: WHERE listing.data__TypeName = 'AWS::Redshift::EventSubscription' AND detail.data__TypeName = 'AWS::Redshift::EventSubscription' AND listing.region = 'us-east-1' + integrations: + name: integrations + id: aws.redshift.integrations + x-cfn-schema-name: Integration + x-cfn-type-name: AWS::Redshift::Integration + x-identifiers: + - IntegrationArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Integration&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Redshift::Integration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Redshift::Integration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Redshift::Integration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/integrations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/integrations/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/integrations/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IntegrationArn') as integration_arn, + JSON_EXTRACT(Properties, '$.IntegrationName') as integration_name, + JSON_EXTRACT(Properties, '$.SourceArn') as source_arn, + JSON_EXTRACT(Properties, '$.TargetArn') as target_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreateTime') as create_time, + JSON_EXTRACT(Properties, '$.KMSKeyId') as kms_key_id, + JSON_EXTRACT(Properties, '$.AdditionalEncryptionContext') as additional_encryption_context + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::Integration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.IntegrationArn') as integration_arn, + JSON_EXTRACT(detail.Properties, '$.IntegrationName') as integration_name, + JSON_EXTRACT(detail.Properties, '$.SourceArn') as source_arn, + JSON_EXTRACT(detail.Properties, '$.TargetArn') as target_arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.CreateTime') as create_time, + JSON_EXTRACT(detail.Properties, '$.KMSKeyId') as kms_key_id, + JSON_EXTRACT(detail.Properties, '$.AdditionalEncryptionContext') as additional_encryption_context + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Redshift::Integration' + AND detail.data__TypeName = 'AWS::Redshift::Integration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IntegrationArn') as integration_arn, + json_extract_path_text(Properties, 'IntegrationName') as integration_name, + json_extract_path_text(Properties, 'SourceArn') as source_arn, + json_extract_path_text(Properties, 'TargetArn') as target_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreateTime') as create_time, + json_extract_path_text(Properties, 'KMSKeyId') as kms_key_id, + json_extract_path_text(Properties, 'AdditionalEncryptionContext') as additional_encryption_context + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Redshift::Integration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'IntegrationArn') as integration_arn, + json_extract_path_text(detail.Properties, 'IntegrationName') as integration_name, + json_extract_path_text(detail.Properties, 'SourceArn') as source_arn, + json_extract_path_text(detail.Properties, 'TargetArn') as target_arn, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'CreateTime') as create_time, + json_extract_path_text(detail.Properties, 'KMSKeyId') as kms_key_id, + json_extract_path_text(detail.Properties, 'AdditionalEncryptionContext') as additional_encryption_context + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Redshift::Integration' + AND detail.data__TypeName = 'AWS::Redshift::Integration' + AND listing.region = 'us-east-1' + integrations_list_only: + name: integrations_list_only + id: aws.redshift.integrations_list_only + x-cfn-schema-name: Integration + x-cfn-type-name: AWS::Redshift::Integration + x-identifiers: + - IntegrationArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.IntegrationArn') as integration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::Integration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'IntegrationArn') as integration_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Redshift::Integration' + AND region = 'us-east-1' + integration_tags: + name: integration_tags + id: aws.redshift.integration_tags + x-cfn-schema-name: Integration + x-cfn-type-name: AWS::Redshift::Integration + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.IntegrationArn') as integration_arn, + JSON_EXTRACT(detail.Properties, '$.IntegrationName') as integration_name, + JSON_EXTRACT(detail.Properties, '$.SourceArn') as source_arn, + JSON_EXTRACT(detail.Properties, '$.TargetArn') as target_arn, + JSON_EXTRACT(detail.Properties, '$.CreateTime') as create_time, + JSON_EXTRACT(detail.Properties, '$.KMSKeyId') as kms_key_id, + JSON_EXTRACT(detail.Properties, '$.AdditionalEncryptionContext') as additional_encryption_context + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Redshift::Integration' + AND detail.data__TypeName = 'AWS::Redshift::Integration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'IntegrationArn') as integration_arn, + json_extract_path_text(detail.Properties, 'IntegrationName') as integration_name, + json_extract_path_text(detail.Properties, 'SourceArn') as source_arn, + json_extract_path_text(detail.Properties, 'TargetArn') as target_arn, + json_extract_path_text(detail.Properties, 'CreateTime') as create_time, + json_extract_path_text(detail.Properties, 'KMSKeyId') as kms_key_id, + json_extract_path_text(detail.Properties, 'AdditionalEncryptionContext') as additional_encryption_context + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Redshift::Integration' + AND detail.data__TypeName = 'AWS::Redshift::Integration' + AND listing.region = 'us-east-1' scheduled_actions: name: scheduled_actions id: aws.redshift.scheduled_actions @@ -4259,6 +4640,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Integration&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateIntegration + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateIntegrationRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__ScheduledAction&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/redshiftserverless.yaml b/providers/src/aws/v00.00.00000/services/redshiftserverless.yaml index 59387712..b4b59cf8 100644 --- a/providers/src/aws/v00.00.00000/services/redshiftserverless.yaml +++ b/providers/src/aws/v00.00.00000/services/redshiftserverless.yaml @@ -490,9 +490,6 @@ components: - AdminUserPassword - FinalSnapshotName - FinalSnapshotRetentionPeriod - - Tags - - Tags/*/Key - - Tags/*/Value - ManageAdminPassword - RedshiftIdcApplicationArn x-read-only-properties: @@ -511,9 +508,18 @@ components: x-required-properties: - NamespaceName x-tagging: - taggable: false + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - redshift-serverless:ListTagsForResource + - redshift-serverless:TagResource + - redshift-serverless:UntagResource x-required-permissions: create: + - iam:CreateServiceLinkedRole - iam:PassRole - kms:TagResource - kms:UntagResource @@ -532,6 +538,8 @@ components: - redshift-serverless:GetNamespace - redshift-serverless:ListSnapshotCopyConfigurations - redshift-serverless:CreateSnapshotCopyConfiguration + - redshift-serverless:ListTagsForResource + - redshift-serverless:TagResource - redshift:GetResourcePolicy - redshift:PutResourcePolicy - secretsmanager:CreateSecret @@ -541,6 +549,7 @@ components: read: - iam:PassRole - redshift-serverless:GetNamespace + - redshift-serverless:ListTagsForResource - redshift:GetResourcePolicy - redshift-serverless:ListSnapshotCopyConfigurations update: @@ -564,6 +573,9 @@ components: - redshift-serverless:CreateSnapshotCopyConfiguration - redshift-serverless:UpdateSnapshotCopyConfiguration - redshift-serverless:DeleteSnapshotCopyConfiguration + - redshift-serverless:ListTagsForResource + - redshift-serverless:TagResource + - redshift-serverless:UntagResource - redshift:GetResourcePolicy - redshift:PutResourcePolicy - redshift:DeleteResourcePolicy @@ -577,6 +589,8 @@ components: - iam:PassRole - redshift-serverless:DeleteNamespace - redshift-serverless:GetNamespace + - redshift-serverless:ListTagsForResource + - redshift-serverless:UntagResource - kms:RetireGrant - secretsmanager:DescribeSecret - secretsmanager:DeleteSecret @@ -584,6 +598,7 @@ components: list: - iam:PassRole - redshift-serverless:ListNamespaces + - redshift-serverless:ListTagsForResource NamespaceStatus: type: string enum: @@ -654,6 +669,16 @@ components: AvailabilityZone: type: string additionalProperties: false + PerformanceTarget: + type: object + properties: + Status: + $ref: '#/components/schemas/PerformanceTargetStatus' + Level: + type: integer + minimum: 1 + maximum: 100 + additionalProperties: false VpcEndpoint: type: object properties: @@ -729,6 +754,10 @@ components: Port: description: The custom port to use when connecting to a workgroup. Valid port ranges are 5431-5455 and 8191-8215. The default is 5439. type: integer + PricePerformanceTarget: + description: A property that represents the price performance target settings for the workgroup. + type: object + $ref: '#/components/schemas/PerformanceTarget' Tags: description: The map of the key-value pairs used to tag the workgroup. type: array @@ -756,9 +785,6 @@ components: - ConfigParameters - SecurityGroupIds - SubnetIds - - Tags - - Tags/*/Key - - Tags/*/Value x-read-only-properties: - Workgroup - Workgroup/WorkgroupId @@ -787,6 +813,14 @@ components: - WorkgroupName x-tagging: taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - redshift-serverless:ListTagsForResource + - redshift-serverless:TagResource + - redshift-serverless:UntagResource x-required-permissions: create: - ec2:DescribeVpcAttribute @@ -800,6 +834,8 @@ components: - redshift-serverless:CreateWorkgroup - redshift-serverless:GetWorkgroup - redshift-serverless:GetNamespace + - redshift-serverless:ListTagsForResource + - redshift-serverless:TagResource read: - ec2:DescribeVpcAttribute - ec2:DescribeSecurityGroups @@ -809,6 +845,7 @@ components: - ec2:DescribeAccountAttributes - ec2:DescribeAvailabilityZones - redshift-serverless:GetWorkgroup + - redshift-serverless:ListTagsForResource update: - ec2:DescribeVpcAttribute - ec2:DescribeSecurityGroups @@ -822,6 +859,9 @@ components: - redshift-serverless:UntagResource - redshift-serverless:GetWorkgroup - redshift-serverless:UpdateWorkgroup + - redshift-serverless:ListTagsForResource + - redshift-serverless:TagResource + - redshift-serverless:UntagResource delete: - ec2:DescribeVpcAttribute - ec2:DescribeSecurityGroups @@ -833,6 +873,8 @@ components: - redshift-serverless:GetWorkgroup - redshift-serverless:GetNamespace - redshift-serverless:DeleteWorkgroup + - redshift-serverless:ListTagsForResource + - redshift-serverless:UntagResource list: - ec2:DescribeVpcAttribute - ec2:DescribeSecurityGroups @@ -842,6 +884,7 @@ components: - ec2:DescribeAccountAttributes - ec2:DescribeAvailabilityZones - redshift-serverless:ListWorkgroups + - redshift-serverless:ListTagsForResource WorkgroupStatus: type: string enum: @@ -849,6 +892,11 @@ components: - AVAILABLE - MODIFYING - DELETING + PerformanceTargetStatus: + type: string + enum: + - ENABLED + - DISABLED CreateNamespaceRequest: properties: ClientToken: @@ -1020,6 +1068,10 @@ components: Port: description: The custom port to use when connecting to a workgroup. Valid port ranges are 5431-5455 and 8191-8215. The default is 5439. type: integer + PricePerformanceTarget: + description: A property that represents the price performance target settings for the workgroup. + type: object + $ref: '#/components/schemas/PerformanceTarget' Tags: description: The map of the key-value pairs used to tag the workgroup. type: array @@ -1389,6 +1441,7 @@ components: JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, JSON_EXTRACT(Properties, '$.PubliclyAccessible') as publicly_accessible, JSON_EXTRACT(Properties, '$.Port') as port, + JSON_EXTRACT(Properties, '$.PricePerformanceTarget') as price_performance_target, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.Workgroup') as workgroup FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RedshiftServerless::Workgroup' @@ -1409,6 +1462,7 @@ components: JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, JSON_EXTRACT(detail.Properties, '$.Port') as port, + JSON_EXTRACT(detail.Properties, '$.PricePerformanceTarget') as price_performance_target, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.Workgroup') as workgroup FROM aws.cloud_control.resources listing @@ -1434,6 +1488,7 @@ components: json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, json_extract_path_text(Properties, 'PubliclyAccessible') as publicly_accessible, json_extract_path_text(Properties, 'Port') as port, + json_extract_path_text(Properties, 'PricePerformanceTarget') as price_performance_target, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'Workgroup') as workgroup FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RedshiftServerless::Workgroup' @@ -1454,6 +1509,7 @@ components: json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, json_extract_path_text(detail.Properties, 'Port') as port, + json_extract_path_text(detail.Properties, 'PricePerformanceTarget') as price_performance_target, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'Workgroup') as workgroup FROM aws.cloud_control.resources listing @@ -1524,6 +1580,7 @@ components: JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, JSON_EXTRACT(detail.Properties, '$.PubliclyAccessible') as publicly_accessible, JSON_EXTRACT(detail.Properties, '$.Port') as port, + JSON_EXTRACT(detail.Properties, '$.PricePerformanceTarget') as price_performance_target, JSON_EXTRACT(detail.Properties, '$.Workgroup') as workgroup FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -1550,6 +1607,7 @@ components: json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, json_extract_path_text(detail.Properties, 'PubliclyAccessible') as publicly_accessible, json_extract_path_text(detail.Properties, 'Port') as port, + json_extract_path_text(detail.Properties, 'PricePerformanceTarget') as price_performance_target, json_extract_path_text(detail.Properties, 'Workgroup') as workgroup FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail diff --git a/providers/src/aws/v00.00.00000/services/refactorspaces.yaml b/providers/src/aws/v00.00.00000/services/refactorspaces.yaml index 0c9e0140..0ed0f7e5 100644 --- a/providers/src/aws/v00.00.00000/services/refactorspaces.yaml +++ b/providers/src/aws/v00.00.00000/services/refactorspaces.yaml @@ -545,10 +545,6 @@ components: - apigateway:POST - apigateway:PUT - apigateway:UpdateRestApiPolicy - - apigateway:Update* - - apigateway:Delete* - - apigateway:Get* - - apigateway:Put* - elasticloadbalancing:CreateLoadBalancer - elasticloadbalancing:DescribeLoadBalancers - elasticloadbalancing:DescribeTags @@ -570,10 +566,10 @@ components: - ec2:DeleteTags - ec2:RevokeSecurityGroupIngress - elasticloadbalancing:DeleteLoadBalancer - - apigateway:Update* - - apigateway:Delete* - - apigateway:Get* - - apigateway:Put* + - apigateway:DELETE + - apigateway:GET + - apigateway:PUT + - apigateway:UpdateRestApiPolicy list: - refactor-spaces:ListApplications - refactor-spaces:ListTagsForResource @@ -618,9 +614,6 @@ components: items: $ref: '#/components/schemas/Tag' description: Metadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair. - required: - - Name - - NetworkFabricType x-stackql-resource-name: environment description: Definition of AWS::RefactorSpaces::Environment Resource Type x-type-name: AWS::RefactorSpaces::Environment @@ -638,10 +631,16 @@ components: - EnvironmentIdentifier - Arn - TransitGatewayId - x-required-properties: - - Name - - NetworkFabricType - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - refactor-spaces:TagResource + - refactor-spaces:ListTagsForResource + - refactor-spaces:UntagResource x-required-permissions: create: - refactor-spaces:CreateEnvironment @@ -674,6 +673,10 @@ components: read: - refactor-spaces:GetEnvironment - refactor-spaces:ListTagsForResource + update: + - refactor-spaces:GetEnvironment + - refactor-spaces:TagResource + - refactor-spaces:UntagResource delete: - refactor-spaces:GetEnvironment - refactor-spaces:DeleteEnvironment @@ -1031,7 +1034,7 @@ components: - ec2:CreateRoute - lambda:GetFunctionConfiguration read: - - refactor-spacess:GetService + - refactor-spaces:GetService - refactor-spaces:ListTagsForResource delete: - refactor-spaces:DeleteService @@ -1580,6 +1583,18 @@ components: response: mediaType: application/json openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::RefactorSpaces::Environment" + } + response: + mediaType: application/json + openAPIDocKey: '200' delete_resource: operation: $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' @@ -1597,7 +1612,8 @@ components: - $ref: '#/components/x-stackQL-resources/environments/methods/create_resource' delete: - $ref: '#/components/x-stackQL-resources/environments/methods/delete_resource' - update: [] + update: + - $ref: '#/components/x-stackQL-resources/environments/methods/update_resource' config: views: select: diff --git a/providers/src/aws/v00.00.00000/services/rekognition.yaml b/providers/src/aws/v00.00.00000/services/rekognition.yaml index aea5764d..0914ff15 100644 --- a/providers/src/aws/v00.00.00000/services/rekognition.yaml +++ b/providers/src/aws/v00.00.00000/services/rekognition.yaml @@ -443,7 +443,16 @@ components: - Arn x-required-properties: - CollectionId - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - rekognition:ListTagsForResource + - rekognition:TagResource + - rekognition:UntagResource x-required-permissions: create: - rekognition:CreateCollection @@ -743,7 +752,16 @@ components: - RoleArn - KinesisVideoStream x-replacement-strategy: delete_then_create - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + permissions: + - rekognition:TagResource + - rekognition:UntagResource + - rekognition:ListTagsForResource x-required-permissions: create: - rekognition:CreateStreamProcessor diff --git a/providers/src/aws/v00.00.00000/services/resiliencehub.yaml b/providers/src/aws/v00.00.00000/services/resiliencehub.yaml index a8b8bebf..2baa0278 100644 --- a/providers/src/aws/v00.00.00000/services/resiliencehub.yaml +++ b/providers/src/aws/v00.00.00000/services/resiliencehub.yaml @@ -505,6 +505,10 @@ components: type: string description: Amazon Resource Name (ARN) of the Resiliency Policy. pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + RegulatoryPolicyArn: + type: string + description: Amazon Resource Name (ARN) of the Regulatory Policy. + pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ Tags: $ref: '#/components/schemas/TagMap' AppTemplateBody: @@ -566,6 +570,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - resiliencehub:TagResource + - resiliencehub:ListTagsForResource + - resiliencehub:UntagResource x-required-permissions: create: - cloudformation:DescribeStacks @@ -587,12 +595,23 @@ components: - sns:GetTopicAttributes - route53:List* - iam:PassRole - - resiliencehub:* + - resiliencehub:CreateApp + - resiliencehub:DescribeApp + - resiliencehub:DescribeAppVersionTemplate + - resiliencehub:PutDraftAppVersionTemplate + - resiliencehub:AddDraftAppVersionResourceMappings + - resiliencehub:ListAppVersionResourceMappings + - resiliencehub:ListAppVersions + - resiliencehub:PublishAppVersion + - resiliencehub:ListTagsForResource + - resiliencehub:TagResource + - resiliencehub:UntagResource read: - resiliencehub:DescribeApp - resiliencehub:DescribeAppVersionTemplate - resiliencehub:ListAppVersionResourceMappings - resiliencehub:ListTagsForResource + - resiliencehub:ListAppVersions update: - cloudformation:DescribeStacks - cloudformation:ListStackResources @@ -613,7 +632,18 @@ components: - sns:GetTopicAttributes - route53:List* - iam:PassRole - - resiliencehub:* + - resiliencehub:UpdateApp + - resiliencehub:DescribeApp + - resiliencehub:DescribeAppVersionTemplate + - resiliencehub:PutDraftAppVersionTemplate + - resiliencehub:AddDraftAppVersionResourceMappings + - resiliencehub:RemoveDraftAppVersionResourceMappings + - resiliencehub:ListAppVersionResourceMappings + - resiliencehub:ListAppVersions + - resiliencehub:PublishAppVersion + - resiliencehub:ListTagsForResource + - resiliencehub:TagResource + - resiliencehub:UntagResource delete: - resiliencehub:DeleteApp - resiliencehub:UntagResource @@ -706,6 +736,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - resiliencehub:TagResource + - resiliencehub:ListTagsForResource + - resiliencehub:UntagResource x-required-permissions: create: - resiliencehub:CreateResiliencyPolicy @@ -755,6 +789,10 @@ components: type: string description: Amazon Resource Name (ARN) of the Resiliency Policy. pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ + RegulatoryPolicyArn: + type: string + description: Amazon Resource Name (ARN) of the Regulatory Policy. + pattern: ^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$ Tags: $ref: '#/components/schemas/TagMap' AppTemplateBody: @@ -920,6 +958,7 @@ components: JSON_EXTRACT(Properties, '$.Description') as description, JSON_EXTRACT(Properties, '$.AppArn') as app_arn, JSON_EXTRACT(Properties, '$.ResiliencyPolicyArn') as resiliency_policy_arn, + JSON_EXTRACT(Properties, '$.RegulatoryPolicyArn') as regulatory_policy_arn, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.AppTemplateBody') as app_template_body, JSON_EXTRACT(Properties, '$.ResourceMappings') as resource_mappings, @@ -939,6 +978,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.AppArn') as app_arn, JSON_EXTRACT(detail.Properties, '$.ResiliencyPolicyArn') as resiliency_policy_arn, + JSON_EXTRACT(detail.Properties, '$.RegulatoryPolicyArn') as regulatory_policy_arn, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.AppTemplateBody') as app_template_body, JSON_EXTRACT(detail.Properties, '$.ResourceMappings') as resource_mappings, @@ -963,6 +1003,7 @@ components: json_extract_path_text(Properties, 'Description') as description, json_extract_path_text(Properties, 'AppArn') as app_arn, json_extract_path_text(Properties, 'ResiliencyPolicyArn') as resiliency_policy_arn, + json_extract_path_text(Properties, 'RegulatoryPolicyArn') as regulatory_policy_arn, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'AppTemplateBody') as app_template_body, json_extract_path_text(Properties, 'ResourceMappings') as resource_mappings, @@ -982,6 +1023,7 @@ components: json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'AppArn') as app_arn, json_extract_path_text(detail.Properties, 'ResiliencyPolicyArn') as resiliency_policy_arn, + json_extract_path_text(detail.Properties, 'RegulatoryPolicyArn') as regulatory_policy_arn, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'AppTemplateBody') as app_template_body, json_extract_path_text(detail.Properties, 'ResourceMappings') as resource_mappings, @@ -1051,6 +1093,7 @@ components: JSON_EXTRACT(detail.Properties, '$.Description') as description, JSON_EXTRACT(detail.Properties, '$.AppArn') as app_arn, JSON_EXTRACT(detail.Properties, '$.ResiliencyPolicyArn') as resiliency_policy_arn, + JSON_EXTRACT(detail.Properties, '$.RegulatoryPolicyArn') as regulatory_policy_arn, JSON_EXTRACT(detail.Properties, '$.AppTemplateBody') as app_template_body, JSON_EXTRACT(detail.Properties, '$.ResourceMappings') as resource_mappings, JSON_EXTRACT(detail.Properties, '$.AppAssessmentSchedule') as app_assessment_schedule, @@ -1076,6 +1119,7 @@ components: json_extract_path_text(detail.Properties, 'Description') as description, json_extract_path_text(detail.Properties, 'AppArn') as app_arn, json_extract_path_text(detail.Properties, 'ResiliencyPolicyArn') as resiliency_policy_arn, + json_extract_path_text(detail.Properties, 'RegulatoryPolicyArn') as regulatory_policy_arn, json_extract_path_text(detail.Properties, 'AppTemplateBody') as app_template_body, json_extract_path_text(detail.Properties, 'ResourceMappings') as resource_mappings, json_extract_path_text(detail.Properties, 'AppAssessmentSchedule') as app_assessment_schedule, diff --git a/providers/src/aws/v00.00.00000/services/resourceexplorer2.yaml b/providers/src/aws/v00.00.00000/services/resourceexplorer2.yaml index aa135671..05bc4fe7 100644 --- a/providers/src/aws/v00.00.00000/services/resourceexplorer2.yaml +++ b/providers/src/aws/v00.00.00000/services/resourceexplorer2.yaml @@ -467,6 +467,10 @@ components: cloudFormationSystemTags: false tagUpdatable: true tagProperty: /properties/Tags + permissions: + - resource-explorer-2:ListTagsForResource + - resource-explorer-2:TagResource + - resource-explorer-2:UntagResource x-required-permissions: create: - resource-explorer-2:CreateIndex @@ -547,6 +551,10 @@ components: cloudFormationSystemTags: false tagUpdatable: true tagProperty: /properties/Tags + permissions: + - resource-explorer-2:ListTagsForResource + - resource-explorer-2:TagResource + - resource-explorer-2:UntagResource x-required-permissions: create: - resource-explorer-2:CreateView diff --git a/providers/src/aws/v00.00.00000/services/resourcegroups.yaml b/providers/src/aws/v00.00.00000/services/resourcegroups.yaml index 7c11e2d8..b0070057 100644 --- a/providers/src/aws/v00.00.00000/services/resourcegroups.yaml +++ b/providers/src/aws/v00.00.00000/services/resourcegroups.yaml @@ -498,6 +498,9 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - resource-groups:Tag + - resource-groups:Untag x-required-permissions: create: - resource-groups:CreateGroup @@ -529,6 +532,99 @@ components: - resource-groups:UnGroupResources list: - resource-groups:ListGroups + TagSyncTask: + type: object + properties: + Group: + description: The Amazon resource name (ARN) or name of the application group for which you want to create a tag-sync task + type: string + maxLength: 1600 + minLength: 12 + pattern: ([a-zA-Z0-9_\\.-]{1,150}/[a-z0-9]{26})|(arn:aws(-[a-z]+)*:resource-groups(-(test|beta|gamma))?:[a-z]{2}(-[a-z]+)+-\d{1}:[0-9]{12}:group/[a-zA-Z0-9_\\.-]{1,150}/[a-z0-9]{26}) + GroupArn: + description: The Amazon resource name (ARN) of the ApplicationGroup for which the TagSyncTask is created + type: string + maxLength: 1600 + minLength: 12 + pattern: arn:aws(-[a-z]+)*:resource-groups(-(test|beta|gamma))?:[a-z]{2}(-[a-z]+)+-\d{1}:[0-9]{12}:group/[a-zA-Z0-9_\.-]{1,150}/[a-z0-9]{26} + GroupName: + description: The Name of the application group for which the TagSyncTask is created + type: string + maxLength: 300 + minLength: 1 + pattern: '[a-zA-Z0-9_\.-]{1,150}/[a-z0-9]{26}' + TaskArn: + description: The ARN of the TagSyncTask resource + type: string + maxLength: 1600 + minLength: 12 + pattern: arn:aws(-[a-z]+)*:resource-groups(-(test|beta|gamma))?:[a-z]{2}(-[a-z]+)+-\d{1}:[0-9]{12}:group/[a-zA-Z0-9_\.-]{1,150}/[a-z0-9]{26}/tag-sync-task/[a-z0-9]{26} + TagKey: + description: The tag key. Resources tagged with this tag key-value pair will be added to the application. If a resource with this tag is later untagged, the tag-sync task removes the resource from the application. + type: string + maxLength: 128 + minLength: 1 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + TagValue: + description: The tag value. Resources tagged with this tag key-value pair will be added to the application. If a resource with this tag is later untagged, the tag-sync task removes the resource from the application. + type: string + maxLength: 256 + minLength: 0 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + RoleArn: + description: The Amazon resource name (ARN) of the role assumed by the service to tag and untag resources on your behalf. + type: string + maxLength: 2048 + minLength: 20 + pattern: arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+ + Status: + description: The status of the TagSyncTask + type: string + enum: + - ACTIVE + - ERROR + required: + - Group + - TagKey + - TagValue + - RoleArn + x-stackql-resource-name: tag_sync_task + description: Schema for ResourceGroups::TagSyncTask + x-type-name: AWS::ResourceGroups::TagSyncTask + x-stackql-primary-identifier: + - TaskArn + x-create-only-properties: + - Group + - TagKey + - TagValue + - RoleArn + x-read-only-properties: + - TaskArn + - Status + - GroupName + - GroupArn + x-required-properties: + - Group + - TagKey + - TagValue + - RoleArn + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - resource-groups:StartTagSyncTask + - resource-groups:CreateGroup + - iam:PassRole + read: + - resource-groups:GetTagSyncTask + delete: + - resource-groups:CancelTagSyncTask + - resource-groups:DeleteGroup + list: + - resource-groups:ListTagSyncTasks CreateGroupRequest: properties: ClientToken: @@ -569,6 +665,71 @@ components: x-title: CreateGroupRequest type: object required: [] + CreateTagSyncTaskRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Group: + description: The Amazon resource name (ARN) or name of the application group for which you want to create a tag-sync task + type: string + maxLength: 1600 + minLength: 12 + pattern: ([a-zA-Z0-9_\\.-]{1,150}/[a-z0-9]{26})|(arn:aws(-[a-z]+)*:resource-groups(-(test|beta|gamma))?:[a-z]{2}(-[a-z]+)+-\d{1}:[0-9]{12}:group/[a-zA-Z0-9_\\.-]{1,150}/[a-z0-9]{26}) + GroupArn: + description: The Amazon resource name (ARN) of the ApplicationGroup for which the TagSyncTask is created + type: string + maxLength: 1600 + minLength: 12 + pattern: arn:aws(-[a-z]+)*:resource-groups(-(test|beta|gamma))?:[a-z]{2}(-[a-z]+)+-\d{1}:[0-9]{12}:group/[a-zA-Z0-9_\.-]{1,150}/[a-z0-9]{26} + GroupName: + description: The Name of the application group for which the TagSyncTask is created + type: string + maxLength: 300 + minLength: 1 + pattern: '[a-zA-Z0-9_\.-]{1,150}/[a-z0-9]{26}' + TaskArn: + description: The ARN of the TagSyncTask resource + type: string + maxLength: 1600 + minLength: 12 + pattern: arn:aws(-[a-z]+)*:resource-groups(-(test|beta|gamma))?:[a-z]{2}(-[a-z]+)+-\d{1}:[0-9]{12}:group/[a-zA-Z0-9_\.-]{1,150}/[a-z0-9]{26}/tag-sync-task/[a-z0-9]{26} + TagKey: + description: The tag key. Resources tagged with this tag key-value pair will be added to the application. If a resource with this tag is later untagged, the tag-sync task removes the resource from the application. + type: string + maxLength: 128 + minLength: 1 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + TagValue: + description: The tag value. Resources tagged with this tag key-value pair will be added to the application. If a resource with this tag is later untagged, the tag-sync task removes the resource from the application. + type: string + maxLength: 256 + minLength: 0 + pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ + RoleArn: + description: The Amazon resource name (ARN) of the role assumed by the service to tag and untag resources on your behalf. + type: string + maxLength: 2048 + minLength: 20 + pattern: arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+ + Status: + description: The status of the TagSyncTask + type: string + enum: + - ACTIVE + - ERROR + x-stackQL-stringOnly: true + x-title: CreateTagSyncTaskRequest + type: object + required: [] securitySchemes: hmac: type: apiKey @@ -790,6 +951,155 @@ components: WHERE listing.data__TypeName = 'AWS::ResourceGroups::Group' AND detail.data__TypeName = 'AWS::ResourceGroups::Group' AND listing.region = 'us-east-1' + tag_sync_tasks: + name: tag_sync_tasks + id: aws.resourcegroups.tag_sync_tasks + x-cfn-schema-name: TagSyncTask + x-cfn-type-name: AWS::ResourceGroups::TagSyncTask + x-identifiers: + - TaskArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__TagSyncTask&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ResourceGroups::TagSyncTask" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::ResourceGroups::TagSyncTask" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/tag_sync_tasks/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/tag_sync_tasks/methods/delete_resource' + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Group') as group_id, + JSON_EXTRACT(Properties, '$.GroupArn') as group_arn, + JSON_EXTRACT(Properties, '$.GroupName') as group_name, + JSON_EXTRACT(Properties, '$.TaskArn') as task_arn, + JSON_EXTRACT(Properties, '$.TagKey') as tag_key, + JSON_EXTRACT(Properties, '$.TagValue') as tag_value, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResourceGroups::TagSyncTask' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Group') as group_id, + JSON_EXTRACT(detail.Properties, '$.GroupArn') as group_arn, + JSON_EXTRACT(detail.Properties, '$.GroupName') as group_name, + JSON_EXTRACT(detail.Properties, '$.TaskArn') as task_arn, + JSON_EXTRACT(detail.Properties, '$.TagKey') as tag_key, + JSON_EXTRACT(detail.Properties, '$.TagValue') as tag_value, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Status') as status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ResourceGroups::TagSyncTask' + AND detail.data__TypeName = 'AWS::ResourceGroups::TagSyncTask' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Group') as group_id, + json_extract_path_text(Properties, 'GroupArn') as group_arn, + json_extract_path_text(Properties, 'GroupName') as group_name, + json_extract_path_text(Properties, 'TaskArn') as task_arn, + json_extract_path_text(Properties, 'TagKey') as tag_key, + json_extract_path_text(Properties, 'TagValue') as tag_value, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Status') as status + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::ResourceGroups::TagSyncTask' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Group') as group_id, + json_extract_path_text(detail.Properties, 'GroupArn') as group_arn, + json_extract_path_text(detail.Properties, 'GroupName') as group_name, + json_extract_path_text(detail.Properties, 'TaskArn') as task_arn, + json_extract_path_text(detail.Properties, 'TagKey') as tag_key, + json_extract_path_text(detail.Properties, 'TagValue') as tag_value, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Status') as status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::ResourceGroups::TagSyncTask' + AND detail.data__TypeName = 'AWS::ResourceGroups::TagSyncTask' + AND listing.region = 'us-east-1' + tag_sync_tasks_list_only: + name: tag_sync_tasks_list_only + id: aws.resourcegroups.tag_sync_tasks_list_only + x-cfn-schema-name: TagSyncTask + x-cfn-type-name: AWS::ResourceGroups::TagSyncTask + x-identifiers: + - TaskArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TaskArn') as task_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ResourceGroups::TagSyncTask' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TaskArn') as task_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::ResourceGroups::TagSyncTask' + AND region = 'us-east-1' paths: /?Action=CreateResource&Version=2021-09-30: parameters: @@ -975,6 +1285,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__TagSyncTask&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateTagSyncTask + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateTagSyncTaskRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params diff --git a/providers/src/aws/v00.00.00000/services/rolesanywhere.yaml b/providers/src/aws/v00.00.00000/services/rolesanywhere.yaml index c5071e7a..de409707 100644 --- a/providers/src/aws/v00.00.00000/services/rolesanywhere.yaml +++ b/providers/src/aws/v00.00.00000/services/rolesanywhere.yaml @@ -440,6 +440,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - rolesanywhere:UntagResource + - rolesanywhere:TagResource + - rolesanywhere:ListTagsForResource x-required-permissions: create: - rolesanywhere:ImportCrl @@ -527,6 +531,8 @@ components: type: array items: $ref: '#/components/schemas/AttributeMapping' + AcceptRoleSessionName: + type: boolean required: - Name - RoleArns @@ -535,12 +541,26 @@ components: x-type-name: AWS::RolesAnywhere::Profile x-stackql-primary-identifier: - ProfileId + x-create-only-properties: + - RequireInstanceProperties + x-write-only-properties: + - RequireInstanceProperties x-read-only-properties: - ProfileId - ProfileArn x-required-properties: - Name - RoleArns + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - rolesanywhere:UntagResource + - rolesanywhere:TagResource + - rolesanywhere:ListTagsForResource x-required-permissions: create: - iam:GetRole @@ -677,6 +697,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - rolesanywhere:UntagResource + - rolesanywhere:TagResource + - rolesanywhere:ListTagsForResource x-required-permissions: create: - iam:CreateServiceLinkedRole @@ -787,6 +811,8 @@ components: type: array items: $ref: '#/components/schemas/AttributeMapping' + AcceptRoleSessionName: + type: boolean x-stackQL-stringOnly: true x-title: CreateProfileRequest type: object @@ -1120,7 +1146,8 @@ components: JSON_EXTRACT(Properties, '$.RoleArns') as role_arns, JSON_EXTRACT(Properties, '$.SessionPolicy') as session_policy, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.AttributeMappings') as attribute_mappings + JSON_EXTRACT(Properties, '$.AttributeMappings') as attribute_mappings, + JSON_EXTRACT(Properties, '$.AcceptRoleSessionName') as accept_role_session_name FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RolesAnywhere::Profile' AND data__Identifier = '' AND region = 'us-east-1' @@ -1139,7 +1166,8 @@ components: JSON_EXTRACT(detail.Properties, '$.RoleArns') as role_arns, JSON_EXTRACT(detail.Properties, '$.SessionPolicy') as session_policy, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.AttributeMappings') as attribute_mappings + JSON_EXTRACT(detail.Properties, '$.AttributeMappings') as attribute_mappings, + JSON_EXTRACT(detail.Properties, '$.AcceptRoleSessionName') as accept_role_session_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1163,7 +1191,8 @@ components: json_extract_path_text(Properties, 'RoleArns') as role_arns, json_extract_path_text(Properties, 'SessionPolicy') as session_policy, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'AttributeMappings') as attribute_mappings + json_extract_path_text(Properties, 'AttributeMappings') as attribute_mappings, + json_extract_path_text(Properties, 'AcceptRoleSessionName') as accept_role_session_name FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::RolesAnywhere::Profile' AND data__Identifier = '' AND region = 'us-east-1' @@ -1182,7 +1211,8 @@ components: json_extract_path_text(detail.Properties, 'RoleArns') as role_arns, json_extract_path_text(detail.Properties, 'SessionPolicy') as session_policy, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'AttributeMappings') as attribute_mappings + json_extract_path_text(detail.Properties, 'AttributeMappings') as attribute_mappings, + json_extract_path_text(detail.Properties, 'AcceptRoleSessionName') as accept_role_session_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1250,7 +1280,8 @@ components: JSON_EXTRACT(detail.Properties, '$.RequireInstanceProperties') as require_instance_properties, JSON_EXTRACT(detail.Properties, '$.RoleArns') as role_arns, JSON_EXTRACT(detail.Properties, '$.SessionPolicy') as session_policy, - JSON_EXTRACT(detail.Properties, '$.AttributeMappings') as attribute_mappings + JSON_EXTRACT(detail.Properties, '$.AttributeMappings') as attribute_mappings, + JSON_EXTRACT(detail.Properties, '$.AcceptRoleSessionName') as accept_role_session_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1275,7 +1306,8 @@ components: json_extract_path_text(detail.Properties, 'RequireInstanceProperties') as require_instance_properties, json_extract_path_text(detail.Properties, 'RoleArns') as role_arns, json_extract_path_text(detail.Properties, 'SessionPolicy') as session_policy, - json_extract_path_text(detail.Properties, 'AttributeMappings') as attribute_mappings + json_extract_path_text(detail.Properties, 'AttributeMappings') as attribute_mappings, + json_extract_path_text(detail.Properties, 'AcceptRoleSessionName') as accept_role_session_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/route53.yaml b/providers/src/aws/v00.00.00000/services/route53.yaml index c1a36b61..24e86984 100644 --- a/providers/src/aws/v00.00.00000/services/route53.yaml +++ b/providers/src/aws/v00.00.00000/services/route53.yaml @@ -925,6 +925,7 @@ components: delete: - route53:DeleteCidrCollection - route53:ChangeCidrCollection + - route53:ListCidrBlocks list: - route53:ListCidrCollections - route53:ListCidrBlocks @@ -1272,6 +1273,15 @@ components: x-read-only-properties: - Id - NameServers + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/HostedZoneTags + permissions: + - route53:ChangeTagsForResource + - route53:ListTagsForResource x-required-permissions: create: - route53:CreateHostedZone @@ -1286,7 +1296,9 @@ components: - route53:ListQueryLoggingConfigs update: - route53:GetChange + - route53:GetHostedZone - route53:ListTagsForResource + - route53:ListQueryLoggingConfigs - route53:UpdateHostedZoneComment - route53:ChangeTagsForResource - route53:AssociateVPCWithHostedZone @@ -1302,7 +1314,6 @@ components: list: - route53:GetHostedZone - route53:ListHostedZones - - route53:ListHostedZonesByName - route53:ListQueryLoggingConfigs - route53:ListTagsForResource KeySigningKey: diff --git a/providers/src/aws/v00.00.00000/services/route53profiles.yaml b/providers/src/aws/v00.00.00000/services/route53profiles.yaml index c0eb03db..54371e8e 100644 --- a/providers/src/aws/v00.00.00000/services/route53profiles.yaml +++ b/providers/src/aws/v00.00.00000/services/route53profiles.yaml @@ -437,8 +437,6 @@ components: - Id x-create-only-properties: - Name - x-write-only-properties: - - Tags x-read-only-properties: - Arn - Id @@ -451,6 +449,9 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - route53profiles:TagResource + - route53profiles:UntagResource x-required-permissions: create: - route53profiles:CreateProfile @@ -469,6 +470,7 @@ components: - route53profiles:DeleteProfile - route53profiles:GetProfile - route53profiles:UntagResource + - route53profiles:ListTagsForResource list: - route53profiles:ListProfiles - route53profiles:ListTagsForResource @@ -496,7 +498,7 @@ components: $ref: '#/components/schemas/Tag' Arn: type: string - description: The Amazon Resource Name (ARN) of the profile association. + description: The Amazon Resource Name (ARN) of the profile association. required: - ResourceId - ProfileId @@ -512,25 +514,29 @@ components: - ProfileId x-write-only-properties: - Arn - - Tags x-read-only-properties: - Id x-required-properties: - ResourceId - ProfileId - Name + x-replacement-strategy: delete_then_create x-tagging: taggable: true tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - route53profiles:TagResource + - route53profiles:UntagResource x-required-permissions: create: - route53profiles:AssociateProfile - route53profiles:GetProfileAssociation - ec2:DescribeVpcs - route53profiles:TagResource + - route53profiles:ListTagsForResource update: - route53profiles:GetProfileAssociation - route53profiles:TagResource @@ -543,6 +549,7 @@ components: - route53profiles:DisassociateProfile - route53profiles:GetProfileAssociation - route53profiles:UntagResource + - route53profiles:ListTagsForResource list: - route53profiles:ListProfileAssociations - route53profiles:ListTagsForResource @@ -587,6 +594,7 @@ components: - ProfileId - Name - ResourceArn + x-replacement-strategy: delete_then_create x-tagging: taggable: false tagOnCreate: false @@ -690,7 +698,7 @@ components: $ref: '#/components/schemas/Tag' Arn: type: string - description: The Amazon Resource Name (ARN) of the profile association. + description: The Amazon Resource Name (ARN) of the profile association. x-stackQL-stringOnly: true x-title: CreateProfileAssociationRequest type: object diff --git a/providers/src/aws/v00.00.00000/services/route53recoverycontrol.yaml b/providers/src/aws/v00.00.00000/services/route53recoverycontrol.yaml index 5aa24c78..08c4b510 100644 --- a/providers/src/aws/v00.00.00000/services/route53recoverycontrol.yaml +++ b/providers/src/aws/v00.00.00000/services/route53recoverycontrol.yaml @@ -424,6 +424,7 @@ components: type: string minLength: 1 maxLength: 2048 + pattern: ^[A-Za-z0-9:\/_-]*$ Status: description: 'Deployment status of a resource. Status can be one of the following: PENDING, DEPLOYED, PENDING_DELETION.' type: string @@ -454,15 +455,22 @@ components: x-create-only-properties: - Name - Tags - x-write-only-properties: - - Tags x-read-only-properties: - ClusterArn - ClusterEndpoints - Status x-required-properties: - Name - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + tagProperty: /properties/Tags + cloudFormationSystemTags: false + permissions: + - route53-recovery-control-config:TagResource + - route53-recovery-control-config:UntagResource + - route53-recovery-control-config:ListTagsForResource x-required-permissions: create: - route53-recovery-control-config:CreateCluster @@ -483,9 +491,11 @@ components: ClusterArn: description: Cluster to associate with the Control Panel type: string + pattern: ^[A-Za-z0-9:\/_-]*$ ControlPanelArn: description: The Amazon Resource Name (ARN) of the cluster. type: string + pattern: ^[A-Za-z0-9:\/_-]*$ Name: description: The name of the control panel. You can use any non-white space character in the name. type: string @@ -521,8 +531,6 @@ components: x-create-only-properties: - ClusterArn - Tags - x-write-only-properties: - - Tags x-read-only-properties: - ControlPanelArn - Status @@ -530,7 +538,16 @@ components: - DefaultControlPanel x-required-properties: - Name - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + permissions: + - route53-recovery-control-config:TagResource + - route53-recovery-control-config:UntagResource + - route53-recovery-control-config:ListTagsForResource x-required-permissions: create: - route53-recovery-control-config:CreateControlPanel @@ -558,9 +575,11 @@ components: RoutingControlArn: description: The Amazon Resource Name (ARN) of the routing control. type: string + pattern: ^[A-Za-z0-9:\/_-]*$ ControlPanelArn: description: The Amazon Resource Name (ARN) of the control panel. type: string + pattern: ^[A-Za-z0-9:\/_-]*$ Name: description: The name of the routing control. You can use any non-white space character in the name. type: string @@ -576,6 +595,7 @@ components: ClusterArn: description: Arn associated with Control Panel type: string + pattern: ^[A-Za-z0-9:\/_-]*$ required: - Name x-stackql-resource-name: routing_control @@ -593,6 +613,8 @@ components: - Status x-required-properties: - Name + x-tagging: + taggable: false x-required-permissions: create: - route53-recovery-control-config:CreateRoutingControl @@ -717,18 +739,27 @@ components: x-type-name: AWS::Route53RecoveryControl::SafetyRule x-stackql-primary-identifier: - SafetyRuleArn - x-create-only-properties: + x-conditional-create-only-properties: - ControlPanelArn - RuleConfig - - ControlPanelArn - - Tags - x-write-only-properties: - Tags + - AssertionRule/AssertedControls + - GatingRule/GatingControls + - GatingRule/TargetControls x-read-only-properties: - SafetyRuleArn - Status x-required-properties: [] - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + permissions: + - route53-recovery-control-config:TagResource + - route53-recovery-control-config:UntagResource + - route53-recovery-control-config:ListTagsForResource x-required-permissions: create: - route53-recovery-control-config:CreateSafetyRule @@ -774,6 +805,7 @@ components: type: string minLength: 1 maxLength: 2048 + pattern: ^[A-Za-z0-9:\/_-]*$ Status: description: 'Deployment status of a resource. Status can be one of the following: PENDING, DEPLOYED, PENDING_DELETION.' type: string @@ -814,9 +846,11 @@ components: ClusterArn: description: Cluster to associate with the Control Panel type: string + pattern: ^[A-Za-z0-9:\/_-]*$ ControlPanelArn: description: The Amazon Resource Name (ARN) of the cluster. type: string + pattern: ^[A-Za-z0-9:\/_-]*$ Name: description: The name of the control panel. You can use any non-white space character in the name. type: string @@ -862,9 +896,11 @@ components: RoutingControlArn: description: The Amazon Resource Name (ARN) of the routing control. type: string + pattern: ^[A-Za-z0-9:\/_-]*$ ControlPanelArn: description: The Amazon Resource Name (ARN) of the control panel. type: string + pattern: ^[A-Za-z0-9:\/_-]*$ Name: description: The name of the routing control. You can use any non-white space character in the name. type: string @@ -880,6 +916,7 @@ components: ClusterArn: description: Arn associated with Control Panel type: string + pattern: ^[A-Za-z0-9:\/_-]*$ x-stackQL-stringOnly: true x-title: CreateRoutingControlRequest type: object diff --git a/providers/src/aws/v00.00.00000/services/route53recoveryreadiness.yaml b/providers/src/aws/v00.00.00000/services/route53recoveryreadiness.yaml index e55098da..c1626e1c 100644 --- a/providers/src/aws/v00.00.00000/services/route53recoveryreadiness.yaml +++ b/providers/src/aws/v00.00.00000/services/route53recoveryreadiness.yaml @@ -439,7 +439,16 @@ components: x-read-only-properties: - CellArn - ParentReadinessScopes - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + permissions: + - route53-recovery-readiness:TagResource + - route53-recovery-readiness:UntagResource + - route53-recovery-readiness:ListTagsForResource x-required-permissions: create: - route53-recovery-readiness:CreateCell @@ -495,7 +504,16 @@ components: - ReadinessCheckName x-read-only-properties: - ReadinessCheckArn - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + permissions: + - route53-recovery-readiness:TagResource + - route53-recovery-readiness:UntagResource + - route53-recovery-readiness:ListTagsForResource x-required-permissions: create: - route53-recovery-readiness:CreateReadinessCheck @@ -557,7 +575,16 @@ components: - RecoveryGroupName x-read-only-properties: - RecoveryGroupArn - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + permissions: + - route53-recovery-readiness:TagResource + - route53-recovery-readiness:UntagResource + - route53-recovery-readiness:ListTagsForResource x-required-permissions: create: - route53-recovery-readiness:CreateRecoveryGroup @@ -700,7 +727,16 @@ components: x-required-properties: - ResourceSetType - Resources - x-taggable: true + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + permissions: + - route53-recovery-readiness:TagResource + - route53-recovery-readiness:UntagResource + - route53-recovery-readiness:ListTagsForResource x-required-permissions: create: - route53-recovery-readiness:CreateResourceSet diff --git a/providers/src/aws/v00.00.00000/services/route53resolver.yaml b/providers/src/aws/v00.00.00000/services/route53resolver.yaml index eb374184..6bb1d29f 100644 --- a/providers/src/aws/v00.00.00000/services/route53resolver.yaml +++ b/providers/src/aws/v00.00.00000/services/route53resolver.yaml @@ -395,19 +395,19 @@ components: minLength: 1 maxLength: 255 Tag: - type: object additionalProperties: false + type: object properties: - Key: - type: string - description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' - minLength: 1 - maxLength: 128 Value: - type: string - description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' minLength: 0 + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string maxLength: 256 + Key: + minLength: 1 + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.' + type: string + maxLength: 128 required: - Value - Key @@ -507,42 +507,35 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - route53resolver:TagResource + - route53resolver:UntagResource x-required-permissions: create: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:CreateFirewallDomainList + - route53resolver:GetFirewallDomainList + - route53resolver:ImportFirewallDomains + - route53resolver:UpdateFirewallDomains + - route53resolver:TagResource + - route53resolver:ListTagsForResource list: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:ListFirewallDomainLists + - route53resolver:ListTagsForResource read: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:GetFirewallDomainList + - route53resolver:ListTagsForResource delete: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:GetFirewallDomainList + - route53resolver:DeleteFirewallDomainList + - route53resolver:UntagResource + - route53resolver:ListTagsForResource update: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:GetFirewallDomainList + - route53resolver:ImportFirewallDomains + - route53resolver:UpdateFirewallDomains + - route53resolver:TagResource + - route53resolver:UntagResource + - route53resolver:ListTagsForResource FirewallRule: description: Firewall Rule associating the Rule Group to a Domain List type: object @@ -552,6 +545,11 @@ components: type: string minLength: 1 maxLength: 64 + FirewallThreatProtectionId: + description: ResourceId + type: string + minLength: 1 + maxLength: 64 Priority: description: Rule Priority type: integer @@ -589,6 +587,19 @@ components: type: string minLength: 1 maxLength: 16 + ConfidenceThreshold: + description: FirewallDomainRedirectionAction + type: string + enum: + - LOW + - MEDIUM + - HIGH + DnsThreatProtection: + description: FirewallDomainRedirectionAction + type: string + enum: + - DGA + - DNS_TUNNELING FirewallDomainRedirectionAction: description: FirewallDomainRedirectionAction type: string @@ -596,7 +607,6 @@ components: - INSPECT_REDIRECTION_DOMAIN - TRUST_REDIRECTION_DOMAIN required: - - FirewallDomainListId - Priority - Action additionalProperties: false @@ -692,48 +702,48 @@ components: - CreatorRequestId - CreationTime - ModificationTime + - FirewallRules/*/FirewallThreatProtectionId x-tagging: taggable: true tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - route53resolver:TagResource + - route53resolver:UntagResource x-required-permissions: create: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:CreateFirewallRuleGroup + - route53resolver:GetFirewallRuleGroup + - route53resolver:ListFirewallRules + - route53resolver:CreateFirewallRule + - route53resolver:DeleteFirewallRule + - route53resolver:TagResource + - route53resolver:ListTagsForResource read: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:GetFirewallRuleGroup + - route53resolver:ListFirewallRules + - route53resolver:ListTagsForResource list: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:ListFirewallRuleGroups + - route53resolver:ListTagsForResource delete: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:GetFirewallRuleGroup + - route53resolver:DeleteFirewallRuleGroup + - route53resolver:ListFirewallRules + - route53resolver:DeleteFirewallRule + - route53resolver:UntagResource + - route53resolver:ListTagsForResource update: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:GetFirewallRuleGroup + - route53resolver:ListFirewallRules + - route53resolver:CreateFirewallRule + - route53resolver:UpdateFirewallRule + - route53resolver:DeleteFirewallRule + - route53resolver:TagResource + - route53resolver:UntagResource + - route53resolver:ListTagsForResource FirewallRuleGroupAssociation: type: object properties: @@ -841,42 +851,33 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - route53resolver:TagResource + - route53resolver:UntagResource x-required-permissions: create: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:AssociateFirewallRuleGroup + - route53resolver:GetFirewallRuleGroupAssociation + - route53resolver:TagResource + - route53resolver:ListTagsForResource + - ec2:DescribeVpcs read: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:GetFirewallRuleGroupAssociation + - route53resolver:ListTagsForResource list: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:ListFirewallRuleGroupAssociations + - route53resolver:ListTagsForResource delete: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:DisassociateFirewallRuleGroup + - route53resolver:GetFirewallRuleGroupAssociation + - route53resolver:UntagResource + - route53resolver:ListTagsForResource update: - - route53resolver:* - - ec2:* - - logs:* - - iam:* - - lambda:* - - s3:* + - route53resolver:UpdateFirewallRuleGroupAssociation + - route53resolver:GetFirewallRuleGroupAssociation + - route53resolver:TagResource + - route53resolver:UntagResource + - route53resolver:ListTagsForResource OutpostResolver: type: object properties: @@ -975,12 +976,16 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - route53resolver:TagResource + - route53resolver:UntagResource x-required-permissions: create: - route53resolver:CreateOutpostResolver - route53resolver:GetOutpostResolver - route53resolver:ListTagsForResource - outposts:GetOutpost + - route53resolver:TagResource read: - route53resolver:GetOutpostResolver - route53resolver:ListTagsForResource @@ -1295,73 +1300,78 @@ components: - resolverquerylogging:ListConfigAssociations - route53resolver:ListResolverQueryLogConfigAssociations TargetAddress: - type: object additionalProperties: false + type: object properties: - Ip: + Ipv6: + description: 'One IPv6 address that you want to forward DNS queries to. You can specify only IPv6 addresses. ' type: string + Ip: description: 'One IP address that you want to forward DNS queries to. You can specify only IPv4 addresses. ' - Ipv6: type: string - description: 'One IPv6 address that you want to forward DNS queries to. You can specify only IPv6 addresses. ' Port: - type: string - description: 'The port at Ip that you want to forward DNS queries to. ' minLength: 0 + description: 'The port at Ip that you want to forward DNS queries to. ' + type: string maxLength: 65535 Protocol: - type: string description: 'The protocol that you want to use to forward DNS queries. ' + type: string enum: - Do53 - DoH + ServerNameIndication: + minLength: 0 + description: The SNI of the target name servers for DoH/DoH-FIPS outbound endpoints + type: string + maxLength: 255 ResolverRule: type: object properties: ResolverEndpointId: - type: string - description: The ID of the endpoint that the rule is associated with. minLength: 1 + description: The ID of the endpoint that the rule is associated with. + type: string maxLength: 64 DomainName: - type: string - description: DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps minLength: 1 - maxLength: 256 - Name: + description: DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps type: string - description: The name for the Resolver rule - minLength: 0 - maxLength: 64 + maxLength: 256 RuleType: - type: string description: When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD. When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM. + type: string enum: - FORWARD - SYSTEM - RECURSIVE + - DELEGATE + ResolverRuleId: + description: The ID of the endpoint that the rule is associated with. + type: string + Arn: + description: The Amazon Resource Name (ARN) of the resolver rule. + type: string Tags: - type: array - description: An array of key-value pairs to apply to this resource. uniqueItems: false + description: An array of key-value pairs to apply to this resource. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' TargetIps: - type: array - description: An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network. Specify IPv4 addresses. IPv6 is not supported. uniqueItems: false + description: An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network. Specify IPv4 addresses. IPv6 is not supported. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/TargetAddress' - Arn: - type: string - description: The Amazon Resource Name (ARN) of the resolver rule. - ResolverRuleId: + Name: + minLength: 0 + description: The name for the Resolver rule type: string - description: The ID of the endpoint that the rule is associated with. + maxLength: 64 required: - - DomainName - RuleType x-stackql-resource-name: resolver_rule description: Resource Type definition for AWS::Route53Resolver::ResolverRule @@ -1376,34 +1386,36 @@ components: - Arn - ResolverRuleId x-required-properties: - - DomainName - RuleType x-tagging: + permissions: + - route53resolver:TagResource + - route53resolver:UntagResource taggable: true tagOnCreate: true tagUpdatable: true - cloudFormationSystemTags: false tagProperty: /properties/Tags + cloudFormationSystemTags: false x-required-permissions: + read: + - route53resolver:GetResolverRule + - route53resolver:ListTagsForResource create: - route53resolver:CreateResolverRule - route53resolver:GetResolverRule - route53resolver:ListTagsForResource - route53resolver:TagResource - read: - - route53resolver:GetResolverRule - - route53resolver:ListTagsForResource update: - route53resolver:UpdateResolverRule - route53resolver:GetResolverRule - route53resolver:ListTagsForResource - route53resolver:TagResource - route53resolver:UntagResource + list: + - route53resolver:ListResolverRules delete: - route53resolver:DeleteResolverRule - route53resolver:GetResolverRule - list: - - route53resolver:ListResolverRules ResolverRuleAssociation: type: object properties: @@ -2022,47 +2034,48 @@ components: type: object properties: ResolverEndpointId: - type: string - description: The ID of the endpoint that the rule is associated with. minLength: 1 + description: The ID of the endpoint that the rule is associated with. + type: string maxLength: 64 DomainName: - type: string - description: DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps minLength: 1 - maxLength: 256 - Name: + description: DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps type: string - description: The name for the Resolver rule - minLength: 0 - maxLength: 64 + maxLength: 256 RuleType: - type: string description: When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD. When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM. + type: string enum: - FORWARD - SYSTEM - RECURSIVE + - DELEGATE + ResolverRuleId: + description: The ID of the endpoint that the rule is associated with. + type: string + Arn: + description: The Amazon Resource Name (ARN) of the resolver rule. + type: string Tags: - type: array - description: An array of key-value pairs to apply to this resource. uniqueItems: false + description: An array of key-value pairs to apply to this resource. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/Tag' TargetIps: - type: array - description: An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network. Specify IPv4 addresses. IPv6 is not supported. uniqueItems: false + description: An array that contains the IP addresses and ports that an outbound endpoint forwards DNS queries to. Typically, these are the IP addresses of DNS resolvers on your network. Specify IPv4 addresses. IPv6 is not supported. x-insertionOrder: false + type: array items: $ref: '#/components/schemas/TargetAddress' - Arn: - type: string - description: The Amazon Resource Name (ARN) of the resolver rule. - ResolverRuleId: + Name: + minLength: 0 + description: The name for the Resolver rule type: string - description: The ID of the endpoint that the rule is associated with. + maxLength: 64 x-stackQL-stringOnly: true x-title: CreateResolverRuleRequest type: object @@ -3737,12 +3750,12 @@ components: data__Identifier, JSON_EXTRACT(Properties, '$.ResolverEndpointId') as resolver_endpoint_id, JSON_EXTRACT(Properties, '$.DomainName') as domain_name, - JSON_EXTRACT(Properties, '$.Name') as name, JSON_EXTRACT(Properties, '$.RuleType') as rule_type, + JSON_EXTRACT(Properties, '$.ResolverRuleId') as resolver_rule_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.TargetIps') as target_ips, - JSON_EXTRACT(Properties, '$.Arn') as arn, - JSON_EXTRACT(Properties, '$.ResolverRuleId') as resolver_rule_id + JSON_EXTRACT(Properties, '$.Name') as name FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverRule' AND data__Identifier = '' AND region = 'us-east-1' @@ -3753,12 +3766,12 @@ components: detail.region, JSON_EXTRACT(detail.Properties, '$.ResolverEndpointId') as resolver_endpoint_id, JSON_EXTRACT(detail.Properties, '$.DomainName') as domain_name, - JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.RuleType') as rule_type, + JSON_EXTRACT(detail.Properties, '$.ResolverRuleId') as resolver_rule_id, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.TargetIps') as target_ips, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.ResolverRuleId') as resolver_rule_id + JSON_EXTRACT(detail.Properties, '$.Name') as name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3774,12 +3787,12 @@ components: data__Identifier, json_extract_path_text(Properties, 'ResolverEndpointId') as resolver_endpoint_id, json_extract_path_text(Properties, 'DomainName') as domain_name, - json_extract_path_text(Properties, 'Name') as name, json_extract_path_text(Properties, 'RuleType') as rule_type, + json_extract_path_text(Properties, 'ResolverRuleId') as resolver_rule_id, + json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'TargetIps') as target_ips, - json_extract_path_text(Properties, 'Arn') as arn, - json_extract_path_text(Properties, 'ResolverRuleId') as resolver_rule_id + json_extract_path_text(Properties, 'Name') as name FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Route53Resolver::ResolverRule' AND data__Identifier = '' AND region = 'us-east-1' @@ -3790,12 +3803,12 @@ components: detail.region, json_extract_path_text(detail.Properties, 'ResolverEndpointId') as resolver_endpoint_id, json_extract_path_text(detail.Properties, 'DomainName') as domain_name, - json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'RuleType') as rule_type, + json_extract_path_text(detail.Properties, 'ResolverRuleId') as resolver_rule_id, + json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'TargetIps') as target_ips, - json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'ResolverRuleId') as resolver_rule_id + json_extract_path_text(detail.Properties, 'Name') as name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3856,11 +3869,11 @@ components: JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.ResolverEndpointId') as resolver_endpoint_id, JSON_EXTRACT(detail.Properties, '$.DomainName') as domain_name, - JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.RuleType') as rule_type, - JSON_EXTRACT(detail.Properties, '$.TargetIps') as target_ips, + JSON_EXTRACT(detail.Properties, '$.ResolverRuleId') as resolver_rule_id, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.ResolverRuleId') as resolver_rule_id + JSON_EXTRACT(detail.Properties, '$.TargetIps') as target_ips, + JSON_EXTRACT(detail.Properties, '$.Name') as name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3878,11 +3891,11 @@ components: json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'ResolverEndpointId') as resolver_endpoint_id, json_extract_path_text(detail.Properties, 'DomainName') as domain_name, - json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'RuleType') as rule_type, - json_extract_path_text(detail.Properties, 'TargetIps') as target_ips, + json_extract_path_text(detail.Properties, 'ResolverRuleId') as resolver_rule_id, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'ResolverRuleId') as resolver_rule_id + json_extract_path_text(detail.Properties, 'TargetIps') as target_ips, + json_extract_path_text(detail.Properties, 'Name') as name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/s3.yaml b/providers/src/aws/v00.00.00000/services/s3.yaml index 56f51286..7c511606 100644 --- a/providers/src/aws/v00.00.00000/services/s3.yaml +++ b/providers/src/aws/v00.00.00000/services/s3.yaml @@ -490,7 +490,6 @@ components: - S3PrefixType - Tags x-write-only-properties: - - Tags - S3PrefixType x-read-only-properties: - AccessGrantId @@ -504,19 +503,26 @@ components: taggable: true tagOnCreate: true tagUpdatable: true + cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - s3:UntagResource + - s3:TagResource + - s3:ListTagsForResource x-required-permissions: create: - s3:CreateAccessGrant - s3:TagResource read: - s3:GetAccessGrant + - s3:ListTagsForResource delete: - s3:DeleteAccessGrant list: - s3:ListAccessGrants update: - s3:TagResource + - s3:UntagResource AccessGrantsInstanceArn: description: The Amazon Resource Name (ARN) of the specified Access Grants instance. type: string @@ -563,17 +569,24 @@ components: taggable: true tagOnCreate: true tagUpdatable: true + cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - s3:UntagResource + - s3:TagResource + - s3:ListTagsForResource x-required-permissions: create: - s3:CreateAccessGrantsInstance - s3:TagResource read: - s3:GetAccessGrantsInstance + - s3:ListTagsForResource delete: - s3:DeleteAccessGrantsInstance update: - s3:TagResource + - s3:UntagResource list: - s3:ListAccessGrantsInstances AccessGrantsLocation: @@ -611,8 +624,6 @@ components: - AccessGrantsLocationId x-create-only-properties: - Tags - x-write-only-properties: - - Tags x-read-only-properties: - AccessGrantsLocationArn - AccessGrantsLocationId @@ -621,7 +632,12 @@ components: taggable: true tagOnCreate: true tagUpdatable: true + cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - s3:UntagResource + - s3:TagResource + - s3:ListTagsForResource x-required-permissions: create: - s3:CreateAccessGrantsLocation @@ -629,6 +645,7 @@ components: - s3:TagResource read: - s3:GetAccessGrantsLocation + - s3:ListTagsForResource delete: - s3:DeleteAccessGrantsLocation list: @@ -636,6 +653,7 @@ components: update: - s3:UpdateAccessGrantsLocation - s3:TagResource + - s3:UntagResource - iam:PassRole VpcConfiguration: description: The Virtual Private Cloud (VPC) configuration for a bucket access point. @@ -735,6 +753,8 @@ components: - Arn x-required-properties: - Bucket + x-tagging: + taggable: false x-required-permissions: create: - s3:CreateAccessPoint @@ -867,7 +887,10 @@ components: required: - ServerSideEncryptionConfiguration ServerSideEncryptionRule: - description: Specifies the default server-side encryption configuration. + description: |- + Specifies the default server-side encryption configuration. + + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. type: object additionalProperties: false properties: @@ -880,40 +903,39 @@ components: $ref: '#/components/schemas/ServerSideEncryptionByDefault' description: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. ServerSideEncryptionByDefault: - description: >- - Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket - encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. + description: |- + Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). + + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. + + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. + + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. type: object properties: KMSMasterKeyID: description: |- - AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. - You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``. + + You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` + Key Alias: ``alias/alias-name`` - If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. - If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. - type: string - anyOf: - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/KeyId - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/Arn - - relationshipRef: - typeName: AWS::KMS::Alias - propertyPath: /properties/AliasName + If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + + Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + type: string SSEAlgorithm: type: string enum: - aws:kms - AES256 - aws:kms:dsse - description: Server-side encryption algorithm to use for the default encryption. + description: |- + Server-side encryption algorithm to use for the default encryption. + For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. additionalProperties: false required: - SSEAlgorithm @@ -1109,6 +1131,12 @@ components: x-insertionOrder: true items: $ref: '#/components/schemas/Rule' + TransitionDefaultMinimumObjectSize: + description: '' + type: string + enum: + - varies_by_storage_class + - all_storage_classes_128K required: - Rules description: Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide*. @@ -1315,7 +1343,10 @@ components: properties: PartitionDateSource: type: string - description: Specifies the partition date source for the partitioned prefix. PartitionDateSource can be EventTime or DeliveryTime. + description: |- + Specifies the partition date source for the partitioned prefix. ``PartitionDateSource`` can be ``EventTime`` or ``DeliveryTime``. + For ``DeliveryTime``, the time in the log file names corresponds to the delivery time for the log files. + For ``EventTime``, The logs delivered are for a specific day only. The year, month, and day correspond to the day on which the event occurred, and the hour, minutes and seconds are set to 00 in the key. enum: - EventTime - DeliveryTime @@ -1513,7 +1544,7 @@ components: DefaultRetention: type: object description: |- - The container element for specifying the default Object Lock retention settings for new objects placed in the specified bucket. + The container element for optionally specifying the default Object Lock retention settings for new objects placed in the specified bucket. + The ``DefaultRetention`` settings require both a mode and a period. + The ``DefaultRetention`` period can be either ``Days`` or ``Years`` but you must select one. You cannot specify ``Days`` and ``Years`` at the same time. additionalProperties: false @@ -1696,7 +1727,9 @@ components: - Owner EncryptionConfiguration: type: object - description: Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects. + description: |- + Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects. + If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. additionalProperties: false properties: ReplicaKmsKeyID: @@ -1829,7 +1862,9 @@ components: required: - Status VersioningConfiguration: - description: Describes the versioning state of an Amazon S3 bucket. For more information, see [PUT Bucket versioning](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) in the *Amazon S3 API Reference*. + description: |- + Describes the versioning state of an Amazon S3 bucket. For more information, see [PUT Bucket versioning](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) in the *Amazon S3 API Reference*. + When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (``PUT`` or ``DELETE``) on objects in the bucket. type: object additionalProperties: false properties: @@ -2036,7 +2071,9 @@ components: type: array VersioningConfiguration: $ref: '#/components/schemas/VersioningConfiguration' - description: Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them. + description: |- + Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them. + When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (``PUT`` or ``DELETE``) on objects in the bucket. WebsiteConfiguration: $ref: '#/components/schemas/WebsiteConfiguration' description: Information used to configure the bucket as a static website. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). @@ -2217,20 +2254,20 @@ components: tagUpdatable: false cloudFormationSystemTags: false x-required-permissions: - read: - - s3:GetBucketPolicy create: - s3:GetBucketPolicy - s3:PutBucketPolicy + read: + - s3:GetBucketPolicy update: - s3:GetBucketPolicy - s3:PutBucketPolicy - list: - - s3:GetBucketPolicy - - s3:ListAllMyBuckets delete: - s3:GetBucketPolicy - s3:DeleteBucketPolicy + list: + - s3:GetBucketPolicy + - s3:ListAllMyBuckets Region: type: object properties: @@ -3155,7 +3192,9 @@ components: type: array VersioningConfiguration: $ref: '#/components/schemas/VersioningConfiguration' - description: Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them. + description: |- + Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them. + When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (``PUT`` or ``DELETE``) on objects in the bucket. WebsiteConfiguration: $ref: '#/components/schemas/WebsiteConfiguration' description: Information used to configure the bucket as a static website. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). diff --git a/providers/src/aws/v00.00.00000/services/s3express.yaml b/providers/src/aws/v00.00.00000/services/s3express.yaml index 9e938599..28b813e8 100644 --- a/providers/src/aws/v00.00.00000/services/s3express.yaml +++ b/providers/src/aws/v00.00.00000/services/s3express.yaml @@ -430,27 +430,137 @@ components: Arn: description: The Amazon Resource Name (ARN) of the specified bucket. type: string + BucketEncryption: + description: Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). + type: object + additionalProperties: false + properties: + ServerSideEncryptionConfiguration: + description: Specifies the default server-side-encryption configuration. + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/ServerSideEncryptionRule' + required: + - ServerSideEncryptionConfiguration + ServerSideEncryptionRule: + description: Specifies the default server-side encryption configuration. + type: object + additionalProperties: false + properties: + BucketKeyEnabled: + description: Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Amazon S3 Express One Zone uses an S3 Bucket Key with SSE-KMS and S3 Bucket Key cannot be disabled. It's only allowed to set the BucketKeyEnabled element to true. + type: boolean + ServerSideEncryptionByDefault: + $ref: '#/components/schemas/ServerSideEncryptionByDefault' + ServerSideEncryptionByDefault: + description: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. + type: object + properties: + KMSMasterKeyID: + description: AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. This parameter is allowed only if SSEAlgorithm is set to aws:kms. You can specify this parameter with the key ID or the Amazon Resource Name (ARN) of the KMS key + type: string + anyOf: + - relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/KeyId + - relationshipRef: + typeName: AWS::KMS::Key + propertyPath: /properties/Arn + SSEAlgorithm: + type: string + enum: + - aws:kms + - AES256 + additionalProperties: false + required: + - SSEAlgorithm + LifecycleConfiguration: + type: object + additionalProperties: false + properties: + Rules: + description: A lifecycle rule for individual objects in an Amazon S3 Express bucket. + type: array + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/Rule' + required: + - Rules + Rule: + type: object + description: 'You must specify at least one of the following properties: AbortIncompleteMultipartUpload, or ExpirationInDays.' + additionalProperties: false + properties: + AbortIncompleteMultipartUpload: + $ref: '#/components/schemas/AbortIncompleteMultipartUpload' + ExpirationInDays: + type: integer + Id: + type: string + maxLength: 255 + Prefix: + type: string + Status: + type: string + enum: + - Enabled + - Disabled + ObjectSizeGreaterThan: + type: string + maxLength: 20 + pattern: '[0-9]+' + ObjectSizeLessThan: + type: string + maxLength: 20 + pattern: '[0-9]+' + required: + - Status + AbortIncompleteMultipartUpload: + description: Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload. + type: object + additionalProperties: false + properties: + DaysAfterInitiation: + description: Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload. + type: integer + minimum: 0 + required: + - DaysAfterInitiation DirectoryBucket: type: object properties: BucketName: - description: Specifies a name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format 'bucket_base_name--az_id--x-s3' (for example, 'DOC-EXAMPLE-BUCKET--usw2-az1--x-s3'). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the bucket name. + description: Specifies a name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone or Local Zone. The bucket name must also follow the format 'bucket_base_name--zone_id--x-s3'. The zone_id can be the ID of an Availability Zone or a Local Zone. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the bucket name. maxLength: 63 pattern: ^[a-z0-9][a-z0-9//.//-]*[a-z0-9]$ type: string LocationName: - description: Specifies the AZ ID of the Availability Zone where the directory bucket will be created. An example AZ ID value is 'use1-az5'. + description: Specifies the Zone ID of the Availability Zone or Local Zone where the directory bucket will be created. An example Availability Zone ID value is 'use1-az5'. + type: string + AvailabilityZoneName: + description: Returns the code for the Availability Zone or Local Zone where the directory bucket was created. An example for the code of an Availability Zone is 'us-east-1f'. + x-examples: + - us-east-1f type: string DataRedundancy: - description: Specifies the number of Availability Zone that's used for redundancy for the bucket. + description: Specifies the number of Availability Zone or Local Zone that's used for redundancy for the bucket. type: string enum: - SingleAvailabilityZone + - SingleLocalZone Arn: $ref: '#/components/schemas/Arn' description: Returns the Amazon Resource Name (ARN) of the specified bucket. x-examples: - arn:aws:s3express:us-west-2:123456789123:bucket/DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 + BucketEncryption: + $ref: '#/components/schemas/BucketEncryption' + LifecycleConfiguration: + $ref: '#/components/schemas/LifecycleConfiguration' + description: Lifecycle rules that define how Amazon S3 Express manages objects during their lifetime. required: - LocationName - DataRedundancy @@ -465,6 +575,7 @@ components: - DataRedundancy x-read-only-properties: - Arn + - AvailabilityZoneName x-required-properties: - LocationName - DataRedundancy @@ -475,10 +586,22 @@ components: cloudFormationSystemTags: false x-required-permissions: create: + - kms:GenerateDataKey + - kms:Decrypt - s3express:CreateBucket - s3express:ListAllMyDirectoryBuckets + - s3express:PutEncryptionConfiguration + - s3express:PutLifecycleConfiguration read: - s3express:ListAllMyDirectoryBuckets + - ec2:DescribeAvailabilityZones + - s3express:GetEncryptionConfiguration + - s3express:GetLifecycleConfiguration + update: + - kms:GenerateDataKey + - kms:Decrypt + - s3express:PutEncryptionConfiguration + - s3express:PutLifecycleConfiguration delete: - s3express:DeleteBucket - s3express:ListAllMyDirectoryBuckets @@ -521,23 +644,34 @@ components: type: object properties: BucketName: - description: Specifies a name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format 'bucket_base_name--az_id--x-s3' (for example, 'DOC-EXAMPLE-BUCKET--usw2-az1--x-s3'). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the bucket name. + description: Specifies a name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone or Local Zone. The bucket name must also follow the format 'bucket_base_name--zone_id--x-s3'. The zone_id can be the ID of an Availability Zone or a Local Zone. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the bucket name. maxLength: 63 pattern: ^[a-z0-9][a-z0-9//.//-]*[a-z0-9]$ type: string LocationName: - description: Specifies the AZ ID of the Availability Zone where the directory bucket will be created. An example AZ ID value is 'use1-az5'. + description: Specifies the Zone ID of the Availability Zone or Local Zone where the directory bucket will be created. An example Availability Zone ID value is 'use1-az5'. + type: string + AvailabilityZoneName: + description: Returns the code for the Availability Zone or Local Zone where the directory bucket was created. An example for the code of an Availability Zone is 'us-east-1f'. + x-examples: + - us-east-1f type: string DataRedundancy: - description: Specifies the number of Availability Zone that's used for redundancy for the bucket. + description: Specifies the number of Availability Zone or Local Zone that's used for redundancy for the bucket. type: string enum: - SingleAvailabilityZone + - SingleLocalZone Arn: $ref: '#/components/schemas/Arn' description: Returns the Amazon Resource Name (ARN) of the specified bucket. x-examples: - arn:aws:s3express:us-west-2:123456789123:bucket/DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 + BucketEncryption: + $ref: '#/components/schemas/BucketEncryption' + LifecycleConfiguration: + $ref: '#/components/schemas/LifecycleConfiguration' + description: Lifecycle rules that define how Amazon S3 Express manages objects during their lifetime. x-stackQL-stringOnly: true x-title: CreateDirectoryBucketRequest type: object @@ -712,6 +846,18 @@ components: response: mediaType: application/json openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::S3Express::DirectoryBucket" + } + response: + mediaType: application/json + openAPIDocKey: '200' delete_resource: operation: $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' @@ -729,7 +875,8 @@ components: - $ref: '#/components/x-stackQL-resources/directory_buckets/methods/create_resource' delete: - $ref: '#/components/x-stackQL-resources/directory_buckets/methods/delete_resource' - update: [] + update: + - $ref: '#/components/x-stackQL-resources/directory_buckets/methods/update_resource' config: views: select: @@ -740,8 +887,11 @@ components: data__Identifier, JSON_EXTRACT(Properties, '$.BucketName') as bucket_name, JSON_EXTRACT(Properties, '$.LocationName') as location_name, + JSON_EXTRACT(Properties, '$.AvailabilityZoneName') as availability_zone_name, JSON_EXTRACT(Properties, '$.DataRedundancy') as data_redundancy, - JSON_EXTRACT(Properties, '$.Arn') as arn + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.BucketEncryption') as bucket_encryption, + JSON_EXTRACT(Properties, '$.LifecycleConfiguration') as lifecycle_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Express::DirectoryBucket' AND data__Identifier = '' AND region = 'us-east-1' @@ -752,8 +902,11 @@ components: detail.region, JSON_EXTRACT(detail.Properties, '$.BucketName') as bucket_name, JSON_EXTRACT(detail.Properties, '$.LocationName') as location_name, + JSON_EXTRACT(detail.Properties, '$.AvailabilityZoneName') as availability_zone_name, JSON_EXTRACT(detail.Properties, '$.DataRedundancy') as data_redundancy, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.BucketEncryption') as bucket_encryption, + JSON_EXTRACT(detail.Properties, '$.LifecycleConfiguration') as lifecycle_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -769,8 +922,11 @@ components: data__Identifier, json_extract_path_text(Properties, 'BucketName') as bucket_name, json_extract_path_text(Properties, 'LocationName') as location_name, + json_extract_path_text(Properties, 'AvailabilityZoneName') as availability_zone_name, json_extract_path_text(Properties, 'DataRedundancy') as data_redundancy, - json_extract_path_text(Properties, 'Arn') as arn + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'BucketEncryption') as bucket_encryption, + json_extract_path_text(Properties, 'LifecycleConfiguration') as lifecycle_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Express::DirectoryBucket' AND data__Identifier = '' AND region = 'us-east-1' @@ -781,8 +937,11 @@ components: detail.region, json_extract_path_text(detail.Properties, 'BucketName') as bucket_name, json_extract_path_text(detail.Properties, 'LocationName') as location_name, + json_extract_path_text(detail.Properties, 'AvailabilityZoneName') as availability_zone_name, json_extract_path_text(detail.Properties, 'DataRedundancy') as data_redundancy, - json_extract_path_text(detail.Properties, 'Arn') as arn + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'BucketEncryption') as bucket_encryption, + json_extract_path_text(detail.Properties, 'LifecycleConfiguration') as lifecycle_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/s3outposts.yaml b/providers/src/aws/v00.00.00000/services/s3outposts.yaml index dd1b67b1..97edf35a 100644 --- a/providers/src/aws/v00.00.00000/services/s3outposts.yaml +++ b/providers/src/aws/v00.00.00000/services/s3outposts.yaml @@ -654,6 +654,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - s3-outposts:DeleteBucketTagging + - s3-outposts:PutBucketTagging + - s3-outposts:GetBucketTagging x-required-permissions: create: - s3-outposts:CreateBucket diff --git a/providers/src/aws/v00.00.00000/services/s3tables.yaml b/providers/src/aws/v00.00.00000/services/s3tables.yaml new file mode 100644 index 00000000..b1ddf87b --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/s3tables.yaml @@ -0,0 +1,1073 @@ +openapi: 3.0.0 +info: + title: S3Tables + version: 2.0.0 + x-serviceName: cloudcontrolapi +servers: + - url: https://cloudcontrolapi.{region}.amazonaws.com + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The CloudControlApi multi-region endpoint + - url: https://cloudcontrolapi.{region}.amazonaws.com.cn + variables: + region: + description: The AWS region + enum: + - cn-north-1 + - cn-northwest-1 + default: cn-north-1 + description: The CloudControlApi endpoint for China (Beijing) and China (Ningxia) +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + x-cloud-control-schemas: + AlreadyExistsException: {} + CancelResourceRequestInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: CancelResourceRequestInput + type: object + CancelResourceRequestOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + ClientToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + ClientTokenConflictException: {} + ConcurrentModificationException: {} + ConcurrentOperationException: {} + CreateResourceInput: + properties: + ClientToken: + type: string + DesiredState: + allOf: + - $ref: '#/components/x-cloud-control-schemas/Properties' + - description: >- +

Structured data format representing the desired state of the resource, consisting of that resource's properties and their desired values.

Cloud Control API currently supports JSON as a structured data format.

 
 <p>Specify the desired state as one of the following:</p> <ul> <li> <p>A JSON blob</p> </li> <li> <p>A local path containing the desired state in JSON data format</p>
+                </li> </ul> <p>For more information, see <a href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-create.html#resource-operations-create-desiredstate">Composing the desired state of the resource</a> in the <i>Amazon Web Services Cloud Control API User Guide</i>.</p> <p>For more information about the properties of a specific resource, refer to the related topic for the resource in the
+                <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Resource and property types reference</a> in the <i>CloudFormation Users Guide</i>.</p>
+ RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - DesiredState + title: CreateResourceInput + type: object + CreateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + DeleteResourceInput: + properties: + ClientToken: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - Identifier + title: DeleteResourceInput + type: object + DeleteResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + GeneralServiceException: {} + GetResourceInput: + properties: + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + required: + - TypeName + - Identifier + title: GetResourceInput + type: object + GetResourceOutput: + properties: + ResourceDescription: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + TypeName: + type: string + type: object + GetResourceRequestStatusInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: GetResourceRequestStatusInput + type: object + GetResourceRequestStatusOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + HandlerErrorCode: + enum: + - NotUpdatable + - InvalidRequest + - AccessDenied + - InvalidCredentials + - AlreadyExists + - NotFound + - ResourceConflict + - Throttling + - ServiceLimitExceeded + - NotStabilized + - GeneralServiceException + - ServiceInternalError + - ServiceTimeout + - NetworkFailure + - InternalFailure + type: string + HandlerFailureException: {} + HandlerInternalFailureException: {} + HandlerNextToken: + maxLength: 2048 + minLength: 1 + pattern: .+ + type: string + Identifier: + maxLength: 1024 + minLength: 1 + pattern: .+ + type: string + InvalidCredentialsException: {} + InvalidRequestException: {} + MaxResults: + maximum: 100 + minimum: 1 + type: integer + NetworkFailureException: {} + NextToken: + maxLength: 2048 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + NotStabilizedException: {} + NotUpdatableException: {} + Operation: + enum: + - CREATE + - DELETE + - UPDATE + type: string + OperationStatus: + enum: + - PENDING + - IN_PROGRESS + - SUCCESS + - FAILED + - CANCEL_IN_PROGRESS + - CANCEL_COMPLETE + type: string + OperationStatuses: + items: + $ref: '#/components/x-cloud-control-schemas/OperationStatus' + type: array + Operations: + items: + $ref: '#/components/x-cloud-control-schemas/Operation' + type: array + PatchDocument: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + PrivateTypeException: {} + ProgressEvent: + example: + ErrorCode: string + EventTime: number + Identifier: string + Operation: string + OperationStatus: string + RequestToken: string + ResourceModel: string + RetryAfter: number + StatusMessage: string + TypeName: string + properties: + ErrorCode: + type: string + EventTime: + type: number + Identifier: + type: string + Operation: + type: string + OperationStatus: + type: string + RequestToken: + type: string + ResourceModel: + type: string + RetryAfter: + type: number + StatusMessage: + type: string + TypeName: + type: string + type: object + Properties: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + RequestToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + RequestTokenNotFoundException: {} + ResourceConflictException: {} + ResourceDescription: + description: Represents information about a provisioned resource. + properties: + Identifier: + type: string + Properties: + type: string + type: object + ResourceDescriptions: + items: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + type: array + ResourceNotFoundException: {} + ResourceRequestStatusFilter: + description: The filter criteria to use in determining the requests returned. + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/OperationStatuses' + - description: >- +

The operation statuses to include in the filter.

  • PENDING: The operation has been requested, but not yet initiated.

  • IN_PROGRESS: The operation is in progress.

  • SUCCESS: The operation completed.

  • FAILED: The operation failed.

  • CANCEL_IN_PROGRESS: The operation is in the process of being canceled.

  • + CANCEL_COMPLETE: The operation has been canceled.

+ type: object + ResourceRequestStatusSummaries: + items: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: array + RoleArn: + maxLength: 2048 + minLength: 20 + pattern: arn:.+:iam::[0-9]{12}:role/.+ + type: string + ServiceInternalErrorException: {} + ServiceLimitExceededException: {} + StatusMessage: + maxLength: 1024 + minLength: 0 + pattern: '[\s\S]*' + type: string + ThrottlingException: {} + Timestamp: + format: date-time + type: string + TypeName: + maxLength: 196 + minLength: 10 + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}' + type: string + TypeNotFoundException: {} + TypeVersionId: + maxLength: 128 + minLength: 1 + pattern: '[A-Za-z0-9-]+' + type: string + UnsupportedActionException: {} + UpdateResourceInput: + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/PatchDocument' + required: + - Identifier + - PatchDocument + title: UpdateResourceInput + type: object + UpdateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + schemas: + TableBucketARN: + description: The Amazon Resource Name (ARN) of the table bucket to which the policy applies. + type: string + x-examples: + - arn:aws:s3tables:us-west-2:123456789012:bucket/mytablebucket + TableBucketName: + description: A name for the table bucket. + type: string + minLength: 3 + maxLength: 63 + UnreferencedFileRemoval: + description: Settings governing the Unreferenced File Removal maintenance action. Unreferenced file removal identifies and deletes all objects that are not referenced by any table snapshots. + additionalProperties: false + type: object + properties: + Status: + description: Indicates whether the Unreferenced File Removal maintenance action is enabled. + type: string + enum: + - Enabled + - Disabled + UnreferencedDays: + description: For any object not referenced by your table and older than the UnreferencedDays property, S3 creates a delete marker and marks the object version as noncurrent. + type: integer + minimum: 1 + NoncurrentDays: + description: S3 permanently deletes noncurrent objects after the number of days specified by the NoncurrentDays property. + type: integer + minimum: 1 + TableBucket: + type: object + properties: + TableBucketARN: + $ref: '#/components/schemas/TableBucketARN' + TableBucketName: + $ref: '#/components/schemas/TableBucketName' + UnreferencedFileRemoval: + $ref: '#/components/schemas/UnreferencedFileRemoval' + required: + - TableBucketName + x-stackql-resource-name: table_bucket + description: Creates an Amazon S3 Tables table bucket in the same AWS Region where you create the AWS CloudFormation stack. + x-type-name: AWS::S3Tables::TableBucket + x-stackql-primary-identifier: + - TableBucketARN + x-create-only-properties: + - TableBucketName + x-read-only-properties: + - TableBucketARN + x-required-properties: + - TableBucketName + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - s3tables:CreateTableBucket + - s3tables:PutTableBucketMaintenanceConfiguration + - s3tables:GetTableBucket + - s3tables:GetTableBucketMaintenanceConfiguration + read: + - s3tables:GetTableBucket + - s3tables:GetTableBucketMaintenanceConfiguration + update: + - s3tables:PutTableBucketMaintenanceConfiguration + - s3tables:GetTableBucket + - s3tables:GetTableBucketMaintenanceConfiguration + delete: + - s3tables:DeleteTableBucket + list: + - s3tables:ListTableBuckets + ResourcePolicy: + description: A policy document containing permissions to add to the specified table bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. + type: object + TableBucketPolicy: + type: object + properties: + ResourcePolicy: + $ref: '#/components/schemas/ResourcePolicy' + TableBucketARN: + $ref: '#/components/schemas/TableBucketARN' + required: + - ResourcePolicy + - TableBucketARN + x-stackql-resource-name: table_bucket_policy + description: Applies an IAM resource policy to a table bucket. + x-type-name: AWS::S3Tables::TableBucketPolicy + x-stackql-primary-identifier: + - TableBucketARN + x-create-only-properties: + - TableBucketARN + x-required-properties: + - ResourcePolicy + - TableBucketARN + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - s3tables:GetTableBucket + - s3tables:GetTableBucketPolicy + - s3tables:PutTableBucketPolicy + read: + - s3tables:GetTableBucketPolicy + update: + - s3tables:GetTableBucketPolicy + - s3tables:PutTableBucketPolicy + delete: + - s3tables:GetTableBucketPolicy + - s3tables:DeleteTableBucketPolicy + list: + - s3tables:GetTableBucketPolicy + - s3tables:ListTableBuckets + CreateTableBucketRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + TableBucketARN: + $ref: '#/components/schemas/TableBucketARN' + TableBucketName: + $ref: '#/components/schemas/TableBucketName' + UnreferencedFileRemoval: + $ref: '#/components/schemas/UnreferencedFileRemoval' + x-stackQL-stringOnly: true + x-title: CreateTableBucketRequest + type: object + required: [] + CreateTableBucketPolicyRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ResourcePolicy: + $ref: '#/components/schemas/ResourcePolicy' + TableBucketARN: + $ref: '#/components/schemas/TableBucketARN' + x-stackQL-stringOnly: true + x-title: CreateTableBucketPolicyRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + table_buckets: + name: table_buckets + id: aws.s3tables.table_buckets + x-cfn-schema-name: TableBucket + x-cfn-type-name: AWS::S3Tables::TableBucket + x-identifiers: + - TableBucketARN + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__TableBucket&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::S3Tables::TableBucket" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::S3Tables::TableBucket" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::S3Tables::TableBucket" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/table_buckets/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/table_buckets/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/table_buckets/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.TableBucketARN') as table_bucket_arn, + JSON_EXTRACT(Properties, '$.TableBucketName') as table_bucket_name, + JSON_EXTRACT(Properties, '$.UnreferencedFileRemoval') as unreferenced_file_removal + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Tables::TableBucket' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.TableBucketARN') as table_bucket_arn, + JSON_EXTRACT(detail.Properties, '$.TableBucketName') as table_bucket_name, + JSON_EXTRACT(detail.Properties, '$.UnreferencedFileRemoval') as unreferenced_file_removal + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::S3Tables::TableBucket' + AND detail.data__TypeName = 'AWS::S3Tables::TableBucket' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'TableBucketARN') as table_bucket_arn, + json_extract_path_text(Properties, 'TableBucketName') as table_bucket_name, + json_extract_path_text(Properties, 'UnreferencedFileRemoval') as unreferenced_file_removal + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Tables::TableBucket' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'TableBucketARN') as table_bucket_arn, + json_extract_path_text(detail.Properties, 'TableBucketName') as table_bucket_name, + json_extract_path_text(detail.Properties, 'UnreferencedFileRemoval') as unreferenced_file_removal + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::S3Tables::TableBucket' + AND detail.data__TypeName = 'AWS::S3Tables::TableBucket' + AND listing.region = 'us-east-1' + table_buckets_list_only: + name: table_buckets_list_only + id: aws.s3tables.table_buckets_list_only + x-cfn-schema-name: TableBucket + x-cfn-type-name: AWS::S3Tables::TableBucket + x-identifiers: + - TableBucketARN + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TableBucketARN') as table_bucket_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Tables::TableBucket' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TableBucketARN') as table_bucket_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Tables::TableBucket' + AND region = 'us-east-1' + table_bucket_policies: + name: table_bucket_policies + id: aws.s3tables.table_bucket_policies + x-cfn-schema-name: TableBucketPolicy + x-cfn-type-name: AWS::S3Tables::TableBucketPolicy + x-identifiers: + - TableBucketARN + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__TableBucketPolicy&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::S3Tables::TableBucketPolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::S3Tables::TableBucketPolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::S3Tables::TableBucketPolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/table_bucket_policies/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/table_bucket_policies/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/table_bucket_policies/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ResourcePolicy') as resource_policy, + JSON_EXTRACT(Properties, '$.TableBucketARN') as table_bucket_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Tables::TableBucketPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ResourcePolicy') as resource_policy, + JSON_EXTRACT(detail.Properties, '$.TableBucketARN') as table_bucket_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::S3Tables::TableBucketPolicy' + AND detail.data__TypeName = 'AWS::S3Tables::TableBucketPolicy' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ResourcePolicy') as resource_policy, + json_extract_path_text(Properties, 'TableBucketARN') as table_bucket_arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::S3Tables::TableBucketPolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ResourcePolicy') as resource_policy, + json_extract_path_text(detail.Properties, 'TableBucketARN') as table_bucket_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::S3Tables::TableBucketPolicy' + AND detail.data__TypeName = 'AWS::S3Tables::TableBucketPolicy' + AND listing.region = 'us-east-1' + table_bucket_policies_list_only: + name: table_bucket_policies_list_only + id: aws.s3tables.table_bucket_policies_list_only + x-cfn-schema-name: TableBucketPolicy + x-cfn-type-name: AWS::S3Tables::TableBucketPolicy + x-identifiers: + - TableBucketARN + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.TableBucketARN') as table_bucket_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Tables::TableBucketPolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'TableBucketARN') as table_bucket_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::S3Tables::TableBucketPolicy' + AND region = 'us-east-1' +paths: + /?Action=CreateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__TableBucket&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateTableBucket + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateTableBucketRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__TableBucketPolicy&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateTableBucketPolicy + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateTableBucketPolicyRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success +x-stackQL-config: + requestTranslate: + algorithm: drop_double_underscore_params + pagination: + requestToken: + key: NextToken + location: body + responseToken: + key: NextToken + location: body diff --git a/providers/src/aws/v00.00.00000/services/sagemaker.yaml b/providers/src/aws/v00.00.00000/services/sagemaker.yaml index dadbfd98..baaa0057 100644 --- a/providers/src/aws/v00.00.00000/services/sagemaker.yaml +++ b/providers/src/aws/v00.00.00000/services/sagemaker.yaml @@ -466,6 +466,11 @@ components: description: The ARN of the image version created on the instance. maxLength: 256 pattern: ^arn:aws(-[\w]+)*:sagemaker:.+:[0-9]{12}:image-version/[a-z0-9]([-.]?[a-z0-9])*/[0-9]+$ + LifecycleConfigArn: + type: string + description: The Amazon Resource Name (ARN) of the Lifecycle Configuration to attach to the Resource. + maxLength: 256 + pattern: arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:studio-lifecycle-config/.* Tag: type: object additionalProperties: false @@ -758,6 +763,289 @@ components: - sagemaker:DescribeAppImageConfig list: - sagemaker:ListAppImageConfigs + ClusterOrchestratorEksConfig: + description: Specifies parameter(s) related to EKS as orchestrator, e.g. the EKS cluster nodes will attach to, + additionalProperties: false + type: object + properties: + ClusterArn: + description: The ARN of the EKS cluster, such as arn:aws:eks:us-west-2:123456789012:cluster/my-eks-cluster + type: string + required: + - ClusterArn + DeepHealthCheckType: + description: The type of deep health check(s) to be performed on the instances in the SageMaker HyperPod cluster instance group. + type: string + enum: + - InstanceStress + - InstanceConnectivity + ClusterInstanceStorageConfig: + oneOf: + - additionalProperties: false + type: object + properties: + EbsVolumeConfig: + $ref: '#/components/schemas/ClusterEbsVolumeConfig' + description: Defines the configuration for attaching additional storage to the instances in the SageMaker HyperPod cluster instance group. + type: object + VpcConfig: + type: object + additionalProperties: false + description: Specifies a VPC that your training jobs and hosted models have access to. Control access to and from your training and model containers by configuring the VPC. + properties: + SecurityGroupIds: + description: The VPC security group IDs, in the form sg-xxxxxxxx. Specify the security groups for the VPC that is specified in the Subnets field. + type: array + minItems: 1 + maxItems: 5 + items: + type: string + maxLength: 32 + pattern: '[-0-9a-zA-Z]+' + Subnets: + description: The ID of the subnets in the VPC to which you want to connect to your monitoring jobs. + type: array + minItems: 1 + maxItems: 16 + items: + type: string + maxLength: 32 + pattern: '[-0-9a-zA-Z]+' + required: + - SecurityGroupIds + - Subnets + InstanceGroupName: + minLength: 1 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*$ + description: The name of the instance group of a SageMaker HyperPod cluster. + type: string + maxLength: 63 + ClusterInstanceGroupsList: + minItems: 1 + description: The instance groups of the SageMaker HyperPod cluster. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ClusterInstanceGroup' + Orchestrator: + description: Specifies parameter(s) specific to the orchestrator, e.g. specify the EKS cluster. + additionalProperties: false + type: object + properties: + Eks: + $ref: '#/components/schemas/ClusterOrchestratorEksConfig' + required: + - Eks + ClusterEbsVolumeConfig: + description: Defines the configuration for attaching additional Amazon Elastic Block Store (EBS) volumes to the instances in the SageMaker HyperPod cluster instance group. The additional EBS volume is attached to each instance within the SageMaker HyperPod cluster instance group and mounted to /opt/sagemaker. + additionalProperties: false + type: object + properties: + VolumeSizeInGB: + description: The size in gigabytes (GB) of the additional EBS volume to be attached to the instances in the SageMaker HyperPod cluster instance group. The additional EBS volume is attached to each instance within the SageMaker HyperPod cluster instance group and mounted to /opt/sagemaker. + maximum: 16384 + type: integer + minimum: 1 + ClusterLifeCycleConfig: + description: The lifecycle configuration for a SageMaker HyperPod cluster. + additionalProperties: false + type: object + properties: + SourceS3Uri: + pattern: ^(https|s3)://([^/]+)/?(.*)$ + description: An Amazon S3 bucket path where your lifecycle scripts are stored. + type: string + maxLength: 1024 + OnCreate: + minLength: 1 + pattern: ^[\S\s]+$ + description: The file name of the entrypoint script of lifecycle scripts under SourceS3Uri. This entrypoint script runs during cluster creation. + type: string + maxLength: 128 + required: + - OnCreate + - SourceS3Uri + OnStartDeepHealthChecks: + description: Nodes will undergo advanced stress test to detect and replace faulty instances, based on the type of deep health check(s) passed in. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/DeepHealthCheckType' + ClusterInstanceGroup: + description: Details of an instance group in a SageMaker HyperPod cluster. + additionalProperties: false + type: object + properties: + OverrideVpcConfig: + $ref: '#/components/schemas/VpcConfig' + InstanceCount: + description: The number of instances you specified to add to the instance group of a SageMaker HyperPod cluster. + type: integer + minimum: 0 + OnStartDeepHealthChecks: + $ref: '#/components/schemas/OnStartDeepHealthChecks' + InstanceGroupName: + $ref: '#/components/schemas/InstanceGroupName' + InstanceStorageConfigs: + $ref: '#/components/schemas/ClusterInstanceStorageConfigs' + CurrentCount: + description: The number of instances that are currently in the instance group of a SageMaker HyperPod cluster. + type: integer + minimum: 0 + LifeCycleConfig: + $ref: '#/components/schemas/ClusterLifeCycleConfig' + InstanceType: + $ref: '#/components/schemas/InstanceType' + ThreadsPerCore: + description: The number you specified to TreadsPerCore in CreateCluster for enabling or disabling multithreading. For instance types that support multithreading, you can specify 1 for disabling multithreading and 2 for enabling multithreading. + maximum: 2 + type: integer + minimum: 1 + ExecutionRole: + $ref: '#/components/schemas/ExecutionRole' + required: + - ExecutionRole + - InstanceCount + - InstanceGroupName + - InstanceType + - LifeCycleConfig + ClusterInstanceStorageConfigs: + maxItems: 1 + description: The instance storage configuration for the instance group. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/ClusterInstanceStorageConfig' + InstanceType: + description: The instance type of the instance group of a SageMaker HyperPod cluster. + type: string + ExecutionRole: + minLength: 20 + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + description: The execution role for the instance group to assume. + type: string + maxLength: 2048 + Cluster: + type: object + properties: + ClusterArn: + pattern: ^arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:cluster/[a-z0-9]{12}$ + description: The Amazon Resource Name (ARN) of the HyperPod Cluster. + type: string + maxLength: 256 + VpcConfig: + $ref: '#/components/schemas/VpcConfig' + NodeRecovery: + description: If node auto-recovery is set to true, faulty nodes will be replaced or rebooted when a failure is detected. If set to false, nodes will be labelled when a fault is detected. + type: string + enum: + - Automatic + - None + CreationTime: + description: The time at which the HyperPod cluster was created. + type: string + InstanceGroups: + $ref: '#/components/schemas/ClusterInstanceGroupsList' + ClusterName: + minLength: 1 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$ + description: The name of the HyperPod Cluster. + type: string + maxLength: 63 + FailureMessage: + description: The failure message of the HyperPod Cluster. + type: string + Orchestrator: + $ref: '#/components/schemas/Orchestrator' + ClusterStatus: + description: The status of the HyperPod Cluster. + type: string + enum: + - Creating + - Deleting + - Failed + - InService + - RollingBack + - SystemUpdating + - Updating + Tags: + maxItems: 50 + uniqueItems: true + description: Custom tags for managing the SageMaker HyperPod cluster as an AWS resource. You can add tags to your cluster in the same way you add them in other AWS services that support tagging. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + required: + - InstanceGroups + x-stackql-resource-name: cluster + description: Resource Type definition for AWS::SageMaker::Cluster + x-type-name: AWS::SageMaker::Cluster + x-stackql-primary-identifier: + - ClusterArn + x-stackql-additional-identifiers: + - - ClusterName + x-create-only-properties: + - ClusterName + - VpcConfig + - Orchestrator + - InstanceGroups/*/OverrideVpcConfig + - InstanceGroups/*/ExecutionRole + - InstanceGroups/*/InstanceGroupName + - InstanceGroups/*/InstanceType + - InstanceGroups/*/ThreadsPerCore + x-read-only-properties: + - ClusterArn + - CreationTime + - ClusterStatus + - FailureMessage + - InstanceGroups/*/CurrentCount + x-required-properties: + - InstanceGroups + x-tagging: + permissions: + - sagemaker:AddTags + - sagemaker:ListTags + - sagemaker:DeleteTags + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + x-required-permissions: + read: + - sagemaker:DescribeCluster + - sagemaker:ListTags + create: + - sagemaker:CreateCluster + - sagemaker:DescribeCluster + - sagemaker:AddTags + - sagemaker:ListTags + - eks:DescribeAccessEntry + - eks:DescribeCluster + - eks:CreateAccessEntry + - eks:DeleteAccessEntry + - eks:AssociateAccessPolicy + - iam:CreateServiceLinkedRole + - iam:PassRole + update: + - sagemaker:UpdateCluster + - sagemaker:DescribeCluster + - sagemaker:ListTags + - sagemaker:AddTags + - sagemaker:DeleteTags + - eks:DescribeAccessEntry + - eks:DescribeCluster + - eks:CreateAccessEntry + - eks:DeleteAccessEntry + - iam:PassRole + list: + - sagemaker:ListClusters + delete: + - sagemaker:DeleteCluster + - sagemaker:DescribeCluster + - eks:DescribeAccessEntry + - eks:DeleteAccessEntry DataQualityBaselineConfig: type: object additionalProperties: false @@ -1014,32 +1302,6 @@ components: type: boolean VpcConfig: $ref: '#/components/schemas/VpcConfig' - VpcConfig: - type: object - additionalProperties: false - description: Specifies a VPC that your training jobs and hosted models have access to. Control access to and from your training and model containers by configuring the VPC. - properties: - SecurityGroupIds: - description: The VPC security group IDs, in the form sg-xxxxxxxx. Specify the security groups for the VPC that is specified in the Subnets field. - type: array - minItems: 1 - maxItems: 5 - items: - type: string - maxLength: 32 - pattern: '[-0-9a-zA-Z]+' - Subnets: - description: The ID of the subnets in the VPC to which you want to connect to your monitoring jobs. - type: array - minItems: 1 - maxItems: 16 - items: - type: string - maxLength: 32 - pattern: '[-0-9a-zA-Z]+' - required: - - SecurityGroupIds - - Subnets StoppingCondition: type: object additionalProperties: false @@ -1173,6 +1435,15 @@ components: - DataQualityJobOutputConfig - JobResources - RoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - sagemaker:AddTags + - sagemaker:ListTags x-required-permissions: create: - sagemaker:CreateDataQualityJobDefinition @@ -1320,6 +1591,8 @@ components: $ref: '#/components/schemas/DefaultSpaceStorageSettings' CodeEditorAppSettings: $ref: '#/components/schemas/CodeEditorAppSettings' + StudioWebPortalSettings: + $ref: '#/components/schemas/StudioWebPortalSettings' DefaultLandingUri: type: string description: Defines which Amazon SageMaker application users are directed to by default. @@ -1405,6 +1678,14 @@ components: properties: DefaultResourceSpec: $ref: '#/components/schemas/ResourceSpec' + LifecycleConfigArns: + type: array + description: A list of LifecycleConfigArns available for use with JupyterServer apps. + uniqueItems: false + minItems: 0 + maxItems: 30 + items: + $ref: '#/components/schemas/StudioLifecycleConfigArn' KernelGatewayAppSettings: type: object description: The kernel gateway app settings. @@ -1421,6 +1702,14 @@ components: DefaultResourceSpec: $ref: '#/components/schemas/ResourceSpec' description: The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the KernelGateway app. + LifecycleConfigArns: + type: array + description: A list of LifecycleConfigArns available for use with KernelGateway apps. + uniqueItems: false + minItems: 0 + maxItems: 30 + items: + $ref: '#/components/schemas/StudioLifecycleConfigArn' JupyterLabAppSettings: type: object description: The JupyterLab app settings. @@ -1453,6 +1742,47 @@ components: maxItems: 30 items: $ref: '#/components/schemas/CustomImage' + AppLifecycleManagement: + $ref: '#/components/schemas/AppLifecycleManagement' + AppLifecycleManagement: + type: object + properties: + IdleSettings: + $ref: '#/components/schemas/IdleSettings' + additionalProperties: false + IdleSettings: + type: object + properties: + LifecycleManagement: + $ref: '#/components/schemas/LifecycleManagement' + IdleTimeoutInMinutes: + $ref: '#/components/schemas/IdleTimeoutInMinutes' + MinIdleTimeoutInMinutes: + $ref: '#/components/schemas/MinIdleTimeoutInMinutes' + MaxIdleTimeoutInMinutes: + $ref: '#/components/schemas/MaxIdleTimeoutInMinutes' + additionalProperties: false + LifecycleManagement: + type: string + description: A flag to enable/disable AppLifecycleManagement settings + enum: + - ENABLED + - DISABLED + IdleTimeoutInMinutes: + type: integer + description: The idle timeout value set in minutes + minimum: 60 + maximum: 525600 + MinIdleTimeoutInMinutes: + type: integer + description: The minimum idle timeout value set in minutes + minimum: 60 + maximum: 525600 + MaxIdleTimeoutInMinutes: + type: integer + description: The maximum idle timeout value set in minutes + minimum: 60 + maximum: 525600 CodeRepository: type: object additionalProperties: false @@ -1513,6 +1843,8 @@ components: maxItems: 30 items: $ref: '#/components/schemas/CustomImage' + AppLifecycleManagement: + $ref: '#/components/schemas/AppLifecycleManagement' StudioLifecycleConfigArn: type: string description: The Amazon Resource Name (ARN) of the Lifecycle Configuration to attach to the Resource. @@ -1539,6 +1871,8 @@ components: properties: EFSFileSystemConfig: $ref: '#/components/schemas/EFSFileSystemConfig' + FSxLustreFileSystemConfig: + $ref: '#/components/schemas/FSxLustreFileSystemConfig' EFSFileSystemConfig: type: object additionalProperties: false @@ -1555,6 +1889,22 @@ components: pattern: ^(fs-[0-9a-f]{8,})$ required: - FileSystemId + FSxLustreFileSystemConfig: + type: object + additionalProperties: false + properties: + FileSystemPath: + type: string + pattern: ^\/\S*$ + minLength: 1 + maxLength: 256 + FileSystemId: + type: string + minLength: 11 + maxLength: 21 + pattern: ^(fs-[0-9a-f]{8,})$ + required: + - FileSystemId CustomImage: type: object description: A custom SageMaker image. @@ -1618,6 +1968,12 @@ components: $ref: '#/components/schemas/RStudioServerProDomainSettings' DockerSettings: $ref: '#/components/schemas/DockerSettings' + ExecutionRoleIdentityConfig: + type: string + description: The configuration for attaching a SageMaker user profile name to the execution role as a sts:SourceIdentity key. + enum: + - USER_PROFILE_NAME + - DISABLED DockerSettings: type: object description: A collection of settings that are required to start docker-proxy server. @@ -1635,7 +1991,7 @@ components: uniqueItems: false x-insertionOrder: false minItems: 0 - maxItems: 10 + maxItems: 20 items: type: string minLength: 12 @@ -1697,30 +2053,268 @@ components: enum: - R_STUDIO_ADMIN - R_STUDIO_USER - Domain: - description: The machine learning domain of the model package you specified. - type: string - FeatureDefinition: + StudioWebPortalSettings: type: object + description: Studio settings. If these settings are applied on a user level, they take priority over the settings applied on a domain level. additionalProperties: false properties: - FeatureName: - type: string - minLength: 1 - maxLength: 64 - pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63} - FeatureType: - type: string - enum: - - Integral - - Fractional - - String - required: - - FeatureName - - FeatureType - KmsKeyId: - type: string - maxLength: 2048 + HiddenMlTools: + type: array + description: The machine learning tools that are hidden from the Studio left navigation pane. + x-insertionOrder: false + uniqueItems: true + minItems: 0 + items: + $ref: '#/components/schemas/MlTools' + HiddenAppTypes: + type: array + description: Applications supported in Studio that are hidden from the Studio left navigation pane. + x-insertionOrder: false + uniqueItems: true + minItems: 0 + items: + $ref: '#/components/schemas/AppType' + MlTools: + type: string + enum: + - DataWrangler + - FeatureStore + - EmrClusters + - AutoMl + - Experiments + - Training + - ModelEvaluation + - Pipelines + - Models + - JumpStart + - InferenceRecommender + - Endpoints + - Projects + - InferenceOptimization + - HyperPodClusters + - Comet + - DeepchecksLLMEvaluation + - Fiddler + - LakeraGuard + AppType: + type: string + enum: + - JupyterServer + - TensorBoard + - RStudioServerPro + - JupyterLab + - CodeEditor + - DetailedProfiler + - Canvas + Domain: + description: The machine learning domain of the model package you specified. + type: string + Alarm: + type: object + additionalProperties: false + properties: + AlarmName: + type: string + description: The name of the CloudWatch alarm. + required: + - AlarmName + AutoRollbackConfig: + type: object + additionalProperties: false + properties: + Alarms: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Alarm' + description: List of CloudWatch alarms to monitor during the deployment. If any alarm goes off, the deployment is rolled back. + required: + - Alarms + BlueGreenUpdatePolicy: + type: object + additionalProperties: false + properties: + MaximumExecutionTimeoutInSeconds: + type: integer + description: The maximum time allowed for the blue/green update, in seconds. + TerminationWaitInSeconds: + type: integer + description: The wait time before terminating the old endpoint during a blue/green deployment. + TrafficRoutingConfiguration: + $ref: '#/components/schemas/TrafficRoutingConfig' + description: The traffic routing configuration for the blue/green deployment. + required: + - TrafficRoutingConfiguration + CapacitySize: + type: object + additionalProperties: false + properties: + Type: + type: string + description: Specifies whether the `Value` is an instance count or a capacity unit. + Value: + type: integer + description: The value representing either the number of instances or the number of capacity units. + required: + - Type + - Value + DeploymentConfig: + type: object + additionalProperties: false + properties: + AutoRollbackConfiguration: + $ref: '#/components/schemas/AutoRollbackConfig' + description: Configuration for automatic rollback if an error occurs during deployment. + BlueGreenUpdatePolicy: + $ref: '#/components/schemas/BlueGreenUpdatePolicy' + description: Configuration for blue-green update deployment policies. + RollingUpdatePolicy: + $ref: '#/components/schemas/RollingUpdatePolicy' + description: Configuration for rolling update deployment policies. + RollingUpdatePolicy: + type: object + additionalProperties: false + properties: + MaximumBatchSize: + $ref: '#/components/schemas/CapacitySize' + description: Specifies the maximum batch size for each rolling update. + MaximumExecutionTimeoutInSeconds: + type: integer + description: The maximum time allowed for the rolling update, in seconds. + RollbackMaximumBatchSize: + $ref: '#/components/schemas/CapacitySize' + description: The maximum batch size for rollback during an update failure. + WaitIntervalInSeconds: + type: integer + description: The time to wait between steps during the rolling update, in seconds. + required: + - MaximumBatchSize + - WaitIntervalInSeconds + TrafficRoutingConfig: + type: object + additionalProperties: false + properties: + CanarySize: + $ref: '#/components/schemas/CapacitySize' + description: Specifies the size of the canary traffic in a canary deployment. + LinearStepSize: + $ref: '#/components/schemas/CapacitySize' + description: Specifies the step size for linear traffic routing. + Type: + type: string + description: Specifies the type of traffic routing (e.g., 'AllAtOnce', 'Canary', 'Linear'). + WaitIntervalInSeconds: + type: integer + description: Specifies the wait interval between traffic shifts, in seconds. + required: + - Type + VariantProperty: + type: object + additionalProperties: false + properties: + VariantPropertyType: + type: string + description: The type of variant property (e.g., 'DesiredInstanceCount', 'DesiredWeight', 'DataCaptureConfig'). + Endpoint: + type: object + properties: + DeploymentConfig: + $ref: '#/components/schemas/DeploymentConfig' + description: Specifies deployment configuration for updating the SageMaker endpoint. Includes rollback and update policies. + EndpointArn: + type: string + description: The Amazon Resource Name (ARN) of the endpoint. + EndpointConfigName: + type: string + description: The name of the endpoint configuration for the SageMaker endpoint. This is a required property. + EndpointName: + type: string + description: The name of the SageMaker endpoint. This name must be unique within an AWS Region. + ExcludeRetainedVariantProperties: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/VariantProperty' + description: Specifies a list of variant properties that you want to exclude when updating an endpoint. + RetainAllVariantProperties: + type: boolean + description: When set to true, retains all variant properties for an endpoint when it is updated. + RetainDeploymentConfig: + type: boolean + description: When set to true, retains the deployment configuration during endpoint updates. + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + description: An array of key-value pairs to apply to this resource. + required: + - EndpointConfigName + x-stackql-resource-name: endpoint + description: Resource Type definition for AWS::SageMaker::Endpoint + x-type-name: AWS::SageMaker::Endpoint + x-stackql-primary-identifier: + - EndpointArn + x-create-only-properties: + - EndpointName + x-write-only-properties: + - ExcludeRetainedVariantProperties + - RetainAllVariantProperties + - RetainDeploymentConfig + x-read-only-properties: + - EndpointArn + - EndpointName + x-required-properties: + - EndpointConfigName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - sagemaker:AddTags + - sagemaker:DeleteTags + - sagemaker:ListTags + x-required-permissions: + create: + - sagemaker:CreateEndpoint + - sagemaker:DescribeEndpoint + - sagemaker:AddTags + read: + - sagemaker:DescribeEndpoint + - sagemaker:ListTags + update: + - sagemaker:UpdateEndpoint + - sagemaker:DescribeEndpoint + - sagemaker:AddTags + - sagemaker:DeleteTags + delete: + - sagemaker:DeleteEndpoint + - sagemaker:DescribeEndpoint + list: + - sagemaker:ListEndpoints + FeatureDefinition: + type: object + additionalProperties: false + properties: + FeatureName: + type: string + minLength: 1 + maxLength: 64 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63} + FeatureType: + type: string + enum: + - Integral + - Fractional + - String + required: + - FeatureName + - FeatureType + KmsKeyId: + type: string + maxLength: 2048 StorageType: type: string enum: @@ -2274,6 +2868,11 @@ components: type: integer minimum: 60 maximum: 3600 + BaseInferenceComponentName: + description: The name of the base inference component + type: string + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])*$ + maxLength: 63 InferenceComponentStartupParameters: description: '' type: object @@ -2312,14 +2911,14 @@ components: properties: ModelName: $ref: '#/components/schemas/ModelName' + BaseInferenceComponentName: + $ref: '#/components/schemas/BaseInferenceComponentName' Container: $ref: '#/components/schemas/InferenceComponentContainerSpecification' StartupParameters: $ref: '#/components/schemas/InferenceComponentStartupParameters' ComputeResourceRequirements: $ref: '#/components/schemas/InferenceComponentComputeResourceRequirements' - required: - - ComputeResourceRequirements InferenceComponentCopyCount: description: The number of copies for the inference component type: integer @@ -2378,9 +2977,7 @@ components: $ref: '#/components/schemas/TagList' required: - EndpointName - - VariantName - Specification - - RuntimeConfig x-stackql-resource-name: inference_component description: Resource Type definition for AWS::SageMaker::InferenceComponent x-type-name: AWS::SageMaker::InferenceComponent @@ -2400,9 +2997,7 @@ components: - InferenceComponentStatus x-required-properties: - EndpointName - - VariantName - Specification - - RuntimeConfig x-tagging: taggable: true tagOnCreate: true @@ -2751,6 +3346,113 @@ components: - sagemaker:AddTags - sagemaker:DeleteTags - sagemaker:ListTags + MlflowTrackingServer: + type: object + properties: + TrackingServerName: + type: string + description: The name of the MLFlow Tracking Server. + minLength: 1 + maxLength: 256 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,255}$ + TrackingServerArn: + description: The Amazon Resource Name (ARN) of the MLFlow Tracking Server. + type: string + maxLength: 2048 + pattern: ^arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:mlflow-tracking-server/.*$ + TrackingServerSize: + type: string + description: The size of the MLFlow Tracking Server. + enum: + - Small + - Medium + - Large + MlflowVersion: + type: string + description: The MLFlow Version used on the MLFlow Tracking Server. + minLength: 1 + maxLength: 32 + pattern: ^\d+(\.\d+)+$ + RoleArn: + type: string + description: The Amazon Resource Name (ARN) of an IAM role that enables Amazon SageMaker to perform tasks on behalf of the customer. + minLength: 20 + maxLength: 2048 + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role\/?[a-zA-Z_0-9+=,.@\-_\/]+$ + ArtifactStoreUri: + type: string + description: The Amazon S3 URI for MLFlow Tracking Server artifacts. + minLength: 1 + maxLength: 2048 + pattern: ^s3:\/\/([^\/]+)\/?(.*)$ + AutomaticModelRegistration: + type: boolean + description: A flag to enable Automatic SageMaker Model Registration. + WeeklyMaintenanceWindowStart: + type: string + description: The start of the time window for maintenance of the MLFlow Tracking Server in UTC time. + pattern: ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun):([01]\d|2[0-3]):([0-5]\d)$ + maxLength: 9 + Tags: + type: array + minItems: 1 + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - TrackingServerName + - ArtifactStoreUri + - RoleArn + x-stackql-resource-name: mlflow_tracking_server + description: Resource Type definition for AWS::SageMaker::MlflowTrackingServer + x-type-name: AWS::SageMaker::MlflowTrackingServer + x-stackql-primary-identifier: + - TrackingServerName + x-create-only-properties: + - TrackingServerName + x-conditional-create-only-properties: + - MlflowVersion + - RoleArn + x-read-only-properties: + - TrackingServerArn + x-required-properties: + - TrackingServerName + - ArtifactStoreUri + - RoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - sagemaker:AddTags + - sagemaker:ListTags + - sagemaker:DeleteTags + x-required-permissions: + create: + - sagemaker:CreateMlflowTrackingServer + - sagemaker:DescribeMlflowTrackingServer + - sagemaker:AddTags + - sagemaker:ListTags + - iam:PassRole + read: + - sagemaker:DescribeMlflowTrackingServer + - sagemaker:ListTags + update: + - sagemaker:UpdateMlflowTrackingServer + - sagemaker:DescribeMlflowTrackingServer + - sagemaker:ListTags + - sagemaker:AddTags + - sagemaker:DeleteTags + - iam:PassRole + delete: + - sagemaker:DeleteMlflowTrackingServer + - sagemaker:DescribeMlflowTrackingServer + list: + - sagemaker:ListMlflowTrackingServers ModelBiasBaselineConfig: type: object additionalProperties: false @@ -2897,6 +3599,15 @@ components: - ModelBiasJobOutputConfig - JobResources - RoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - sagemaker:AddTags + - sagemaker:ListTags x-required-permissions: create: - sagemaker:CreateModelBiasJobDefinition @@ -2911,17 +3622,17 @@ components: - sagemaker:ListModelBiasJobDefinitions - sagemaker:ListTags SecurityConfig: + description: An optional AWS Key Management Service key to encrypt, decrypt, and re-encrypt model package information for regulated workloads with highly sensitive data. type: object - description: |+ - An optional Key Management Service key to encrypt, decrypt, and re-encrypt model card content for regulated workloads with highly sensitive data. - additionalProperties: false properties: KmsKeyId: + description: The AWS KMS Key ID (KMSKeyId) used for encryption of model package information. type: string - description: A Key Management Service key ID to use for encrypting a model card. maxLength: 2048 - pattern: .* + pattern: ^[a-zA-Z0-9:/_-]*$ + required: + - KmsKeyId UserContext: description: Information about the user who created or modified an experiment, trial, trial component, lineage group, project, or model card. type: object @@ -3557,140 +4268,27 @@ components: type: string maxLength: 63 ModelCard: + description: The model card associated with the model package. type: object + additionalProperties: false properties: - ModelCardArn: - description: The Amazon Resource Name (ARN) of the successfully created model card. - type: string - minLength: 1 - maxLength: 256 - pattern: ^arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]{9,16}:[0-9]{12}:model-card/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$ - ModelCardVersion: - description: A version of the model card. - type: integer - minimum: 1 - ModelCardName: - description: The unique name of the model card. + ModelCardContent: + description: The content of the model card. type: string - maxLength: 63 - pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$ - SecurityConfig: - $ref: '#/components/schemas/SecurityConfig' + minLength: 0 + maxLength: 100000 + pattern: .* ModelCardStatus: - description: The approval status of the model card within your organization. Different organizations might have different criteria for model card review and approval. + description: The approval status of the model card within your organization. type: string enum: - Draft - PendingReview - Approved - Archived - Content: - $ref: '#/components/schemas/Content' - CreationTime: - description: The date and time the model card was created. - type: string - CreatedBy: - description: Information about the user who created or modified an experiment, trial, trial component, lineage group, project, or model card. - $ref: '#/components/schemas/UserContext' - LastModifiedTime: - description: The date and time the model card was last modified. - type: string - LastModifiedBy: - description: Information about the user who created or modified an experiment, trial, trial component, lineage group, project, or model card. - $ref: '#/components/schemas/UserContext' - ModelCardProcessingStatus: - description: The processing status of model card deletion. The ModelCardProcessingStatus updates throughout the different deletion steps. - type: string - default: UnsetValue - enum: - - UnsetValue - - DeleteInProgress - - DeletePending - - ContentDeleted - - ExportJobsDeleted - - DeleteCompleted - - DeleteFailed - Tags: - type: array - minItems: 1 - maxItems: 50 - description: Key-value pairs used to manage metadata for model cards. - x-insertionOrder: true - items: - $ref: '#/components/schemas/Tag' required: - - ModelCardName - - Content - - ModelCardStatus - x-stackql-resource-name: model_card - description: Resource Type definition for AWS::SageMaker::ModelCard. - x-type-name: AWS::SageMaker::ModelCard - x-stackql-primary-identifier: - - ModelCardName - x-create-only-properties: - - ModelCardName - - SecurityConfig - x-read-only-properties: - - ModelCardArn - - ModelCardVersion - - CreatedBy/DomainId - - CreatedBy/UserProfileArn - - CreatedBy/UserProfileName - - LastModifiedBy/DomainId - - LastModifiedBy/UserProfileArn - - LastModifiedBy/UserProfileName - - CreationTime - - LastModifiedTime - - ModelCardProcessingStatus - x-required-properties: - - ModelCardName - - Content + - ModelCardContent - ModelCardStatus - x-tagging: - taggable: true - tagOnCreate: true - tagUpdatable: true - cloudFormationSystemTags: true - tagProperty: /properties/Tags - x-required-permissions: - create: - - sagemaker:CreateModelCard - - sagemaker:DescribeModel - - kms:DescribeKey - - kms:GenerateDataKey - - kms:CreateGrant - - sagemaker:DescribeModelPackageGroup - - sagemaker:DescribeModelPackage - - sagemaker:AddTags - read: - - sagemaker:DescribeModelCard - - sagemaker:DescribeModelPackageGroup - - sagemaker:DescribeModelPackage - - kms:Decrypt - - sagemaker:ListTags - update: - - sagemaker:UpdateModelCard - - sagemaker:DescribeModelCard - - sagemaker:DescribeModel - - kms:GenerateDataKey - - kms:Decrypt - - sagemaker:DescribeModelPackageGroup - - sagemaker:DescribeModelPackage - - sagemaker:ListTags - - sagemaker:AddTags - - sagemaker:DeleteTags - delete: - - sagemaker:DescribeModelCard - - sagemaker:DeleteModelCard - - sagemaker:DescribeModelPackageGroup - - sagemaker:DescribeModelPackage - - kms:RetireGrant - - kms:Decrypt - - sagemaker:ListTags - - sagemaker:DeleteTags - list: - - sagemaker:ListModelCards - - sagemaker:ListModelCardVersions ModelExplainabilityBaselineConfig: type: object additionalProperties: false @@ -3815,6 +4413,15 @@ components: - ModelExplainabilityJobOutputConfig - JobResources - RoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - sagemaker:AddTags + - sagemaker:ListTags x-required-permissions: create: - sagemaker:CreateModelExplainabilityJobDefinition @@ -4076,6 +4683,8 @@ components: description: A structure with Model Input details. pattern: ^(https|s3)://([^/]+)/?(.*)$ maxLength: 1024 + ModelDataSource: + $ref: '#/components/schemas/ModelDataSource' Framework: type: string description: The machine learning framework of the model package container image. @@ -4388,7 +4997,7 @@ components: ModelPackageArn: type: string description: The Amazon Resource Name (ARN) of the model package group. - pattern: ^arn:aws(-cn|-us-gov)?:sagemaker:[a-z0-9\-]{9,16}:[0-9]{12}:model-package/[\S]{1,2048}$ + pattern: ^arn:aws(-cn|-us-gov|-iso-f)?:sagemaker:[a-z0-9\-]{9,16}:[0-9]{12}:model-package/[\S]{1,2048}$ minLength: 1 maxLength: 2048 ApprovalDescription: @@ -4453,6 +5062,57 @@ components: Task: description: The machine learning task your model package accomplishes. type: string + ModelDataSource: + description: Specifies the location of ML model data to deploy during endpoint creation. + type: object + additionalProperties: false + properties: + S3DataSource: + $ref: '#/components/schemas/S3ModelDataSource' + S3ModelDataSource: + description: Specifies the S3 location of ML model data to deploy. + type: object + additionalProperties: false + properties: + S3DataType: + description: Specifies the type of ML model data to deploy. + type: string + enum: + - S3Prefix + - S3Object + S3Uri: + description: Specifies the S3 path of ML model data to deploy. + type: string + maxLength: 1024 + pattern: ^(https|s3)://([^/]+)/?(.*)$ + CompressionType: + description: Specifies how the ML model data is prepared. + type: string + enum: + - None + - Gzip + ModelAccessConfig: + $ref: '#/components/schemas/ModelAccessConfig' + required: + - S3DataType + - S3Uri + - CompressionType + ModelAccessConfig: + description: Specifies the access configuration file for the ML model. + type: object + additionalProperties: false + properties: + AcceptEula: + description: Specifies agreement to the model end-user license agreement (EULA). + type: boolean + required: + - AcceptEula + SourceUri: + description: The URI of the source for the model package. + type: string + minLength: 0 + maxLength: 1024 + pattern: '[\p{L}\p{M}\p{Z}\p{N}\p{P}]{0,1024}' ModelPackage: type: object properties: @@ -4514,6 +5174,12 @@ components: $ref: '#/components/schemas/AdditionalInferenceSpecifications' ModelPackageStatusDetails: $ref: '#/components/schemas/ModelPackageStatusDetails' + SourceUri: + $ref: '#/components/schemas/SourceUri' + ModelCard: + $ref: '#/components/schemas/ModelCard' + SecurityConfig: + $ref: '#/components/schemas/SecurityConfig' x-stackql-resource-name: model_package description: Resource Type definition for AWS::SageMaker::ModelPackage x-type-name: AWS::SageMaker::ModelPackage @@ -4532,6 +5198,10 @@ components: - Domain - Task - SamplePayloadUrl + - SecurityConfig + x-conditional-create-only-properties: + - ModelCard + - SourceUri x-write-only-properties: - ClientToken - AdditionalInferenceSpecificationsToAdd @@ -4545,6 +5215,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - sagemaker:AddTags + - sagemaker:ListTags + - sagemaker:DeleteTags x-required-permissions: create: - ecr:BatchGetImage @@ -4559,20 +5233,37 @@ components: - sagemaker:DescribeTransformJob - sagemaker:DescribeModelPackage - sagemaker:ListTags + - sagemaker:UpdateModelPackage - iam:PassRole - s3:GetObject + - s3:ListBucket + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt read: - sagemaker:DescribeModelPackage - sagemaker:ListTags + - kms:DescribeKey + - kms:Decrypt update: + - ecr:BatchGetImage - sagemaker:UpdateModelPackage - sagemaker:DescribeModelPackage - sagemaker:ListTags - sagemaker:AddTags - sagemaker:DeleteTags + - s3:GetObject + - s3:ListBucket + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt delete: - sagemaker:DeleteModelPackage - sagemaker:DescribeModelPackage + - kms:DescribeKey + - kms:Decrypt list: - sagemaker:ListModelPackages ModelPackageGroupDescription: @@ -4632,6 +5323,16 @@ components: - ModelPackageGroupStatus x-required-properties: - ModelPackageGroupName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - sagemaker:AddTags + - sagemaker:ListTags + - sagemaker:DeleteTags x-required-permissions: create: - sagemaker:CreateModelPackageGroup @@ -4816,6 +5517,15 @@ components: - ModelQualityJobOutputConfig - JobResources - RoleArn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - sagemaker:AddTags + - sagemaker:ListTags x-required-permissions: create: - sagemaker:CreateModelQualityJobDefinition @@ -5106,6 +5816,177 @@ components: update: - sagemaker:UpdateMonitoringSchedule - sagemaker:DescribeMonitoringSchedule + PartnerAppConfig: + type: object + description: A collection of configuration settings for the PartnerApp. + additionalProperties: false + properties: + AdminUsers: + type: array + description: A list of users with administrator privileges for the PartnerApp. + uniqueItems: true + x-insertionOrder: false + minItems: 0 + maxItems: 5 + items: + $ref: '#/components/schemas/PartnerAppAdminUserList' + Arguments: + description: A list of arguments to pass to the PartnerApp. + type: object + additionalProperties: false + maxProperties: 5 + x-patternProperties: + ^(?!\s*$).{1,256}$: + type: string + pattern: ^.{0,1024}$ + maxLength: 1024 + PartnerAppAdminUserList: + type: string + description: A collection of AdminUsers for the PartnerApp + additionalProperties: false + minLength: 1 + maxLength: 256 + PartnerAppMaintenanceConfig: + type: object + description: A collection of settings that specify the maintenance schedule for the PartnerApp. + additionalProperties: false + properties: + MaintenanceWindowStart: + type: string + description: The maintenance window start day and time for the PartnerApp. + maxLength: 9 + pattern: (Mon|Tue|Wed|Thu|Fri|Sat|Sun):([01]\d|2[0-3]):([0-5]\d) + required: + - MaintenanceWindowStart + PartnerApp: + type: object + properties: + Arn: + type: string + description: The Amazon Resource Name (ARN) of the created PartnerApp. + minLength: 1 + maxLength: 128 + pattern: arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:partner-app/app-[A-Z0-9]{12}$ + Name: + type: string + description: A name for the PartnerApp. + minLength: 1 + maxLength: 256 + pattern: ^[a-zA-Z0-9]+ + Type: + type: string + description: The type of PartnerApp. + enum: + - lakera-guard + - comet + - deepchecks-llm-evaluation + - fiddler + ExecutionRoleArn: + type: string + description: The execution role for the user. + minLength: 20 + maxLength: 2048 + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + Tier: + type: string + description: The tier of the PartnerApp. + minLength: 1 + maxLength: 64 + EnableIamSessionBasedIdentity: + type: boolean + description: Enables IAM Session based Identity for PartnerApp. + ApplicationConfig: + $ref: '#/components/schemas/PartnerAppConfig' + description: A collection of settings that specify the maintenance schedule for the PartnerApp. + AuthType: + type: string + description: The Auth type of PartnerApp. + enum: + - IAM + BaseUrl: + type: string + description: The AppServerUrl based on app and account-info. + maxLength: 2048 + MaintenanceConfig: + $ref: '#/components/schemas/PartnerAppMaintenanceConfig' + description: A collection of settings that specify the maintenance schedule for the PartnerApp. + ClientToken: + type: string + description: The client token for the PartnerApp. + minLength: 1 + maxLength: 36 + pattern: ^[a-zA-Z0-9-]+$ + Tags: + type: array + description: A list of tags to apply to the PartnerApp. + uniqueItems: false + x-insertionOrder: false + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + required: + - Name + - Type + - AuthType + - ExecutionRoleArn + - Tier + x-stackql-resource-name: partner_app + description: Resource Type definition for AWS::SageMaker::PartnerApp + x-type-name: AWS::SageMaker::PartnerApp + x-stackql-primary-identifier: + - Arn + x-create-only-properties: + - Name + - Type + - ExecutionRoleArn + - AuthType + x-write-only-properties: + - ClientToken + x-read-only-properties: + - Arn + - BaseUrl + x-required-properties: + - Name + - Type + - AuthType + - ExecutionRoleArn + - Tier + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - sagemaker:AddTags + - sagemaker:DeleteTags + - sagemaker:ListTags + x-required-permissions: + create: + - sagemaker:CreatePartnerApp + - sagemaker:DescribePartnerApp + - sagemaker:AddTags + - sagemaker:ListTags + - iam:PassRole + read: + - sagemaker:DescribePartnerApp + - sagemaker:ListTags + update: + - sagemaker:UpdatePartnerApp + - sagemaker:DescribePartnerApp + - sagemaker:AddTags + - sagemaker:ListTags + - sagemaker:DeleteTags + delete: + - sagemaker:DeletePartnerApp + - sagemaker:DescribePartnerApp + - sagemaker:DeleteTags + list: + - sagemaker:ListPartnerApps + - sagemaker:DescribePartnerApp + - sagemaker:ListTags S3Location: type: object additionalProperties: false @@ -5358,6 +6239,16 @@ components: x-required-properties: - ProjectName - ServiceCatalogProvisioningDetails + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - sagemaker:AddTags + - sagemaker:ListTags + - sagemaker:DeleteTags x-required-permissions: create: - sagemaker:AddTags @@ -5429,16 +6320,6 @@ components: $ref: '#/components/schemas/AppType' CustomFileSystems: $ref: '#/components/schemas/CustomFileSystems' - AppType: - type: string - enum: - - JupyterServer - - KernelGateway - - TensorBoard - - RStudioServerPro - - RSessionGateway - - JupyterLab - - CodeEditor CustomFileSystems: type: array uniqueItems: true @@ -5452,6 +6333,8 @@ components: properties: EFSFileSystem: $ref: '#/components/schemas/EFSFileSystem' + FSxLustreFileSystem: + $ref: '#/components/schemas/FSxLustreFileSystem' EFSFileSystem: type: object additionalProperties: false @@ -5463,6 +6346,17 @@ components: pattern: ^(fs-[0-9a-f]{8,})$ required: - FileSystemId + FSxLustreFileSystem: + type: object + additionalProperties: false + properties: + FileSystemId: + type: string + minLength: 11 + maxLength: 21 + pattern: ^(fs-[0-9a-f]{8,})$ + required: + - FileSystemId SpaceJupyterLabAppSettings: type: object description: The JupyterServer app settings. @@ -5470,6 +6364,8 @@ components: properties: DefaultResourceSpec: $ref: '#/components/schemas/ResourceSpec' + AppLifecycleManagement: + $ref: '#/components/schemas/SpaceAppLifecycleManagement' CodeRepositories: type: array description: A list of CodeRepositories available for use with JupyterLab apps. @@ -5478,6 +6374,21 @@ components: maxItems: 30 items: $ref: '#/components/schemas/CodeRepository' + SpaceAppLifecycleManagement: + type: object + additionalProperties: false + properties: + IdleSettings: + $ref: '#/components/schemas/SpaceIdleSettings' + SpaceIdleSettings: + type: object + additionalProperties: false + properties: + IdleTimeoutInMinutes: + type: integer + description: The space idle timeout value set in minutes + minimum: 60 + maximum: 525600 SpaceCodeEditorAppSettings: type: object description: The CodeEditor app settings. @@ -5485,6 +6396,8 @@ components: properties: DefaultResourceSpec: $ref: '#/components/schemas/ResourceSpec' + AppLifecycleManagement: + $ref: '#/components/schemas/SpaceAppLifecycleManagement' SpaceStorageSettings: type: object additionalProperties: false @@ -5560,7 +6473,6 @@ components: - OwnershipSettings x-write-only-properties: - SpaceSettings - - Tags x-read-only-properties: - SpaceArn - Url @@ -5573,28 +6485,125 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - sagemaker:AddTags + - sagemaker:DeleteTags + - sagemaker:ListTags x-required-permissions: create: - sagemaker:CreateSpace - sagemaker:DescribeSpace + - sagemaker:ListTags + - sagemaker:AddTags read: - sagemaker:DescribeSpace + - sagemaker:ListTags update: - sagemaker:UpdateSpace - sagemaker:DescribeSpace + - sagemaker:AddTags + - sagemaker:DeleteTags + - sagemaker:ListTags delete: - sagemaker:DeleteSpace - sagemaker:DescribeSpace + - sagemaker:DeleteTags list: - sagemaker:ListSpaces - UserProfile: + - sagemaker:ListTags + StudioLifecycleConfig: type: object properties: - UserProfileArn: + StudioLifecycleConfigArn: type: string - description: The user profile Amazon Resource Name (ARN). + description: The Amazon Resource Name (ARN) of the Lifecycle Configuration. + minLength: 1 maxLength: 256 - pattern: arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:user-profile/.* + pattern: arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:studio-lifecycle-config/.* + StudioLifecycleConfigAppType: + type: string + description: The App type that the Lifecycle Configuration is attached to. + enum: + - JupyterServer + - KernelGateway + - CodeEditor + - JupyterLab + StudioLifecycleConfigContent: + type: string + description: The content of your Amazon SageMaker Studio Lifecycle Configuration script. This content must be base64 encoded. + minLength: 1 + maxLength: 16384 + pattern: '[\S\s]+' + StudioLifecycleConfigName: + type: string + description: The name of the Amazon SageMaker Studio Lifecycle Configuration. + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62} + Tags: + type: array + description: Tags to be associated with the Lifecycle Configuration. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + required: + - StudioLifecycleConfigAppType + - StudioLifecycleConfigContent + - StudioLifecycleConfigName + x-stackql-resource-name: studio_lifecycle_config + description: Resource Type definition for AWS::SageMaker::StudioLifecycleConfig + x-type-name: AWS::SageMaker::StudioLifecycleConfig + x-stackql-primary-identifier: + - StudioLifecycleConfigName + x-create-only-properties: + - StudioLifecycleConfigAppType + - StudioLifecycleConfigContent + - StudioLifecycleConfigName + - Tags + x-read-only-properties: + - StudioLifecycleConfigArn + x-required-properties: + - StudioLifecycleConfigAppType + - StudioLifecycleConfigContent + - StudioLifecycleConfigName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - sagemaker:AddTags + - sagemaker:ListTags + - sagemaker:DeleteTags + x-required-permissions: + create: + - sagemaker:CreateStudioLifecycleConfig + - sagemaker:DescribeStudioLifecycleConfig + - sagemaker:AddTags + - sagemaker:ListTags + read: + - sagemaker:DescribeStudioLifecycleConfig + - sagemaker:ListTags + delete: + - sagemaker:DeleteStudioLifecycleConfig + - sagemaker:DescribeStudioLifecycleConfig + - sagemaker:DeleteTags + - sagemaker:ListTags + list: + - sagemaker:ListStudioLifecycleConfigs + - sagemaker:ListTags + UserProfile: + type: object + properties: + UserProfileArn: + type: string + description: The user profile Amazon Resource Name (ARN). + maxLength: 256 + pattern: arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:user-profile/.* DomainId: type: string description: The ID of the associated Domain. @@ -5778,6 +6787,71 @@ components: x-title: CreateAppImageConfigRequest type: object required: [] + CreateClusterRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ClusterArn: + pattern: ^arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:cluster/[a-z0-9]{12}$ + description: The Amazon Resource Name (ARN) of the HyperPod Cluster. + type: string + maxLength: 256 + VpcConfig: + $ref: '#/components/schemas/VpcConfig' + NodeRecovery: + description: If node auto-recovery is set to true, faulty nodes will be replaced or rebooted when a failure is detected. If set to false, nodes will be labelled when a fault is detected. + type: string + enum: + - Automatic + - None + CreationTime: + description: The time at which the HyperPod cluster was created. + type: string + InstanceGroups: + $ref: '#/components/schemas/ClusterInstanceGroupsList' + ClusterName: + minLength: 1 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$ + description: The name of the HyperPod Cluster. + type: string + maxLength: 63 + FailureMessage: + description: The failure message of the HyperPod Cluster. + type: string + Orchestrator: + $ref: '#/components/schemas/Orchestrator' + ClusterStatus: + description: The status of the HyperPod Cluster. + type: string + enum: + - Creating + - Deleting + - Failed + - InService + - RollingBack + - SystemUpdating + - Updating + Tags: + maxItems: 50 + uniqueItems: true + description: Custom tags for managing the SageMaker HyperPod cluster as an AWS resource. You can add tags to your cluster in the same way you add them in other AWS services that support tagging. + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateClusterRequest + type: object + required: [] CreateDataQualityJobDefinitionRequest: properties: ClientToken: @@ -5907,6 +6981,53 @@ components: x-title: CreateDeviceFleetRequest type: object required: [] + CreateEndpointRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DeploymentConfig: + $ref: '#/components/schemas/DeploymentConfig' + description: Specifies deployment configuration for updating the SageMaker endpoint. Includes rollback and update policies. + EndpointArn: + type: string + description: The Amazon Resource Name (ARN) of the endpoint. + EndpointConfigName: + type: string + description: The name of the endpoint configuration for the SageMaker endpoint. This is a required property. + EndpointName: + type: string + description: The name of the SageMaker endpoint. This name must be unique within an AWS Region. + ExcludeRetainedVariantProperties: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/VariantProperty' + description: Specifies a list of variant properties that you want to exclude when updating an endpoint. + RetainAllVariantProperties: + type: boolean + description: When set to true, retains all variant properties for an endpoint when it is updated. + RetainDeploymentConfig: + type: boolean + description: When set to true, retains the deployment configuration during endpoint updates. + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' + description: An array of key-value pairs to apply to this resource. + x-stackQL-stringOnly: true + x-title: CreateEndpointRequest + type: object + required: [] CreateFeatureGroupRequest: properties: ClientToken: @@ -6227,6 +7348,75 @@ components: x-title: CreateInferenceExperimentRequest type: object required: [] + CreateMlflowTrackingServerRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + TrackingServerName: + type: string + description: The name of the MLFlow Tracking Server. + minLength: 1 + maxLength: 256 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,255}$ + TrackingServerArn: + description: The Amazon Resource Name (ARN) of the MLFlow Tracking Server. + type: string + maxLength: 2048 + pattern: ^arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:mlflow-tracking-server/.*$ + TrackingServerSize: + type: string + description: The size of the MLFlow Tracking Server. + enum: + - Small + - Medium + - Large + MlflowVersion: + type: string + description: The MLFlow Version used on the MLFlow Tracking Server. + minLength: 1 + maxLength: 32 + pattern: ^\d+(\.\d+)+$ + RoleArn: + type: string + description: The Amazon Resource Name (ARN) of an IAM role that enables Amazon SageMaker to perform tasks on behalf of the customer. + minLength: 20 + maxLength: 2048 + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role\/?[a-zA-Z_0-9+=,.@\-_\/]+$ + ArtifactStoreUri: + type: string + description: The Amazon S3 URI for MLFlow Tracking Server artifacts. + minLength: 1 + maxLength: 2048 + pattern: ^s3:\/\/([^\/]+)\/?(.*)$ + AutomaticModelRegistration: + type: boolean + description: A flag to enable Automatic SageMaker Model Registration. + WeeklyMaintenanceWindowStart: + type: string + description: The start of the time window for maintenance of the MLFlow Tracking Server in UTC time. + pattern: ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun):([01]\d|2[0-3]):([0-5]\d)$ + maxLength: 9 + Tags: + type: array + minItems: 1 + maxItems: 50 + description: An array of key-value pairs to apply to this resource. + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateMlflowTrackingServerRequest + type: object + required: [] CreateModelBiasJobDefinitionRequest: properties: ClientToken: @@ -6282,82 +7472,6 @@ components: x-title: CreateModelBiasJobDefinitionRequest type: object required: [] - CreateModelCardRequest: - properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object - properties: - ModelCardArn: - description: The Amazon Resource Name (ARN) of the successfully created model card. - type: string - minLength: 1 - maxLength: 256 - pattern: ^arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]{9,16}:[0-9]{12}:model-card/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$ - ModelCardVersion: - description: A version of the model card. - type: integer - minimum: 1 - ModelCardName: - description: The unique name of the model card. - type: string - maxLength: 63 - pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$ - SecurityConfig: - $ref: '#/components/schemas/SecurityConfig' - ModelCardStatus: - description: The approval status of the model card within your organization. Different organizations might have different criteria for model card review and approval. - type: string - enum: - - Draft - - PendingReview - - Approved - - Archived - Content: - $ref: '#/components/schemas/Content' - CreationTime: - description: The date and time the model card was created. - type: string - CreatedBy: - description: Information about the user who created or modified an experiment, trial, trial component, lineage group, project, or model card. - $ref: '#/components/schemas/UserContext' - LastModifiedTime: - description: The date and time the model card was last modified. - type: string - LastModifiedBy: - description: Information about the user who created or modified an experiment, trial, trial component, lineage group, project, or model card. - $ref: '#/components/schemas/UserContext' - ModelCardProcessingStatus: - description: The processing status of model card deletion. The ModelCardProcessingStatus updates throughout the different deletion steps. - type: string - default: UnsetValue - enum: - - UnsetValue - - DeleteInProgress - - DeletePending - - ContentDeleted - - ExportJobsDeleted - - DeleteCompleted - - DeleteFailed - Tags: - type: array - minItems: 1 - maxItems: 50 - description: Key-value pairs used to manage metadata for model cards. - x-insertionOrder: true - items: - $ref: '#/components/schemas/Tag' - x-stackQL-stringOnly: true - x-title: CreateModelCardRequest - type: object - required: [] CreateModelExplainabilityJobDefinitionRequest: properties: ClientToken: @@ -6484,6 +7598,12 @@ components: $ref: '#/components/schemas/AdditionalInferenceSpecifications' ModelPackageStatusDetails: $ref: '#/components/schemas/ModelPackageStatusDetails' + SourceUri: + $ref: '#/components/schemas/SourceUri' + ModelCard: + $ref: '#/components/schemas/ModelCard' + SecurityConfig: + $ref: '#/components/schemas/SecurityConfig' x-stackQL-stringOnly: true x-title: CreateModelPackageRequest type: object @@ -6643,7 +7763,7 @@ components: x-title: CreateMonitoringScheduleRequest type: object required: [] - CreatePipelineRequest: + CreatePartnerAppRequest: properties: ClientToken: type: string @@ -6656,50 +7776,131 @@ components: DesiredState: type: object properties: - PipelineName: + Arn: type: string - description: The name of the Pipeline. + description: The Amazon Resource Name (ARN) of the created PartnerApp. minLength: 1 - maxLength: 256 - pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])* - PipelineDisplayName: + maxLength: 128 + pattern: arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:partner-app/app-[A-Z0-9]{12}$ + Name: type: string - description: The display name of the Pipeline. + description: A name for the PartnerApp. minLength: 1 maxLength: 256 - pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])* - PipelineDescription: + pattern: ^[a-zA-Z0-9]+ + Type: type: string - description: The description of the Pipeline. - minLength: 0 - maxLength: 3072 - PipelineDefinition: - type: object - oneOf: - - additionalProperties: false - properties: - PipelineDefinitionBody: - type: string - description: A specification that defines the pipeline in JSON format. - required: - - PipelineDefinitionBody - - additionalProperties: false - properties: - PipelineDefinitionS3Location: - $ref: '#/components/schemas/S3Location' - required: - - PipelineDefinitionS3Location - RoleArn: + description: The type of PartnerApp. + enum: + - lakera-guard + - comet + - deepchecks-llm-evaluation + - fiddler + ExecutionRoleArn: type: string - description: Role Arn + description: The execution role for the user. minLength: 20 maxLength: 2048 pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + Tier: + type: string + description: The tier of the PartnerApp. + minLength: 1 + maxLength: 64 + EnableIamSessionBasedIdentity: + type: boolean + description: Enables IAM Session based Identity for PartnerApp. + ApplicationConfig: + $ref: '#/components/schemas/PartnerAppConfig' + description: A collection of settings that specify the maintenance schedule for the PartnerApp. + AuthType: + type: string + description: The Auth type of PartnerApp. + enum: + - IAM + BaseUrl: + type: string + description: The AppServerUrl based on app and account-info. + maxLength: 2048 + MaintenanceConfig: + $ref: '#/components/schemas/PartnerAppMaintenanceConfig' + description: A collection of settings that specify the maintenance schedule for the PartnerApp. + ClientToken: + type: string + description: The client token for the PartnerApp. + minLength: 1 + maxLength: 36 + pattern: ^[a-zA-Z0-9-]+$ Tags: type: array + description: A list of tags to apply to the PartnerApp. uniqueItems: false - items: - $ref: '#/components/schemas/Tag' + x-insertionOrder: false + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreatePartnerAppRequest + type: object + required: [] + CreatePipelineRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + PipelineName: + type: string + description: The name of the Pipeline. + minLength: 1 + maxLength: 256 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])* + PipelineDisplayName: + type: string + description: The display name of the Pipeline. + minLength: 1 + maxLength: 256 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9])* + PipelineDescription: + type: string + description: The description of the Pipeline. + minLength: 0 + maxLength: 3072 + PipelineDefinition: + type: object + oneOf: + - additionalProperties: false + properties: + PipelineDefinitionBody: + type: string + description: A specification that defines the pipeline in JSON format. + required: + - PipelineDefinitionBody + - additionalProperties: false + properties: + PipelineDefinitionS3Location: + $ref: '#/components/schemas/S3Location' + required: + - PipelineDefinitionS3Location + RoleArn: + type: string + description: Role Arn + minLength: 20 + maxLength: 2048 + pattern: ^arn:aws[a-z\-]*:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$ + Tags: + type: array + uniqueItems: false + items: + $ref: '#/components/schemas/Tag' ParallelismConfiguration: type: object additionalProperties: false @@ -6843,6 +8044,58 @@ components: x-title: CreateSpaceRequest type: object required: [] + CreateStudioLifecycleConfigRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + StudioLifecycleConfigArn: + type: string + description: The Amazon Resource Name (ARN) of the Lifecycle Configuration. + minLength: 1 + maxLength: 256 + pattern: arn:aws[a-z\-]*:sagemaker:[a-z0-9\-]*:[0-9]{12}:studio-lifecycle-config/.* + StudioLifecycleConfigAppType: + type: string + description: The App type that the Lifecycle Configuration is attached to. + enum: + - JupyterServer + - KernelGateway + - CodeEditor + - JupyterLab + StudioLifecycleConfigContent: + type: string + description: The content of your Amazon SageMaker Studio Lifecycle Configuration script. This content must be base64 encoded. + minLength: 1 + maxLength: 16384 + pattern: '[\S\s]+' + StudioLifecycleConfigName: + type: string + description: The name of the Amazon SageMaker Studio Lifecycle Configuration. + minLength: 1 + maxLength: 63 + pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62} + Tags: + type: array + description: Tags to be associated with the Lifecycle Configuration. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API. + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + x-stackQL-stringOnly: true + x-title: CreateStudioLifecycleConfigRequest + type: object + required: [] CreateUserProfileRequest: properties: ClientToken: @@ -7325,6 +8578,237 @@ components: WHERE listing.data__TypeName = 'AWS::SageMaker::AppImageConfig' AND detail.data__TypeName = 'AWS::SageMaker::AppImageConfig' AND listing.region = 'us-east-1' + clusters: + name: clusters + id: aws.sagemaker.clusters + x-cfn-schema-name: Cluster + x-cfn-type-name: AWS::SageMaker::Cluster + x-identifiers: + - ClusterArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Cluster&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SageMaker::Cluster" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SageMaker::Cluster" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SageMaker::Cluster" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/clusters/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/clusters/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/clusters/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ClusterArn') as cluster_arn, + JSON_EXTRACT(Properties, '$.VpcConfig') as vpc_config, + JSON_EXTRACT(Properties, '$.NodeRecovery') as node_recovery, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(Properties, '$.InstanceGroups') as instance_groups, + JSON_EXTRACT(Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(Properties, '$.FailureMessage') as failure_message, + JSON_EXTRACT(Properties, '$.Orchestrator') as orchestrator, + JSON_EXTRACT(Properties, '$.ClusterStatus') as cluster_status, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ClusterArn') as cluster_arn, + JSON_EXTRACT(detail.Properties, '$.VpcConfig') as vpc_config, + JSON_EXTRACT(detail.Properties, '$.NodeRecovery') as node_recovery, + JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(detail.Properties, '$.InstanceGroups') as instance_groups, + JSON_EXTRACT(detail.Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(detail.Properties, '$.FailureMessage') as failure_message, + JSON_EXTRACT(detail.Properties, '$.Orchestrator') as orchestrator, + JSON_EXTRACT(detail.Properties, '$.ClusterStatus') as cluster_status, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SageMaker::Cluster' + AND detail.data__TypeName = 'AWS::SageMaker::Cluster' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ClusterArn') as cluster_arn, + json_extract_path_text(Properties, 'VpcConfig') as vpc_config, + json_extract_path_text(Properties, 'NodeRecovery') as node_recovery, + json_extract_path_text(Properties, 'CreationTime') as creation_time, + json_extract_path_text(Properties, 'InstanceGroups') as instance_groups, + json_extract_path_text(Properties, 'ClusterName') as cluster_name, + json_extract_path_text(Properties, 'FailureMessage') as failure_message, + json_extract_path_text(Properties, 'Orchestrator') as orchestrator, + json_extract_path_text(Properties, 'ClusterStatus') as cluster_status, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Cluster' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ClusterArn') as cluster_arn, + json_extract_path_text(detail.Properties, 'VpcConfig') as vpc_config, + json_extract_path_text(detail.Properties, 'NodeRecovery') as node_recovery, + json_extract_path_text(detail.Properties, 'CreationTime') as creation_time, + json_extract_path_text(detail.Properties, 'InstanceGroups') as instance_groups, + json_extract_path_text(detail.Properties, 'ClusterName') as cluster_name, + json_extract_path_text(detail.Properties, 'FailureMessage') as failure_message, + json_extract_path_text(detail.Properties, 'Orchestrator') as orchestrator, + json_extract_path_text(detail.Properties, 'ClusterStatus') as cluster_status, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SageMaker::Cluster' + AND detail.data__TypeName = 'AWS::SageMaker::Cluster' + AND listing.region = 'us-east-1' + clusters_list_only: + name: clusters_list_only + id: aws.sagemaker.clusters_list_only + x-cfn-schema-name: Cluster + x-cfn-type-name: AWS::SageMaker::Cluster + x-identifiers: + - ClusterArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ClusterArn') as cluster_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Cluster' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ClusterArn') as cluster_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Cluster' + AND region = 'us-east-1' + cluster_tags: + name: cluster_tags + id: aws.sagemaker.cluster_tags + x-cfn-schema-name: Cluster + x-cfn-type-name: AWS::SageMaker::Cluster + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ClusterArn') as cluster_arn, + JSON_EXTRACT(detail.Properties, '$.VpcConfig') as vpc_config, + JSON_EXTRACT(detail.Properties, '$.NodeRecovery') as node_recovery, + JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time, + JSON_EXTRACT(detail.Properties, '$.InstanceGroups') as instance_groups, + JSON_EXTRACT(detail.Properties, '$.ClusterName') as cluster_name, + JSON_EXTRACT(detail.Properties, '$.FailureMessage') as failure_message, + JSON_EXTRACT(detail.Properties, '$.Orchestrator') as orchestrator, + JSON_EXTRACT(detail.Properties, '$.ClusterStatus') as cluster_status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::SageMaker::Cluster' + AND detail.data__TypeName = 'AWS::SageMaker::Cluster' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ClusterArn') as cluster_arn, + json_extract_path_text(detail.Properties, 'VpcConfig') as vpc_config, + json_extract_path_text(detail.Properties, 'NodeRecovery') as node_recovery, + json_extract_path_text(detail.Properties, 'CreationTime') as creation_time, + json_extract_path_text(detail.Properties, 'InstanceGroups') as instance_groups, + json_extract_path_text(detail.Properties, 'ClusterName') as cluster_name, + json_extract_path_text(detail.Properties, 'FailureMessage') as failure_message, + json_extract_path_text(detail.Properties, 'Orchestrator') as orchestrator, + json_extract_path_text(detail.Properties, 'ClusterStatus') as cluster_status + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::SageMaker::Cluster' + AND detail.data__TypeName = 'AWS::SageMaker::Cluster' + AND listing.region = 'us-east-1' data_quality_job_definitions: name: data_quality_job_definitions id: aws.sagemaker.data_quality_job_definitions @@ -7727,13 +9211,13 @@ components: FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::DeviceFleet' AND data__Identifier = '' AND region = 'us-east-1' - feature_groups: - name: feature_groups - id: aws.sagemaker.feature_groups - x-cfn-schema-name: FeatureGroup - x-cfn-type-name: AWS::SageMaker::FeatureGroup + endpoints: + name: endpoints + id: aws.sagemaker.endpoints + x-cfn-schema-name: Endpoint + x-cfn-type-name: AWS::SageMaker::Endpoint x-identifiers: - - FeatureGroupName + - EndpointArn x-type: cloud_control methods: create_resource: @@ -7741,12 +9225,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__FeatureGroup&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Endpoint&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SageMaker::FeatureGroup" + "TypeName": "AWS::SageMaker::Endpoint" } response: mediaType: application/json @@ -7758,7 +9242,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SageMaker::FeatureGroup" + "TypeName": "AWS::SageMaker::Endpoint" } response: mediaType: application/json @@ -7770,14 +9254,233 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SageMaker::FeatureGroup" + "TypeName": "AWS::SageMaker::Endpoint" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/feature_groups/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/endpoints/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/endpoints/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/endpoints/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.DeploymentConfig') as deployment_config, + JSON_EXTRACT(Properties, '$.EndpointArn') as endpoint_arn, + JSON_EXTRACT(Properties, '$.EndpointConfigName') as endpoint_config_name, + JSON_EXTRACT(Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(Properties, '$.ExcludeRetainedVariantProperties') as exclude_retained_variant_properties, + JSON_EXTRACT(Properties, '$.RetainAllVariantProperties') as retain_all_variant_properties, + JSON_EXTRACT(Properties, '$.RetainDeploymentConfig') as retain_deployment_config, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Endpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.DeploymentConfig') as deployment_config, + JSON_EXTRACT(detail.Properties, '$.EndpointArn') as endpoint_arn, + JSON_EXTRACT(detail.Properties, '$.EndpointConfigName') as endpoint_config_name, + JSON_EXTRACT(detail.Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(detail.Properties, '$.ExcludeRetainedVariantProperties') as exclude_retained_variant_properties, + JSON_EXTRACT(detail.Properties, '$.RetainAllVariantProperties') as retain_all_variant_properties, + JSON_EXTRACT(detail.Properties, '$.RetainDeploymentConfig') as retain_deployment_config, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SageMaker::Endpoint' + AND detail.data__TypeName = 'AWS::SageMaker::Endpoint' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'DeploymentConfig') as deployment_config, + json_extract_path_text(Properties, 'EndpointArn') as endpoint_arn, + json_extract_path_text(Properties, 'EndpointConfigName') as endpoint_config_name, + json_extract_path_text(Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(Properties, 'ExcludeRetainedVariantProperties') as exclude_retained_variant_properties, + json_extract_path_text(Properties, 'RetainAllVariantProperties') as retain_all_variant_properties, + json_extract_path_text(Properties, 'RetainDeploymentConfig') as retain_deployment_config, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Endpoint' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'DeploymentConfig') as deployment_config, + json_extract_path_text(detail.Properties, 'EndpointArn') as endpoint_arn, + json_extract_path_text(detail.Properties, 'EndpointConfigName') as endpoint_config_name, + json_extract_path_text(detail.Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(detail.Properties, 'ExcludeRetainedVariantProperties') as exclude_retained_variant_properties, + json_extract_path_text(detail.Properties, 'RetainAllVariantProperties') as retain_all_variant_properties, + json_extract_path_text(detail.Properties, 'RetainDeploymentConfig') as retain_deployment_config, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SageMaker::Endpoint' + AND detail.data__TypeName = 'AWS::SageMaker::Endpoint' + AND listing.region = 'us-east-1' + endpoints_list_only: + name: endpoints_list_only + id: aws.sagemaker.endpoints_list_only + x-cfn-schema-name: Endpoint + x-cfn-type-name: AWS::SageMaker::Endpoint + x-identifiers: + - EndpointArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EndpointArn') as endpoint_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Endpoint' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EndpointArn') as endpoint_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Endpoint' + AND region = 'us-east-1' + endpoint_tags: + name: endpoint_tags + id: aws.sagemaker.endpoint_tags + x-cfn-schema-name: Endpoint + x-cfn-type-name: AWS::SageMaker::Endpoint + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.DeploymentConfig') as deployment_config, + JSON_EXTRACT(detail.Properties, '$.EndpointArn') as endpoint_arn, + JSON_EXTRACT(detail.Properties, '$.EndpointConfigName') as endpoint_config_name, + JSON_EXTRACT(detail.Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(detail.Properties, '$.ExcludeRetainedVariantProperties') as exclude_retained_variant_properties, + JSON_EXTRACT(detail.Properties, '$.RetainAllVariantProperties') as retain_all_variant_properties, + JSON_EXTRACT(detail.Properties, '$.RetainDeploymentConfig') as retain_deployment_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::SageMaker::Endpoint' + AND detail.data__TypeName = 'AWS::SageMaker::Endpoint' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'DeploymentConfig') as deployment_config, + json_extract_path_text(detail.Properties, 'EndpointArn') as endpoint_arn, + json_extract_path_text(detail.Properties, 'EndpointConfigName') as endpoint_config_name, + json_extract_path_text(detail.Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(detail.Properties, 'ExcludeRetainedVariantProperties') as exclude_retained_variant_properties, + json_extract_path_text(detail.Properties, 'RetainAllVariantProperties') as retain_all_variant_properties, + json_extract_path_text(detail.Properties, 'RetainDeploymentConfig') as retain_deployment_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::SageMaker::Endpoint' + AND detail.data__TypeName = 'AWS::SageMaker::Endpoint' + AND listing.region = 'us-east-1' + feature_groups: + name: feature_groups + id: aws.sagemaker.feature_groups + x-cfn-schema-name: FeatureGroup + x-cfn-type-name: AWS::SageMaker::FeatureGroup + x-identifiers: + - FeatureGroupName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__FeatureGroup&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SageMaker::FeatureGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SageMaker::FeatureGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SageMaker::FeatureGroup" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/feature_groups/methods/create_resource' delete: - $ref: '#/components/x-stackQL-resources/feature_groups/methods/delete_resource' update: @@ -8889,13 +10592,13 @@ components: WHERE listing.data__TypeName = 'AWS::SageMaker::InferenceExperiment' AND detail.data__TypeName = 'AWS::SageMaker::InferenceExperiment' AND listing.region = 'us-east-1' - model_bias_job_definitions: - name: model_bias_job_definitions - id: aws.sagemaker.model_bias_job_definitions - x-cfn-schema-name: ModelBiasJobDefinition - x-cfn-type-name: AWS::SageMaker::ModelBiasJobDefinition + mlflow_tracking_servers: + name: mlflow_tracking_servers + id: aws.sagemaker.mlflow_tracking_servers + x-cfn-schema-name: MlflowTrackingServer + x-cfn-type-name: AWS::SageMaker::MlflowTrackingServer x-identifiers: - - JobDefinitionArn + - TrackingServerName x-type: cloud_control methods: create_resource: @@ -8903,12 +10606,24 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ModelBiasJobDefinition&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__MlflowTrackingServer&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SageMaker::ModelBiasJobDefinition" + "TypeName": "AWS::SageMaker::MlflowTrackingServer" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SageMaker::MlflowTrackingServer" } response: mediaType: application/json @@ -8920,17 +10635,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SageMaker::ModelBiasJobDefinition" + "TypeName": "AWS::SageMaker::MlflowTrackingServer" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/model_bias_job_definitions/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/mlflow_tracking_servers/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/model_bias_job_definitions/methods/delete_resource' - update: [] + - $ref: '#/components/x-stackQL-resources/mlflow_tracking_servers/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/mlflow_tracking_servers/methods/update_resource' config: views: select: @@ -8939,46 +10655,38 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.JobDefinitionArn') as job_definition_arn, - JSON_EXTRACT(Properties, '$.JobDefinitionName') as job_definition_name, - JSON_EXTRACT(Properties, '$.ModelBiasBaselineConfig') as model_bias_baseline_config, - JSON_EXTRACT(Properties, '$.ModelBiasAppSpecification') as model_bias_app_specification, - JSON_EXTRACT(Properties, '$.ModelBiasJobInput') as model_bias_job_input, - JSON_EXTRACT(Properties, '$.ModelBiasJobOutputConfig') as model_bias_job_output_config, - JSON_EXTRACT(Properties, '$.JobResources') as job_resources, - JSON_EXTRACT(Properties, '$.NetworkConfig') as network_config, - JSON_EXTRACT(Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(Properties, '$.TrackingServerName') as tracking_server_name, + JSON_EXTRACT(Properties, '$.TrackingServerArn') as tracking_server_arn, + JSON_EXTRACT(Properties, '$.TrackingServerSize') as tracking_server_size, + JSON_EXTRACT(Properties, '$.MlflowVersion') as mlflow_version, JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(Properties, '$.StoppingCondition') as stopping_condition, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.CreationTime') as creation_time - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.ArtifactStoreUri') as artifact_store_uri, + JSON_EXTRACT(Properties, '$.AutomaticModelRegistration') as automatic_model_registration, + JSON_EXTRACT(Properties, '$.WeeklyMaintenanceWindowStart') as weekly_maintenance_window_start, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::MlflowTrackingServer' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.JobDefinitionArn') as job_definition_arn, - JSON_EXTRACT(detail.Properties, '$.JobDefinitionName') as job_definition_name, - JSON_EXTRACT(detail.Properties, '$.ModelBiasBaselineConfig') as model_bias_baseline_config, - JSON_EXTRACT(detail.Properties, '$.ModelBiasAppSpecification') as model_bias_app_specification, - JSON_EXTRACT(detail.Properties, '$.ModelBiasJobInput') as model_bias_job_input, - JSON_EXTRACT(detail.Properties, '$.ModelBiasJobOutputConfig') as model_bias_job_output_config, - JSON_EXTRACT(detail.Properties, '$.JobResources') as job_resources, - JSON_EXTRACT(detail.Properties, '$.NetworkConfig') as network_config, - JSON_EXTRACT(detail.Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(detail.Properties, '$.TrackingServerName') as tracking_server_name, + JSON_EXTRACT(detail.Properties, '$.TrackingServerArn') as tracking_server_arn, + JSON_EXTRACT(detail.Properties, '$.TrackingServerSize') as tracking_server_size, + JSON_EXTRACT(detail.Properties, '$.MlflowVersion') as mlflow_version, JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(detail.Properties, '$.StoppingCondition') as stopping_condition, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time + JSON_EXTRACT(detail.Properties, '$.ArtifactStoreUri') as artifact_store_uri, + JSON_EXTRACT(detail.Properties, '$.AutomaticModelRegistration') as automatic_model_registration, + JSON_EXTRACT(detail.Properties, '$.WeeklyMaintenanceWindowStart') as weekly_maintenance_window_start, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' - AND detail.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + WHERE listing.data__TypeName = 'AWS::SageMaker::MlflowTrackingServer' + AND detail.data__TypeName = 'AWS::SageMaker::MlflowTrackingServer' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -8986,54 +10694,46 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'JobDefinitionArn') as job_definition_arn, - json_extract_path_text(Properties, 'JobDefinitionName') as job_definition_name, - json_extract_path_text(Properties, 'ModelBiasBaselineConfig') as model_bias_baseline_config, - json_extract_path_text(Properties, 'ModelBiasAppSpecification') as model_bias_app_specification, - json_extract_path_text(Properties, 'ModelBiasJobInput') as model_bias_job_input, - json_extract_path_text(Properties, 'ModelBiasJobOutputConfig') as model_bias_job_output_config, - json_extract_path_text(Properties, 'JobResources') as job_resources, - json_extract_path_text(Properties, 'NetworkConfig') as network_config, - json_extract_path_text(Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(Properties, 'TrackingServerName') as tracking_server_name, + json_extract_path_text(Properties, 'TrackingServerArn') as tracking_server_arn, + json_extract_path_text(Properties, 'TrackingServerSize') as tracking_server_size, + json_extract_path_text(Properties, 'MlflowVersion') as mlflow_version, json_extract_path_text(Properties, 'RoleArn') as role_arn, - json_extract_path_text(Properties, 'StoppingCondition') as stopping_condition, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'CreationTime') as creation_time - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' - AND data__Identifier = '' + json_extract_path_text(Properties, 'ArtifactStoreUri') as artifact_store_uri, + json_extract_path_text(Properties, 'AutomaticModelRegistration') as automatic_model_registration, + json_extract_path_text(Properties, 'WeeklyMaintenanceWindowStart') as weekly_maintenance_window_start, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::MlflowTrackingServer' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'JobDefinitionArn') as job_definition_arn, - json_extract_path_text(detail.Properties, 'JobDefinitionName') as job_definition_name, - json_extract_path_text(detail.Properties, 'ModelBiasBaselineConfig') as model_bias_baseline_config, - json_extract_path_text(detail.Properties, 'ModelBiasAppSpecification') as model_bias_app_specification, - json_extract_path_text(detail.Properties, 'ModelBiasJobInput') as model_bias_job_input, - json_extract_path_text(detail.Properties, 'ModelBiasJobOutputConfig') as model_bias_job_output_config, - json_extract_path_text(detail.Properties, 'JobResources') as job_resources, - json_extract_path_text(detail.Properties, 'NetworkConfig') as network_config, - json_extract_path_text(detail.Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(detail.Properties, 'TrackingServerName') as tracking_server_name, + json_extract_path_text(detail.Properties, 'TrackingServerArn') as tracking_server_arn, + json_extract_path_text(detail.Properties, 'TrackingServerSize') as tracking_server_size, + json_extract_path_text(detail.Properties, 'MlflowVersion') as mlflow_version, json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, - json_extract_path_text(detail.Properties, 'StoppingCondition') as stopping_condition, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'CreationTime') as creation_time + json_extract_path_text(detail.Properties, 'ArtifactStoreUri') as artifact_store_uri, + json_extract_path_text(detail.Properties, 'AutomaticModelRegistration') as automatic_model_registration, + json_extract_path_text(detail.Properties, 'WeeklyMaintenanceWindowStart') as weekly_maintenance_window_start, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' - AND detail.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + WHERE listing.data__TypeName = 'AWS::SageMaker::MlflowTrackingServer' + AND detail.data__TypeName = 'AWS::SageMaker::MlflowTrackingServer' AND listing.region = 'us-east-1' - model_bias_job_definitions_list_only: - name: model_bias_job_definitions_list_only - id: aws.sagemaker.model_bias_job_definitions_list_only - x-cfn-schema-name: ModelBiasJobDefinition - x-cfn-type-name: AWS::SageMaker::ModelBiasJobDefinition + mlflow_tracking_servers_list_only: + name: mlflow_tracking_servers_list_only + id: aws.sagemaker.mlflow_tracking_servers_list_only + x-cfn-schema-name: MlflowTrackingServer + x-cfn-type-name: AWS::SageMaker::MlflowTrackingServer x-identifiers: - - JobDefinitionArn + - TrackingServerName x-type: cloud_control_view methods: {} sqlVerbs: @@ -9047,22 +10747,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.JobDefinitionArn') as job_definition_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + JSON_EXTRACT(Properties, '$.TrackingServerName') as tracking_server_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::MlflowTrackingServer' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'JobDefinitionArn') as job_definition_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + json_extract_path_text(Properties, 'TrackingServerName') as tracking_server_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::MlflowTrackingServer' AND region = 'us-east-1' - model_bias_job_definition_tags: - name: model_bias_job_definition_tags - id: aws.sagemaker.model_bias_job_definition_tags - x-cfn-schema-name: ModelBiasJobDefinition - x-cfn-type-name: AWS::SageMaker::ModelBiasJobDefinition + mlflow_tracking_server_tags: + name: mlflow_tracking_server_tags + id: aws.sagemaker.mlflow_tracking_server_tags + x-cfn-schema-name: MlflowTrackingServer + x-cfn-type-name: AWS::SageMaker::MlflowTrackingServer x-type: cloud_control_view methods: {} sqlVerbs: @@ -9078,25 +10778,21 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.JobDefinitionArn') as job_definition_arn, - JSON_EXTRACT(detail.Properties, '$.JobDefinitionName') as job_definition_name, - JSON_EXTRACT(detail.Properties, '$.ModelBiasBaselineConfig') as model_bias_baseline_config, - JSON_EXTRACT(detail.Properties, '$.ModelBiasAppSpecification') as model_bias_app_specification, - JSON_EXTRACT(detail.Properties, '$.ModelBiasJobInput') as model_bias_job_input, - JSON_EXTRACT(detail.Properties, '$.ModelBiasJobOutputConfig') as model_bias_job_output_config, - JSON_EXTRACT(detail.Properties, '$.JobResources') as job_resources, - JSON_EXTRACT(detail.Properties, '$.NetworkConfig') as network_config, - JSON_EXTRACT(detail.Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(detail.Properties, '$.TrackingServerName') as tracking_server_name, + JSON_EXTRACT(detail.Properties, '$.TrackingServerArn') as tracking_server_arn, + JSON_EXTRACT(detail.Properties, '$.TrackingServerSize') as tracking_server_size, + JSON_EXTRACT(detail.Properties, '$.MlflowVersion') as mlflow_version, JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(detail.Properties, '$.StoppingCondition') as stopping_condition, - JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time + JSON_EXTRACT(detail.Properties, '$.ArtifactStoreUri') as artifact_store_uri, + JSON_EXTRACT(detail.Properties, '$.AutomaticModelRegistration') as automatic_model_registration, + JSON_EXTRACT(detail.Properties, '$.WeeklyMaintenanceWindowStart') as weekly_maintenance_window_start FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' - AND detail.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + WHERE listing.data__TypeName = 'AWS::SageMaker::MlflowTrackingServer' + AND detail.data__TypeName = 'AWS::SageMaker::MlflowTrackingServer' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -9105,33 +10801,29 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'JobDefinitionArn') as job_definition_arn, - json_extract_path_text(detail.Properties, 'JobDefinitionName') as job_definition_name, - json_extract_path_text(detail.Properties, 'ModelBiasBaselineConfig') as model_bias_baseline_config, - json_extract_path_text(detail.Properties, 'ModelBiasAppSpecification') as model_bias_app_specification, - json_extract_path_text(detail.Properties, 'ModelBiasJobInput') as model_bias_job_input, - json_extract_path_text(detail.Properties, 'ModelBiasJobOutputConfig') as model_bias_job_output_config, - json_extract_path_text(detail.Properties, 'JobResources') as job_resources, - json_extract_path_text(detail.Properties, 'NetworkConfig') as network_config, - json_extract_path_text(detail.Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(detail.Properties, 'TrackingServerName') as tracking_server_name, + json_extract_path_text(detail.Properties, 'TrackingServerArn') as tracking_server_arn, + json_extract_path_text(detail.Properties, 'TrackingServerSize') as tracking_server_size, + json_extract_path_text(detail.Properties, 'MlflowVersion') as mlflow_version, json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, - json_extract_path_text(detail.Properties, 'StoppingCondition') as stopping_condition, - json_extract_path_text(detail.Properties, 'CreationTime') as creation_time + json_extract_path_text(detail.Properties, 'ArtifactStoreUri') as artifact_store_uri, + json_extract_path_text(detail.Properties, 'AutomaticModelRegistration') as automatic_model_registration, + json_extract_path_text(detail.Properties, 'WeeklyMaintenanceWindowStart') as weekly_maintenance_window_start FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' - AND detail.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + WHERE listing.data__TypeName = 'AWS::SageMaker::MlflowTrackingServer' + AND detail.data__TypeName = 'AWS::SageMaker::MlflowTrackingServer' AND listing.region = 'us-east-1' - model_cards: - name: model_cards - id: aws.sagemaker.model_cards - x-cfn-schema-name: ModelCard - x-cfn-type-name: AWS::SageMaker::ModelCard + model_bias_job_definitions: + name: model_bias_job_definitions + id: aws.sagemaker.model_bias_job_definitions + x-cfn-schema-name: ModelBiasJobDefinition + x-cfn-type-name: AWS::SageMaker::ModelBiasJobDefinition x-identifiers: - - ModelCardName + - JobDefinitionArn x-type: cloud_control methods: create_resource: @@ -9139,24 +10831,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ModelCard&__detailTransformed=true/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::SageMaker::ModelCard" - } - response: - mediaType: application/json - openAPIDocKey: '200' - update_resource: - operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ModelBiasJobDefinition&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SageMaker::ModelCard" + "TypeName": "AWS::SageMaker::ModelBiasJobDefinition" } response: mediaType: application/json @@ -9168,18 +10848,17 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SageMaker::ModelCard" + "TypeName": "AWS::SageMaker::ModelBiasJobDefinition" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/model_cards/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/model_bias_job_definitions/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/model_cards/methods/delete_resource' - update: - - $ref: '#/components/x-stackQL-resources/model_cards/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/model_bias_job_definitions/methods/delete_resource' + update: [] config: views: select: @@ -9188,44 +10867,46 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.ModelCardArn') as model_card_arn, - JSON_EXTRACT(Properties, '$.ModelCardVersion') as model_card_version, - JSON_EXTRACT(Properties, '$.ModelCardName') as model_card_name, - JSON_EXTRACT(Properties, '$.SecurityConfig') as security_config, - JSON_EXTRACT(Properties, '$.ModelCardStatus') as model_card_status, - JSON_EXTRACT(Properties, '$.Content') as content, - JSON_EXTRACT(Properties, '$.CreationTime') as creation_time, - JSON_EXTRACT(Properties, '$.CreatedBy') as created_by, - JSON_EXTRACT(Properties, '$.LastModifiedTime') as last_modified_time, - JSON_EXTRACT(Properties, '$.LastModifiedBy') as last_modified_by, - JSON_EXTRACT(Properties, '$.ModelCardProcessingStatus') as model_card_processing_status, - JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelCard' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.JobDefinitionArn') as job_definition_arn, + JSON_EXTRACT(Properties, '$.JobDefinitionName') as job_definition_name, + JSON_EXTRACT(Properties, '$.ModelBiasBaselineConfig') as model_bias_baseline_config, + JSON_EXTRACT(Properties, '$.ModelBiasAppSpecification') as model_bias_app_specification, + JSON_EXTRACT(Properties, '$.ModelBiasJobInput') as model_bias_job_input, + JSON_EXTRACT(Properties, '$.ModelBiasJobOutputConfig') as model_bias_job_output_config, + JSON_EXTRACT(Properties, '$.JobResources') as job_resources, + JSON_EXTRACT(Properties, '$.NetworkConfig') as network_config, + JSON_EXTRACT(Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.StoppingCondition') as stopping_condition, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.ModelCardArn') as model_card_arn, - JSON_EXTRACT(detail.Properties, '$.ModelCardVersion') as model_card_version, - JSON_EXTRACT(detail.Properties, '$.ModelCardName') as model_card_name, - JSON_EXTRACT(detail.Properties, '$.SecurityConfig') as security_config, - JSON_EXTRACT(detail.Properties, '$.ModelCardStatus') as model_card_status, - JSON_EXTRACT(detail.Properties, '$.Content') as content, - JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time, - JSON_EXTRACT(detail.Properties, '$.CreatedBy') as created_by, - JSON_EXTRACT(detail.Properties, '$.LastModifiedTime') as last_modified_time, - JSON_EXTRACT(detail.Properties, '$.LastModifiedBy') as last_modified_by, - JSON_EXTRACT(detail.Properties, '$.ModelCardProcessingStatus') as model_card_processing_status, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags + JSON_EXTRACT(detail.Properties, '$.JobDefinitionArn') as job_definition_arn, + JSON_EXTRACT(detail.Properties, '$.JobDefinitionName') as job_definition_name, + JSON_EXTRACT(detail.Properties, '$.ModelBiasBaselineConfig') as model_bias_baseline_config, + JSON_EXTRACT(detail.Properties, '$.ModelBiasAppSpecification') as model_bias_app_specification, + JSON_EXTRACT(detail.Properties, '$.ModelBiasJobInput') as model_bias_job_input, + JSON_EXTRACT(detail.Properties, '$.ModelBiasJobOutputConfig') as model_bias_job_output_config, + JSON_EXTRACT(detail.Properties, '$.JobResources') as job_resources, + JSON_EXTRACT(detail.Properties, '$.NetworkConfig') as network_config, + JSON_EXTRACT(detail.Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.StoppingCondition') as stopping_condition, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SageMaker::ModelCard' - AND detail.data__TypeName = 'AWS::SageMaker::ModelCard' + WHERE listing.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + AND detail.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -9233,52 +10914,54 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'ModelCardArn') as model_card_arn, - json_extract_path_text(Properties, 'ModelCardVersion') as model_card_version, - json_extract_path_text(Properties, 'ModelCardName') as model_card_name, - json_extract_path_text(Properties, 'SecurityConfig') as security_config, - json_extract_path_text(Properties, 'ModelCardStatus') as model_card_status, - json_extract_path_text(Properties, 'Content') as content, - json_extract_path_text(Properties, 'CreationTime') as creation_time, - json_extract_path_text(Properties, 'CreatedBy') as created_by, - json_extract_path_text(Properties, 'LastModifiedTime') as last_modified_time, - json_extract_path_text(Properties, 'LastModifiedBy') as last_modified_by, - json_extract_path_text(Properties, 'ModelCardProcessingStatus') as model_card_processing_status, - json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelCard' - AND data__Identifier = '' + json_extract_path_text(Properties, 'JobDefinitionArn') as job_definition_arn, + json_extract_path_text(Properties, 'JobDefinitionName') as job_definition_name, + json_extract_path_text(Properties, 'ModelBiasBaselineConfig') as model_bias_baseline_config, + json_extract_path_text(Properties, 'ModelBiasAppSpecification') as model_bias_app_specification, + json_extract_path_text(Properties, 'ModelBiasJobInput') as model_bias_job_input, + json_extract_path_text(Properties, 'ModelBiasJobOutputConfig') as model_bias_job_output_config, + json_extract_path_text(Properties, 'JobResources') as job_resources, + json_extract_path_text(Properties, 'NetworkConfig') as network_config, + json_extract_path_text(Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'StoppingCondition') as stopping_condition, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'CreationTime') as creation_time + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'ModelCardArn') as model_card_arn, - json_extract_path_text(detail.Properties, 'ModelCardVersion') as model_card_version, - json_extract_path_text(detail.Properties, 'ModelCardName') as model_card_name, - json_extract_path_text(detail.Properties, 'SecurityConfig') as security_config, - json_extract_path_text(detail.Properties, 'ModelCardStatus') as model_card_status, - json_extract_path_text(detail.Properties, 'Content') as content, - json_extract_path_text(detail.Properties, 'CreationTime') as creation_time, - json_extract_path_text(detail.Properties, 'CreatedBy') as created_by, - json_extract_path_text(detail.Properties, 'LastModifiedTime') as last_modified_time, - json_extract_path_text(detail.Properties, 'LastModifiedBy') as last_modified_by, - json_extract_path_text(detail.Properties, 'ModelCardProcessingStatus') as model_card_processing_status, - json_extract_path_text(detail.Properties, 'Tags') as tags + json_extract_path_text(detail.Properties, 'JobDefinitionArn') as job_definition_arn, + json_extract_path_text(detail.Properties, 'JobDefinitionName') as job_definition_name, + json_extract_path_text(detail.Properties, 'ModelBiasBaselineConfig') as model_bias_baseline_config, + json_extract_path_text(detail.Properties, 'ModelBiasAppSpecification') as model_bias_app_specification, + json_extract_path_text(detail.Properties, 'ModelBiasJobInput') as model_bias_job_input, + json_extract_path_text(detail.Properties, 'ModelBiasJobOutputConfig') as model_bias_job_output_config, + json_extract_path_text(detail.Properties, 'JobResources') as job_resources, + json_extract_path_text(detail.Properties, 'NetworkConfig') as network_config, + json_extract_path_text(detail.Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'StoppingCondition') as stopping_condition, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'CreationTime') as creation_time FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SageMaker::ModelCard' - AND detail.data__TypeName = 'AWS::SageMaker::ModelCard' + WHERE listing.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + AND detail.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' AND listing.region = 'us-east-1' - model_cards_list_only: - name: model_cards_list_only - id: aws.sagemaker.model_cards_list_only - x-cfn-schema-name: ModelCard - x-cfn-type-name: AWS::SageMaker::ModelCard + model_bias_job_definitions_list_only: + name: model_bias_job_definitions_list_only + id: aws.sagemaker.model_bias_job_definitions_list_only + x-cfn-schema-name: ModelBiasJobDefinition + x-cfn-type-name: AWS::SageMaker::ModelBiasJobDefinition x-identifiers: - - ModelCardName + - JobDefinitionArn x-type: cloud_control_view methods: {} sqlVerbs: @@ -9292,22 +10975,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.ModelCardName') as model_card_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelCard' + JSON_EXTRACT(Properties, '$.JobDefinitionArn') as job_definition_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'ModelCardName') as model_card_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelCard' + json_extract_path_text(Properties, 'JobDefinitionArn') as job_definition_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' AND region = 'us-east-1' - model_card_tags: - name: model_card_tags - id: aws.sagemaker.model_card_tags - x-cfn-schema-name: ModelCard - x-cfn-type-name: AWS::SageMaker::ModelCard + model_bias_job_definition_tags: + name: model_bias_job_definition_tags + id: aws.sagemaker.model_bias_job_definition_tags + x-cfn-schema-name: ModelBiasJobDefinition + x-cfn-type-name: AWS::SageMaker::ModelBiasJobDefinition x-type: cloud_control_view methods: {} sqlVerbs: @@ -9323,24 +11006,25 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.ModelCardArn') as model_card_arn, - JSON_EXTRACT(detail.Properties, '$.ModelCardVersion') as model_card_version, - JSON_EXTRACT(detail.Properties, '$.ModelCardName') as model_card_name, - JSON_EXTRACT(detail.Properties, '$.SecurityConfig') as security_config, - JSON_EXTRACT(detail.Properties, '$.ModelCardStatus') as model_card_status, - JSON_EXTRACT(detail.Properties, '$.Content') as content, - JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time, - JSON_EXTRACT(detail.Properties, '$.CreatedBy') as created_by, - JSON_EXTRACT(detail.Properties, '$.LastModifiedTime') as last_modified_time, - JSON_EXTRACT(detail.Properties, '$.LastModifiedBy') as last_modified_by, - JSON_EXTRACT(detail.Properties, '$.ModelCardProcessingStatus') as model_card_processing_status + JSON_EXTRACT(detail.Properties, '$.JobDefinitionArn') as job_definition_arn, + JSON_EXTRACT(detail.Properties, '$.JobDefinitionName') as job_definition_name, + JSON_EXTRACT(detail.Properties, '$.ModelBiasBaselineConfig') as model_bias_baseline_config, + JSON_EXTRACT(detail.Properties, '$.ModelBiasAppSpecification') as model_bias_app_specification, + JSON_EXTRACT(detail.Properties, '$.ModelBiasJobInput') as model_bias_job_input, + JSON_EXTRACT(detail.Properties, '$.ModelBiasJobOutputConfig') as model_bias_job_output_config, + JSON_EXTRACT(detail.Properties, '$.JobResources') as job_resources, + JSON_EXTRACT(detail.Properties, '$.NetworkConfig') as network_config, + JSON_EXTRACT(detail.Properties, '$.EndpointName') as endpoint_name, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.StoppingCondition') as stopping_condition, + JSON_EXTRACT(detail.Properties, '$.CreationTime') as creation_time FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::SageMaker::ModelCard' - AND detail.data__TypeName = 'AWS::SageMaker::ModelCard' + WHERE listing.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + AND detail.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -9349,24 +11033,25 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'ModelCardArn') as model_card_arn, - json_extract_path_text(detail.Properties, 'ModelCardVersion') as model_card_version, - json_extract_path_text(detail.Properties, 'ModelCardName') as model_card_name, - json_extract_path_text(detail.Properties, 'SecurityConfig') as security_config, - json_extract_path_text(detail.Properties, 'ModelCardStatus') as model_card_status, - json_extract_path_text(detail.Properties, 'Content') as content, - json_extract_path_text(detail.Properties, 'CreationTime') as creation_time, - json_extract_path_text(detail.Properties, 'CreatedBy') as created_by, - json_extract_path_text(detail.Properties, 'LastModifiedTime') as last_modified_time, - json_extract_path_text(detail.Properties, 'LastModifiedBy') as last_modified_by, - json_extract_path_text(detail.Properties, 'ModelCardProcessingStatus') as model_card_processing_status + json_extract_path_text(detail.Properties, 'JobDefinitionArn') as job_definition_arn, + json_extract_path_text(detail.Properties, 'JobDefinitionName') as job_definition_name, + json_extract_path_text(detail.Properties, 'ModelBiasBaselineConfig') as model_bias_baseline_config, + json_extract_path_text(detail.Properties, 'ModelBiasAppSpecification') as model_bias_app_specification, + json_extract_path_text(detail.Properties, 'ModelBiasJobInput') as model_bias_job_input, + json_extract_path_text(detail.Properties, 'ModelBiasJobOutputConfig') as model_bias_job_output_config, + json_extract_path_text(detail.Properties, 'JobResources') as job_resources, + json_extract_path_text(detail.Properties, 'NetworkConfig') as network_config, + json_extract_path_text(detail.Properties, 'EndpointName') as endpoint_name, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'StoppingCondition') as stopping_condition, + json_extract_path_text(detail.Properties, 'CreationTime') as creation_time FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::SageMaker::ModelCard' - AND detail.data__TypeName = 'AWS::SageMaker::ModelCard' + WHERE listing.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' + AND detail.data__TypeName = 'AWS::SageMaker::ModelBiasJobDefinition' AND listing.region = 'us-east-1' model_explainability_job_definitions: name: model_explainability_job_definitions @@ -9693,7 +11378,10 @@ components: JSON_EXTRACT(Properties, '$.ModelPackageStatus') as model_package_status, JSON_EXTRACT(Properties, '$.ModelPackageVersion') as model_package_version, JSON_EXTRACT(Properties, '$.AdditionalInferenceSpecificationsToAdd') as additional_inference_specifications_to_add, - JSON_EXTRACT(Properties, '$.ModelPackageStatusDetails') as model_package_status_details + JSON_EXTRACT(Properties, '$.ModelPackageStatusDetails') as model_package_status_details, + JSON_EXTRACT(Properties, '$.SourceUri') as source_uri, + JSON_EXTRACT(Properties, '$.ModelCard') as model_card, + JSON_EXTRACT(Properties, '$.SecurityConfig') as security_config FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelPackage' AND data__Identifier = '' AND region = 'us-east-1' @@ -9728,7 +11416,10 @@ components: JSON_EXTRACT(detail.Properties, '$.ModelPackageStatus') as model_package_status, JSON_EXTRACT(detail.Properties, '$.ModelPackageVersion') as model_package_version, JSON_EXTRACT(detail.Properties, '$.AdditionalInferenceSpecificationsToAdd') as additional_inference_specifications_to_add, - JSON_EXTRACT(detail.Properties, '$.ModelPackageStatusDetails') as model_package_status_details + JSON_EXTRACT(detail.Properties, '$.ModelPackageStatusDetails') as model_package_status_details, + JSON_EXTRACT(detail.Properties, '$.SourceUri') as source_uri, + JSON_EXTRACT(detail.Properties, '$.ModelCard') as model_card, + JSON_EXTRACT(detail.Properties, '$.SecurityConfig') as security_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -9768,7 +11459,10 @@ components: json_extract_path_text(Properties, 'ModelPackageStatus') as model_package_status, json_extract_path_text(Properties, 'ModelPackageVersion') as model_package_version, json_extract_path_text(Properties, 'AdditionalInferenceSpecificationsToAdd') as additional_inference_specifications_to_add, - json_extract_path_text(Properties, 'ModelPackageStatusDetails') as model_package_status_details + json_extract_path_text(Properties, 'ModelPackageStatusDetails') as model_package_status_details, + json_extract_path_text(Properties, 'SourceUri') as source_uri, + json_extract_path_text(Properties, 'ModelCard') as model_card, + json_extract_path_text(Properties, 'SecurityConfig') as security_config FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::ModelPackage' AND data__Identifier = '' AND region = 'us-east-1' @@ -9803,7 +11497,10 @@ components: json_extract_path_text(detail.Properties, 'ModelPackageStatus') as model_package_status, json_extract_path_text(detail.Properties, 'ModelPackageVersion') as model_package_version, json_extract_path_text(detail.Properties, 'AdditionalInferenceSpecificationsToAdd') as additional_inference_specifications_to_add, - json_extract_path_text(detail.Properties, 'ModelPackageStatusDetails') as model_package_status_details + json_extract_path_text(detail.Properties, 'ModelPackageStatusDetails') as model_package_status_details, + json_extract_path_text(detail.Properties, 'SourceUri') as source_uri, + json_extract_path_text(detail.Properties, 'ModelCard') as model_card, + json_extract_path_text(detail.Properties, 'SecurityConfig') as security_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -9887,7 +11584,10 @@ components: JSON_EXTRACT(detail.Properties, '$.ModelPackageStatus') as model_package_status, JSON_EXTRACT(detail.Properties, '$.ModelPackageVersion') as model_package_version, JSON_EXTRACT(detail.Properties, '$.AdditionalInferenceSpecificationsToAdd') as additional_inference_specifications_to_add, - JSON_EXTRACT(detail.Properties, '$.ModelPackageStatusDetails') as model_package_status_details + JSON_EXTRACT(detail.Properties, '$.ModelPackageStatusDetails') as model_package_status_details, + JSON_EXTRACT(detail.Properties, '$.SourceUri') as source_uri, + JSON_EXTRACT(detail.Properties, '$.ModelCard') as model_card, + JSON_EXTRACT(detail.Properties, '$.SecurityConfig') as security_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -9928,7 +11628,10 @@ components: json_extract_path_text(detail.Properties, 'ModelPackageStatus') as model_package_status, json_extract_path_text(detail.Properties, 'ModelPackageVersion') as model_package_version, json_extract_path_text(detail.Properties, 'AdditionalInferenceSpecificationsToAdd') as additional_inference_specifications_to_add, - json_extract_path_text(detail.Properties, 'ModelPackageStatusDetails') as model_package_status_details + json_extract_path_text(detail.Properties, 'ModelPackageStatusDetails') as model_package_status_details, + json_extract_path_text(detail.Properties, 'SourceUri') as source_uri, + json_extract_path_text(detail.Properties, 'ModelCard') as model_card, + json_extract_path_text(detail.Properties, 'SecurityConfig') as security_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -10617,13 +12320,13 @@ components: WHERE listing.data__TypeName = 'AWS::SageMaker::MonitoringSchedule' AND detail.data__TypeName = 'AWS::SageMaker::MonitoringSchedule' AND listing.region = 'us-east-1' - pipelines: - name: pipelines - id: aws.sagemaker.pipelines - x-cfn-schema-name: Pipeline - x-cfn-type-name: AWS::SageMaker::Pipeline + partner_apps: + name: partner_apps + id: aws.sagemaker.partner_apps + x-cfn-schema-name: PartnerApp + x-cfn-type-name: AWS::SageMaker::PartnerApp x-identifiers: - - PipelineName + - Arn x-type: cloud_control methods: create_resource: @@ -10631,12 +12334,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Pipeline&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__PartnerApp&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SageMaker::Pipeline" + "TypeName": "AWS::SageMaker::PartnerApp" } response: mediaType: application/json @@ -10648,7 +12351,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SageMaker::Pipeline" + "TypeName": "AWS::SageMaker::PartnerApp" } response: mediaType: application/json @@ -10660,18 +12363,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SageMaker::Pipeline" + "TypeName": "AWS::SageMaker::PartnerApp" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/pipelines/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/partner_apps/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/pipelines/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/partner_apps/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/pipelines/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/partner_apps/methods/update_resource' config: views: select: @@ -10680,34 +12383,44 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.PipelineName') as pipeline_name, - JSON_EXTRACT(Properties, '$.PipelineDisplayName') as pipeline_display_name, - JSON_EXTRACT(Properties, '$.PipelineDescription') as pipeline_description, - JSON_EXTRACT(Properties, '$.PipelineDefinition') as pipeline_definition, - JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.ParallelismConfiguration') as parallelism_configuration - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Pipeline' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(Properties, '$.Tier') as tier, + JSON_EXTRACT(Properties, '$.EnableIamSessionBasedIdentity') as enable_iam_session_based_identity, + JSON_EXTRACT(Properties, '$.ApplicationConfig') as application_config, + JSON_EXTRACT(Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(Properties, '$.BaseUrl') as base_url, + JSON_EXTRACT(Properties, '$.MaintenanceConfig') as maintenance_config, + JSON_EXTRACT(Properties, '$.ClientToken') as client_token, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::PartnerApp' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.PipelineName') as pipeline_name, - JSON_EXTRACT(detail.Properties, '$.PipelineDisplayName') as pipeline_display_name, - JSON_EXTRACT(detail.Properties, '$.PipelineDescription') as pipeline_description, - JSON_EXTRACT(detail.Properties, '$.PipelineDefinition') as pipeline_definition, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.ParallelismConfiguration') as parallelism_configuration + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(detail.Properties, '$.Tier') as tier, + JSON_EXTRACT(detail.Properties, '$.EnableIamSessionBasedIdentity') as enable_iam_session_based_identity, + JSON_EXTRACT(detail.Properties, '$.ApplicationConfig') as application_config, + JSON_EXTRACT(detail.Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(detail.Properties, '$.BaseUrl') as base_url, + JSON_EXTRACT(detail.Properties, '$.MaintenanceConfig') as maintenance_config, + JSON_EXTRACT(detail.Properties, '$.ClientToken') as client_token, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SageMaker::Pipeline' - AND detail.data__TypeName = 'AWS::SageMaker::Pipeline' + WHERE listing.data__TypeName = 'AWS::SageMaker::PartnerApp' + AND detail.data__TypeName = 'AWS::SageMaker::PartnerApp' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -10715,42 +12428,52 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'PipelineName') as pipeline_name, - json_extract_path_text(Properties, 'PipelineDisplayName') as pipeline_display_name, - json_extract_path_text(Properties, 'PipelineDescription') as pipeline_description, - json_extract_path_text(Properties, 'PipelineDefinition') as pipeline_definition, - json_extract_path_text(Properties, 'RoleArn') as role_arn, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'ParallelismConfiguration') as parallelism_configuration - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Pipeline' - AND data__Identifier = '' + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(Properties, 'Tier') as tier, + json_extract_path_text(Properties, 'EnableIamSessionBasedIdentity') as enable_iam_session_based_identity, + json_extract_path_text(Properties, 'ApplicationConfig') as application_config, + json_extract_path_text(Properties, 'AuthType') as auth_type, + json_extract_path_text(Properties, 'BaseUrl') as base_url, + json_extract_path_text(Properties, 'MaintenanceConfig') as maintenance_config, + json_extract_path_text(Properties, 'ClientToken') as client_token, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::PartnerApp' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'PipelineName') as pipeline_name, - json_extract_path_text(detail.Properties, 'PipelineDisplayName') as pipeline_display_name, - json_extract_path_text(detail.Properties, 'PipelineDescription') as pipeline_description, - json_extract_path_text(detail.Properties, 'PipelineDefinition') as pipeline_definition, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'ParallelismConfiguration') as parallelism_configuration + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(detail.Properties, 'Tier') as tier, + json_extract_path_text(detail.Properties, 'EnableIamSessionBasedIdentity') as enable_iam_session_based_identity, + json_extract_path_text(detail.Properties, 'ApplicationConfig') as application_config, + json_extract_path_text(detail.Properties, 'AuthType') as auth_type, + json_extract_path_text(detail.Properties, 'BaseUrl') as base_url, + json_extract_path_text(detail.Properties, 'MaintenanceConfig') as maintenance_config, + json_extract_path_text(detail.Properties, 'ClientToken') as client_token, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SageMaker::Pipeline' - AND detail.data__TypeName = 'AWS::SageMaker::Pipeline' + WHERE listing.data__TypeName = 'AWS::SageMaker::PartnerApp' + AND detail.data__TypeName = 'AWS::SageMaker::PartnerApp' AND listing.region = 'us-east-1' - pipelines_list_only: - name: pipelines_list_only - id: aws.sagemaker.pipelines_list_only - x-cfn-schema-name: Pipeline - x-cfn-type-name: AWS::SageMaker::Pipeline + partner_apps_list_only: + name: partner_apps_list_only + id: aws.sagemaker.partner_apps_list_only + x-cfn-schema-name: PartnerApp + x-cfn-type-name: AWS::SageMaker::PartnerApp x-identifiers: - - PipelineName + - Arn x-type: cloud_control_view methods: {} sqlVerbs: @@ -10764,20 +12487,243 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.PipelineName') as pipeline_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Pipeline' + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::PartnerApp' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'PipelineName') as pipeline_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Pipeline' + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::PartnerApp' AND region = 'us-east-1' - pipeline_tags: - name: pipeline_tags - id: aws.sagemaker.pipeline_tags + partner_app_tags: + name: partner_app_tags + id: aws.sagemaker.partner_app_tags + x-cfn-schema-name: PartnerApp + x-cfn-type-name: AWS::SageMaker::PartnerApp + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.ExecutionRoleArn') as execution_role_arn, + JSON_EXTRACT(detail.Properties, '$.Tier') as tier, + JSON_EXTRACT(detail.Properties, '$.EnableIamSessionBasedIdentity') as enable_iam_session_based_identity, + JSON_EXTRACT(detail.Properties, '$.ApplicationConfig') as application_config, + JSON_EXTRACT(detail.Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(detail.Properties, '$.BaseUrl') as base_url, + JSON_EXTRACT(detail.Properties, '$.MaintenanceConfig') as maintenance_config, + JSON_EXTRACT(detail.Properties, '$.ClientToken') as client_token + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::SageMaker::PartnerApp' + AND detail.data__TypeName = 'AWS::SageMaker::PartnerApp' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'ExecutionRoleArn') as execution_role_arn, + json_extract_path_text(detail.Properties, 'Tier') as tier, + json_extract_path_text(detail.Properties, 'EnableIamSessionBasedIdentity') as enable_iam_session_based_identity, + json_extract_path_text(detail.Properties, 'ApplicationConfig') as application_config, + json_extract_path_text(detail.Properties, 'AuthType') as auth_type, + json_extract_path_text(detail.Properties, 'BaseUrl') as base_url, + json_extract_path_text(detail.Properties, 'MaintenanceConfig') as maintenance_config, + json_extract_path_text(detail.Properties, 'ClientToken') as client_token + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::SageMaker::PartnerApp' + AND detail.data__TypeName = 'AWS::SageMaker::PartnerApp' + AND listing.region = 'us-east-1' + pipelines: + name: pipelines + id: aws.sagemaker.pipelines + x-cfn-schema-name: Pipeline + x-cfn-type-name: AWS::SageMaker::Pipeline + x-identifiers: + - PipelineName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Pipeline&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SageMaker::Pipeline" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SageMaker::Pipeline" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SageMaker::Pipeline" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/pipelines/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/pipelines/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/pipelines/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PipelineName') as pipeline_name, + JSON_EXTRACT(Properties, '$.PipelineDisplayName') as pipeline_display_name, + JSON_EXTRACT(Properties, '$.PipelineDescription') as pipeline_description, + JSON_EXTRACT(Properties, '$.PipelineDefinition') as pipeline_definition, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.ParallelismConfiguration') as parallelism_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Pipeline' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.PipelineName') as pipeline_name, + JSON_EXTRACT(detail.Properties, '$.PipelineDisplayName') as pipeline_display_name, + JSON_EXTRACT(detail.Properties, '$.PipelineDescription') as pipeline_description, + JSON_EXTRACT(detail.Properties, '$.PipelineDefinition') as pipeline_definition, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.ParallelismConfiguration') as parallelism_configuration + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SageMaker::Pipeline' + AND detail.data__TypeName = 'AWS::SageMaker::Pipeline' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PipelineName') as pipeline_name, + json_extract_path_text(Properties, 'PipelineDisplayName') as pipeline_display_name, + json_extract_path_text(Properties, 'PipelineDescription') as pipeline_description, + json_extract_path_text(Properties, 'PipelineDefinition') as pipeline_definition, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'ParallelismConfiguration') as parallelism_configuration + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Pipeline' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'PipelineName') as pipeline_name, + json_extract_path_text(detail.Properties, 'PipelineDisplayName') as pipeline_display_name, + json_extract_path_text(detail.Properties, 'PipelineDescription') as pipeline_description, + json_extract_path_text(detail.Properties, 'PipelineDefinition') as pipeline_definition, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'ParallelismConfiguration') as parallelism_configuration + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SageMaker::Pipeline' + AND detail.data__TypeName = 'AWS::SageMaker::Pipeline' + AND listing.region = 'us-east-1' + pipelines_list_only: + name: pipelines_list_only + id: aws.sagemaker.pipelines_list_only + x-cfn-schema-name: Pipeline + x-cfn-type-name: AWS::SageMaker::Pipeline + x-identifiers: + - PipelineName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PipelineName') as pipeline_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Pipeline' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PipelineName') as pipeline_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Pipeline' + AND region = 'us-east-1' + pipeline_tags: + name: pipeline_tags + id: aws.sagemaker.pipeline_tags x-cfn-schema-name: Pipeline x-cfn-type-name: AWS::SageMaker::Pipeline x-type: cloud_control_view @@ -11082,12 +13028,228 @@ components: openAPIDocKey: '200' update_resource: operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SageMaker::Space" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SageMaker::Space" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/spaces/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/spaces/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/spaces/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.SpaceArn') as space_arn, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.SpaceName') as space_name, + JSON_EXTRACT(Properties, '$.SpaceSettings') as space_settings, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.OwnershipSettings') as ownership_settings, + JSON_EXTRACT(Properties, '$.SpaceSharingSettings') as space_sharing_settings, + JSON_EXTRACT(Properties, '$.SpaceDisplayName') as space_display_name, + JSON_EXTRACT(Properties, '$.Url') as url + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Space' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.SpaceArn') as space_arn, + JSON_EXTRACT(detail.Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(detail.Properties, '$.SpaceName') as space_name, + JSON_EXTRACT(detail.Properties, '$.SpaceSettings') as space_settings, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.OwnershipSettings') as ownership_settings, + JSON_EXTRACT(detail.Properties, '$.SpaceSharingSettings') as space_sharing_settings, + JSON_EXTRACT(detail.Properties, '$.SpaceDisplayName') as space_display_name, + JSON_EXTRACT(detail.Properties, '$.Url') as url + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SageMaker::Space' + AND detail.data__TypeName = 'AWS::SageMaker::Space' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'SpaceArn') as space_arn, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'SpaceName') as space_name, + json_extract_path_text(Properties, 'SpaceSettings') as space_settings, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'OwnershipSettings') as ownership_settings, + json_extract_path_text(Properties, 'SpaceSharingSettings') as space_sharing_settings, + json_extract_path_text(Properties, 'SpaceDisplayName') as space_display_name, + json_extract_path_text(Properties, 'Url') as url + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Space' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'SpaceArn') as space_arn, + json_extract_path_text(detail.Properties, 'DomainId') as domain_id, + json_extract_path_text(detail.Properties, 'SpaceName') as space_name, + json_extract_path_text(detail.Properties, 'SpaceSettings') as space_settings, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'OwnershipSettings') as ownership_settings, + json_extract_path_text(detail.Properties, 'SpaceSharingSettings') as space_sharing_settings, + json_extract_path_text(detail.Properties, 'SpaceDisplayName') as space_display_name, + json_extract_path_text(detail.Properties, 'Url') as url + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SageMaker::Space' + AND detail.data__TypeName = 'AWS::SageMaker::Space' + AND listing.region = 'us-east-1' + spaces_list_only: + name: spaces_list_only + id: aws.sagemaker.spaces_list_only + x-cfn-schema-name: Space + x-cfn-type-name: AWS::SageMaker::Space + x-identifiers: + - DomainId + - SpaceName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(Properties, '$.SpaceName') as space_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Space' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'DomainId') as domain_id, + json_extract_path_text(Properties, 'SpaceName') as space_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Space' + AND region = 'us-east-1' + space_tags: + name: space_tags + id: aws.sagemaker.space_tags + x-cfn-schema-name: Space + x-cfn-type-name: AWS::SageMaker::Space + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.SpaceArn') as space_arn, + JSON_EXTRACT(detail.Properties, '$.DomainId') as domain_id, + JSON_EXTRACT(detail.Properties, '$.SpaceName') as space_name, + JSON_EXTRACT(detail.Properties, '$.SpaceSettings') as space_settings, + JSON_EXTRACT(detail.Properties, '$.OwnershipSettings') as ownership_settings, + JSON_EXTRACT(detail.Properties, '$.SpaceSharingSettings') as space_sharing_settings, + JSON_EXTRACT(detail.Properties, '$.SpaceDisplayName') as space_display_name, + JSON_EXTRACT(detail.Properties, '$.Url') as url + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::SageMaker::Space' + AND detail.data__TypeName = 'AWS::SageMaker::Space' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'SpaceArn') as space_arn, + json_extract_path_text(detail.Properties, 'DomainId') as domain_id, + json_extract_path_text(detail.Properties, 'SpaceName') as space_name, + json_extract_path_text(detail.Properties, 'SpaceSettings') as space_settings, + json_extract_path_text(detail.Properties, 'OwnershipSettings') as ownership_settings, + json_extract_path_text(detail.Properties, 'SpaceSharingSettings') as space_sharing_settings, + json_extract_path_text(detail.Properties, 'SpaceDisplayName') as space_display_name, + json_extract_path_text(detail.Properties, 'Url') as url + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::SageMaker::Space' + AND detail.data__TypeName = 'AWS::SageMaker::Space' + AND listing.region = 'us-east-1' + studio_lifecycle_configs: + name: studio_lifecycle_configs + id: aws.sagemaker.studio_lifecycle_configs + x-cfn-schema-name: StudioLifecycleConfig + x-cfn-type-name: AWS::SageMaker::StudioLifecycleConfig + x-identifiers: + - StudioLifecycleConfigName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__StudioLifecycleConfig&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SageMaker::Space" + "TypeName": "AWS::SageMaker::StudioLifecycleConfig" } response: mediaType: application/json @@ -11099,18 +13261,17 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SageMaker::Space" + "TypeName": "AWS::SageMaker::StudioLifecycleConfig" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/spaces/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/studio_lifecycle_configs/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/spaces/methods/delete_resource' - update: - - $ref: '#/components/x-stackQL-resources/spaces/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/studio_lifecycle_configs/methods/delete_resource' + update: [] config: views: select: @@ -11119,38 +13280,30 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.SpaceArn') as space_arn, - JSON_EXTRACT(Properties, '$.DomainId') as domain_id, - JSON_EXTRACT(Properties, '$.SpaceName') as space_name, - JSON_EXTRACT(Properties, '$.SpaceSettings') as space_settings, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.OwnershipSettings') as ownership_settings, - JSON_EXTRACT(Properties, '$.SpaceSharingSettings') as space_sharing_settings, - JSON_EXTRACT(Properties, '$.SpaceDisplayName') as space_display_name, - JSON_EXTRACT(Properties, '$.Url') as url - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Space' - AND data__Identifier = '|' + JSON_EXTRACT(Properties, '$.StudioLifecycleConfigArn') as studio_lifecycle_config_arn, + JSON_EXTRACT(Properties, '$.StudioLifecycleConfigAppType') as studio_lifecycle_config_app_type, + JSON_EXTRACT(Properties, '$.StudioLifecycleConfigContent') as studio_lifecycle_config_content, + JSON_EXTRACT(Properties, '$.StudioLifecycleConfigName') as studio_lifecycle_config_name, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::StudioLifecycleConfig' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.SpaceArn') as space_arn, - JSON_EXTRACT(detail.Properties, '$.DomainId') as domain_id, - JSON_EXTRACT(detail.Properties, '$.SpaceName') as space_name, - JSON_EXTRACT(detail.Properties, '$.SpaceSettings') as space_settings, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.OwnershipSettings') as ownership_settings, - JSON_EXTRACT(detail.Properties, '$.SpaceSharingSettings') as space_sharing_settings, - JSON_EXTRACT(detail.Properties, '$.SpaceDisplayName') as space_display_name, - JSON_EXTRACT(detail.Properties, '$.Url') as url + JSON_EXTRACT(detail.Properties, '$.StudioLifecycleConfigArn') as studio_lifecycle_config_arn, + JSON_EXTRACT(detail.Properties, '$.StudioLifecycleConfigAppType') as studio_lifecycle_config_app_type, + JSON_EXTRACT(detail.Properties, '$.StudioLifecycleConfigContent') as studio_lifecycle_config_content, + JSON_EXTRACT(detail.Properties, '$.StudioLifecycleConfigName') as studio_lifecycle_config_name, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SageMaker::Space' - AND detail.data__TypeName = 'AWS::SageMaker::Space' + WHERE listing.data__TypeName = 'AWS::SageMaker::StudioLifecycleConfig' + AND detail.data__TypeName = 'AWS::SageMaker::StudioLifecycleConfig' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -11158,47 +13311,38 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'SpaceArn') as space_arn, - json_extract_path_text(Properties, 'DomainId') as domain_id, - json_extract_path_text(Properties, 'SpaceName') as space_name, - json_extract_path_text(Properties, 'SpaceSettings') as space_settings, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'OwnershipSettings') as ownership_settings, - json_extract_path_text(Properties, 'SpaceSharingSettings') as space_sharing_settings, - json_extract_path_text(Properties, 'SpaceDisplayName') as space_display_name, - json_extract_path_text(Properties, 'Url') as url - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::Space' - AND data__Identifier = '|' + json_extract_path_text(Properties, 'StudioLifecycleConfigArn') as studio_lifecycle_config_arn, + json_extract_path_text(Properties, 'StudioLifecycleConfigAppType') as studio_lifecycle_config_app_type, + json_extract_path_text(Properties, 'StudioLifecycleConfigContent') as studio_lifecycle_config_content, + json_extract_path_text(Properties, 'StudioLifecycleConfigName') as studio_lifecycle_config_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SageMaker::StudioLifecycleConfig' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'SpaceArn') as space_arn, - json_extract_path_text(detail.Properties, 'DomainId') as domain_id, - json_extract_path_text(detail.Properties, 'SpaceName') as space_name, - json_extract_path_text(detail.Properties, 'SpaceSettings') as space_settings, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'OwnershipSettings') as ownership_settings, - json_extract_path_text(detail.Properties, 'SpaceSharingSettings') as space_sharing_settings, - json_extract_path_text(detail.Properties, 'SpaceDisplayName') as space_display_name, - json_extract_path_text(detail.Properties, 'Url') as url + json_extract_path_text(detail.Properties, 'StudioLifecycleConfigArn') as studio_lifecycle_config_arn, + json_extract_path_text(detail.Properties, 'StudioLifecycleConfigAppType') as studio_lifecycle_config_app_type, + json_extract_path_text(detail.Properties, 'StudioLifecycleConfigContent') as studio_lifecycle_config_content, + json_extract_path_text(detail.Properties, 'StudioLifecycleConfigName') as studio_lifecycle_config_name, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SageMaker::Space' - AND detail.data__TypeName = 'AWS::SageMaker::Space' + WHERE listing.data__TypeName = 'AWS::SageMaker::StudioLifecycleConfig' + AND detail.data__TypeName = 'AWS::SageMaker::StudioLifecycleConfig' AND listing.region = 'us-east-1' - spaces_list_only: - name: spaces_list_only - id: aws.sagemaker.spaces_list_only - x-cfn-schema-name: Space - x-cfn-type-name: AWS::SageMaker::Space + studio_lifecycle_configs_list_only: + name: studio_lifecycle_configs_list_only + id: aws.sagemaker.studio_lifecycle_configs_list_only + x-cfn-schema-name: StudioLifecycleConfig + x-cfn-type-name: AWS::SageMaker::StudioLifecycleConfig x-identifiers: - - DomainId - - SpaceName + - StudioLifecycleConfigName x-type: cloud_control_view methods: {} sqlVerbs: @@ -11212,24 +13356,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.DomainId') as domain_id, - JSON_EXTRACT(Properties, '$.SpaceName') as space_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Space' + JSON_EXTRACT(Properties, '$.StudioLifecycleConfigName') as studio_lifecycle_config_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::StudioLifecycleConfig' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'DomainId') as domain_id, - json_extract_path_text(Properties, 'SpaceName') as space_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::Space' + json_extract_path_text(Properties, 'StudioLifecycleConfigName') as studio_lifecycle_config_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SageMaker::StudioLifecycleConfig' AND region = 'us-east-1' - space_tags: - name: space_tags - id: aws.sagemaker.space_tags - x-cfn-schema-name: Space - x-cfn-type-name: AWS::SageMaker::Space + studio_lifecycle_config_tags: + name: studio_lifecycle_config_tags + id: aws.sagemaker.studio_lifecycle_config_tags + x-cfn-schema-name: StudioLifecycleConfig + x-cfn-type-name: AWS::SageMaker::StudioLifecycleConfig x-type: cloud_control_view methods: {} sqlVerbs: @@ -11245,21 +13387,17 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.SpaceArn') as space_arn, - JSON_EXTRACT(detail.Properties, '$.DomainId') as domain_id, - JSON_EXTRACT(detail.Properties, '$.SpaceName') as space_name, - JSON_EXTRACT(detail.Properties, '$.SpaceSettings') as space_settings, - JSON_EXTRACT(detail.Properties, '$.OwnershipSettings') as ownership_settings, - JSON_EXTRACT(detail.Properties, '$.SpaceSharingSettings') as space_sharing_settings, - JSON_EXTRACT(detail.Properties, '$.SpaceDisplayName') as space_display_name, - JSON_EXTRACT(detail.Properties, '$.Url') as url + JSON_EXTRACT(detail.Properties, '$.StudioLifecycleConfigArn') as studio_lifecycle_config_arn, + JSON_EXTRACT(detail.Properties, '$.StudioLifecycleConfigAppType') as studio_lifecycle_config_app_type, + JSON_EXTRACT(detail.Properties, '$.StudioLifecycleConfigContent') as studio_lifecycle_config_content, + JSON_EXTRACT(detail.Properties, '$.StudioLifecycleConfigName') as studio_lifecycle_config_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::SageMaker::Space' - AND detail.data__TypeName = 'AWS::SageMaker::Space' + WHERE listing.data__TypeName = 'AWS::SageMaker::StudioLifecycleConfig' + AND detail.data__TypeName = 'AWS::SageMaker::StudioLifecycleConfig' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -11268,21 +13406,17 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'SpaceArn') as space_arn, - json_extract_path_text(detail.Properties, 'DomainId') as domain_id, - json_extract_path_text(detail.Properties, 'SpaceName') as space_name, - json_extract_path_text(detail.Properties, 'SpaceSettings') as space_settings, - json_extract_path_text(detail.Properties, 'OwnershipSettings') as ownership_settings, - json_extract_path_text(detail.Properties, 'SpaceSharingSettings') as space_sharing_settings, - json_extract_path_text(detail.Properties, 'SpaceDisplayName') as space_display_name, - json_extract_path_text(detail.Properties, 'Url') as url + json_extract_path_text(detail.Properties, 'StudioLifecycleConfigArn') as studio_lifecycle_config_arn, + json_extract_path_text(detail.Properties, 'StudioLifecycleConfigAppType') as studio_lifecycle_config_app_type, + json_extract_path_text(detail.Properties, 'StudioLifecycleConfigContent') as studio_lifecycle_config_content, + json_extract_path_text(detail.Properties, 'StudioLifecycleConfigName') as studio_lifecycle_config_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::SageMaker::Space' - AND detail.data__TypeName = 'AWS::SageMaker::Space' + WHERE listing.data__TypeName = 'AWS::SageMaker::StudioLifecycleConfig' + AND detail.data__TypeName = 'AWS::SageMaker::StudioLifecycleConfig' AND listing.region = 'us-east-1' user_profiles: name: user_profiles @@ -11728,6 +13862,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Cluster&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateCluster + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateClusterRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__DataQualityJobDefinition&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -11854,6 +14030,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__Endpoint&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateEndpoint + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateEndpointRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__FeatureGroup&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -12064,7 +14282,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=CreateResource&Version=2021-09-30&__ModelBiasJobDefinition&__detailTransformed=true: + /?Action=CreateResource&Version=2021-09-30&__MlflowTrackingServer&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -12074,7 +14292,7 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateModelBiasJobDefinition + operationId: CreateMlflowTrackingServer parameters: - description: Action Header in: header @@ -12097,7 +14315,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateModelBiasJobDefinitionRequest' + $ref: '#/components/schemas/CreateMlflowTrackingServerRequest' required: true responses: '200': @@ -12106,7 +14324,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=CreateResource&Version=2021-09-30&__ModelCard&__detailTransformed=true: + /?Action=CreateResource&Version=2021-09-30&__ModelBiasJobDefinition&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -12116,7 +14334,7 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateModelCard + operationId: CreateModelBiasJobDefinition parameters: - description: Action Header in: header @@ -12139,7 +14357,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateModelCardRequest' + $ref: '#/components/schemas/CreateModelBiasJobDefinitionRequest' required: true responses: '200': @@ -12358,6 +14576,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__PartnerApp&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreatePartnerApp + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreatePartnerAppRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Pipeline&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -12484,6 +14744,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__StudioLifecycleConfig&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateStudioLifecycleConfig + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateStudioLifecycleConfigRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__UserProfile&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/scheduler.yaml b/providers/src/aws/v00.00.00000/services/scheduler.yaml index 493c16a5..0c5c0d08 100644 --- a/providers/src/aws/v00.00.00000/services/scheduler.yaml +++ b/providers/src/aws/v00.00.00000/services/scheduler.yaml @@ -454,7 +454,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^arn:aws(-[a-z]+)?:sqs:[a-z0-9\-]+:\d{12}:[a-zA-Z0-9\-_]+$ + pattern: ^arn:aws[a-z-]*:sqs:[a-z0-9\-]+:\d{12}:[a-zA-Z0-9\-_]+$ description: The ARN of the SQS queue specified as the target for the dead-letter queue. additionalProperties: false EcsParameters: @@ -720,7 +720,7 @@ components: type: string maxLength: 1600 minLength: 1 - pattern: ^arn:aws(-[a-z]+)?:iam::\d{12}:role\/[\w+=,.@\/-]+$ + pattern: ^arn:aws[a-z-]*:iam::\d{12}:role\/[\w+=,.@\/-]+$ description: The Amazon Resource Name (ARN) of the IAM role to be used for this target when the schedule is triggered. DeadLetterConfig: $ref: '#/components/schemas/DeadLetterConfig' @@ -751,7 +751,7 @@ components: type: string maxLength: 1224 minLength: 1 - pattern: ^arn:aws(-[a-z]+)?:scheduler:[a-z0-9\-]+:\d{12}:schedule\/[0-9a-zA-Z-_.]+\/[0-9a-zA-Z-_.]+$ + pattern: ^arn:aws[a-z-]*:scheduler:[a-z0-9\-]+:\d{12}:schedule\/[0-9a-zA-Z-_.]+\/[0-9a-zA-Z-_.]+$ description: The Amazon Resource Name (ARN) of the schedule. Description: type: string @@ -774,7 +774,7 @@ components: type: string maxLength: 2048 minLength: 1 - pattern: ^arn:aws(-[a-z]+)?:kms:[a-z0-9\-]+:\d{12}:(key|alias)\/[0-9a-zA-Z-_]*$ + pattern: ^arn:aws[a-z-]*:kms:[a-z0-9\-]+:\d{12}:(key|alias)\/[0-9a-zA-Z-_]*$ description: The ARN for a KMS Key that will be used to encrypt customer data. Name: type: string @@ -868,7 +868,7 @@ components: type: string maxLength: 1224 minLength: 1 - pattern: ^arn:aws(-[a-z]+)?:scheduler:[a-z0-9\-]+:\d{12}:schedule-group\/[0-9a-zA-Z-_.]+$ + pattern: ^arn:aws[a-z-]*:scheduler:[a-z0-9\-]+:\d{12}:schedule-group\/[0-9a-zA-Z-_.]+$ description: The Amazon Resource Name (ARN) of the schedule group. CreationDate: type: string @@ -911,6 +911,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - scheduler:UntagResource + - scheduler:ListTagsForResource + - scheduler:TagResource x-required-permissions: create: - scheduler:TagResource @@ -948,7 +952,7 @@ components: type: string maxLength: 1224 minLength: 1 - pattern: ^arn:aws(-[a-z]+)?:scheduler:[a-z0-9\-]+:\d{12}:schedule\/[0-9a-zA-Z-_.]+\/[0-9a-zA-Z-_.]+$ + pattern: ^arn:aws[a-z-]*:scheduler:[a-z0-9\-]+:\d{12}:schedule\/[0-9a-zA-Z-_.]+\/[0-9a-zA-Z-_.]+$ description: The Amazon Resource Name (ARN) of the schedule. Description: type: string @@ -971,7 +975,7 @@ components: type: string maxLength: 2048 minLength: 1 - pattern: ^arn:aws(-[a-z]+)?:kms:[a-z0-9\-]+:\d{12}:(key|alias)\/[0-9a-zA-Z-_]*$ + pattern: ^arn:aws[a-z-]*:kms:[a-z0-9\-]+:\d{12}:(key|alias)\/[0-9a-zA-Z-_]*$ description: The ARN for a KMS Key that will be used to encrypt customer data. Name: type: string @@ -1017,7 +1021,7 @@ components: type: string maxLength: 1224 minLength: 1 - pattern: ^arn:aws(-[a-z]+)?:scheduler:[a-z0-9\-]+:\d{12}:schedule-group\/[0-9a-zA-Z-_.]+$ + pattern: ^arn:aws[a-z-]*:scheduler:[a-z0-9\-]+:\d{12}:schedule-group\/[0-9a-zA-Z-_.]+$ description: The Amazon Resource Name (ARN) of the schedule group. CreationDate: type: string diff --git a/providers/src/aws/v00.00.00000/services/secretsmanager.yaml b/providers/src/aws/v00.00.00000/services/secretsmanager.yaml index 3a5f3965..5fa2427b 100644 --- a/providers/src/aws/v00.00.00000/services/secretsmanager.yaml +++ b/providers/src/aws/v00.00.00000/services/secretsmanager.yaml @@ -385,6 +385,178 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: + ResourcePolicy: + type: object + properties: + Id: + type: string + description: The Arn of the secret. + SecretId: + type: string + minLength: 1 + maxLength: 2048 + description: The ARN or name of the secret to attach the resource-based policy. + ResourcePolicy: + type: object + description: A JSON-formatted string for an AWS resource-based policy. + BlockPublicPolicy: + type: boolean + description: Specifies whether to block resource-based policies that allow broad access to the secret. + required: + - ResourcePolicy + - SecretId + x-stackql-resource-name: resource_policy + description: Resource Type definition for AWS::SecretsManager::ResourcePolicy + x-type-name: AWS::SecretsManager::ResourcePolicy + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - SecretId + x-write-only-properties: + - BlockPublicPolicy + x-read-only-properties: + - Id + x-required-properties: + - ResourcePolicy + - SecretId + x-tagging: + taggable: false + x-required-permissions: + create: + - secretsmanager:PutResourcePolicy + - secretsmanager:GetResourcePolicy + read: + - secretsmanager:GetResourcePolicy + update: + - secretsmanager:PutResourcePolicy + - secretsmanager:GetResourcePolicy + delete: + - secretsmanager:DeleteResourcePolicy + - secretsmanager:GetResourcePolicy + list: + - secretsmanager:GetResourcePolicy + - secretsmanager:ListSecrets + HostedRotationLambda: + additionalProperties: false + type: object + properties: + Runtime: + description: The python runtime associated with the Lambda function + type: string + KmsKeyArn: + description: The ARN of the KMS key that Secrets Manager uses to encrypt the secret. If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. If aws/secretsmanager doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value. + type: string + MasterSecretArn: + description: The ARN of the secret that contains superuser credentials, if you use the alternating users rotation strategy. CloudFormation grants the execution role for the Lambda rotation function GetSecretValue permission to the secret in this property. + type: string + RotationLambdaName: + description: The name of the Lambda rotation function. + type: string + RotationType: + description: The type of rotation template to use + type: string + ExcludeCharacters: + description: A string of the characters that you don't want in the password. + type: string + VpcSecurityGroupIds: + description: A comma-separated list of security group IDs applied to the target database. + type: string + MasterSecretKmsKeyArn: + description: The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key aws/secretsmanager. CloudFormation grants the execution role for the Lambda rotation function Decrypt, DescribeKey, and GenerateDataKey permission to the key in this property. + type: string + SuperuserSecretArn: + description: The ARN of the secret that contains superuser credentials, if you use the alternating users rotation strategy. CloudFormation grants the execution role for the Lambda rotation function GetSecretValue permission to the secret in this property. + type: string + SuperuserSecretKmsKeyArn: + description: The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key aws/secretsmanager. CloudFormation grants the execution role for the Lambda rotation function Decrypt, DescribeKey, and GenerateDataKey permission to the key in this property. + type: string + VpcSubnetIds: + description: A comma separated list of VPC subnet IDs of the target database network. The Lambda rotation function is in the same subnet group. + type: string + required: + - RotationType + RotationRules: + additionalProperties: false + type: object + properties: + ScheduleExpression: + description: A cron() or rate() expression that defines the schedule for rotating your secret. Secrets Manager rotation schedules use UTC time zone. + type: string + Duration: + description: >- + The length of the rotation window in hours, for example 3h for a three hour window. Secrets Manager rotates your secret at any time during this window. The window must not extend into the next rotation window or the next UTC day. The window starts according to the ScheduleExpression. If you don't specify a Duration, for a ScheduleExpression in hours, the window automatically closes after one hour. For a ScheduleExpression in days, the window automatically closes at the end of the UTC + day. + type: string + AutomaticallyAfterDays: + description: The number of days between automatic scheduled rotations of the secret. You can use this value to check that your secret meets your compliance guidelines for how often secrets must be rotated. + type: integer + RotationSchedule: + type: object + properties: + HostedRotationLambda: + description: Creates a new Lambda rotation function based on one of the Secrets Manager rotation function templates. To use a rotation function that already exists, specify RotationLambdaARN instead. + $ref: '#/components/schemas/HostedRotationLambda' + SecretId: + description: The ARN or name of the secret to rotate. + type: string + Id: + description: The ARN of the secret. + type: string + RotateImmediatelyOnUpdate: + description: Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. + type: boolean + RotationLambdaARN: + description: The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the Ref function. + type: string + RotationRules: + description: A structure that defines the rotation configuration for this secret. + $ref: '#/components/schemas/RotationRules' + required: + - SecretId + x-stackql-resource-name: rotation_schedule + description: Resource Type definition for AWS::SecretsManager::RotationSchedule + x-type-name: AWS::SecretsManager::RotationSchedule + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - SecretId + x-write-only-properties: + - RotateImmediatelyOnUpdate + - HostedRotationLambda + - HostedRotationLambda/ExcludeCharacters + - HostedRotationLambda/KmsKeyArn + - HostedRotationLambda/MasterSecretArn + - HostedRotationLambda/MasterSecretKmsKeyArn + - HostedRotationLambda/RotationLambdaName + - HostedRotationLambda/RotationType + - HostedRotationLambda/Runtime + - HostedRotationLambda/SuperuserSecretArn + - HostedRotationLambda/SuperuserSecretKmsKeyArn + - HostedRotationLambda/VpcSecurityGroupIds + - HostedRotationLambda/VpcSubnetIds + x-read-only-properties: + - Id + x-required-properties: + - SecretId + x-tagging: + taggable: false + x-required-permissions: + read: + - secretsmanager:DescribeSecret + create: + - secretsmanager:RotateSecret + - secretsmanager:DescribeSecret + - lambda:InvokeFunction + update: + - secretsmanager:RotateSecret + - secretsmanager:DescribeSecret + - lambda:InvokeFunction + list: + - secretsmanager:DescribeSecret + - secretsmanager:ListSecrets + delete: + - secretsmanager:CancelRotateSecret + - secretsmanager:DescribeSecret GenerateSecretString: type: object additionalProperties: false @@ -510,8 +682,8 @@ components: description: |- Creates a new secret. A *secret* can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager. For RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html). + For RS admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html). To retrieve a secret in a CFNshort template, use a *dynamic reference*. For more information, see [Retrieve a secret in an resource](https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html). - A common scenario is to first create a secret with ``GenerateSecretString``, which generates a password, and then use a dynamic reference to retrieve the username and password from the secret to use as credentials for a new database. See the example *Creating a Redshift cluster and a secret for the admin credentials*. For information about creating a secret in the console, see [Create a secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html). For information about creating a secret using the CLI or SDK, see [CreateSecret](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html). For information about retrieving a secret in code, see [Retrieve secrets from Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html). x-type-name: AWS::SecretsManager::Secret @@ -530,12 +702,16 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - secretsmanager:UntagResource + - secretsmanager:TagResource x-required-permissions: create: - secretsmanager:DescribeSecret - secretsmanager:GetRandomPassword - secretsmanager:CreateSecret - secretsmanager:TagResource + - secretsmanager:ReplicateSecretToRegions delete: - secretsmanager:DeleteSecret - secretsmanager:DescribeSecret @@ -553,6 +729,129 @@ components: - secretsmanager:GetSecretValue - secretsmanager:ReplicateSecretToRegions - secretsmanager:RemoveRegionsFromReplication + SecretTargetAttachment: + type: object + properties: + Id: + type: string + SecretId: + type: string + TargetType: + type: string + TargetId: + type: string + required: + - TargetType + - TargetId + - SecretId + x-stackql-resource-name: secret_target_attachment + description: Resource Type definition for AWS::SecretsManager::SecretTargetAttachment + x-type-name: AWS::SecretsManager::SecretTargetAttachment + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - SecretId + x-read-only-properties: + - Id + x-required-properties: + - TargetType + - TargetId + - SecretId + x-tagging: + taggable: false + x-required-permissions: + read: + - secretsmanager:GetSecretValue + list: + - secretsmanager:GetSecretValue + - secretsmanager:ListSecrets + create: + - secretsmanager:GetSecretValue + - secretsmanager:PutSecretValue + - rds:DescribeDBInstances + - redshift:DescribeClusters + - rds:DescribeDBClusters + - docdb-elastic:GetCluster + - redshift-serverless:ListWorkgroups + - redshift-serverless:GetNamespace + delete: + - secretsmanager:GetSecretValue + - secretsmanager:PutSecretValue + update: + - secretsmanager:GetSecretValue + - secretsmanager:PutSecretValue + - rds:DescribeDBInstances + - redshift:DescribeClusters + - rds:DescribeDBClusters + - docdb-elastic:GetCluster + - redshift-serverless:ListWorkgroups + - redshift-serverless:GetNamespace + CreateResourcePolicyRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Id: + type: string + description: The Arn of the secret. + SecretId: + type: string + minLength: 1 + maxLength: 2048 + description: The ARN or name of the secret to attach the resource-based policy. + ResourcePolicy: + type: object + description: A JSON-formatted string for an AWS resource-based policy. + BlockPublicPolicy: + type: boolean + description: Specifies whether to block resource-based policies that allow broad access to the secret. + x-stackQL-stringOnly: true + x-title: CreateResourcePolicyRequest + type: object + required: [] + CreateRotationScheduleRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + HostedRotationLambda: + description: Creates a new Lambda rotation function based on one of the Secrets Manager rotation function templates. To use a rotation function that already exists, specify RotationLambdaARN instead. + $ref: '#/components/schemas/HostedRotationLambda' + SecretId: + description: The ARN or name of the secret to rotate. + type: string + Id: + description: The ARN of the secret. + type: string + RotateImmediatelyOnUpdate: + description: Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. + type: boolean + RotationLambdaARN: + description: The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the Ref function. + type: string + RotationRules: + description: A structure that defines the rotation configuration for this secret. + $ref: '#/components/schemas/RotationRules' + x-stackQL-stringOnly: true + x-title: CreateRotationScheduleRequest + type: object + required: [] CreateSecretRequest: properties: ClientToken: @@ -624,6 +923,31 @@ components: x-title: CreateSecretRequest type: object required: [] + CreateSecretTargetAttachmentRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Id: + type: string + SecretId: + type: string + TargetType: + type: string + TargetId: + type: string + x-stackQL-stringOnly: true + x-title: CreateSecretTargetAttachmentRequest + type: object + required: [] securitySchemes: hmac: type: apiKey @@ -632,6 +956,306 @@ components: description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: + resource_policies: + name: resource_policies + id: aws.secretsmanager.resource_policies + x-cfn-schema-name: ResourcePolicy + x-cfn-type-name: AWS::SecretsManager::ResourcePolicy + x-identifiers: + - Id + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ResourcePolicy&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SecretsManager::ResourcePolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SecretsManager::ResourcePolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SecretsManager::ResourcePolicy" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/resource_policies/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/resource_policies/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/resource_policies/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.SecretId') as secret_id, + JSON_EXTRACT(Properties, '$.ResourcePolicy') as resource_policy, + JSON_EXTRACT(Properties, '$.BlockPublicPolicy') as block_public_policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecretsManager::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.SecretId') as secret_id, + JSON_EXTRACT(detail.Properties, '$.ResourcePolicy') as resource_policy, + JSON_EXTRACT(detail.Properties, '$.BlockPublicPolicy') as block_public_policy + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SecretsManager::ResourcePolicy' + AND detail.data__TypeName = 'AWS::SecretsManager::ResourcePolicy' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'SecretId') as secret_id, + json_extract_path_text(Properties, 'ResourcePolicy') as resource_policy, + json_extract_path_text(Properties, 'BlockPublicPolicy') as block_public_policy + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecretsManager::ResourcePolicy' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'SecretId') as secret_id, + json_extract_path_text(detail.Properties, 'ResourcePolicy') as resource_policy, + json_extract_path_text(detail.Properties, 'BlockPublicPolicy') as block_public_policy + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SecretsManager::ResourcePolicy' + AND detail.data__TypeName = 'AWS::SecretsManager::ResourcePolicy' + AND listing.region = 'us-east-1' + resource_policies_list_only: + name: resource_policies_list_only + id: aws.secretsmanager.resource_policies_list_only + x-cfn-schema-name: ResourcePolicy + x-cfn-type-name: AWS::SecretsManager::ResourcePolicy + x-identifiers: + - Id + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecretsManager::ResourcePolicy' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecretsManager::ResourcePolicy' + AND region = 'us-east-1' + rotation_schedules: + name: rotation_schedules + id: aws.secretsmanager.rotation_schedules + x-cfn-schema-name: RotationSchedule + x-cfn-type-name: AWS::SecretsManager::RotationSchedule + x-identifiers: + - Id + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__RotationSchedule&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SecretsManager::RotationSchedule" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SecretsManager::RotationSchedule" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SecretsManager::RotationSchedule" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/rotation_schedules/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/rotation_schedules/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/rotation_schedules/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.HostedRotationLambda') as hosted_rotation_lambda, + JSON_EXTRACT(Properties, '$.SecretId') as secret_id, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.RotateImmediatelyOnUpdate') as rotate_immediately_on_update, + JSON_EXTRACT(Properties, '$.RotationLambdaARN') as rotation_lambda_arn, + JSON_EXTRACT(Properties, '$.RotationRules') as rotation_rules + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecretsManager::RotationSchedule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.HostedRotationLambda') as hosted_rotation_lambda, + JSON_EXTRACT(detail.Properties, '$.SecretId') as secret_id, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.RotateImmediatelyOnUpdate') as rotate_immediately_on_update, + JSON_EXTRACT(detail.Properties, '$.RotationLambdaARN') as rotation_lambda_arn, + JSON_EXTRACT(detail.Properties, '$.RotationRules') as rotation_rules + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SecretsManager::RotationSchedule' + AND detail.data__TypeName = 'AWS::SecretsManager::RotationSchedule' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'HostedRotationLambda') as hosted_rotation_lambda, + json_extract_path_text(Properties, 'SecretId') as secret_id, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'RotateImmediatelyOnUpdate') as rotate_immediately_on_update, + json_extract_path_text(Properties, 'RotationLambdaARN') as rotation_lambda_arn, + json_extract_path_text(Properties, 'RotationRules') as rotation_rules + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecretsManager::RotationSchedule' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'HostedRotationLambda') as hosted_rotation_lambda, + json_extract_path_text(detail.Properties, 'SecretId') as secret_id, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'RotateImmediatelyOnUpdate') as rotate_immediately_on_update, + json_extract_path_text(detail.Properties, 'RotationLambdaARN') as rotation_lambda_arn, + json_extract_path_text(detail.Properties, 'RotationRules') as rotation_rules + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SecretsManager::RotationSchedule' + AND detail.data__TypeName = 'AWS::SecretsManager::RotationSchedule' + AND listing.region = 'us-east-1' + rotation_schedules_list_only: + name: rotation_schedules_list_only + id: aws.secretsmanager.rotation_schedules_list_only + x-cfn-schema-name: RotationSchedule + x-cfn-type-name: AWS::SecretsManager::RotationSchedule + x-identifiers: + - Id + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecretsManager::RotationSchedule' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecretsManager::RotationSchedule' + AND region = 'us-east-1' secrets: name: secrets id: aws.secretsmanager.secrets @@ -851,6 +1475,152 @@ components: WHERE listing.data__TypeName = 'AWS::SecretsManager::Secret' AND detail.data__TypeName = 'AWS::SecretsManager::Secret' AND listing.region = 'us-east-1' + secret_target_attachments: + name: secret_target_attachments + id: aws.secretsmanager.secret_target_attachments + x-cfn-schema-name: SecretTargetAttachment + x-cfn-type-name: AWS::SecretsManager::SecretTargetAttachment + x-identifiers: + - Id + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__SecretTargetAttachment&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SecretsManager::SecretTargetAttachment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SecretsManager::SecretTargetAttachment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SecretsManager::SecretTargetAttachment" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/secret_target_attachments/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/secret_target_attachments/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/secret_target_attachments/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.SecretId') as secret_id, + JSON_EXTRACT(Properties, '$.TargetType') as target_type, + JSON_EXTRACT(Properties, '$.TargetId') as target_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecretsManager::SecretTargetAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.SecretId') as secret_id, + JSON_EXTRACT(detail.Properties, '$.TargetType') as target_type, + JSON_EXTRACT(detail.Properties, '$.TargetId') as target_id + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SecretsManager::SecretTargetAttachment' + AND detail.data__TypeName = 'AWS::SecretsManager::SecretTargetAttachment' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'SecretId') as secret_id, + json_extract_path_text(Properties, 'TargetType') as target_type, + json_extract_path_text(Properties, 'TargetId') as target_id + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SecretsManager::SecretTargetAttachment' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'SecretId') as secret_id, + json_extract_path_text(detail.Properties, 'TargetType') as target_type, + json_extract_path_text(detail.Properties, 'TargetId') as target_id + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SecretsManager::SecretTargetAttachment' + AND detail.data__TypeName = 'AWS::SecretsManager::SecretTargetAttachment' + AND listing.region = 'us-east-1' + secret_target_attachments_list_only: + name: secret_target_attachments_list_only + id: aws.secretsmanager.secret_target_attachments_list_only + x-cfn-schema-name: SecretTargetAttachment + x-cfn-type-name: AWS::SecretsManager::SecretTargetAttachment + x-identifiers: + - Id + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecretsManager::SecretTargetAttachment' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Id') as id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SecretsManager::SecretTargetAttachment' + AND region = 'us-east-1' paths: /?Action=CreateResource&Version=2021-09-30: parameters: @@ -994,6 +1764,90 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' description: Success + /?Action=CreateResource&Version=2021-09-30&__ResourcePolicy&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResourcePolicy + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateResourcePolicyRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__RotationSchedule&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateRotationSchedule + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateRotationScheduleRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__Secret&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -1036,6 +1890,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__SecretTargetAttachment&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateSecretTargetAttachment + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateSecretTargetAttachmentRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params diff --git a/providers/src/aws/v00.00.00000/services/securityhub.yaml b/providers/src/aws/v00.00.00000/services/securityhub.yaml index fc9bd68d..61babfef 100644 --- a/providers/src/aws/v00.00.00000/services/securityhub.yaml +++ b/providers/src/aws/v00.00.00000/services/securityhub.yaml @@ -535,33 +535,45 @@ components: description: The Amazon Resource Name (ARN) for the product that generated a related finding. Id: $ref: '#/components/schemas/arnOrId' - description: '' + description: |- + The product-generated identifier for a related finding. + Array Members: Minimum number of 1 item. Maximum number of 20 items. additionalProperties: false required: - ProductArn - Id NoteUpdate: - description: '' + description: The updated note. type: object properties: Text: - description: '' + description: The updated note text. type: string minLength: 1 maxLength: 512 UpdatedBy: $ref: '#/components/schemas/arnOrId' - description: '' + description: The principal that updated the note. additionalProperties: false required: - Text - UpdatedBy WorkflowUpdate: - description: '' + description: Used to update information about the investigation into the finding. type: object properties: Status: - description: '' + description: |- + The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to ``SUPPRESSED`` or ``RESOLVED`` does not prevent a new finding for the same issue. + The allowed values are the following. + + ``NEW`` - The initial state of a finding, before it is reviewed. + Security Hub also resets ``WorkFlowStatus`` from ``NOTIFIED`` or ``RESOLVED`` to ``NEW`` in the following cases: + + The record state changes from ``ARCHIVED`` to ``ACTIVE``. + + The compliance status changes from ``PASSED`` to either ``WARNING``, ``FAILED``, or ``NOT_AVAILABLE``. + + + ``NOTIFIED`` - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. + + ``RESOLVED`` - The finding was reviewed and remediated and is now considered resolved. + + ``SUPPRESSED`` - Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated. type: string enum: - NEW @@ -572,14 +584,20 @@ components: - Status additionalProperties: false SeverityUpdate: - description: '' + description: Updates to the severity information for a finding. type: object properties: Product: - description: '' + description: The native severity as defined by the AWS service or integrated partner product that generated the finding. type: number Label: - description: '' + description: |- + The severity value of the finding. The allowed values are the following. + + ``INFORMATIONAL`` - No issue was found. + + ``LOW`` - The issue does not require action on its own. + + ``MEDIUM`` - The issue must be addressed but not urgently. + + ``HIGH`` - The issue must be addressed as a priority. + + ``CRITICAL`` - The issue must be remediated immediately to avoid it escalating. type: string enum: - INFORMATIONAL @@ -589,14 +607,21 @@ components: - CRITICAL Normalized: $ref: '#/components/schemas/int100' - description: '' + description: |- + The normalized severity for the finding. This attribute is to be deprecated in favor of ``Label``. + If you provide ``Normalized`` and don't provide ``Label``, ``Label`` is set automatically as follows. + + 0 - ``INFORMATIONAL`` + + 1–39 - ``LOW`` + + 40–69 - ``MEDIUM`` + + 70–89 - ``HIGH`` + + 90–100 - ``CRITICAL`` additionalProperties: false AutomationRulesFindingFieldsUpdate: - description: The rule action will update the ``Note`` field of a finding. + description: Identifies the finding fields that the automation rule action updates when a finding matches the defined criteria. type: object properties: Types: - description: '' + description: The rule action updates the ``Types`` field of a finding. type: array maxItems: 50 uniqueItems: true @@ -609,15 +634,15 @@ components: $ref: '#/components/schemas/SeverityUpdate' Confidence: $ref: '#/components/schemas/int100' - description: '' + description: The rule action updates the ``Confidence`` field of a finding. Criticality: $ref: '#/components/schemas/int100' - description: '' + description: The rule action updates the ``Criticality`` field of a finding. UserDefinedFields: $ref: '#/components/schemas/map' - description: '' + description: The rule action updates the ``UserDefinedFields`` field of a finding. VerificationState: - description: '' + description: The rule action updates the ``VerificationState`` field of a finding. type: string enum: - UNKNOWN @@ -640,231 +665,338 @@ components: description: The rule action will update the ``Workflow`` field of a finding. $ref: '#/components/schemas/WorkflowUpdate' AutomationRulesAction: - description: '' + description: One or more actions that ASHlong takes when a finding matches the defined criteria of a rule. type: object properties: Type: - description: '' + description: Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule. type: string enum: - FINDING_FIELDS_UPDATE FindingFieldsUpdate: $ref: '#/components/schemas/AutomationRulesFindingFieldsUpdate' - description: '' + description: Specifies that the automation rule action is an update to a finding field. required: - Type - FindingFieldsUpdate AutomationRulesFindingFilters: - description: '' + description: The criteria that determine which findings a rule applies to. type: object additionalProperties: false properties: ProductArn: - description: '' + description: |- + The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 AwsAccountId: - description: '' + description: |- + The AWS-account ID in which a finding was generated. + Array Members: Minimum number of 1 item. Maximum number of 100 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 100 Id: - description: '' + description: |- + The product-specific identifier for a finding. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 GeneratorId: - description: '' + description: |- + The identifier for the solution-specific component that generated a finding. + Array Members: Minimum number of 1 item. Maximum number of 100 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 100 Type: - description: '' + description: |- + One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see [Types taxonomy for ASFF](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html) in the *User Guide*. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 FirstObservedAt: - description: '' + description: |- + A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. + This field accepts only the specified formats. Timestamps can end with ``Z`` or ``("+" / "-") time-hour [":" time-minute]``. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: + + ``YYYY-MM-DDTHH:MM:SSZ`` (for example, ``2019-01-31T23:00:00Z``) + + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ`` (for example, ``2019-01-31T23:00:00.123456789Z``) + + ``YYYY-MM-DDTHH:MM:SS+HH:MM`` (for example, ``2024-01-04T15:25:10+17:59``) + + ``YYYY-MM-DDTHH:MM:SS-HHMM`` (for example, ``2024-01-04T15:25:10-1759``) + + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM`` (for example, ``2024-01-04T15:25:10.123456789+17:59``) + + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/DateFilter' type: array maxItems: 20 LastObservedAt: - description: '' + description: |- + A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. + This field accepts only the specified formats. Timestamps can end with ``Z`` or ``("+" / "-") time-hour [":" time-minute]``. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: + + ``YYYY-MM-DDTHH:MM:SSZ`` (for example, ``2019-01-31T23:00:00Z``) + + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ`` (for example, ``2019-01-31T23:00:00.123456789Z``) + + ``YYYY-MM-DDTHH:MM:SS+HH:MM`` (for example, ``2024-01-04T15:25:10+17:59``) + + ``YYYY-MM-DDTHH:MM:SS-HHMM`` (for example, ``2024-01-04T15:25:10-1759``) + + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM`` (for example, ``2024-01-04T15:25:10.123456789+17:59``) + + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/DateFilter' type: array maxItems: 20 CreatedAt: - description: '' + description: |- + A timestamp that indicates when this finding record was created. + This field accepts only the specified formats. Timestamps can end with ``Z`` or ``("+" / "-") time-hour [":" time-minute]``. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: + + ``YYYY-MM-DDTHH:MM:SSZ`` (for example, ``2019-01-31T23:00:00Z``) + + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ`` (for example, ``2019-01-31T23:00:00.123456789Z``) + + ``YYYY-MM-DDTHH:MM:SS+HH:MM`` (for example, ``2024-01-04T15:25:10+17:59``) + + ``YYYY-MM-DDTHH:MM:SS-HHMM`` (for example, ``2024-01-04T15:25:10-1759``) + + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM`` (for example, ``2024-01-04T15:25:10.123456789+17:59``) + + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/DateFilter' type: array maxItems: 20 UpdatedAt: - description: '' + description: |- + A timestamp that indicates when the finding record was most recently updated. + This field accepts only the specified formats. Timestamps can end with ``Z`` or ``("+" / "-") time-hour [":" time-minute]``. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: + + ``YYYY-MM-DDTHH:MM:SSZ`` (for example, ``2019-01-31T23:00:00Z``) + + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ`` (for example, ``2019-01-31T23:00:00.123456789Z``) + + ``YYYY-MM-DDTHH:MM:SS+HH:MM`` (for example, ``2024-01-04T15:25:10+17:59``) + + ``YYYY-MM-DDTHH:MM:SS-HHMM`` (for example, ``2024-01-04T15:25:10-1759``) + + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM`` (for example, ``2024-01-04T15:25:10.123456789+17:59``) + + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/DateFilter' type: array maxItems: 20 Confidence: - description: '' + description: >- + The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. ``Confidence`` is scored on a 0–100 basis using a ratio scale. A value of ``0`` means 0 percent confidence, and a value of ``100`` means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see + [Confidence](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence) in the *User Guide*. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/NumberFilter' type: array maxItems: 20 Criticality: - description: '' + description: >- + The level of importance that is assigned to the resources that are associated with a finding. ``Criticality`` is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of ``0`` means that the underlying resources have no criticality, and a score of ``100`` is reserved for the most critical resources. For more information, see [Criticality](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality) in the + *User Guide*. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/NumberFilter' type: array maxItems: 20 Title: - description: '' + description: |- + A finding's title. + Array Members: Minimum number of 1 item. Maximum number of 100 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 100 Description: - description: '' + description: |- + A finding's description. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 SourceUrl: - description: '' + description: |- + Provides a URL that links to a page about the current finding in the finding product. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 ProductName: - description: '' + description: |- + Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 CompanyName: - description: '' + description: |- + The name of the company for the product that generated the finding. For control-based findings, the company is AWS. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 SeverityLabel: - description: '' + description: |- + The severity value of the finding. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 ResourceType: - description: '' + description: |- + A finding's title. + Array Members: Minimum number of 1 item. Maximum number of 100 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 ResourceId: - description: '' + description: |- + The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. + Array Members: Minimum number of 1 item. Maximum number of 100 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 100 ResourcePartition: - description: '' + description: |- + The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 ResourceRegion: - description: '' + description: |- + The AWS-Region where the resource that a finding pertains to is located. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 ResourceTags: - description: '' + description: |- + A list of AWS tags associated with a resource at the time the finding was processed. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/MapFilter' type: array maxItems: 20 ResourceDetailsOther: - description: '' + description: |- + Custom fields and values about the resource that a finding pertains to. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/MapFilter' type: array maxItems: 20 ComplianceStatus: - description: '' + description: |- + The result of a security check. This field is only used for findings generated from controls. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 ComplianceSecurityControlId: - description: '' + description: |- + The security control ID for which a finding was generated. Security control IDs are the same across standards. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 ComplianceAssociatedStandardsId: - description: '' + description: |- + The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the [DescribeStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) API response. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 VerificationState: - description: '' + description: |- + Provides the veracity of a finding. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 WorkflowStatus: - description: '' + description: |- + Provides information about the status of the investigation into a finding. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 RecordState: - description: '' + description: |- + Provides the current state of a finding. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 RelatedFindingsProductArn: - description: '' + description: |- + The ARN for the product that generated a related finding. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 RelatedFindingsId: - description: '' + description: |- + The product-generated identifier for a related finding. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 NoteText: - description: '' + description: |- + The text of a user-defined note that's added to a finding. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 NoteUpdatedAt: - description: '' + description: |- + The timestamp of when the note was updated. + This field accepts only the specified formats. Timestamps can end with ``Z`` or ``("+" / "-") time-hour [":" time-minute]``. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: + + ``YYYY-MM-DDTHH:MM:SSZ`` (for example, ``2019-01-31T23:00:00Z``) + + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ`` (for example, ``2019-01-31T23:00:00.123456789Z``) + + ``YYYY-MM-DDTHH:MM:SS+HH:MM`` (for example, ``2024-01-04T15:25:10+17:59``) + + ``YYYY-MM-DDTHH:MM:SS-HHMM`` (for example, ``2024-01-04T15:25:10-1759``) + + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM`` (for example, ``2024-01-04T15:25:10.123456789+17:59``) + + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/DateFilter' type: array maxItems: 20 NoteUpdatedBy: - description: '' + description: |- + The principal that created a note. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/StringFilter' type: array maxItems: 20 UserDefinedFields: - description: '' + description: |- + A list of user-defined name and value string pairs added to a finding. + Array Members: Minimum number of 1 item. Maximum number of 20 items. items: $ref: '#/components/schemas/MapFilter' type: array @@ -883,17 +1015,17 @@ components: - ENABLED - DISABLED RuleOrder: - description: '' + description: An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first. type: integer minimum: 1 maximum: 1000 Description: - description: '' + description: A description of the rule. type: string minLength: 1 maxLength: 1024 RuleName: - description: '' + description: The name of the rule. type: string minLength: 1 maxLength: 256 @@ -909,11 +1041,11 @@ components: minLength: 1 maxLength: 256 IsTerminal: - description: '' + description: Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal. type: boolean Actions: type: array - description: '' + description: One or more actions to update finding fields if a finding matches the conditions specified in ``Criteria``. items: $ref: '#/components/schemas/AutomationRulesAction' minItems: 1 @@ -922,8 +1054,14 @@ components: description: A set of [Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding. $ref: '#/components/schemas/AutomationRulesFindingFilters' Tags: - description: '' + description: User-defined tags associated with an automation rule. $ref: '#/components/schemas/Tags' + required: + - RuleOrder + - RuleName + - Description + - Criteria + - Actions x-stackql-resource-name: automation_rule description: The ``AWS::SecurityHub::AutomationRule`` resource specifies an automation rule based on input parameters. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *User Guide*. x-type-name: AWS::SecurityHub::AutomationRule @@ -934,6 +1072,12 @@ components: - CreatedAt - UpdatedAt - CreatedBy + x-required-properties: + - RuleOrder + - RuleName + - Description + - Criteria + - Actions x-tagging: taggable: true tagOnCreate: true @@ -1172,15 +1316,15 @@ components: type: object properties: DelegatedAdminIdentifier: - description: The identifier of the DelegatedAdmin being created and assigned as the unique identifier + description: '' type: string pattern: ^[0-9]{12}/[a-zA-Z0-9-]{1,32}$ AdminAccountId: - description: The Amazon Web Services account identifier of the account to designate as the Security Hub administrator account + description: The AWS-account identifier of the account to designate as the Security Hub administrator account. type: string pattern: ^[0-9]{12}$ Status: - description: The current status of the Security Hub administrator account. Indicates whether the account is currently enabled as a Security Hub administrator + description: '' type: string enum: - ENABLED @@ -1188,7 +1332,12 @@ components: required: - AdminAccountId x-stackql-resource-name: delegated_admin - description: The AWS::SecurityHub::DelegatedAdmin resource represents the AWS Security Hub delegated admin account in your organization. One delegated admin resource is allowed to create for the organization in each region in which you configure the AdminAccountId. + description: >- + The ``AWS::SecurityHub::DelegatedAdmin`` resource designates the delegated ASHlong administrator account for an organization. You must enable the integration between ASH and AOlong before you can designate a delegated ASH administrator. Only the management account for an organization can designate the delegated ASH administrator account. For more information, see [Designating the delegated + administrator](https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html#designate-admin-instructions) in the *User Guide*. + To change the delegated administrator account, remove the current delegated administrator account, and then designate the new account. + To designate multiple delegated administrators in different organizations and AWS-Regions, we recommend using [mappings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/mappings-section-structure.html). + Tags aren't supported for this resource. x-type-name: AWS::SecurityHub::DelegatedAdmin x-stackql-primary-identifier: - DelegatedAdminIdentifier @@ -1227,18 +1376,28 @@ components: type: object properties: FindingAggregatorArn: - description: The ARN of the FindingAggregator being created and assigned as the unique identifier + description: '' type: string pattern: arn:aws\S*:securityhub:\S* RegionLinkingMode: - description: Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions + description: |- + Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. + The selected option also determines how to use the Regions provided in the Regions list. + The options are as follows: + + ``ALL_REGIONS`` - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. + + ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. + + ``SPECIFIED_REGIONS`` - Aggregates findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions. + + ``NO_REGIONS`` - Aggregates no data because no Regions are selected as linked Regions. type: string enum: - ALL_REGIONS - ALL_REGIONS_EXCEPT_SPECIFIED - SPECIFIED_REGIONS Regions: - description: The list of excluded Regions or included Regions + description: |- + If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED``, then this is a space-separated list of Regions that don't replicate and send findings to the home Region. + If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS``, then this is a space-separated list of Regions that do replicate and send findings to the home Region. + An ``InvalidInputException`` error results if you populate this field while ``RegionLinkingMode`` is ``NO_REGIONS``. type: array x-insertionOrder: false uniqueItems: true @@ -1247,12 +1406,16 @@ components: items: $ref: '#/components/schemas/Region' FindingAggregationRegion: - description: The aggregation Region of the FindingAggregator + description: '' $ref: '#/components/schemas/Region' required: - RegionLinkingMode x-stackql-resource-name: finding_aggregator - description: The AWS::SecurityHub::FindingAggregator resource represents the AWS Security Hub Finding Aggregator in your account. One finding aggregator resource is created for each account in non opt-in region in which you configure region linking mode. + description: >- + The ``AWS::SecurityHub::FindingAggregator`` resource enables cross-Region aggregation. When cross-Region aggregation is enabled, you can aggregate findings, finding updates, insights, control compliance statuses, and security scores from one or more linked Regions to a single aggregation Region. You can then view and manage all of this data from the aggregation Region. For more details about cross-Region aggregation, see [Cross-Region + aggregation](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation.html) in the *User Guide* + This resource must be created in the Region that you want to designate as your aggregation Region. + Cross-Region aggregation is also a prerequisite for using [central configuration](https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html) in ASH. x-type-name: AWS::SecurityHub::FindingAggregator x-stackql-primary-identifier: - FindingAggregatorArn @@ -2465,6 +2628,8 @@ components: - SecurityControlId x-stackql-additional-identifiers: - - SecurityControlArn + x-create-only-properties: + - SecurityControlId x-required-properties: - Parameters x-tagging: @@ -2520,7 +2685,7 @@ components: DisabledStandardsControls: description: |- Specifies which controls are to be disabled in a standard. - *Maximum*: ``100`` + *Maximum*: ``100`` type: array minItems: 0 maxItems: 100 @@ -2592,17 +2757,17 @@ components: - ENABLED - DISABLED RuleOrder: - description: '' + description: An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first. type: integer minimum: 1 maximum: 1000 Description: - description: '' + description: A description of the rule. type: string minLength: 1 maxLength: 1024 RuleName: - description: '' + description: The name of the rule. type: string minLength: 1 maxLength: 256 @@ -2618,11 +2783,11 @@ components: minLength: 1 maxLength: 256 IsTerminal: - description: '' + description: Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal. type: boolean Actions: type: array - description: '' + description: One or more actions to update finding fields if a finding matches the conditions specified in ``Criteria``. items: $ref: '#/components/schemas/AutomationRulesAction' minItems: 1 @@ -2631,7 +2796,7 @@ components: description: A set of [Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding. $ref: '#/components/schemas/AutomationRulesFindingFilters' Tags: - description: '' + description: User-defined tags associated with an automation rule. $ref: '#/components/schemas/Tags' x-stackQL-stringOnly: true x-title: CreateAutomationRuleRequest @@ -2699,15 +2864,15 @@ components: type: object properties: DelegatedAdminIdentifier: - description: The identifier of the DelegatedAdmin being created and assigned as the unique identifier + description: '' type: string pattern: ^[0-9]{12}/[a-zA-Z0-9-]{1,32}$ AdminAccountId: - description: The Amazon Web Services account identifier of the account to designate as the Security Hub administrator account + description: The AWS-account identifier of the account to designate as the Security Hub administrator account. type: string pattern: ^[0-9]{12}$ Status: - description: The current status of the Security Hub administrator account. Indicates whether the account is currently enabled as a Security Hub administrator + description: '' type: string enum: - ENABLED @@ -2730,18 +2895,28 @@ components: type: object properties: FindingAggregatorArn: - description: The ARN of the FindingAggregator being created and assigned as the unique identifier + description: '' type: string pattern: arn:aws\S*:securityhub:\S* RegionLinkingMode: - description: Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions + description: |- + Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. + The selected option also determines how to use the Regions provided in the Regions list. + The options are as follows: + + ``ALL_REGIONS`` - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. + + ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. + + ``SPECIFIED_REGIONS`` - Aggregates findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions. + + ``NO_REGIONS`` - Aggregates no data because no Regions are selected as linked Regions. type: string enum: - ALL_REGIONS - ALL_REGIONS_EXCEPT_SPECIFIED - SPECIFIED_REGIONS Regions: - description: The list of excluded Regions or included Regions + description: |- + If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED``, then this is a space-separated list of Regions that don't replicate and send findings to the home Region. + If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS``, then this is a space-separated list of Regions that do replicate and send findings to the home Region. + An ``InvalidInputException`` error results if you populate this field while ``RegionLinkingMode`` is ``NO_REGIONS``. type: array x-insertionOrder: false uniqueItems: true @@ -2750,7 +2925,7 @@ components: items: $ref: '#/components/schemas/Region' FindingAggregationRegion: - description: The aggregation Region of the FindingAggregator + description: '' $ref: '#/components/schemas/Region' x-stackQL-stringOnly: true x-title: CreateFindingAggregatorRequest @@ -3006,7 +3181,7 @@ components: DisabledStandardsControls: description: |- Specifies which controls are to be disabled in a standard. - *Maximum*: ``100`` + *Maximum*: ``100`` type: array minItems: 0 maxItems: 100 diff --git a/providers/src/aws/v00.00.00000/services/securitylake.yaml b/providers/src/aws/v00.00.00000/services/securitylake.yaml index 5658b928..1ecd2f74 100644 --- a/providers/src/aws/v00.00.00000/services/securitylake.yaml +++ b/providers/src/aws/v00.00.00000/services/securitylake.yaml @@ -459,7 +459,7 @@ components: x-insertionOrder: false items: type: string - pattern: ^(af|ap|ca|eu|me|sa|us)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\d+$ + pattern: ^(us(-gov)?|af|ap|ca|eu|me|sa)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\d+$ Tag: type: object properties: @@ -521,6 +521,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - securitylake:TagResource + - securitylake:UntagResource + - securitylake:ListTagsForResource x-required-permissions: create: - events:* @@ -696,6 +700,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - securitylake:TagResource + - securitylake:UntagResource + - securitylake:ListTagsForResource x-required-permissions: create: - securitylake:CreateSubscriber @@ -703,6 +711,7 @@ components: - securitylake:CreateDataLake - securitylake:TagResource - securitylake:GetSubscriber + - securitylake:ListSubscribers - securitylake:ListTagsForResource - iam:GetRole - iam:GetRolePolicy diff --git a/providers/src/aws/v00.00.00000/services/ses.yaml b/providers/src/aws/v00.00.00000/services/ses.yaml index 2f276d30..40fe71b4 100644 --- a/providers/src/aws/v00.00.00000/services/ses.yaml +++ b/providers/src/aws/v00.00.00000/services/ses.yaml @@ -393,6 +393,10 @@ components: CustomRedirectDomain: type: string description: The domain to use for tracking open and click events. + HttpsPolicy: + type: string + description: The https policy to use for tracking open and click events. + pattern: REQUIRE|REQUIRE_OPEN_ONLY|OPTIONAL DeliveryOptions: description: An object that defines the dedicated IP pool that is used to send emails that you send using the configuration set. type: object @@ -405,6 +409,11 @@ components: SendingPoolName: type: string description: The name of the dedicated IP pool to associate with the configuration set. + MaxDeliverySeconds: + type: number + description: Specifies the maximum time until which SES will retry sending emails + minimum: 300 + maximum: 50400 ReputationOptions: description: An object that defines whether or not Amazon SES collects reputation metrics for the emails that you send that use the configuration set. type: object @@ -537,8 +546,23 @@ components: SnsDestination: description: An object that contains SNS topic ARN associated event destination. $ref: '#/components/schemas/SnsDestination' + EventBridgeDestination: + description: An object that contains Event bus ARN associated with the event bridge destination. + $ref: '#/components/schemas/EventBridgeDestination' required: - MatchingEventTypes + EventBridgeDestination: + type: object + additionalProperties: false + description: An object that contains Event bus ARN associated with the event bridge destination. + properties: + EventBusArn: + type: string + minLength: 36 + maxLength: 1024 + pattern: ^arn:aws[a-z0-9-]*:events:[a-z0-9-]+:\d{12}:event-bus/[^:]+$ + required: + - EventBusArn SnsDestination: type: object additionalProperties: false @@ -645,12 +669,14 @@ components: properties: Key: type: string - minLength: 1 maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z0-9/_\+=\.:@\-]+$ Value: type: string - minLength: 0 maxLength: 256 + minLength: 0 + pattern: ^[a-zA-Z0-9/_\+=\.:@\-]*$ required: - Key - Value @@ -881,311 +907,1978 @@ components: - ses:DeleteEmailIdentity list: - ses:ListEmailIdentities - Template: + MailManagerAddonInstance: type: object properties: - Id: + AddonInstanceArn: type: string - Template: - $ref: '#/components/schemas/Template' - x-stackql-resource-name: template - description: Resource Type definition for AWS::SES::Template - x-type-name: AWS::SES::Template + AddonInstanceId: + type: string + maxLength: 67 + minLength: 4 + pattern: ^ai-[a-zA-Z0-9]{1,64}$ + AddonName: + type: string + AddonSubscriptionId: + type: string + maxLength: 67 + minLength: 4 + pattern: ^as-[a-zA-Z0-9]{1,64}$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + required: + - AddonSubscriptionId + x-stackql-resource-name: mail_manager_addon_instance + description: Definition of AWS::SES::MailManagerAddonInstance Resource Type + x-type-name: AWS::SES::MailManagerAddonInstance x-stackql-primary-identifier: - - Id + - AddonInstanceId x-create-only-properties: - - Template/TemplateName + - AddonSubscriptionId x-read-only-properties: - - Id + - AddonInstanceArn + - AddonInstanceId + - AddonName + x-required-properties: + - AddonSubscriptionId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - ses:TagResource + - ses:UntagResource x-required-permissions: create: - - ses:CreateEmailTemplate - - ses:GetEmailTemplate - - ses:CreateTemplate - - ses:GetTemplate + - ses:TagResource + - ses:ListTagsForResource + - ses:GetAddonInstance + - ses:CreateAddonInstance read: - - ses:GetEmailTemplate - - ses:GetTemplate - delete: - - ses:DeleteEmailTemplate - - ses:DeleteTemplate + - ses:ListTagsForResource + - ses:GetAddonInstance update: - - ses:GetEmailTemplate - - ses:UpdateEmailTemplate - - ses:GetTemplate - - ses:UpdateTemplate + - ses:TagResource + - ses:UntagResource + - ses:ListTagsForResource + - ses:GetAddonInstance + delete: + - ses:GetAddonInstance + - ses:DeleteAddonInstance list: - - ses:ListEmailTemplates - - ses:ListTemplates - DashboardAttributes: + - ses:ListAddonInstances + MailManagerAddonSubscription: type: object - additionalProperties: false - description: Preferences regarding the Dashboard feature. properties: - EngagementMetrics: + AddonName: type: string - description: Whether emails sent from this account have engagement tracking enabled. - pattern: ENABLED|DISABLED - GuardianAttributes: - type: object - additionalProperties: false - description: Preferences regarding the Guardian feature. - properties: - OptimizedSharedDelivery: + AddonSubscriptionArn: type: string - description: Whether emails sent from this account have optimized delivery algorithm enabled. - pattern: ENABLED|DISABLED - VdmAttributes: - type: object - properties: - VdmAttributesResourceId: + AddonSubscriptionId: type: string - description: Unique identifier for this resource - DashboardAttributes: - $ref: '#/components/schemas/DashboardAttributes' - GuardianAttributes: - $ref: '#/components/schemas/GuardianAttributes' - x-stackql-resource-name: vdm_attributes - description: Resource Type definition for AWS::SES::VdmAttributes - x-type-name: AWS::SES::VdmAttributes + maxLength: 67 + minLength: 4 + pattern: ^as-[a-zA-Z0-9]{1,64}$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + required: + - AddonName + x-stackql-resource-name: mail_manager_addon_subscription + description: Definition of AWS::SES::MailManagerAddonSubscription Resource Type + x-type-name: AWS::SES::MailManagerAddonSubscription x-stackql-primary-identifier: - - VdmAttributesResourceId + - AddonSubscriptionId + x-create-only-properties: + - AddonName x-read-only-properties: - - VdmAttributesResourceId + - AddonSubscriptionArn + - AddonSubscriptionId + x-required-properties: + - AddonName x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false - cloudFormationSystemTags: false + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - ses:TagResource + - ses:UntagResource x-required-permissions: create: - - ses:PutAccountVdmAttributes - - ses:GetAccount + - ses:TagResource + - ses:ListTagsForResource + - ses:GetAddonSubscription + - ses:CreateAddonSubscription read: - - ses:GetAccount + - ses:ListTagsForResource + - ses:GetAddonSubscription update: - - ses:PutAccountVdmAttributes - - ses:GetAccount + - ses:TagResource + - ses:UntagResource + - ses:ListTagsForResource + - ses:GetAddonSubscription delete: - - ses:PutAccountVdmAttributes - - ses:GetAccount - CreateConfigurationSetRequest: - properties: - ClientToken: - type: string - RoleArn: - type: string - TypeName: - type: string - TypeVersionId: - type: string - DesiredState: - type: object + - ses:GetAddonSubscription + - ses:DeleteAddonSubscription + list: + - ses:ListAddonSubscriptions + ArchiveRetention: + oneOf: + - type: object + title: RetentionPeriod properties: - Name: - description: The name of the configuration set. - type: string - pattern: ^[a-zA-Z0-9_-]{1,64}$ - TrackingOptions: - $ref: '#/components/schemas/TrackingOptions' - DeliveryOptions: - $ref: '#/components/schemas/DeliveryOptions' - ReputationOptions: - $ref: '#/components/schemas/ReputationOptions' - SendingOptions: - $ref: '#/components/schemas/SendingOptions' - SuppressionOptions: - $ref: '#/components/schemas/SuppressionOptions' - VdmOptions: - $ref: '#/components/schemas/VdmOptions' - x-stackQL-stringOnly: true - x-title: CreateConfigurationSetRequest + RetentionPeriod: + $ref: '#/components/schemas/RetentionPeriod' + required: + - RetentionPeriod + additionalProperties: false + ArchiveState: + type: string + enum: + - ACTIVE + - PENDING_DELETION + RetentionPeriod: + type: string + enum: + - THREE_MONTHS + - SIX_MONTHS + - NINE_MONTHS + - ONE_YEAR + - EIGHTEEN_MONTHS + - TWO_YEARS + - THIRTY_MONTHS + - THREE_YEARS + - FOUR_YEARS + - FIVE_YEARS + - SIX_YEARS + - SEVEN_YEARS + - EIGHT_YEARS + - NINE_YEARS + - TEN_YEARS + - PERMANENT + MailManagerArchive: type: object - required: [] - CreateConfigurationSetEventDestinationRequest: properties: - ClientToken: + ArchiveArn: type: string - RoleArn: + ArchiveId: type: string - TypeName: + maxLength: 66 + minLength: 1 + ArchiveName: type: string - TypeVersionId: + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]*[a-zA-Z0-9]$ + ArchiveState: + $ref: '#/components/schemas/ArchiveState' + KmsKeyArn: type: string - DesiredState: - type: object + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-z0-9-]{1,20}:[0-9]{12}:(key|alias)/.+$ + Retention: + $ref: '#/components/schemas/ArchiveRetention' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-stackql-resource-name: mail_manager_archive + description: Definition of AWS::SES::MailManagerArchive Resource Type + x-type-name: AWS::SES::MailManagerArchive + x-stackql-primary-identifier: + - ArchiveId + x-create-only-properties: + - KmsKeyArn + x-read-only-properties: + - ArchiveArn + - ArchiveId + - ArchiveState + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - ses:TagResource + - ses:UntagResource + x-required-permissions: + create: + - ses:TagResource + - ses:ListTagsForResource + - ses:GetArchive + - ses:CreateArchive + - kms:DescribeKey + - kms:Decrypt + - kms:GenerateDataKey + read: + - ses:ListTagsForResource + - ses:GetArchive + update: + - ses:TagResource + - ses:UntagResource + - ses:ListTagsForResource + - ses:GetArchive + - ses:UpdateArchive + delete: + - ses:GetArchive + - ses:DeleteArchive + list: + - ses:ListArchives + IngressPointConfiguration: + oneOf: + - type: object + title: SmtpPassword properties: - Id: + SmtpPassword: type: string - ConfigurationSetName: - description: The name of the configuration set that contains the event destination. + maxLength: 64 + minLength: 8 + pattern: ^[A-Za-z0-9!@#$%^&*()_+\-=\[\]{}|.,?]+$ + required: + - SmtpPassword + additionalProperties: false + - type: object + title: SecretArn + properties: + SecretArn: type: string - EventDestination: - description: The event destination object. - $ref: '#/components/schemas/EventDestination' - x-stackQL-stringOnly: true - x-title: CreateConfigurationSetEventDestinationRequest + pattern: ^arn:(aws|aws-cn|aws-us-gov):secretsmanager:[a-z0-9-]+:\d{12}:secret:[a-zA-Z0-9/_+=,.@-]+$ + required: + - SecretArn + additionalProperties: false + IngressPointStatus: + type: string + enum: + - PROVISIONING + - DEPROVISIONING + - UPDATING + - ACTIVE + - CLOSED + - FAILED + IngressPointStatusToUpdate: + type: string + enum: + - ACTIVE + - CLOSED + IngressPointType: + type: string + enum: + - OPEN + - AUTH + MailManagerIngressPoint: type: object - required: [] - CreateContactListRequest: properties: - ClientToken: + ARecord: type: string - RoleArn: + TrafficPolicyId: type: string - TypeName: + maxLength: 100 + minLength: 1 + IngressPointConfiguration: + $ref: '#/components/schemas/IngressPointConfiguration' + IngressPointArn: type: string - TypeVersionId: + IngressPointId: type: string - DesiredState: - type: object + maxLength: 100 + minLength: 1 + IngressPointName: + type: string + maxLength: 63 + minLength: 3 + pattern: ^[A-Za-z0-9_\-]+$ + RuleSetId: + type: string + maxLength: 100 + minLength: 1 + Status: + $ref: '#/components/schemas/IngressPointStatus' + StatusToUpdate: + $ref: '#/components/schemas/IngressPointStatusToUpdate' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + Type: + $ref: '#/components/schemas/IngressPointType' + required: + - Type + - TrafficPolicyId + - RuleSetId + x-stackql-resource-name: mail_manager_ingress_point + description: Definition of AWS::SES::MailManagerIngressPoint Resource Type + x-type-name: AWS::SES::MailManagerIngressPoint + x-stackql-primary-identifier: + - IngressPointId + x-create-only-properties: + - Type + x-write-only-properties: + - IngressPointConfiguration + x-read-only-properties: + - IngressPointId + - IngressPointArn + - Status + - ARecord + x-required-properties: + - Type + - TrafficPolicyId + - RuleSetId + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - ses:TagResource + - ses:UntagResource + x-required-permissions: + create: + - ses:TagResource + - ses:ListTagsForResource + - ses:GetIngressPoint + - ses:CreateIngressPoint + - iam:CreateServiceLinkedRole + read: + - ses:ListTagsForResource + - ses:GetIngressPoint + update: + - ses:TagResource + - ses:UntagResource + - ses:ListTagsForResource + - ses:GetIngressPoint + - ses:UpdateIngressPoint + delete: + - ses:GetIngressPoint + - ses:DeleteIngressPoint + list: + - ses:ListIngressPoints + NoAuthentication: + type: object + additionalProperties: false + RelayAuthentication: + oneOf: + - type: object + title: SecretArn properties: - ContactListName: - description: The name of the contact list. - type: string - pattern: ^[a-zA-Z0-9_-]{1,64}$ - Description: - description: The description of the contact list. + SecretArn: type: string - maxLength: 500 - Topics: - description: The topics associated with the contact list. - type: array - x-insertionOrder: false - items: - $ref: '#/components/schemas/Topic' - minItems: 0 - maxItems: 20 - Tags: - description: The tags (keys and values) associated with the contact list. - type: array - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - minItems: 0 - maxItems: 50 - x-stackQL-stringOnly: true - x-title: CreateContactListRequest + pattern: ^arn:(aws|aws-cn|aws-us-gov):secretsmanager:[a-z0-9-]+:\d{12}:secret:[a-zA-Z0-9/_+=,.@-]+$ + required: + - SecretArn + additionalProperties: false + - type: object + title: NoAuthentication + properties: + NoAuthentication: + $ref: '#/components/schemas/NoAuthentication' + required: + - NoAuthentication + additionalProperties: false + MailManagerRelay: type: object - required: [] - CreateDedicatedIpPoolRequest: properties: - ClientToken: + Authentication: + $ref: '#/components/schemas/RelayAuthentication' + RelayArn: type: string - RoleArn: + RelayId: type: string - TypeName: + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + RelayName: type: string - TypeVersionId: + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9-_]+$ + ServerName: type: string - DesiredState: - type: object - properties: - PoolName: - type: string - description: The name of the dedicated IP pool. - pattern: ^[a-z0-9_-]{0,64}$ - ScalingMode: - type: string - description: Specifies whether the dedicated IP pool is managed or not. The default value is STANDARD. - pattern: ^(STANDARD|MANAGED)$ - x-stackQL-stringOnly: true - x-title: CreateDedicatedIpPoolRequest + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9-\.]+$ + ServerPort: + type: number + maximum: 65535 + minimum: 1 + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + required: + - Authentication + - ServerName + - ServerPort + x-stackql-resource-name: mail_manager_relay + description: Definition of AWS::SES::MailManagerRelay Resource Type + x-type-name: AWS::SES::MailManagerRelay + x-stackql-primary-identifier: + - RelayId + x-read-only-properties: + - RelayArn + - RelayId + x-required-properties: + - Authentication + - ServerName + - ServerPort + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - ses:TagResource + - ses:UntagResource + x-required-permissions: + create: + - ses:TagResource + - ses:ListTagsForResource + - ses:GetRelay + - ses:CreateRelay + read: + - ses:ListTagsForResource + - ses:GetRelay + update: + - ses:TagResource + - ses:UntagResource + - ses:ListTagsForResource + - ses:GetRelay + - ses:UpdateRelay + delete: + - ses:GetRelay + - ses:DeleteRelay + list: + - ses:ListRelays + ActionFailurePolicy: + type: string + enum: + - CONTINUE + - DROP + AddHeaderAction: type: object - required: [] - CreateEmailIdentityRequest: properties: - ClientToken: + HeaderName: type: string - RoleArn: + maxLength: 64 + minLength: 1 + pattern: ^[xX]\-[a-zA-Z0-9\-]+$ + HeaderValue: type: string - TypeName: + maxLength: 128 + minLength: 1 + required: + - HeaderName + - HeaderValue + additionalProperties: false + Analysis: + type: object + properties: + Analyzer: type: string - TypeVersionId: + pattern: ^[a-zA-Z0-9:_/+=,@.#-]+$ + ResultField: type: string - DesiredState: - type: object - properties: - EmailIdentity: - type: string - description: The email address or domain to verify. - ConfigurationSetAttributes: - $ref: '#/components/schemas/ConfigurationSetAttributes' - DkimSigningAttributes: - $ref: '#/components/schemas/DkimSigningAttributes' - DkimAttributes: - $ref: '#/components/schemas/DkimAttributes' - MailFromAttributes: - $ref: '#/components/schemas/MailFromAttributes' - FeedbackAttributes: - $ref: '#/components/schemas/FeedbackAttributes' - DkimDNSTokenName1: - type: string - DkimDNSTokenName2: - type: string - DkimDNSTokenName3: - type: string - DkimDNSTokenValue1: - type: string - DkimDNSTokenValue2: - type: string - DkimDNSTokenValue3: - type: string - x-stackQL-stringOnly: true - x-title: CreateEmailIdentityRequest + maxLength: 256 + minLength: 1 + pattern: ^[\sa-zA-Z0-9_]+$ + required: + - Analyzer + - ResultField + additionalProperties: false + ArchiveAction: type: object - required: [] - CreateTemplateRequest: properties: - ClientToken: + ActionFailurePolicy: + $ref: '#/components/schemas/ActionFailurePolicy' + TargetArchive: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9:_/+=,@.#-]+$ + required: + - TargetArchive + additionalProperties: false + DeliverToMailboxAction: + type: object + properties: + ActionFailurePolicy: + $ref: '#/components/schemas/ActionFailurePolicy' + MailboxArn: type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9:_/+=,@.#-]+$ RoleArn: type: string - TypeName: + maxLength: 2048 + minLength: 20 + pattern: ^[a-zA-Z0-9:_/+=,@.#-]+$ + required: + - MailboxArn + - RoleArn + additionalProperties: false + DeliverToQBusinessAction: + type: object + properties: + ActionFailurePolicy: + $ref: '#/components/schemas/ActionFailurePolicy' + ApplicationId: type: string - TypeVersionId: + maxLength: 36 + minLength: 36 + pattern: ^[a-z0-9-]+$ + IndexId: type: string - DesiredState: - type: object + maxLength: 36 + minLength: 36 + pattern: ^[a-z0-9-]+$ + RoleArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^[a-zA-Z0-9:_/+=,@.#-]+$ + required: + - ApplicationId + - IndexId + - RoleArn + additionalProperties: false + DropAction: + type: object + additionalProperties: false + MailFrom: + type: string + enum: + - REPLACE + - PRESERVE + RelayAction: + type: object + properties: + ActionFailurePolicy: + $ref: '#/components/schemas/ActionFailurePolicy' + Relay: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^[a-zA-Z0-9:_/+=,@.#-]+$ + MailFrom: + $ref: '#/components/schemas/MailFrom' + required: + - Relay + additionalProperties: false + ReplaceRecipientAction: + type: object + properties: + ReplaceWith: + type: array + items: + type: string + maxLength: 254 + minLength: 0 + pattern: ^[0-9A-Za-z@+.-]+$ + maxItems: 100 + minItems: 1 + uniqueItems: true + additionalProperties: false + Rule: + type: object + properties: + Name: + type: string + maxLength: 32 + minLength: 1 + pattern: ^[a-zA-Z0-9_.-]+$ + Conditions: + type: array + items: + $ref: '#/components/schemas/RuleCondition' + maxItems: 10 + minItems: 0 + Unless: + type: array + items: + $ref: '#/components/schemas/RuleCondition' + maxItems: 10 + minItems: 0 + Actions: + type: array + items: + $ref: '#/components/schemas/RuleAction' + maxItems: 10 + minItems: 1 + required: + - Actions + additionalProperties: false + RuleAction: + oneOf: + - type: object + title: Drop properties: - Id: + Drop: + $ref: '#/components/schemas/DropAction' + required: + - Drop + additionalProperties: false + - type: object + title: Relay + properties: + Relay: + $ref: '#/components/schemas/RelayAction' + required: + - Relay + additionalProperties: false + - type: object + title: Archive + properties: + Archive: + $ref: '#/components/schemas/ArchiveAction' + required: + - Archive + additionalProperties: false + - type: object + title: WriteToS3 + properties: + WriteToS3: + $ref: '#/components/schemas/S3Action' + required: + - WriteToS3 + additionalProperties: false + - type: object + title: Send + properties: + Send: + $ref: '#/components/schemas/SendAction' + required: + - Send + additionalProperties: false + - type: object + title: AddHeader + properties: + AddHeader: + $ref: '#/components/schemas/AddHeaderAction' + required: + - AddHeader + additionalProperties: false + - type: object + title: ReplaceRecipient + properties: + ReplaceRecipient: + $ref: '#/components/schemas/ReplaceRecipientAction' + required: + - ReplaceRecipient + additionalProperties: false + - type: object + title: DeliverToMailbox + properties: + DeliverToMailbox: + $ref: '#/components/schemas/DeliverToMailboxAction' + required: + - DeliverToMailbox + additionalProperties: false + - type: object + title: DeliverToQBusiness + properties: + DeliverToQBusiness: + $ref: '#/components/schemas/DeliverToQBusinessAction' + required: + - DeliverToQBusiness + additionalProperties: false + RuleBooleanEmailAttribute: + type: string + enum: + - READ_RECEIPT_REQUESTED + - TLS + - TLS_WRAPPED + RuleBooleanExpression: + type: object + properties: + Evaluate: + $ref: '#/components/schemas/RuleBooleanToEvaluate' + Operator: + $ref: '#/components/schemas/RuleBooleanOperator' + required: + - Evaluate + - Operator + additionalProperties: false + RuleBooleanOperator: + type: string + enum: + - IS_TRUE + - IS_FALSE + RuleBooleanToEvaluate: + oneOf: + - type: object + title: Attribute + properties: + Attribute: + $ref: '#/components/schemas/RuleBooleanEmailAttribute' + required: + - Attribute + additionalProperties: false + RuleCondition: + oneOf: + - type: object + title: BooleanExpression + properties: + BooleanExpression: + $ref: '#/components/schemas/RuleBooleanExpression' + required: + - BooleanExpression + additionalProperties: false + - type: object + title: StringExpression + properties: + StringExpression: + $ref: '#/components/schemas/RuleStringExpression' + required: + - StringExpression + additionalProperties: false + - type: object + title: NumberExpression + properties: + NumberExpression: + $ref: '#/components/schemas/RuleNumberExpression' + required: + - NumberExpression + additionalProperties: false + - type: object + title: IpExpression + properties: + IpExpression: + $ref: '#/components/schemas/RuleIpExpression' + required: + - IpExpression + additionalProperties: false + - type: object + title: VerdictExpression + properties: + VerdictExpression: + $ref: '#/components/schemas/RuleVerdictExpression' + required: + - VerdictExpression + additionalProperties: false + - type: object + title: DmarcExpression + properties: + DmarcExpression: + $ref: '#/components/schemas/RuleDmarcExpression' + required: + - DmarcExpression + additionalProperties: false + RuleDmarcExpression: + type: object + properties: + Operator: + $ref: '#/components/schemas/RuleDmarcOperator' + Values: + type: array + items: + $ref: '#/components/schemas/RuleDmarcPolicy' + maxItems: 10 + minItems: 1 + required: + - Operator + - Values + additionalProperties: false + RuleDmarcOperator: + type: string + enum: + - EQUALS + - NOT_EQUALS + RuleDmarcPolicy: + type: string + enum: + - NONE + - QUARANTINE + - REJECT + RuleIpEmailAttribute: + type: string + enum: + - SOURCE_IP + RuleIpExpression: + type: object + properties: + Evaluate: + $ref: '#/components/schemas/RuleIpToEvaluate' + Operator: + $ref: '#/components/schemas/RuleIpOperator' + Values: + type: array + items: + type: string + maxLength: 18 + minLength: 1 + pattern: ^(([0-9]|.|/)*)$ + maxItems: 10 + minItems: 1 + required: + - Evaluate + - Operator + - Values + additionalProperties: false + RuleIpOperator: + type: string + enum: + - CIDR_MATCHES + - NOT_CIDR_MATCHES + RuleIpToEvaluate: + oneOf: + - type: object + title: Attribute + properties: + Attribute: + $ref: '#/components/schemas/RuleIpEmailAttribute' + required: + - Attribute + additionalProperties: false + RuleNumberEmailAttribute: + type: string + enum: + - MESSAGE_SIZE + RuleNumberExpression: + type: object + properties: + Evaluate: + $ref: '#/components/schemas/RuleNumberToEvaluate' + Operator: + $ref: '#/components/schemas/RuleNumberOperator' + Value: + type: number + required: + - Evaluate + - Operator + - Value + additionalProperties: false + RuleNumberOperator: + type: string + enum: + - EQUALS + - NOT_EQUALS + - LESS_THAN + - GREATER_THAN + - LESS_THAN_OR_EQUAL + - GREATER_THAN_OR_EQUAL + RuleNumberToEvaluate: + oneOf: + - type: object + title: Attribute + properties: + Attribute: + $ref: '#/components/schemas/RuleNumberEmailAttribute' + required: + - Attribute + additionalProperties: false + RuleStringEmailAttribute: + type: string + enum: + - MAIL_FROM + - HELO + - RECIPIENT + - SENDER + - FROM + - SUBJECT + - TO + - CC + RuleStringExpression: + type: object + properties: + Evaluate: + $ref: '#/components/schemas/RuleStringToEvaluate' + Operator: + $ref: '#/components/schemas/RuleStringOperator' + Values: + type: array + items: + type: string + maxLength: 4096 + minLength: 1 + maxItems: 10 + minItems: 1 + required: + - Evaluate + - Operator + - Values + additionalProperties: false + RuleStringOperator: + type: string + enum: + - EQUALS + - NOT_EQUALS + - STARTS_WITH + - ENDS_WITH + - CONTAINS + RuleStringToEvaluate: + oneOf: + - type: object + title: Attribute + properties: + Attribute: + $ref: '#/components/schemas/RuleStringEmailAttribute' + required: + - Attribute + additionalProperties: false + - type: object + title: MimeHeaderAttribute + properties: + MimeHeaderAttribute: type: string - Template: - $ref: '#/components/schemas/Template' - x-stackQL-stringOnly: true - x-title: CreateTemplateRequest + pattern: ^X-[a-zA-Z0-9-]{1,256}$ + required: + - MimeHeaderAttribute + additionalProperties: false + RuleVerdict: + type: string + enum: + - PASS + - FAIL + - GRAY + - PROCESSING_FAILED + RuleVerdictAttribute: + type: string + enum: + - SPF + - DKIM + RuleVerdictExpression: type: object - required: [] - CreateVdmAttributesRequest: properties: - ClientToken: - type: string + Evaluate: + $ref: '#/components/schemas/RuleVerdictToEvaluate' + Operator: + $ref: '#/components/schemas/RuleVerdictOperator' + Values: + type: array + items: + $ref: '#/components/schemas/RuleVerdict' + maxItems: 10 + minItems: 1 + required: + - Evaluate + - Operator + - Values + additionalProperties: false + RuleVerdictOperator: + type: string + enum: + - EQUALS + - NOT_EQUALS + RuleVerdictToEvaluate: + oneOf: + - type: object + title: Attribute + properties: + Attribute: + $ref: '#/components/schemas/RuleVerdictAttribute' + required: + - Attribute + additionalProperties: false + - type: object + title: Analysis + properties: + Analysis: + $ref: '#/components/schemas/Analysis' + required: + - Analysis + additionalProperties: false + S3Action: + type: object + properties: + ActionFailurePolicy: + $ref: '#/components/schemas/ActionFailurePolicy' RoleArn: type: string - TypeName: + maxLength: 2048 + minLength: 20 + pattern: ^[a-zA-Z0-9:_/+=,@.#-]+$ + S3Bucket: type: string - TypeVersionId: + maxLength: 62 + minLength: 1 + pattern: ^[a-zA-Z0-9.-]+$ + S3Prefix: type: string - DesiredState: - type: object - properties: - VdmAttributesResourceId: - type: string - description: Unique identifier for this resource - DashboardAttributes: - $ref: '#/components/schemas/DashboardAttributes' - GuardianAttributes: - $ref: '#/components/schemas/GuardianAttributes' - x-stackQL-stringOnly: true - x-title: CreateVdmAttributesRequest + maxLength: 62 + minLength: 1 + pattern: ^[a-zA-Z0-9!_.*'()/-]+$ + S3SseKmsKeyId: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^[a-zA-Z0-9-:/]+$ + required: + - RoleArn + - S3Bucket + additionalProperties: false + SendAction: + type: object + properties: + ActionFailurePolicy: + $ref: '#/components/schemas/ActionFailurePolicy' + RoleArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^[a-zA-Z0-9:_/+=,@.#-]+$ + required: + - RoleArn + additionalProperties: false + MailManagerRuleSet: + type: object + properties: + RuleSetArn: + type: string + RuleSetId: + type: string + maxLength: 100 + minLength: 1 + RuleSetName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9_.-]+$ + Rules: + type: array + items: + $ref: '#/components/schemas/Rule' + maxItems: 40 + minItems: 0 + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + required: + - Rules + x-stackql-resource-name: mail_manager_rule_set + description: Definition of AWS::SES::MailManagerRuleSet Resource Type + x-type-name: AWS::SES::MailManagerRuleSet + x-stackql-primary-identifier: + - RuleSetId + x-read-only-properties: + - RuleSetArn + - RuleSetId + x-required-properties: + - Rules + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - ses:TagResource + - ses:UntagResource + x-required-permissions: + create: + - ses:TagResource + - ses:ListTagsForResource + - ses:GetRuleSet + - ses:CreateRuleSet + read: + - ses:ListTagsForResource + - ses:GetRuleSet + update: + - ses:TagResource + - ses:UntagResource + - ses:ListTagsForResource + - ses:GetRuleSet + - ses:UpdateRuleSet + delete: + - ses:GetRuleSet + - ses:DeleteRuleSet + list: + - ses:ListRuleSets + AcceptAction: + type: string + enum: + - ALLOW + - DENY + IngressAnalysis: + type: object + properties: + Analyzer: + type: string + pattern: ^[a-zA-Z0-9:_/+=,@.#-]+$ + ResultField: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[\sa-zA-Z0-9_]+$ + required: + - Analyzer + - ResultField + additionalProperties: false + IngressBooleanExpression: + type: object + properties: + Evaluate: + $ref: '#/components/schemas/IngressBooleanToEvaluate' + Operator: + $ref: '#/components/schemas/IngressBooleanOperator' + required: + - Evaluate + - Operator + additionalProperties: false + IngressBooleanOperator: + type: string + enum: + - IS_TRUE + - IS_FALSE + IngressBooleanToEvaluate: + oneOf: + - type: object + title: Analysis + properties: + Analysis: + $ref: '#/components/schemas/IngressAnalysis' + required: + - Analysis + additionalProperties: false + IngressIpOperator: + type: string + enum: + - CIDR_MATCHES + - NOT_CIDR_MATCHES + IngressIpToEvaluate: + oneOf: + - type: object + title: Attribute + properties: + Attribute: + $ref: '#/components/schemas/IngressIpv4Attribute' + required: + - Attribute + additionalProperties: false + IngressIpv4Attribute: + type: string + enum: + - SENDER_IP + IngressIpv4Expression: + type: object + properties: + Evaluate: + $ref: '#/components/schemas/IngressIpToEvaluate' + Operator: + $ref: '#/components/schemas/IngressIpOperator' + Values: + type: array + items: + type: string + pattern: ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[0-2])$ + required: + - Evaluate + - Operator + - Values + additionalProperties: false + IngressStringEmailAttribute: + type: string + enum: + - RECIPIENT + IngressStringExpression: + type: object + properties: + Evaluate: + $ref: '#/components/schemas/IngressStringToEvaluate' + Operator: + $ref: '#/components/schemas/IngressStringOperator' + Values: + type: array + items: + type: string + required: + - Evaluate + - Operator + - Values + additionalProperties: false + IngressStringOperator: + type: string + enum: + - EQUALS + - NOT_EQUALS + - STARTS_WITH + - ENDS_WITH + - CONTAINS + IngressStringToEvaluate: + oneOf: + - type: object + title: Attribute + properties: + Attribute: + $ref: '#/components/schemas/IngressStringEmailAttribute' + required: + - Attribute + additionalProperties: false + IngressTlsAttribute: + type: string + enum: + - TLS_PROTOCOL + IngressTlsProtocolAttribute: + type: string + enum: + - TLS1_2 + - TLS1_3 + IngressTlsProtocolExpression: + type: object + properties: + Evaluate: + $ref: '#/components/schemas/IngressTlsProtocolToEvaluate' + Operator: + $ref: '#/components/schemas/IngressTlsProtocolOperator' + Value: + $ref: '#/components/schemas/IngressTlsProtocolAttribute' + required: + - Evaluate + - Operator + - Value + additionalProperties: false + IngressTlsProtocolOperator: + type: string + enum: + - MINIMUM_TLS_VERSION + - IS + IngressTlsProtocolToEvaluate: + oneOf: + - type: object + title: Attribute + properties: + Attribute: + $ref: '#/components/schemas/IngressTlsAttribute' + required: + - Attribute + additionalProperties: false + PolicyCondition: + oneOf: + - type: object + title: StringExpression + properties: + StringExpression: + $ref: '#/components/schemas/IngressStringExpression' + required: + - StringExpression + additionalProperties: false + - type: object + title: IpExpression + properties: + IpExpression: + $ref: '#/components/schemas/IngressIpv4Expression' + required: + - IpExpression + additionalProperties: false + - type: object + title: TlsExpression + properties: + TlsExpression: + $ref: '#/components/schemas/IngressTlsProtocolExpression' + required: + - TlsExpression + additionalProperties: false + - type: object + title: BooleanExpression + properties: + BooleanExpression: + $ref: '#/components/schemas/IngressBooleanExpression' + required: + - BooleanExpression + additionalProperties: false + PolicyStatement: + type: object + properties: + Conditions: + type: array + items: + $ref: '#/components/schemas/PolicyCondition' + minItems: 1 + Action: + $ref: '#/components/schemas/AcceptAction' + required: + - Action + - Conditions + additionalProperties: false + MailManagerTrafficPolicy: + type: object + properties: + DefaultAction: + $ref: '#/components/schemas/AcceptAction' + MaxMessageSizeBytes: + type: number + minimum: 1 + PolicyStatements: + type: array + items: + $ref: '#/components/schemas/PolicyStatement' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + TrafficPolicyArn: + type: string + TrafficPolicyId: + type: string + maxLength: 100 + minLength: 1 + TrafficPolicyName: + type: string + maxLength: 63 + minLength: 3 + pattern: ^[A-Za-z0-9_\-]+$ + required: + - DefaultAction + - PolicyStatements + x-stackql-resource-name: mail_manager_traffic_policy + description: Definition of AWS::SES::MailManagerTrafficPolicy Resource Type + x-type-name: AWS::SES::MailManagerTrafficPolicy + x-stackql-primary-identifier: + - TrafficPolicyId + x-read-only-properties: + - TrafficPolicyArn + - TrafficPolicyId + x-required-properties: + - DefaultAction + - PolicyStatements + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - ses:TagResource + - ses:UntagResource + x-required-permissions: + create: + - ses:TagResource + - ses:ListTagsForResource + - ses:GetTrafficPolicy + - ses:CreateTrafficPolicy + read: + - ses:ListTagsForResource + - ses:GetTrafficPolicy + update: + - ses:TagResource + - ses:UntagResource + - ses:ListTagsForResource + - ses:GetTrafficPolicy + - ses:UpdateTrafficPolicy + delete: + - ses:GetTrafficPolicy + - ses:DeleteTrafficPolicy + list: + - ses:ListTrafficPolicies + Template: + type: object + properties: + Id: + type: string + Template: + $ref: '#/components/schemas/Template' + x-stackql-resource-name: template + description: Resource Type definition for AWS::SES::Template + x-type-name: AWS::SES::Template + x-stackql-primary-identifier: + - Id + x-create-only-properties: + - Template/TemplateName + x-read-only-properties: + - Id + x-required-permissions: + create: + - ses:CreateEmailTemplate + - ses:GetEmailTemplate + - ses:CreateTemplate + - ses:GetTemplate + read: + - ses:GetEmailTemplate + - ses:GetTemplate + delete: + - ses:DeleteEmailTemplate + - ses:DeleteTemplate + update: + - ses:GetEmailTemplate + - ses:UpdateEmailTemplate + - ses:GetTemplate + - ses:UpdateTemplate + list: + - ses:ListEmailTemplates + - ses:ListTemplates + DashboardAttributes: + type: object + additionalProperties: false + description: Preferences regarding the Dashboard feature. + properties: + EngagementMetrics: + type: string + description: Whether emails sent from this account have engagement tracking enabled. + pattern: ENABLED|DISABLED + GuardianAttributes: + type: object + additionalProperties: false + description: Preferences regarding the Guardian feature. + properties: + OptimizedSharedDelivery: + type: string + description: Whether emails sent from this account have optimized delivery algorithm enabled. + pattern: ENABLED|DISABLED + VdmAttributes: + type: object + properties: + VdmAttributesResourceId: + type: string + description: Unique identifier for this resource + DashboardAttributes: + $ref: '#/components/schemas/DashboardAttributes' + GuardianAttributes: + $ref: '#/components/schemas/GuardianAttributes' + x-stackql-resource-name: vdm_attributes + description: Resource Type definition for AWS::SES::VdmAttributes + x-type-name: AWS::SES::VdmAttributes + x-stackql-primary-identifier: + - VdmAttributesResourceId + x-read-only-properties: + - VdmAttributesResourceId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - ses:PutAccountVdmAttributes + - ses:GetAccount + read: + - ses:GetAccount + update: + - ses:PutAccountVdmAttributes + - ses:GetAccount + delete: + - ses:PutAccountVdmAttributes + - ses:GetAccount + CreateConfigurationSetRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Name: + description: The name of the configuration set. + type: string + pattern: ^[a-zA-Z0-9_-]{1,64}$ + TrackingOptions: + $ref: '#/components/schemas/TrackingOptions' + DeliveryOptions: + $ref: '#/components/schemas/DeliveryOptions' + ReputationOptions: + $ref: '#/components/schemas/ReputationOptions' + SendingOptions: + $ref: '#/components/schemas/SendingOptions' + SuppressionOptions: + $ref: '#/components/schemas/SuppressionOptions' + VdmOptions: + $ref: '#/components/schemas/VdmOptions' + x-stackQL-stringOnly: true + x-title: CreateConfigurationSetRequest type: object required: [] - securitySchemes: - hmac: - type: apiKey - name: Authorization - in: header - description: Amazon Signature authorization v4 + CreateConfigurationSetEventDestinationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Id: + type: string + ConfigurationSetName: + description: The name of the configuration set that contains the event destination. + type: string + EventDestination: + description: The event destination object. + $ref: '#/components/schemas/EventDestination' + x-stackQL-stringOnly: true + x-title: CreateConfigurationSetEventDestinationRequest + type: object + required: [] + CreateContactListRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ContactListName: + description: The name of the contact list. + type: string + pattern: ^[a-zA-Z0-9_-]{1,64}$ + Description: + description: The description of the contact list. + type: string + maxLength: 500 + Topics: + description: The topics associated with the contact list. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Topic' + minItems: 0 + maxItems: 20 + Tags: + description: The tags (keys and values) associated with the contact list. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + minItems: 0 + maxItems: 50 + x-stackQL-stringOnly: true + x-title: CreateContactListRequest + type: object + required: [] + CreateDedicatedIpPoolRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + PoolName: + type: string + description: The name of the dedicated IP pool. + pattern: ^[a-z0-9_-]{0,64}$ + ScalingMode: + type: string + description: Specifies whether the dedicated IP pool is managed or not. The default value is STANDARD. + pattern: ^(STANDARD|MANAGED)$ + x-stackQL-stringOnly: true + x-title: CreateDedicatedIpPoolRequest + type: object + required: [] + CreateEmailIdentityRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + EmailIdentity: + type: string + description: The email address or domain to verify. + ConfigurationSetAttributes: + $ref: '#/components/schemas/ConfigurationSetAttributes' + DkimSigningAttributes: + $ref: '#/components/schemas/DkimSigningAttributes' + DkimAttributes: + $ref: '#/components/schemas/DkimAttributes' + MailFromAttributes: + $ref: '#/components/schemas/MailFromAttributes' + FeedbackAttributes: + $ref: '#/components/schemas/FeedbackAttributes' + DkimDNSTokenName1: + type: string + DkimDNSTokenName2: + type: string + DkimDNSTokenName3: + type: string + DkimDNSTokenValue1: + type: string + DkimDNSTokenValue2: + type: string + DkimDNSTokenValue3: + type: string + x-stackQL-stringOnly: true + x-title: CreateEmailIdentityRequest + type: object + required: [] + CreateMailManagerAddonInstanceRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AddonInstanceArn: + type: string + AddonInstanceId: + type: string + maxLength: 67 + minLength: 4 + pattern: ^ai-[a-zA-Z0-9]{1,64}$ + AddonName: + type: string + AddonSubscriptionId: + type: string + maxLength: 67 + minLength: 4 + pattern: ^as-[a-zA-Z0-9]{1,64}$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-stackQL-stringOnly: true + x-title: CreateMailManagerAddonInstanceRequest + type: object + required: [] + CreateMailManagerAddonSubscriptionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AddonName: + type: string + AddonSubscriptionArn: + type: string + AddonSubscriptionId: + type: string + maxLength: 67 + minLength: 4 + pattern: ^as-[a-zA-Z0-9]{1,64}$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-stackQL-stringOnly: true + x-title: CreateMailManagerAddonSubscriptionRequest + type: object + required: [] + CreateMailManagerArchiveRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ArchiveArn: + type: string + ArchiveId: + type: string + maxLength: 66 + minLength: 1 + ArchiveName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]*[a-zA-Z0-9]$ + ArchiveState: + $ref: '#/components/schemas/ArchiveState' + KmsKeyArn: + type: string + pattern: ^arn:aws(|-cn|-us-gov):kms:[a-z0-9-]{1,20}:[0-9]{12}:(key|alias)/.+$ + Retention: + $ref: '#/components/schemas/ArchiveRetention' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-stackQL-stringOnly: true + x-title: CreateMailManagerArchiveRequest + type: object + required: [] + CreateMailManagerIngressPointRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ARecord: + type: string + TrafficPolicyId: + type: string + maxLength: 100 + minLength: 1 + IngressPointConfiguration: + $ref: '#/components/schemas/IngressPointConfiguration' + IngressPointArn: + type: string + IngressPointId: + type: string + maxLength: 100 + minLength: 1 + IngressPointName: + type: string + maxLength: 63 + minLength: 3 + pattern: ^[A-Za-z0-9_\-]+$ + RuleSetId: + type: string + maxLength: 100 + minLength: 1 + Status: + $ref: '#/components/schemas/IngressPointStatus' + StatusToUpdate: + $ref: '#/components/schemas/IngressPointStatusToUpdate' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + Type: + $ref: '#/components/schemas/IngressPointType' + x-stackQL-stringOnly: true + x-title: CreateMailManagerIngressPointRequest + type: object + required: [] + CreateMailManagerRelayRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Authentication: + $ref: '#/components/schemas/RelayAuthentication' + RelayArn: + type: string + RelayId: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9-]+$ + RelayName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9-_]+$ + ServerName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9-\.]+$ + ServerPort: + type: number + maximum: 65535 + minimum: 1 + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-stackQL-stringOnly: true + x-title: CreateMailManagerRelayRequest + type: object + required: [] + CreateMailManagerRuleSetRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + RuleSetArn: + type: string + RuleSetId: + type: string + maxLength: 100 + minLength: 1 + RuleSetName: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[a-zA-Z0-9_.-]+$ + Rules: + type: array + items: + $ref: '#/components/schemas/Rule' + maxItems: 40 + minItems: 0 + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-stackQL-stringOnly: true + x-title: CreateMailManagerRuleSetRequest + type: object + required: [] + CreateMailManagerTrafficPolicyRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + DefaultAction: + $ref: '#/components/schemas/AcceptAction' + MaxMessageSizeBytes: + type: number + minimum: 1 + PolicyStatements: + type: array + items: + $ref: '#/components/schemas/PolicyStatement' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + TrafficPolicyArn: + type: string + TrafficPolicyId: + type: string + maxLength: 100 + minLength: 1 + TrafficPolicyName: + type: string + maxLength: 63 + minLength: 3 + pattern: ^[A-Za-z0-9_\-]+$ + x-stackQL-stringOnly: true + x-title: CreateMailManagerTrafficPolicyRequest + type: object + required: [] + CreateTemplateRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Id: + type: string + Template: + $ref: '#/components/schemas/Template' + x-stackQL-stringOnly: true + x-title: CreateTemplateRequest + type: object + required: [] + CreateVdmAttributesRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + VdmAttributesResourceId: + type: string + description: Unique identifier for this resource + DashboardAttributes: + $ref: '#/components/schemas/DashboardAttributes' + GuardianAttributes: + $ref: '#/components/schemas/GuardianAttributes' + x-stackQL-stringOnly: true + x-title: CreateVdmAttributesRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 x-stackQL-resources: configuration_sets: @@ -1194,7 +2887,1153 @@ components: x-cfn-schema-name: ConfigurationSet x-cfn-type-name: AWS::SES::ConfigurationSet x-identifiers: - - Name + - Name + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ConfigurationSet&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::ConfigurationSet" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::ConfigurationSet" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::ConfigurationSet" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/configuration_sets/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/configuration_sets/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/configuration_sets/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.TrackingOptions') as tracking_options, + JSON_EXTRACT(Properties, '$.DeliveryOptions') as delivery_options, + JSON_EXTRACT(Properties, '$.ReputationOptions') as reputation_options, + JSON_EXTRACT(Properties, '$.SendingOptions') as sending_options, + JSON_EXTRACT(Properties, '$.SuppressionOptions') as suppression_options, + JSON_EXTRACT(Properties, '$.VdmOptions') as vdm_options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ConfigurationSet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.TrackingOptions') as tracking_options, + JSON_EXTRACT(detail.Properties, '$.DeliveryOptions') as delivery_options, + JSON_EXTRACT(detail.Properties, '$.ReputationOptions') as reputation_options, + JSON_EXTRACT(detail.Properties, '$.SendingOptions') as sending_options, + JSON_EXTRACT(detail.Properties, '$.SuppressionOptions') as suppression_options, + JSON_EXTRACT(detail.Properties, '$.VdmOptions') as vdm_options + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::ConfigurationSet' + AND detail.data__TypeName = 'AWS::SES::ConfigurationSet' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'TrackingOptions') as tracking_options, + json_extract_path_text(Properties, 'DeliveryOptions') as delivery_options, + json_extract_path_text(Properties, 'ReputationOptions') as reputation_options, + json_extract_path_text(Properties, 'SendingOptions') as sending_options, + json_extract_path_text(Properties, 'SuppressionOptions') as suppression_options, + json_extract_path_text(Properties, 'VdmOptions') as vdm_options + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ConfigurationSet' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'TrackingOptions') as tracking_options, + json_extract_path_text(detail.Properties, 'DeliveryOptions') as delivery_options, + json_extract_path_text(detail.Properties, 'ReputationOptions') as reputation_options, + json_extract_path_text(detail.Properties, 'SendingOptions') as sending_options, + json_extract_path_text(detail.Properties, 'SuppressionOptions') as suppression_options, + json_extract_path_text(detail.Properties, 'VdmOptions') as vdm_options + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::ConfigurationSet' + AND detail.data__TypeName = 'AWS::SES::ConfigurationSet' + AND listing.region = 'us-east-1' + configuration_sets_list_only: + name: configuration_sets_list_only + id: aws.ses.configuration_sets_list_only + x-cfn-schema-name: ConfigurationSet + x-cfn-type-name: AWS::SES::ConfigurationSet + x-identifiers: + - Name + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::ConfigurationSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::ConfigurationSet' + AND region = 'us-east-1' + configuration_set_event_destinations: + name: configuration_set_event_destinations + id: aws.ses.configuration_set_event_destinations + x-cfn-schema-name: ConfigurationSetEventDestination + x-cfn-type-name: AWS::SES::ConfigurationSetEventDestination + x-identifiers: + - Id + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ConfigurationSetEventDestination&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::ConfigurationSetEventDestination" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::ConfigurationSetEventDestination" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::ConfigurationSetEventDestination" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/configuration_set_event_destinations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/configuration_set_event_destinations/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/configuration_set_event_destinations/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ConfigurationSetName') as configuration_set_name, + JSON_EXTRACT(Properties, '$.EventDestination') as event_destination + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ConfigurationSetEventDestination' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ConfigurationSetName') as configuration_set_name, + json_extract_path_text(Properties, 'EventDestination') as event_destination + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ConfigurationSetEventDestination' + AND data__Identifier = '' + AND region = 'us-east-1' + contact_lists: + name: contact_lists + id: aws.ses.contact_lists + x-cfn-schema-name: ContactList + x-cfn-type-name: AWS::SES::ContactList + x-identifiers: + - ContactListName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ContactList&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::ContactList" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::ContactList" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::ContactList" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/contact_lists/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/contact_lists/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/contact_lists/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ContactListName') as contact_list_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Topics') as topics, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ContactList' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ContactListName') as contact_list_name, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Topics') as topics, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::ContactList' + AND detail.data__TypeName = 'AWS::SES::ContactList' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ContactListName') as contact_list_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Topics') as topics, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ContactList' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ContactListName') as contact_list_name, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Topics') as topics, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::ContactList' + AND detail.data__TypeName = 'AWS::SES::ContactList' + AND listing.region = 'us-east-1' + contact_lists_list_only: + name: contact_lists_list_only + id: aws.ses.contact_lists_list_only + x-cfn-schema-name: ContactList + x-cfn-type-name: AWS::SES::ContactList + x-identifiers: + - ContactListName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ContactListName') as contact_list_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::ContactList' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ContactListName') as contact_list_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::ContactList' + AND region = 'us-east-1' + contact_list_tags: + name: contact_list_tags + id: aws.ses.contact_list_tags + x-cfn-schema-name: ContactList + x-cfn-type-name: AWS::SES::ContactList + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ContactListName') as contact_list_name, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Topics') as topics + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::SES::ContactList' + AND detail.data__TypeName = 'AWS::SES::ContactList' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ContactListName') as contact_list_name, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Topics') as topics + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::SES::ContactList' + AND detail.data__TypeName = 'AWS::SES::ContactList' + AND listing.region = 'us-east-1' + dedicated_ip_pools: + name: dedicated_ip_pools + id: aws.ses.dedicated_ip_pools + x-cfn-schema-name: DedicatedIpPool + x-cfn-type-name: AWS::SES::DedicatedIpPool + x-identifiers: + - PoolName + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DedicatedIpPool&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::DedicatedIpPool" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::DedicatedIpPool" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::DedicatedIpPool" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/dedicated_ip_pools/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/dedicated_ip_pools/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/dedicated_ip_pools/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PoolName') as pool_name, + JSON_EXTRACT(Properties, '$.ScalingMode') as scaling_mode + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::DedicatedIpPool' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.PoolName') as pool_name, + JSON_EXTRACT(detail.Properties, '$.ScalingMode') as scaling_mode + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::DedicatedIpPool' + AND detail.data__TypeName = 'AWS::SES::DedicatedIpPool' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PoolName') as pool_name, + json_extract_path_text(Properties, 'ScalingMode') as scaling_mode + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::DedicatedIpPool' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'PoolName') as pool_name, + json_extract_path_text(detail.Properties, 'ScalingMode') as scaling_mode + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::DedicatedIpPool' + AND detail.data__TypeName = 'AWS::SES::DedicatedIpPool' + AND listing.region = 'us-east-1' + dedicated_ip_pools_list_only: + name: dedicated_ip_pools_list_only + id: aws.ses.dedicated_ip_pools_list_only + x-cfn-schema-name: DedicatedIpPool + x-cfn-type-name: AWS::SES::DedicatedIpPool + x-identifiers: + - PoolName + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PoolName') as pool_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::DedicatedIpPool' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PoolName') as pool_name + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::DedicatedIpPool' + AND region = 'us-east-1' + email_identities: + name: email_identities + id: aws.ses.email_identities + x-cfn-schema-name: EmailIdentity + x-cfn-type-name: AWS::SES::EmailIdentity + x-identifiers: + - EmailIdentity + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__EmailIdentity&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::EmailIdentity" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::EmailIdentity" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::EmailIdentity" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/email_identities/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/email_identities/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/email_identities/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.EmailIdentity') as email_identity, + JSON_EXTRACT(Properties, '$.ConfigurationSetAttributes') as configuration_set_attributes, + JSON_EXTRACT(Properties, '$.DkimSigningAttributes') as dkim_signing_attributes, + JSON_EXTRACT(Properties, '$.DkimAttributes') as dkim_attributes, + JSON_EXTRACT(Properties, '$.MailFromAttributes') as mail_from_attributes, + JSON_EXTRACT(Properties, '$.FeedbackAttributes') as feedback_attributes, + JSON_EXTRACT(Properties, '$.DkimDNSTokenName1') as dkim_dns_token_name1, + JSON_EXTRACT(Properties, '$.DkimDNSTokenName2') as dkim_dns_token_name2, + JSON_EXTRACT(Properties, '$.DkimDNSTokenName3') as dkim_dns_token_name3, + JSON_EXTRACT(Properties, '$.DkimDNSTokenValue1') as dkim_dns_token_value1, + JSON_EXTRACT(Properties, '$.DkimDNSTokenValue2') as dkim_dns_token_value2, + JSON_EXTRACT(Properties, '$.DkimDNSTokenValue3') as dkim_dns_token_value3 + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::EmailIdentity' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.EmailIdentity') as email_identity, + JSON_EXTRACT(detail.Properties, '$.ConfigurationSetAttributes') as configuration_set_attributes, + JSON_EXTRACT(detail.Properties, '$.DkimSigningAttributes') as dkim_signing_attributes, + JSON_EXTRACT(detail.Properties, '$.DkimAttributes') as dkim_attributes, + JSON_EXTRACT(detail.Properties, '$.MailFromAttributes') as mail_from_attributes, + JSON_EXTRACT(detail.Properties, '$.FeedbackAttributes') as feedback_attributes, + JSON_EXTRACT(detail.Properties, '$.DkimDNSTokenName1') as dkim_dns_token_name1, + JSON_EXTRACT(detail.Properties, '$.DkimDNSTokenName2') as dkim_dns_token_name2, + JSON_EXTRACT(detail.Properties, '$.DkimDNSTokenName3') as dkim_dns_token_name3, + JSON_EXTRACT(detail.Properties, '$.DkimDNSTokenValue1') as dkim_dns_token_value1, + JSON_EXTRACT(detail.Properties, '$.DkimDNSTokenValue2') as dkim_dns_token_value2, + JSON_EXTRACT(detail.Properties, '$.DkimDNSTokenValue3') as dkim_dns_token_value3 + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::EmailIdentity' + AND detail.data__TypeName = 'AWS::SES::EmailIdentity' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'EmailIdentity') as email_identity, + json_extract_path_text(Properties, 'ConfigurationSetAttributes') as configuration_set_attributes, + json_extract_path_text(Properties, 'DkimSigningAttributes') as dkim_signing_attributes, + json_extract_path_text(Properties, 'DkimAttributes') as dkim_attributes, + json_extract_path_text(Properties, 'MailFromAttributes') as mail_from_attributes, + json_extract_path_text(Properties, 'FeedbackAttributes') as feedback_attributes, + json_extract_path_text(Properties, 'DkimDNSTokenName1') as dkim_dns_token_name1, + json_extract_path_text(Properties, 'DkimDNSTokenName2') as dkim_dns_token_name2, + json_extract_path_text(Properties, 'DkimDNSTokenName3') as dkim_dns_token_name3, + json_extract_path_text(Properties, 'DkimDNSTokenValue1') as dkim_dns_token_value1, + json_extract_path_text(Properties, 'DkimDNSTokenValue2') as dkim_dns_token_value2, + json_extract_path_text(Properties, 'DkimDNSTokenValue3') as dkim_dns_token_value3 + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::EmailIdentity' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'EmailIdentity') as email_identity, + json_extract_path_text(detail.Properties, 'ConfigurationSetAttributes') as configuration_set_attributes, + json_extract_path_text(detail.Properties, 'DkimSigningAttributes') as dkim_signing_attributes, + json_extract_path_text(detail.Properties, 'DkimAttributes') as dkim_attributes, + json_extract_path_text(detail.Properties, 'MailFromAttributes') as mail_from_attributes, + json_extract_path_text(detail.Properties, 'FeedbackAttributes') as feedback_attributes, + json_extract_path_text(detail.Properties, 'DkimDNSTokenName1') as dkim_dns_token_name1, + json_extract_path_text(detail.Properties, 'DkimDNSTokenName2') as dkim_dns_token_name2, + json_extract_path_text(detail.Properties, 'DkimDNSTokenName3') as dkim_dns_token_name3, + json_extract_path_text(detail.Properties, 'DkimDNSTokenValue1') as dkim_dns_token_value1, + json_extract_path_text(detail.Properties, 'DkimDNSTokenValue2') as dkim_dns_token_value2, + json_extract_path_text(detail.Properties, 'DkimDNSTokenValue3') as dkim_dns_token_value3 + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::EmailIdentity' + AND detail.data__TypeName = 'AWS::SES::EmailIdentity' + AND listing.region = 'us-east-1' + email_identities_list_only: + name: email_identities_list_only + id: aws.ses.email_identities_list_only + x-cfn-schema-name: EmailIdentity + x-cfn-type-name: AWS::SES::EmailIdentity + x-identifiers: + - EmailIdentity + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.EmailIdentity') as email_identity + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::EmailIdentity' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'EmailIdentity') as email_identity + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::EmailIdentity' + AND region = 'us-east-1' + mail_manager_addon_instances: + name: mail_manager_addon_instances + id: aws.ses.mail_manager_addon_instances + x-cfn-schema-name: MailManagerAddonInstance + x-cfn-type-name: AWS::SES::MailManagerAddonInstance + x-identifiers: + - AddonInstanceId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__MailManagerAddonInstance&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::MailManagerAddonInstance" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::MailManagerAddonInstance" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::MailManagerAddonInstance" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/mail_manager_addon_instances/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/mail_manager_addon_instances/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/mail_manager_addon_instances/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AddonInstanceArn') as addon_instance_arn, + JSON_EXTRACT(Properties, '$.AddonInstanceId') as addon_instance_id, + JSON_EXTRACT(Properties, '$.AddonName') as addon_name, + JSON_EXTRACT(Properties, '$.AddonSubscriptionId') as addon_subscription_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerAddonInstance' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AddonInstanceArn') as addon_instance_arn, + JSON_EXTRACT(detail.Properties, '$.AddonInstanceId') as addon_instance_id, + JSON_EXTRACT(detail.Properties, '$.AddonName') as addon_name, + JSON_EXTRACT(detail.Properties, '$.AddonSubscriptionId') as addon_subscription_id, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::MailManagerAddonInstance' + AND detail.data__TypeName = 'AWS::SES::MailManagerAddonInstance' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AddonInstanceArn') as addon_instance_arn, + json_extract_path_text(Properties, 'AddonInstanceId') as addon_instance_id, + json_extract_path_text(Properties, 'AddonName') as addon_name, + json_extract_path_text(Properties, 'AddonSubscriptionId') as addon_subscription_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerAddonInstance' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AddonInstanceArn') as addon_instance_arn, + json_extract_path_text(detail.Properties, 'AddonInstanceId') as addon_instance_id, + json_extract_path_text(detail.Properties, 'AddonName') as addon_name, + json_extract_path_text(detail.Properties, 'AddonSubscriptionId') as addon_subscription_id, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::MailManagerAddonInstance' + AND detail.data__TypeName = 'AWS::SES::MailManagerAddonInstance' + AND listing.region = 'us-east-1' + mail_manager_addon_instances_list_only: + name: mail_manager_addon_instances_list_only + id: aws.ses.mail_manager_addon_instances_list_only + x-cfn-schema-name: MailManagerAddonInstance + x-cfn-type-name: AWS::SES::MailManagerAddonInstance + x-identifiers: + - AddonInstanceId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AddonInstanceId') as addon_instance_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerAddonInstance' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AddonInstanceId') as addon_instance_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerAddonInstance' + AND region = 'us-east-1' + mail_manager_addon_instance_tags: + name: mail_manager_addon_instance_tags + id: aws.ses.mail_manager_addon_instance_tags + x-cfn-schema-name: MailManagerAddonInstance + x-cfn-type-name: AWS::SES::MailManagerAddonInstance + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AddonInstanceArn') as addon_instance_arn, + JSON_EXTRACT(detail.Properties, '$.AddonInstanceId') as addon_instance_id, + JSON_EXTRACT(detail.Properties, '$.AddonName') as addon_name, + JSON_EXTRACT(detail.Properties, '$.AddonSubscriptionId') as addon_subscription_id + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::SES::MailManagerAddonInstance' + AND detail.data__TypeName = 'AWS::SES::MailManagerAddonInstance' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AddonInstanceArn') as addon_instance_arn, + json_extract_path_text(detail.Properties, 'AddonInstanceId') as addon_instance_id, + json_extract_path_text(detail.Properties, 'AddonName') as addon_name, + json_extract_path_text(detail.Properties, 'AddonSubscriptionId') as addon_subscription_id + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::SES::MailManagerAddonInstance' + AND detail.data__TypeName = 'AWS::SES::MailManagerAddonInstance' + AND listing.region = 'us-east-1' + mail_manager_addon_subscriptions: + name: mail_manager_addon_subscriptions + id: aws.ses.mail_manager_addon_subscriptions + x-cfn-schema-name: MailManagerAddonSubscription + x-cfn-type-name: AWS::SES::MailManagerAddonSubscription + x-identifiers: + - AddonSubscriptionId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__MailManagerAddonSubscription&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::MailManagerAddonSubscription" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::MailManagerAddonSubscription" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::MailManagerAddonSubscription" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/mail_manager_addon_subscriptions/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/mail_manager_addon_subscriptions/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/mail_manager_addon_subscriptions/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AddonName') as addon_name, + JSON_EXTRACT(Properties, '$.AddonSubscriptionArn') as addon_subscription_arn, + JSON_EXTRACT(Properties, '$.AddonSubscriptionId') as addon_subscription_id, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerAddonSubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AddonName') as addon_name, + JSON_EXTRACT(detail.Properties, '$.AddonSubscriptionArn') as addon_subscription_arn, + JSON_EXTRACT(detail.Properties, '$.AddonSubscriptionId') as addon_subscription_id, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::MailManagerAddonSubscription' + AND detail.data__TypeName = 'AWS::SES::MailManagerAddonSubscription' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AddonName') as addon_name, + json_extract_path_text(Properties, 'AddonSubscriptionArn') as addon_subscription_arn, + json_extract_path_text(Properties, 'AddonSubscriptionId') as addon_subscription_id, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerAddonSubscription' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AddonName') as addon_name, + json_extract_path_text(detail.Properties, 'AddonSubscriptionArn') as addon_subscription_arn, + json_extract_path_text(detail.Properties, 'AddonSubscriptionId') as addon_subscription_id, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::MailManagerAddonSubscription' + AND detail.data__TypeName = 'AWS::SES::MailManagerAddonSubscription' + AND listing.region = 'us-east-1' + mail_manager_addon_subscriptions_list_only: + name: mail_manager_addon_subscriptions_list_only + id: aws.ses.mail_manager_addon_subscriptions_list_only + x-cfn-schema-name: MailManagerAddonSubscription + x-cfn-type-name: AWS::SES::MailManagerAddonSubscription + x-identifiers: + - AddonSubscriptionId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AddonSubscriptionId') as addon_subscription_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerAddonSubscription' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AddonSubscriptionId') as addon_subscription_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerAddonSubscription' + AND region = 'us-east-1' + mail_manager_addon_subscription_tags: + name: mail_manager_addon_subscription_tags + id: aws.ses.mail_manager_addon_subscription_tags + x-cfn-schema-name: MailManagerAddonSubscription + x-cfn-type-name: AWS::SES::MailManagerAddonSubscription + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AddonName') as addon_name, + JSON_EXTRACT(detail.Properties, '$.AddonSubscriptionArn') as addon_subscription_arn, + JSON_EXTRACT(detail.Properties, '$.AddonSubscriptionId') as addon_subscription_id + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::SES::MailManagerAddonSubscription' + AND detail.data__TypeName = 'AWS::SES::MailManagerAddonSubscription' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AddonName') as addon_name, + json_extract_path_text(detail.Properties, 'AddonSubscriptionArn') as addon_subscription_arn, + json_extract_path_text(detail.Properties, 'AddonSubscriptionId') as addon_subscription_id + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::SES::MailManagerAddonSubscription' + AND detail.data__TypeName = 'AWS::SES::MailManagerAddonSubscription' + AND listing.region = 'us-east-1' + mail_manager_archives: + name: mail_manager_archives + id: aws.ses.mail_manager_archives + x-cfn-schema-name: MailManagerArchive + x-cfn-type-name: AWS::SES::MailManagerArchive + x-identifiers: + - ArchiveId x-type: cloud_control methods: create_resource: @@ -1202,12 +4041,225 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ConfigurationSet&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__MailManagerArchive&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::MailManagerArchive" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::MailManagerArchive" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SES::MailManagerArchive" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/mail_manager_archives/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/mail_manager_archives/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/mail_manager_archives/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ArchiveArn') as archive_arn, + JSON_EXTRACT(Properties, '$.ArchiveId') as archive_id, + JSON_EXTRACT(Properties, '$.ArchiveName') as archive_name, + JSON_EXTRACT(Properties, '$.ArchiveState') as archive_state, + JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(Properties, '$.Retention') as retention, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerArchive' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ArchiveArn') as archive_arn, + JSON_EXTRACT(detail.Properties, '$.ArchiveId') as archive_id, + JSON_EXTRACT(detail.Properties, '$.ArchiveName') as archive_name, + JSON_EXTRACT(detail.Properties, '$.ArchiveState') as archive_state, + JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(detail.Properties, '$.Retention') as retention, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::MailManagerArchive' + AND detail.data__TypeName = 'AWS::SES::MailManagerArchive' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ArchiveArn') as archive_arn, + json_extract_path_text(Properties, 'ArchiveId') as archive_id, + json_extract_path_text(Properties, 'ArchiveName') as archive_name, + json_extract_path_text(Properties, 'ArchiveState') as archive_state, + json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(Properties, 'Retention') as retention, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerArchive' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ArchiveArn') as archive_arn, + json_extract_path_text(detail.Properties, 'ArchiveId') as archive_id, + json_extract_path_text(detail.Properties, 'ArchiveName') as archive_name, + json_extract_path_text(detail.Properties, 'ArchiveState') as archive_state, + json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(detail.Properties, 'Retention') as retention, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SES::MailManagerArchive' + AND detail.data__TypeName = 'AWS::SES::MailManagerArchive' + AND listing.region = 'us-east-1' + mail_manager_archives_list_only: + name: mail_manager_archives_list_only + id: aws.ses.mail_manager_archives_list_only + x-cfn-schema-name: MailManagerArchive + x-cfn-type-name: AWS::SES::MailManagerArchive + x-identifiers: + - ArchiveId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ArchiveId') as archive_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerArchive' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ArchiveId') as archive_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerArchive' + AND region = 'us-east-1' + mail_manager_archive_tags: + name: mail_manager_archive_tags + id: aws.ses.mail_manager_archive_tags + x-cfn-schema-name: MailManagerArchive + x-cfn-type-name: AWS::SES::MailManagerArchive + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ArchiveArn') as archive_arn, + JSON_EXTRACT(detail.Properties, '$.ArchiveId') as archive_id, + JSON_EXTRACT(detail.Properties, '$.ArchiveName') as archive_name, + JSON_EXTRACT(detail.Properties, '$.ArchiveState') as archive_state, + JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(detail.Properties, '$.Retention') as retention + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::SES::MailManagerArchive' + AND detail.data__TypeName = 'AWS::SES::MailManagerArchive' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ArchiveArn') as archive_arn, + json_extract_path_text(detail.Properties, 'ArchiveId') as archive_id, + json_extract_path_text(detail.Properties, 'ArchiveName') as archive_name, + json_extract_path_text(detail.Properties, 'ArchiveState') as archive_state, + json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(detail.Properties, 'Retention') as retention + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::SES::MailManagerArchive' + AND detail.data__TypeName = 'AWS::SES::MailManagerArchive' + AND listing.region = 'us-east-1' + mail_manager_ingress_points: + name: mail_manager_ingress_points + id: aws.ses.mail_manager_ingress_points + x-cfn-schema-name: MailManagerIngressPoint + x-cfn-type-name: AWS::SES::MailManagerIngressPoint + x-identifiers: + - IngressPointId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__MailManagerIngressPoint&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SES::ConfigurationSet" + "TypeName": "AWS::SES::MailManagerIngressPoint" } response: mediaType: application/json @@ -1219,7 +4271,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SES::ConfigurationSet" + "TypeName": "AWS::SES::MailManagerIngressPoint" } response: mediaType: application/json @@ -1231,18 +4283,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SES::ConfigurationSet" + "TypeName": "AWS::SES::MailManagerIngressPoint" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/configuration_sets/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/mail_manager_ingress_points/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/configuration_sets/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/mail_manager_ingress_points/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/configuration_sets/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/mail_manager_ingress_points/methods/update_resource' config: views: select: @@ -1251,34 +4303,42 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.TrackingOptions') as tracking_options, - JSON_EXTRACT(Properties, '$.DeliveryOptions') as delivery_options, - JSON_EXTRACT(Properties, '$.ReputationOptions') as reputation_options, - JSON_EXTRACT(Properties, '$.SendingOptions') as sending_options, - JSON_EXTRACT(Properties, '$.SuppressionOptions') as suppression_options, - JSON_EXTRACT(Properties, '$.VdmOptions') as vdm_options - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ConfigurationSet' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.ARecord') as a_record, + JSON_EXTRACT(Properties, '$.TrafficPolicyId') as traffic_policy_id, + JSON_EXTRACT(Properties, '$.IngressPointConfiguration') as ingress_point_configuration, + JSON_EXTRACT(Properties, '$.IngressPointArn') as ingress_point_arn, + JSON_EXTRACT(Properties, '$.IngressPointId') as ingress_point_id, + JSON_EXTRACT(Properties, '$.IngressPointName') as ingress_point_name, + JSON_EXTRACT(Properties, '$.RuleSetId') as rule_set_id, + JSON_EXTRACT(Properties, '$.Status') as status, + JSON_EXTRACT(Properties, '$.StatusToUpdate') as status_to_update, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerIngressPoint' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.TrackingOptions') as tracking_options, - JSON_EXTRACT(detail.Properties, '$.DeliveryOptions') as delivery_options, - JSON_EXTRACT(detail.Properties, '$.ReputationOptions') as reputation_options, - JSON_EXTRACT(detail.Properties, '$.SendingOptions') as sending_options, - JSON_EXTRACT(detail.Properties, '$.SuppressionOptions') as suppression_options, - JSON_EXTRACT(detail.Properties, '$.VdmOptions') as vdm_options + JSON_EXTRACT(detail.Properties, '$.ARecord') as a_record, + JSON_EXTRACT(detail.Properties, '$.TrafficPolicyId') as traffic_policy_id, + JSON_EXTRACT(detail.Properties, '$.IngressPointConfiguration') as ingress_point_configuration, + JSON_EXTRACT(detail.Properties, '$.IngressPointArn') as ingress_point_arn, + JSON_EXTRACT(detail.Properties, '$.IngressPointId') as ingress_point_id, + JSON_EXTRACT(detail.Properties, '$.IngressPointName') as ingress_point_name, + JSON_EXTRACT(detail.Properties, '$.RuleSetId') as rule_set_id, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.StatusToUpdate') as status_to_update, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.Type') as type FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SES::ConfigurationSet' - AND detail.data__TypeName = 'AWS::SES::ConfigurationSet' + WHERE listing.data__TypeName = 'AWS::SES::MailManagerIngressPoint' + AND detail.data__TypeName = 'AWS::SES::MailManagerIngressPoint' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -1286,42 +4346,50 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'TrackingOptions') as tracking_options, - json_extract_path_text(Properties, 'DeliveryOptions') as delivery_options, - json_extract_path_text(Properties, 'ReputationOptions') as reputation_options, - json_extract_path_text(Properties, 'SendingOptions') as sending_options, - json_extract_path_text(Properties, 'SuppressionOptions') as suppression_options, - json_extract_path_text(Properties, 'VdmOptions') as vdm_options - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ConfigurationSet' - AND data__Identifier = '' + json_extract_path_text(Properties, 'ARecord') as a_record, + json_extract_path_text(Properties, 'TrafficPolicyId') as traffic_policy_id, + json_extract_path_text(Properties, 'IngressPointConfiguration') as ingress_point_configuration, + json_extract_path_text(Properties, 'IngressPointArn') as ingress_point_arn, + json_extract_path_text(Properties, 'IngressPointId') as ingress_point_id, + json_extract_path_text(Properties, 'IngressPointName') as ingress_point_name, + json_extract_path_text(Properties, 'RuleSetId') as rule_set_id, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'StatusToUpdate') as status_to_update, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerIngressPoint' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'TrackingOptions') as tracking_options, - json_extract_path_text(detail.Properties, 'DeliveryOptions') as delivery_options, - json_extract_path_text(detail.Properties, 'ReputationOptions') as reputation_options, - json_extract_path_text(detail.Properties, 'SendingOptions') as sending_options, - json_extract_path_text(detail.Properties, 'SuppressionOptions') as suppression_options, - json_extract_path_text(detail.Properties, 'VdmOptions') as vdm_options + json_extract_path_text(detail.Properties, 'ARecord') as a_record, + json_extract_path_text(detail.Properties, 'TrafficPolicyId') as traffic_policy_id, + json_extract_path_text(detail.Properties, 'IngressPointConfiguration') as ingress_point_configuration, + json_extract_path_text(detail.Properties, 'IngressPointArn') as ingress_point_arn, + json_extract_path_text(detail.Properties, 'IngressPointId') as ingress_point_id, + json_extract_path_text(detail.Properties, 'IngressPointName') as ingress_point_name, + json_extract_path_text(detail.Properties, 'RuleSetId') as rule_set_id, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'StatusToUpdate') as status_to_update, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Type') as type FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SES::ConfigurationSet' - AND detail.data__TypeName = 'AWS::SES::ConfigurationSet' + WHERE listing.data__TypeName = 'AWS::SES::MailManagerIngressPoint' + AND detail.data__TypeName = 'AWS::SES::MailManagerIngressPoint' AND listing.region = 'us-east-1' - configuration_sets_list_only: - name: configuration_sets_list_only - id: aws.ses.configuration_sets_list_only - x-cfn-schema-name: ConfigurationSet - x-cfn-type-name: AWS::SES::ConfigurationSet + mail_manager_ingress_points_list_only: + name: mail_manager_ingress_points_list_only + id: aws.ses.mail_manager_ingress_points_list_only + x-cfn-schema-name: MailManagerIngressPoint + x-cfn-type-name: AWS::SES::MailManagerIngressPoint x-identifiers: - - Name + - IngressPointId x-type: cloud_control_view methods: {} sqlVerbs: @@ -1335,105 +4403,87 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.Name') as name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::ConfigurationSet' + JSON_EXTRACT(Properties, '$.IngressPointId') as ingress_point_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerIngressPoint' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'Name') as name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::ConfigurationSet' + json_extract_path_text(Properties, 'IngressPointId') as ingress_point_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerIngressPoint' AND region = 'us-east-1' - configuration_set_event_destinations: - name: configuration_set_event_destinations - id: aws.ses.configuration_set_event_destinations - x-cfn-schema-name: ConfigurationSetEventDestination - x-cfn-type-name: AWS::SES::ConfigurationSetEventDestination - x-identifiers: - - Id - x-type: cloud_control - methods: - create_resource: - config: - requestBodyTranslate: - algorithm: naive_DesiredState - operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ConfigurationSetEventDestination&__detailTransformed=true/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::SES::ConfigurationSetEventDestination" - } - response: - mediaType: application/json - openAPIDocKey: '200' - update_resource: - operation: - $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::SES::ConfigurationSetEventDestination" - } - response: - mediaType: application/json - openAPIDocKey: '200' - delete_resource: - operation: - $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' - request: - mediaType: application/x-amz-json-1.0 - base: |- - { - "TypeName": "AWS::SES::ConfigurationSetEventDestination" - } - response: - mediaType: application/json - openAPIDocKey: '200' + mail_manager_ingress_point_tags: + name: mail_manager_ingress_point_tags + id: aws.ses.mail_manager_ingress_point_tags + x-cfn-schema-name: MailManagerIngressPoint + x-cfn-type-name: AWS::SES::MailManagerIngressPoint + x-type: cloud_control_view + methods: {} sqlVerbs: - insert: - - $ref: '#/components/x-stackQL-resources/configuration_set_event_destinations/methods/create_resource' - delete: - - $ref: '#/components/x-stackQL-resources/configuration_set_event_destinations/methods/delete_resource' - update: - - $ref: '#/components/x-stackQL-resources/configuration_set_event_destinations/methods/update_resource' + insert: [] + delete: [] + update: [] config: views: select: - predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + predicate: sqlDialect == "sqlite3" ddl: |- SELECT - region, - data__Identifier, - JSON_EXTRACT(Properties, '$.Id') as id, - JSON_EXTRACT(Properties, '$.ConfigurationSetName') as configuration_set_name, - JSON_EXTRACT(Properties, '$.EventDestination') as event_destination - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ConfigurationSetEventDestination' - AND data__Identifier = '' - AND region = 'us-east-1' + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ARecord') as a_record, + JSON_EXTRACT(detail.Properties, '$.TrafficPolicyId') as traffic_policy_id, + JSON_EXTRACT(detail.Properties, '$.IngressPointConfiguration') as ingress_point_configuration, + JSON_EXTRACT(detail.Properties, '$.IngressPointArn') as ingress_point_arn, + JSON_EXTRACT(detail.Properties, '$.IngressPointId') as ingress_point_id, + JSON_EXTRACT(detail.Properties, '$.IngressPointName') as ingress_point_name, + JSON_EXTRACT(detail.Properties, '$.RuleSetId') as rule_set_id, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.StatusToUpdate') as status_to_update, + JSON_EXTRACT(detail.Properties, '$.Type') as type + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::SES::MailManagerIngressPoint' + AND detail.data__TypeName = 'AWS::SES::MailManagerIngressPoint' + AND listing.region = 'us-east-1' fallback: - predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + predicate: sqlDialect == "postgres" ddl: |- SELECT - region, - data__Identifier, - json_extract_path_text(Properties, 'Id') as id, - json_extract_path_text(Properties, 'ConfigurationSetName') as configuration_set_name, - json_extract_path_text(Properties, 'EventDestination') as event_destination - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ConfigurationSetEventDestination' - AND data__Identifier = '' - AND region = 'us-east-1' - contact_lists: - name: contact_lists - id: aws.ses.contact_lists - x-cfn-schema-name: ContactList - x-cfn-type-name: AWS::SES::ContactList + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ARecord') as a_record, + json_extract_path_text(detail.Properties, 'TrafficPolicyId') as traffic_policy_id, + json_extract_path_text(detail.Properties, 'IngressPointConfiguration') as ingress_point_configuration, + json_extract_path_text(detail.Properties, 'IngressPointArn') as ingress_point_arn, + json_extract_path_text(detail.Properties, 'IngressPointId') as ingress_point_id, + json_extract_path_text(detail.Properties, 'IngressPointName') as ingress_point_name, + json_extract_path_text(detail.Properties, 'RuleSetId') as rule_set_id, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'StatusToUpdate') as status_to_update, + json_extract_path_text(detail.Properties, 'Type') as type + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::SES::MailManagerIngressPoint' + AND detail.data__TypeName = 'AWS::SES::MailManagerIngressPoint' + AND listing.region = 'us-east-1' + mail_manager_relays: + name: mail_manager_relays + id: aws.ses.mail_manager_relays + x-cfn-schema-name: MailManagerRelay + x-cfn-type-name: AWS::SES::MailManagerRelay x-identifiers: - - ContactListName + - RelayId x-type: cloud_control methods: create_resource: @@ -1441,12 +4491,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ContactList&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__MailManagerRelay&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SES::ContactList" + "TypeName": "AWS::SES::MailManagerRelay" } response: mediaType: application/json @@ -1458,7 +4508,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SES::ContactList" + "TypeName": "AWS::SES::MailManagerRelay" } response: mediaType: application/json @@ -1470,18 +4520,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SES::ContactList" + "TypeName": "AWS::SES::MailManagerRelay" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/contact_lists/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/mail_manager_relays/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/contact_lists/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/mail_manager_relays/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/contact_lists/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/mail_manager_relays/methods/update_resource' config: views: select: @@ -1490,28 +4540,34 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.ContactListName') as contact_list_name, - JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.Topics') as topics, + JSON_EXTRACT(Properties, '$.Authentication') as authentication, + JSON_EXTRACT(Properties, '$.RelayArn') as relay_arn, + JSON_EXTRACT(Properties, '$.RelayId') as relay_id, + JSON_EXTRACT(Properties, '$.RelayName') as relay_name, + JSON_EXTRACT(Properties, '$.ServerName') as server_name, + JSON_EXTRACT(Properties, '$.ServerPort') as server_port, JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ContactList' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerRelay' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.ContactListName') as contact_list_name, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.Topics') as topics, + JSON_EXTRACT(detail.Properties, '$.Authentication') as authentication, + JSON_EXTRACT(detail.Properties, '$.RelayArn') as relay_arn, + JSON_EXTRACT(detail.Properties, '$.RelayId') as relay_id, + JSON_EXTRACT(detail.Properties, '$.RelayName') as relay_name, + JSON_EXTRACT(detail.Properties, '$.ServerName') as server_name, + JSON_EXTRACT(detail.Properties, '$.ServerPort') as server_port, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SES::ContactList' - AND detail.data__TypeName = 'AWS::SES::ContactList' + WHERE listing.data__TypeName = 'AWS::SES::MailManagerRelay' + AND detail.data__TypeName = 'AWS::SES::MailManagerRelay' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -1519,36 +4575,42 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'ContactListName') as contact_list_name, - json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'Topics') as topics, + json_extract_path_text(Properties, 'Authentication') as authentication, + json_extract_path_text(Properties, 'RelayArn') as relay_arn, + json_extract_path_text(Properties, 'RelayId') as relay_id, + json_extract_path_text(Properties, 'RelayName') as relay_name, + json_extract_path_text(Properties, 'ServerName') as server_name, + json_extract_path_text(Properties, 'ServerPort') as server_port, json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::ContactList' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerRelay' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'ContactListName') as contact_list_name, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'Topics') as topics, + json_extract_path_text(detail.Properties, 'Authentication') as authentication, + json_extract_path_text(detail.Properties, 'RelayArn') as relay_arn, + json_extract_path_text(detail.Properties, 'RelayId') as relay_id, + json_extract_path_text(detail.Properties, 'RelayName') as relay_name, + json_extract_path_text(detail.Properties, 'ServerName') as server_name, + json_extract_path_text(detail.Properties, 'ServerPort') as server_port, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SES::ContactList' - AND detail.data__TypeName = 'AWS::SES::ContactList' + WHERE listing.data__TypeName = 'AWS::SES::MailManagerRelay' + AND detail.data__TypeName = 'AWS::SES::MailManagerRelay' AND listing.region = 'us-east-1' - contact_lists_list_only: - name: contact_lists_list_only - id: aws.ses.contact_lists_list_only - x-cfn-schema-name: ContactList - x-cfn-type-name: AWS::SES::ContactList + mail_manager_relays_list_only: + name: mail_manager_relays_list_only + id: aws.ses.mail_manager_relays_list_only + x-cfn-schema-name: MailManagerRelay + x-cfn-type-name: AWS::SES::MailManagerRelay x-identifiers: - - ContactListName + - RelayId x-type: cloud_control_view methods: {} sqlVerbs: @@ -1562,22 +4624,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.ContactListName') as contact_list_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::ContactList' + JSON_EXTRACT(Properties, '$.RelayId') as relay_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerRelay' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'ContactListName') as contact_list_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::ContactList' + json_extract_path_text(Properties, 'RelayId') as relay_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerRelay' AND region = 'us-east-1' - contact_list_tags: - name: contact_list_tags - id: aws.ses.contact_list_tags - x-cfn-schema-name: ContactList - x-cfn-type-name: AWS::SES::ContactList + mail_manager_relay_tags: + name: mail_manager_relay_tags + id: aws.ses.mail_manager_relay_tags + x-cfn-schema-name: MailManagerRelay + x-cfn-type-name: AWS::SES::MailManagerRelay x-type: cloud_control_view methods: {} sqlVerbs: @@ -1593,16 +4655,19 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.ContactListName') as contact_list_name, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.Topics') as topics + JSON_EXTRACT(detail.Properties, '$.Authentication') as authentication, + JSON_EXTRACT(detail.Properties, '$.RelayArn') as relay_arn, + JSON_EXTRACT(detail.Properties, '$.RelayId') as relay_id, + JSON_EXTRACT(detail.Properties, '$.RelayName') as relay_name, + JSON_EXTRACT(detail.Properties, '$.ServerName') as server_name, + JSON_EXTRACT(detail.Properties, '$.ServerPort') as server_port FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::SES::ContactList' - AND detail.data__TypeName = 'AWS::SES::ContactList' + WHERE listing.data__TypeName = 'AWS::SES::MailManagerRelay' + AND detail.data__TypeName = 'AWS::SES::MailManagerRelay' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -1611,24 +4676,27 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'ContactListName') as contact_list_name, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'Topics') as topics + json_extract_path_text(detail.Properties, 'Authentication') as authentication, + json_extract_path_text(detail.Properties, 'RelayArn') as relay_arn, + json_extract_path_text(detail.Properties, 'RelayId') as relay_id, + json_extract_path_text(detail.Properties, 'RelayName') as relay_name, + json_extract_path_text(detail.Properties, 'ServerName') as server_name, + json_extract_path_text(detail.Properties, 'ServerPort') as server_port FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::SES::ContactList' - AND detail.data__TypeName = 'AWS::SES::ContactList' + WHERE listing.data__TypeName = 'AWS::SES::MailManagerRelay' + AND detail.data__TypeName = 'AWS::SES::MailManagerRelay' AND listing.region = 'us-east-1' - dedicated_ip_pools: - name: dedicated_ip_pools - id: aws.ses.dedicated_ip_pools - x-cfn-schema-name: DedicatedIpPool - x-cfn-type-name: AWS::SES::DedicatedIpPool + mail_manager_rule_sets: + name: mail_manager_rule_sets + id: aws.ses.mail_manager_rule_sets + x-cfn-schema-name: MailManagerRuleSet + x-cfn-type-name: AWS::SES::MailManagerRuleSet x-identifiers: - - PoolName + - RuleSetId x-type: cloud_control methods: create_resource: @@ -1636,12 +4704,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DedicatedIpPool&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__MailManagerRuleSet&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SES::DedicatedIpPool" + "TypeName": "AWS::SES::MailManagerRuleSet" } response: mediaType: application/json @@ -1653,7 +4721,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SES::DedicatedIpPool" + "TypeName": "AWS::SES::MailManagerRuleSet" } response: mediaType: application/json @@ -1665,18 +4733,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SES::DedicatedIpPool" + "TypeName": "AWS::SES::MailManagerRuleSet" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/dedicated_ip_pools/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/mail_manager_rule_sets/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/dedicated_ip_pools/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/mail_manager_rule_sets/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/dedicated_ip_pools/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/mail_manager_rule_sets/methods/update_resource' config: views: select: @@ -1685,24 +4753,30 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.PoolName') as pool_name, - JSON_EXTRACT(Properties, '$.ScalingMode') as scaling_mode - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::DedicatedIpPool' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.RuleSetArn') as rule_set_arn, + JSON_EXTRACT(Properties, '$.RuleSetId') as rule_set_id, + JSON_EXTRACT(Properties, '$.RuleSetName') as rule_set_name, + JSON_EXTRACT(Properties, '$.Rules') as rules, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerRuleSet' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.PoolName') as pool_name, - JSON_EXTRACT(detail.Properties, '$.ScalingMode') as scaling_mode + JSON_EXTRACT(detail.Properties, '$.RuleSetArn') as rule_set_arn, + JSON_EXTRACT(detail.Properties, '$.RuleSetId') as rule_set_id, + JSON_EXTRACT(detail.Properties, '$.RuleSetName') as rule_set_name, + JSON_EXTRACT(detail.Properties, '$.Rules') as rules, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SES::DedicatedIpPool' - AND detail.data__TypeName = 'AWS::SES::DedicatedIpPool' + WHERE listing.data__TypeName = 'AWS::SES::MailManagerRuleSet' + AND detail.data__TypeName = 'AWS::SES::MailManagerRuleSet' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -1710,32 +4784,67 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'PoolName') as pool_name, - json_extract_path_text(Properties, 'ScalingMode') as scaling_mode - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::DedicatedIpPool' - AND data__Identifier = '' + json_extract_path_text(Properties, 'RuleSetArn') as rule_set_arn, + json_extract_path_text(Properties, 'RuleSetId') as rule_set_id, + json_extract_path_text(Properties, 'RuleSetName') as rule_set_name, + json_extract_path_text(Properties, 'Rules') as rules, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerRuleSet' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'PoolName') as pool_name, - json_extract_path_text(detail.Properties, 'ScalingMode') as scaling_mode + json_extract_path_text(detail.Properties, 'RuleSetArn') as rule_set_arn, + json_extract_path_text(detail.Properties, 'RuleSetId') as rule_set_id, + json_extract_path_text(detail.Properties, 'RuleSetName') as rule_set_name, + json_extract_path_text(detail.Properties, 'Rules') as rules, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SES::DedicatedIpPool' - AND detail.data__TypeName = 'AWS::SES::DedicatedIpPool' + WHERE listing.data__TypeName = 'AWS::SES::MailManagerRuleSet' + AND detail.data__TypeName = 'AWS::SES::MailManagerRuleSet' AND listing.region = 'us-east-1' - dedicated_ip_pools_list_only: - name: dedicated_ip_pools_list_only - id: aws.ses.dedicated_ip_pools_list_only - x-cfn-schema-name: DedicatedIpPool - x-cfn-type-name: AWS::SES::DedicatedIpPool + mail_manager_rule_sets_list_only: + name: mail_manager_rule_sets_list_only + id: aws.ses.mail_manager_rule_sets_list_only + x-cfn-schema-name: MailManagerRuleSet + x-cfn-type-name: AWS::SES::MailManagerRuleSet x-identifiers: - - PoolName + - RuleSetId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.RuleSetId') as rule_set_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerRuleSet' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'RuleSetId') as rule_set_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerRuleSet' + AND region = 'us-east-1' + mail_manager_rule_set_tags: + name: mail_manager_rule_set_tags + id: aws.ses.mail_manager_rule_set_tags + x-cfn-schema-name: MailManagerRuleSet + x-cfn-type-name: AWS::SES::MailManagerRuleSet x-type: cloud_control_view methods: {} sqlVerbs: @@ -1748,25 +4857,47 @@ components: predicate: sqlDialect == "sqlite3" ddl: |- SELECT - region, - JSON_EXTRACT(Properties, '$.PoolName') as pool_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::DedicatedIpPool' - AND region = 'us-east-1' + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.RuleSetArn') as rule_set_arn, + JSON_EXTRACT(detail.Properties, '$.RuleSetId') as rule_set_id, + JSON_EXTRACT(detail.Properties, '$.RuleSetName') as rule_set_name, + JSON_EXTRACT(detail.Properties, '$.Rules') as rules + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::SES::MailManagerRuleSet' + AND detail.data__TypeName = 'AWS::SES::MailManagerRuleSet' + AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT - region, - json_extract_path_text(Properties, 'PoolName') as pool_name - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::DedicatedIpPool' - AND region = 'us-east-1' - email_identities: - name: email_identities - id: aws.ses.email_identities - x-cfn-schema-name: EmailIdentity - x-cfn-type-name: AWS::SES::EmailIdentity + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'RuleSetArn') as rule_set_arn, + json_extract_path_text(detail.Properties, 'RuleSetId') as rule_set_id, + json_extract_path_text(detail.Properties, 'RuleSetName') as rule_set_name, + json_extract_path_text(detail.Properties, 'Rules') as rules + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::SES::MailManagerRuleSet' + AND detail.data__TypeName = 'AWS::SES::MailManagerRuleSet' + AND listing.region = 'us-east-1' + mail_manager_traffic_policies: + name: mail_manager_traffic_policies + id: aws.ses.mail_manager_traffic_policies + x-cfn-schema-name: MailManagerTrafficPolicy + x-cfn-type-name: AWS::SES::MailManagerTrafficPolicy x-identifiers: - - EmailIdentity + - TrafficPolicyId x-type: cloud_control methods: create_resource: @@ -1774,12 +4905,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__EmailIdentity&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__MailManagerTrafficPolicy&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SES::EmailIdentity" + "TypeName": "AWS::SES::MailManagerTrafficPolicy" } response: mediaType: application/json @@ -1791,7 +4922,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SES::EmailIdentity" + "TypeName": "AWS::SES::MailManagerTrafficPolicy" } response: mediaType: application/json @@ -1803,18 +4934,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::SES::EmailIdentity" + "TypeName": "AWS::SES::MailManagerTrafficPolicy" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/email_identities/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/mail_manager_traffic_policies/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/email_identities/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/mail_manager_traffic_policies/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/email_identities/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/mail_manager_traffic_policies/methods/update_resource' config: views: select: @@ -1823,44 +4954,34 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.EmailIdentity') as email_identity, - JSON_EXTRACT(Properties, '$.ConfigurationSetAttributes') as configuration_set_attributes, - JSON_EXTRACT(Properties, '$.DkimSigningAttributes') as dkim_signing_attributes, - JSON_EXTRACT(Properties, '$.DkimAttributes') as dkim_attributes, - JSON_EXTRACT(Properties, '$.MailFromAttributes') as mail_from_attributes, - JSON_EXTRACT(Properties, '$.FeedbackAttributes') as feedback_attributes, - JSON_EXTRACT(Properties, '$.DkimDNSTokenName1') as dkim_dns_token_name1, - JSON_EXTRACT(Properties, '$.DkimDNSTokenName2') as dkim_dns_token_name2, - JSON_EXTRACT(Properties, '$.DkimDNSTokenName3') as dkim_dns_token_name3, - JSON_EXTRACT(Properties, '$.DkimDNSTokenValue1') as dkim_dns_token_value1, - JSON_EXTRACT(Properties, '$.DkimDNSTokenValue2') as dkim_dns_token_value2, - JSON_EXTRACT(Properties, '$.DkimDNSTokenValue3') as dkim_dns_token_value3 - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::EmailIdentity' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.DefaultAction') as default_action, + JSON_EXTRACT(Properties, '$.MaxMessageSizeBytes') as max_message_size_bytes, + JSON_EXTRACT(Properties, '$.PolicyStatements') as policy_statements, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TrafficPolicyArn') as traffic_policy_arn, + JSON_EXTRACT(Properties, '$.TrafficPolicyId') as traffic_policy_id, + JSON_EXTRACT(Properties, '$.TrafficPolicyName') as traffic_policy_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerTrafficPolicy' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.EmailIdentity') as email_identity, - JSON_EXTRACT(detail.Properties, '$.ConfigurationSetAttributes') as configuration_set_attributes, - JSON_EXTRACT(detail.Properties, '$.DkimSigningAttributes') as dkim_signing_attributes, - JSON_EXTRACT(detail.Properties, '$.DkimAttributes') as dkim_attributes, - JSON_EXTRACT(detail.Properties, '$.MailFromAttributes') as mail_from_attributes, - JSON_EXTRACT(detail.Properties, '$.FeedbackAttributes') as feedback_attributes, - JSON_EXTRACT(detail.Properties, '$.DkimDNSTokenName1') as dkim_dns_token_name1, - JSON_EXTRACT(detail.Properties, '$.DkimDNSTokenName2') as dkim_dns_token_name2, - JSON_EXTRACT(detail.Properties, '$.DkimDNSTokenName3') as dkim_dns_token_name3, - JSON_EXTRACT(detail.Properties, '$.DkimDNSTokenValue1') as dkim_dns_token_value1, - JSON_EXTRACT(detail.Properties, '$.DkimDNSTokenValue2') as dkim_dns_token_value2, - JSON_EXTRACT(detail.Properties, '$.DkimDNSTokenValue3') as dkim_dns_token_value3 + JSON_EXTRACT(detail.Properties, '$.DefaultAction') as default_action, + JSON_EXTRACT(detail.Properties, '$.MaxMessageSizeBytes') as max_message_size_bytes, + JSON_EXTRACT(detail.Properties, '$.PolicyStatements') as policy_statements, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.TrafficPolicyArn') as traffic_policy_arn, + JSON_EXTRACT(detail.Properties, '$.TrafficPolicyId') as traffic_policy_id, + JSON_EXTRACT(detail.Properties, '$.TrafficPolicyName') as traffic_policy_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SES::EmailIdentity' - AND detail.data__TypeName = 'AWS::SES::EmailIdentity' + WHERE listing.data__TypeName = 'AWS::SES::MailManagerTrafficPolicy' + AND detail.data__TypeName = 'AWS::SES::MailManagerTrafficPolicy' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -1868,52 +4989,42 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'EmailIdentity') as email_identity, - json_extract_path_text(Properties, 'ConfigurationSetAttributes') as configuration_set_attributes, - json_extract_path_text(Properties, 'DkimSigningAttributes') as dkim_signing_attributes, - json_extract_path_text(Properties, 'DkimAttributes') as dkim_attributes, - json_extract_path_text(Properties, 'MailFromAttributes') as mail_from_attributes, - json_extract_path_text(Properties, 'FeedbackAttributes') as feedback_attributes, - json_extract_path_text(Properties, 'DkimDNSTokenName1') as dkim_dns_token_name1, - json_extract_path_text(Properties, 'DkimDNSTokenName2') as dkim_dns_token_name2, - json_extract_path_text(Properties, 'DkimDNSTokenName3') as dkim_dns_token_name3, - json_extract_path_text(Properties, 'DkimDNSTokenValue1') as dkim_dns_token_value1, - json_extract_path_text(Properties, 'DkimDNSTokenValue2') as dkim_dns_token_value2, - json_extract_path_text(Properties, 'DkimDNSTokenValue3') as dkim_dns_token_value3 - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::EmailIdentity' - AND data__Identifier = '' + json_extract_path_text(Properties, 'DefaultAction') as default_action, + json_extract_path_text(Properties, 'MaxMessageSizeBytes') as max_message_size_bytes, + json_extract_path_text(Properties, 'PolicyStatements') as policy_statements, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TrafficPolicyArn') as traffic_policy_arn, + json_extract_path_text(Properties, 'TrafficPolicyId') as traffic_policy_id, + json_extract_path_text(Properties, 'TrafficPolicyName') as traffic_policy_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SES::MailManagerTrafficPolicy' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'EmailIdentity') as email_identity, - json_extract_path_text(detail.Properties, 'ConfigurationSetAttributes') as configuration_set_attributes, - json_extract_path_text(detail.Properties, 'DkimSigningAttributes') as dkim_signing_attributes, - json_extract_path_text(detail.Properties, 'DkimAttributes') as dkim_attributes, - json_extract_path_text(detail.Properties, 'MailFromAttributes') as mail_from_attributes, - json_extract_path_text(detail.Properties, 'FeedbackAttributes') as feedback_attributes, - json_extract_path_text(detail.Properties, 'DkimDNSTokenName1') as dkim_dns_token_name1, - json_extract_path_text(detail.Properties, 'DkimDNSTokenName2') as dkim_dns_token_name2, - json_extract_path_text(detail.Properties, 'DkimDNSTokenName3') as dkim_dns_token_name3, - json_extract_path_text(detail.Properties, 'DkimDNSTokenValue1') as dkim_dns_token_value1, - json_extract_path_text(detail.Properties, 'DkimDNSTokenValue2') as dkim_dns_token_value2, - json_extract_path_text(detail.Properties, 'DkimDNSTokenValue3') as dkim_dns_token_value3 + json_extract_path_text(detail.Properties, 'DefaultAction') as default_action, + json_extract_path_text(detail.Properties, 'MaxMessageSizeBytes') as max_message_size_bytes, + json_extract_path_text(detail.Properties, 'PolicyStatements') as policy_statements, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'TrafficPolicyArn') as traffic_policy_arn, + json_extract_path_text(detail.Properties, 'TrafficPolicyId') as traffic_policy_id, + json_extract_path_text(detail.Properties, 'TrafficPolicyName') as traffic_policy_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::SES::EmailIdentity' - AND detail.data__TypeName = 'AWS::SES::EmailIdentity' + WHERE listing.data__TypeName = 'AWS::SES::MailManagerTrafficPolicy' + AND detail.data__TypeName = 'AWS::SES::MailManagerTrafficPolicy' AND listing.region = 'us-east-1' - email_identities_list_only: - name: email_identities_list_only - id: aws.ses.email_identities_list_only - x-cfn-schema-name: EmailIdentity - x-cfn-type-name: AWS::SES::EmailIdentity + mail_manager_traffic_policies_list_only: + name: mail_manager_traffic_policies_list_only + id: aws.ses.mail_manager_traffic_policies_list_only + x-cfn-schema-name: MailManagerTrafficPolicy + x-cfn-type-name: AWS::SES::MailManagerTrafficPolicy x-identifiers: - - EmailIdentity + - TrafficPolicyId x-type: cloud_control_view methods: {} sqlVerbs: @@ -1927,17 +5038,72 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.EmailIdentity') as email_identity - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::EmailIdentity' + JSON_EXTRACT(Properties, '$.TrafficPolicyId') as traffic_policy_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerTrafficPolicy' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'EmailIdentity') as email_identity - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::EmailIdentity' + json_extract_path_text(Properties, 'TrafficPolicyId') as traffic_policy_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SES::MailManagerTrafficPolicy' AND region = 'us-east-1' + mail_manager_traffic_policy_tags: + name: mail_manager_traffic_policy_tags + id: aws.ses.mail_manager_traffic_policy_tags + x-cfn-schema-name: MailManagerTrafficPolicy + x-cfn-type-name: AWS::SES::MailManagerTrafficPolicy + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.DefaultAction') as default_action, + JSON_EXTRACT(detail.Properties, '$.MaxMessageSizeBytes') as max_message_size_bytes, + JSON_EXTRACT(detail.Properties, '$.PolicyStatements') as policy_statements, + JSON_EXTRACT(detail.Properties, '$.TrafficPolicyArn') as traffic_policy_arn, + JSON_EXTRACT(detail.Properties, '$.TrafficPolicyId') as traffic_policy_id, + JSON_EXTRACT(detail.Properties, '$.TrafficPolicyName') as traffic_policy_name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::SES::MailManagerTrafficPolicy' + AND detail.data__TypeName = 'AWS::SES::MailManagerTrafficPolicy' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'DefaultAction') as default_action, + json_extract_path_text(detail.Properties, 'MaxMessageSizeBytes') as max_message_size_bytes, + json_extract_path_text(detail.Properties, 'PolicyStatements') as policy_statements, + json_extract_path_text(detail.Properties, 'TrafficPolicyArn') as traffic_policy_arn, + json_extract_path_text(detail.Properties, 'TrafficPolicyId') as traffic_policy_id, + json_extract_path_text(detail.Properties, 'TrafficPolicyName') as traffic_policy_name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::SES::MailManagerTrafficPolicy' + AND detail.data__TypeName = 'AWS::SES::MailManagerTrafficPolicy' + AND listing.region = 'us-east-1' templates: name: templates id: aws.ses.templates @@ -2168,7 +5334,149 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateResource + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__ConfigurationSet&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateConfigurationSet parameters: - description: Action Header in: header @@ -2191,7 +5499,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + $ref: '#/components/schemas/CreateConfigurationSetRequest' required: true responses: '200': @@ -2200,7 +5508,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=DeleteResource&Version=2021-09-30: + /?Action=CreateResource&Version=2021-09-30&__ConfigurationSetEventDestination&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -2210,16 +5518,16 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: DeleteResource + operationId: CreateConfigurationSetEventDestination parameters: - description: Action Header in: header name: X-Amz-Target required: false schema: - default: CloudApiService.DeleteResource + default: CloudApiService.CreateResource enum: - - CloudApiService.DeleteResource + - CloudApiService.CreateResource type: string - in: header name: Content-Type @@ -2233,16 +5541,16 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + $ref: '#/components/schemas/CreateConfigurationSetEventDestinationRequest' required: true responses: '200': content: application/json: schema: - $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=UpdateResource&Version=2021-09-30: + /?Action=CreateResource&Version=2021-09-30&__ContactList&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -2252,16 +5560,16 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: UpdateResource + operationId: CreateContactList parameters: - description: Action Header in: header name: X-Amz-Target required: false schema: - default: CloudApiService.UpdateResource + default: CloudApiService.CreateResource enum: - - CloudApiService.UpdateResource + - CloudApiService.CreateResource type: string - in: header name: Content-Type @@ -2275,32 +5583,16 @@ paths: content: application/x-amz-json-1.0: schema: - properties: - ClientName: - type: string - Identifier: - $ref: '#/components/x-cloud-control-schemas/Identifier' - PatchDocument: - type: string - RoleArn: - $ref: '#/components/x-cloud-control-schemas/RoleArn' - TypeName: - $ref: '#/components/x-cloud-control-schemas/TypeName' - TypeVersionId: - $ref: '#/components/x-cloud-control-schemas/TypeVersionId' - required: - - Identifier - - PatchDocument - type: object + $ref: '#/components/schemas/CreateContactListRequest' required: true responses: '200': content: application/json: schema: - $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=CreateResource&Version=2021-09-30&__ConfigurationSet&__detailTransformed=true: + /?Action=CreateResource&Version=2021-09-30&__DedicatedIpPool&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -2310,7 +5602,7 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateConfigurationSet + operationId: CreateDedicatedIpPool parameters: - description: Action Header in: header @@ -2333,7 +5625,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateConfigurationSetRequest' + $ref: '#/components/schemas/CreateDedicatedIpPoolRequest' required: true responses: '200': @@ -2342,7 +5634,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=CreateResource&Version=2021-09-30&__ConfigurationSetEventDestination&__detailTransformed=true: + /?Action=CreateResource&Version=2021-09-30&__EmailIdentity&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -2352,7 +5644,7 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateConfigurationSetEventDestination + operationId: CreateEmailIdentity parameters: - description: Action Header in: header @@ -2375,7 +5667,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateConfigurationSetEventDestinationRequest' + $ref: '#/components/schemas/CreateEmailIdentityRequest' required: true responses: '200': @@ -2384,7 +5676,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=CreateResource&Version=2021-09-30&__ContactList&__detailTransformed=true: + /?Action=CreateResource&Version=2021-09-30&__MailManagerAddonInstance&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -2394,7 +5686,7 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateContactList + operationId: CreateMailManagerAddonInstance parameters: - description: Action Header in: header @@ -2417,7 +5709,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateContactListRequest' + $ref: '#/components/schemas/CreateMailManagerAddonInstanceRequest' required: true responses: '200': @@ -2426,7 +5718,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=CreateResource&Version=2021-09-30&__DedicatedIpPool&__detailTransformed=true: + /?Action=CreateResource&Version=2021-09-30&__MailManagerAddonSubscription&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -2436,7 +5728,7 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateDedicatedIpPool + operationId: CreateMailManagerAddonSubscription parameters: - description: Action Header in: header @@ -2459,7 +5751,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateDedicatedIpPoolRequest' + $ref: '#/components/schemas/CreateMailManagerAddonSubscriptionRequest' required: true responses: '200': @@ -2468,7 +5760,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=CreateResource&Version=2021-09-30&__EmailIdentity&__detailTransformed=true: + /?Action=CreateResource&Version=2021-09-30&__MailManagerArchive&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -2478,7 +5770,7 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateEmailIdentity + operationId: CreateMailManagerArchive parameters: - description: Action Header in: header @@ -2501,7 +5793,175 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/schemas/CreateEmailIdentityRequest' + $ref: '#/components/schemas/CreateMailManagerArchiveRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__MailManagerIngressPoint&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateMailManagerIngressPoint + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateMailManagerIngressPointRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__MailManagerRelay&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateMailManagerRelay + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateMailManagerRelayRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__MailManagerRuleSet&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateMailManagerRuleSet + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateMailManagerRuleSetRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__MailManagerTrafficPolicy&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateMailManagerTrafficPolicy + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateMailManagerTrafficPolicyRequest' required: true responses: '200': diff --git a/providers/src/aws/v00.00.00000/services/shield.yaml b/providers/src/aws/v00.00.00000/services/shield.yaml index d2133560..b54b049c 100644 --- a/providers/src/aws/v00.00.00000/services/shield.yaml +++ b/providers/src/aws/v00.00.00000/services/shield.yaml @@ -773,6 +773,10 @@ components: taggable: true tagProperty: /properties/Tags cloudFormationSystemTags: false + permissions: + - shield:ListTagsForResource + - shield:UntagResource + - shield:TagResource x-required-permissions: create: - shield:CreateProtectionGroup diff --git a/providers/src/aws/v00.00.00000/services/signer.yaml b/providers/src/aws/v00.00.00000/services/signer.yaml index b9b70c59..0c6151bf 100644 --- a/providers/src/aws/v00.00.00000/services/signer.yaml +++ b/providers/src/aws/v00.00.00000/services/signer.yaml @@ -390,6 +390,7 @@ components: properties: ProfileName: type: string + pattern: ^[0-9a-zA-Z_]{2,64}$ ProfileVersion: type: string pattern: ^[0-9a-zA-Z]{10}$ @@ -441,6 +442,11 @@ components: Arn: type: string pattern: ^arn:aws(-(cn|us-gov))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$ + ProfileName: + type: string + minLength: 2 + maxLength: 64 + pattern: ^[0-9a-zA-Z_]{2,64}$ ProfileVersion: type: string pattern: ^[0-9a-zA-Z]{10}$ @@ -473,8 +479,8 @@ components: type: object properties: ProfileName: - description: 'A name for the signing profile. AWS CloudFormation generates a unique physical ID and uses that ID for the signing profile name. ' - type: string + description: 'A name for the signing profile. If you don''t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the signing profile name. ' + $ref: '#/components/schemas/ProfileName' ProfileVersion: description: A version for the signing profile. AWS Signer generates a unique version for each profile of the same profile name. $ref: '#/components/schemas/ProfileVersion' @@ -506,6 +512,7 @@ components: - - ProfileName - - ProfileVersionArn x-create-only-properties: + - ProfileName - PlatformId - SignatureValidityPeriod x-read-only-properties: @@ -545,6 +552,7 @@ components: properties: ProfileName: type: string + pattern: ^[0-9a-zA-Z_]{2,64}$ ProfileVersion: type: string pattern: ^[0-9a-zA-Z]{10}$ @@ -572,8 +580,8 @@ components: type: object properties: ProfileName: - description: 'A name for the signing profile. AWS CloudFormation generates a unique physical ID and uses that ID for the signing profile name. ' - type: string + description: 'A name for the signing profile. If you don''t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the signing profile name. ' + $ref: '#/components/schemas/ProfileName' ProfileVersion: description: A version for the signing profile. AWS Signer generates a unique version for each profile of the same profile name. $ref: '#/components/schemas/ProfileVersion' diff --git a/providers/src/aws/v00.00.00000/services/sns.yaml b/providers/src/aws/v00.00.00000/services/sns.yaml index cc602e52..cc60dbc5 100644 --- a/providers/src/aws/v00.00.00000/services/sns.yaml +++ b/providers/src/aws/v00.00.00000/services/sns.yaml @@ -385,33 +385,12 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: - Tag: - type: object - additionalProperties: false - properties: - Key: - type: string - description: The required key portion of the tag. - Value: - type: string - description: The optional value portion of the tag. - required: - - Value - - Key - description: The list of tags to be added to the specified topic. Subscription: type: object additionalProperties: false properties: Endpoint: type: string - anyOf: - - relationshipRef: - typeName: AWS::Lambda::Function - propertyPath: /properties/Arn - - relationshipRef: - typeName: AWS::SQS::Queue - propertyPath: /properties/Arn description: The endpoint that receives notifications from the SNS topic. The endpoint value depends on the protocol that you specify. For more information, see the ``Endpoint`` parameter of the ``Subscribe`` action in the *API Reference*. Protocol: type: string @@ -422,13 +401,29 @@ components: description: |- ``Subscription`` is an embedded property that describes the subscription endpoints of an SNS topic. For full control over subscription behavior (for example, delivery policy, filtering, raw message delivery, and cross-region subscriptions), use the [AWS::SNS::Subscription](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html) resource. + Tag: + type: object + additionalProperties: false + properties: + Key: + type: string + description: The required key portion of the tag. + Value: + type: string + description: The optional value portion of the tag. + required: + - Value + - Key + description: The list of tags to be added to the specified topic. LoggingConfig: type: object additionalProperties: false properties: Protocol: type: string - description: '' + description: |- + Indicates one of the supported protocols for the Amazon SNS topic. + At least one of the other three ``LoggingConfig`` properties is recommend along with ``Protocol``. enum: - http/s - sqs @@ -437,16 +432,16 @@ components: - application SuccessFeedbackRoleArn: type: string - description: '' + description: The IAM role ARN to be used when logging successful message deliveries in Amazon CloudWatch. SuccessFeedbackSampleRate: type: string - description: '' + description: The percentage of successful message deliveries to be logged in Amazon CloudWatch. Valid percentage values range from 0 to 100. FailureFeedbackRoleArn: type: string - description: '' + description: The IAM role ARN to be used when logging failed message deliveries in Amazon CloudWatch. required: - Protocol - description: '' + description: The ``LoggingConfig`` property type specifies the ``Delivery`` status logging configuration for an [AWS::SNS::Topic](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topic.html). Topic: type: object properties: @@ -458,16 +453,6 @@ components: The ID of an AWS managed customer master key (CMK) for SNS or a custom CMK. For more information, see [Key terms](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms). For more examples, see ``KeyId`` in the *API Reference*. This property applies only to [server-side-encryption](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html). type: string - anyOf: - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/Arn - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/KeyId - - relationshipRef: - typeName: AWS::KMS::Alias - propertyPath: /properties/AliasName DataProtectionPolicy: description: |- The body of the policy document you want to use for this topic. @@ -522,7 +507,15 @@ components: description: Tracing mode of an SNS topic. By default ``TracingConfig`` is set to ``PassThrough``, and the topic passes through the tracing header it receives from an SNS publisher to its subscriptions. If set to ``Active``, SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true. type: string DeliveryStatusLogging: - description: '' + description: |- + The ``DeliveryStatusLogging`` configuration enables you to log the delivery status of messages sent from your Amazon SNS topic to subscribed endpoints with the following supported delivery protocols: + + HTTP + + Amazon Kinesis Data Firehose + + AWS Lambda + + Platform application endpoint + + Amazon Simple Queue Service + + Once configured, log entries are sent to Amazon CloudWatch Logs. type: array uniqueItems: true x-insertionOrder: false @@ -639,16 +632,6 @@ components: The ID of an AWS managed customer master key (CMK) for SNS or a custom CMK. For more information, see [Key terms](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms). For more examples, see ``KeyId`` in the *API Reference*. This property applies only to [server-side-encryption](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html). type: string - anyOf: - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/Arn - - relationshipRef: - typeName: AWS::KMS::Key - propertyPath: /properties/KeyId - - relationshipRef: - typeName: AWS::KMS::Alias - propertyPath: /properties/AliasName DataProtectionPolicy: description: |- The body of the policy document you want to use for this topic. @@ -703,7 +686,15 @@ components: description: Tracing mode of an SNS topic. By default ``TracingConfig`` is set to ``PassThrough``, and the topic passes through the tracing header it receives from an SNS publisher to its subscriptions. If set to ``Active``, SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true. type: string DeliveryStatusLogging: - description: '' + description: |- + The ``DeliveryStatusLogging`` configuration enables you to log the delivery status of messages sent from your Amazon SNS topic to subscribed endpoints with the following supported delivery protocols: + + HTTP + + Amazon Kinesis Data Firehose + + AWS Lambda + + Platform application endpoint + + Amazon Simple Queue Service + + Once configured, log entries are sent to Amazon CloudWatch Logs. type: array uniqueItems: true x-insertionOrder: false diff --git a/providers/src/aws/v00.00.00000/services/sqs.yaml b/providers/src/aws/v00.00.00000/services/sqs.yaml index dc52ee0a..27b84fcd 100644 --- a/providers/src/aws/v00.00.00000/services/sqs.yaml +++ b/providers/src/aws/v00.00.00000/services/sqs.yaml @@ -421,7 +421,7 @@ components: description: The time in seconds for which the delivery of all messages in the queue is delayed. You can specify an integer value of ``0`` to ``900`` (15 minutes). The default value is ``0``. FifoQueue: type: boolean - description: If set to true, creates a FIFO queue. If you don't specify this property, SQS creates a standard queue. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*. + description: If set to true, creates a FIFO queue. If you don't specify this property, SQS creates a standard queue. For more information, see [Amazon SQS FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-fifo-queues.html) in the *Developer Guide*. FifoThroughputLimit: description: |- For high throughput for FIFO queues, specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are ``perQueue`` and ``perMessageGroupId``. @@ -435,11 +435,11 @@ components: KmsMasterKeyId: type: string description: |- - The ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (e.g. ``alias/aws/sqs``), key ARN, or key ID. For more information, see the following: + The ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (for example ``alias/aws/sqs``), key ARN, or key ID. For more information, see the following: + [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html) in the *Developer Guide* + [CreateQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) in the *API Reference* + [Request Parameters](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the *Key Management Service API Reference* - + The Key Management Service (KMS) section of the [Best Practices](https://docs.aws.amazon.com/https://d0.awsstatic.com/whitepapers/aws-kms-best-practices.pdf) whitepaper + + The Key Management Service (KMS) section of the [Security best practices for Key Management Service](https://docs.aws.amazon.com/kms/latest/developerguide/best-practices.html) in the *Key Management Service Developer Guide* SqsManagedSseEnabled: type: boolean description: Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (for example, [SSE-KMS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html) or [SSE-SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sqs-sse-queue.html)). When ``SqsManagedSseEnabled`` is not defined, ``SSE-SQS`` encryption is enabled by default. @@ -452,7 +452,7 @@ components: QueueName: type: string description: |- - A name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the ``.fifo`` suffix. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*. + A name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the ``.fifo`` suffix. For more information, see [Amazon SQS FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-fifo-queues.html) in the *Developer Guide*. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the queue name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) in the *User Guide*. If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. ReceiveMessageWaitTimeSeconds: @@ -464,18 +464,18 @@ components: type: object description: |- The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows: - + ``redrivePermission``: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are: - + ``allowAll``: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue. - + ``denyAll``: No source queues can specify this queue as the dead-letter queue. - + ``byQueue``: Only queues specified by the ``sourceQueueArns`` parameter can specify this queue as the dead-letter queue. + + ``redrivePermission``: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are: + + ``allowAll``: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue. + + ``denyAll``: No source queues can specify this queue as the dead-letter queue. + + ``byQueue``: Only queues specified by the ``sourceQueueArns`` parameter can specify this queue as the dead-letter queue. - + ``sourceQueueArns``: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the ``redrivePermission`` parameter is set to ``byQueue``. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the ``redrivePermission`` parameter to ``allowAll``. + + ``sourceQueueArns``: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the ``redrivePermission`` parameter is set to ``byQueue``. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the ``redrivePermission`` parameter to ``allowAll``. RedrivePolicy: type: object description: |- The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows: - + ``deadLetterTargetArn``: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of ``maxReceiveCount`` is exceeded. - + ``maxReceiveCount``: The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the ``ReceiveCount`` for a message exceeds the ``maxReceiveCount`` for a queue, SQS moves the message to the dead-letter-queue. + + ``deadLetterTargetArn``: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of ``maxReceiveCount`` is exceeded. + + ``maxReceiveCount``: The number of times a message is received by a consumer of the source queue before being moved to the dead-letter queue. When the ``ReceiveCount`` for a message exceeds the ``maxReceiveCount`` for a queue, SQS moves the message to the dead-letter-queue. The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue. *JSON* @@ -506,7 +506,7 @@ components: + If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name. + To successfully create a new queue, you must provide a queue name that adheres to the [limits related to queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) and is unique within the scope of your queues. - For more information about creating FIFO (first-in-first-out) queues, see [Creating an queue ()](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/screate-queue-cloudformation.html) in the *Developer Guide*. + For more information about creating FIFO (first-in-first-out) queues, see [Creating an queue ()](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/create-queue-cloudformation.html) in the *Developer Guide*. x-type-name: AWS::SQS::Queue x-stackql-primary-identifier: - QueueUrl @@ -617,7 +617,7 @@ components: description: The time in seconds for which the delivery of all messages in the queue is delayed. You can specify an integer value of ``0`` to ``900`` (15 minutes). The default value is ``0``. FifoQueue: type: boolean - description: If set to true, creates a FIFO queue. If you don't specify this property, SQS creates a standard queue. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*. + description: If set to true, creates a FIFO queue. If you don't specify this property, SQS creates a standard queue. For more information, see [Amazon SQS FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-fifo-queues.html) in the *Developer Guide*. FifoThroughputLimit: description: |- For high throughput for FIFO queues, specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are ``perQueue`` and ``perMessageGroupId``. @@ -631,11 +631,11 @@ components: KmsMasterKeyId: type: string description: |- - The ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (e.g. ``alias/aws/sqs``), key ARN, or key ID. For more information, see the following: + The ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (for example ``alias/aws/sqs``), key ARN, or key ID. For more information, see the following: + [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html) in the *Developer Guide* + [CreateQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) in the *API Reference* + [Request Parameters](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the *Key Management Service API Reference* - + The Key Management Service (KMS) section of the [Best Practices](https://docs.aws.amazon.com/https://d0.awsstatic.com/whitepapers/aws-kms-best-practices.pdf) whitepaper + + The Key Management Service (KMS) section of the [Security best practices for Key Management Service](https://docs.aws.amazon.com/kms/latest/developerguide/best-practices.html) in the *Key Management Service Developer Guide* SqsManagedSseEnabled: type: boolean description: >- @@ -650,7 +650,7 @@ components: QueueName: type: string description: |- - A name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the ``.fifo`` suffix. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*. + A name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the ``.fifo`` suffix. For more information, see [Amazon SQS FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-fifo-queues.html) in the *Developer Guide*. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the queue name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) in the *User Guide*. If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. ReceiveMessageWaitTimeSeconds: @@ -662,18 +662,18 @@ components: type: object description: |- The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows: - + ``redrivePermission``: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are: - + ``allowAll``: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue. - + ``denyAll``: No source queues can specify this queue as the dead-letter queue. - + ``byQueue``: Only queues specified by the ``sourceQueueArns`` parameter can specify this queue as the dead-letter queue. + + ``redrivePermission``: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are: + + ``allowAll``: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue. + + ``denyAll``: No source queues can specify this queue as the dead-letter queue. + + ``byQueue``: Only queues specified by the ``sourceQueueArns`` parameter can specify this queue as the dead-letter queue. - + ``sourceQueueArns``: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the ``redrivePermission`` parameter is set to ``byQueue``. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the ``redrivePermission`` parameter to ``allowAll``. + + ``sourceQueueArns``: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the ``redrivePermission`` parameter is set to ``byQueue``. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the ``redrivePermission`` parameter to ``allowAll``. RedrivePolicy: type: object description: |- The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows: - + ``deadLetterTargetArn``: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of ``maxReceiveCount`` is exceeded. - + ``maxReceiveCount``: The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the ``ReceiveCount`` for a message exceeds the ``maxReceiveCount`` for a queue, SQS moves the message to the dead-letter-queue. + + ``deadLetterTargetArn``: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of ``maxReceiveCount`` is exceeded. + + ``maxReceiveCount``: The number of times a message is received by a consumer of the source queue before being moved to the dead-letter queue. When the ``ReceiveCount`` for a message exceeds the ``maxReceiveCount`` for a queue, SQS moves the message to the dead-letter-queue. The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue. *JSON* diff --git a/providers/src/aws/v00.00.00000/services/ssm.yaml b/providers/src/aws/v00.00.00000/services/ssm.yaml index a17956b2..356fe942 100644 --- a/providers/src/aws/v00.00.00000/services/ssm.yaml +++ b/providers/src/aws/v00.00.00000/services/ssm.yaml @@ -1307,8 +1307,10 @@ components: read: - ssm:GetResourcePolicies update: + - ssm:GetResourcePolicies - ssm:PutResourcePolicy delete: + - ssm:GetResourcePolicies - ssm:DeleteResourcePolicy list: - ssm:GetResourcePolicies diff --git a/providers/src/aws/v00.00.00000/services/ssmquicksetup.yaml b/providers/src/aws/v00.00.00000/services/ssmquicksetup.yaml new file mode 100644 index 00000000..59dca08b --- /dev/null +++ b/providers/src/aws/v00.00.00000/services/ssmquicksetup.yaml @@ -0,0 +1,1111 @@ +openapi: 3.0.0 +info: + title: SSMQuickSetup + version: 2.0.0 + x-serviceName: cloudcontrolapi +servers: + - url: https://cloudcontrolapi.{region}.amazonaws.com + variables: + region: + description: The AWS region + enum: + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - us-gov-west-1 + - us-gov-east-1 + - ca-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - eu-central-1 + - eu-south-1 + - af-south-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-southeast-1 + - ap-southeast-2 + - ap-east-1 + - ap-south-1 + - sa-east-1 + - me-south-1 + default: us-east-1 + description: The CloudControlApi multi-region endpoint + - url: https://cloudcontrolapi.{region}.amazonaws.com.cn + variables: + region: + description: The AWS region + enum: + - cn-north-1 + - cn-northwest-1 + default: cn-north-1 + description: The CloudControlApi endpoint for China (Beijing) and China (Ningxia) +components: + parameters: + X-Amz-Content-Sha256: + name: X-Amz-Content-Sha256 + in: header + schema: + type: string + required: false + X-Amz-Date: + name: X-Amz-Date + in: header + schema: + type: string + required: false + X-Amz-Algorithm: + name: X-Amz-Algorithm + in: header + schema: + type: string + required: false + X-Amz-Credential: + name: X-Amz-Credential + in: header + schema: + type: string + required: false + X-Amz-Security-Token: + name: X-Amz-Security-Token + in: header + schema: + type: string + required: false + X-Amz-Signature: + name: X-Amz-Signature + in: header + schema: + type: string + required: false + X-Amz-SignedHeaders: + name: X-Amz-SignedHeaders + in: header + schema: + type: string + required: false + x-cloud-control-schemas: + AlreadyExistsException: {} + CancelResourceRequestInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: CancelResourceRequestInput + type: object + CancelResourceRequestOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + ClientToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + ClientTokenConflictException: {} + ConcurrentModificationException: {} + ConcurrentOperationException: {} + CreateResourceInput: + properties: + ClientToken: + type: string + DesiredState: + allOf: + - $ref: '#/components/x-cloud-control-schemas/Properties' + - description: >- +

Structured data format representing the desired state of the resource, consisting of that resource's properties and their desired values.

Cloud Control API currently supports JSON as a structured data format.

 
 <p>Specify the desired state as one of the following:</p> <ul> <li> <p>A JSON blob</p> </li> <li> <p>A local path containing the desired state in JSON data format</p>
+                </li> </ul> <p>For more information, see <a href="https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-create.html#resource-operations-create-desiredstate">Composing the desired state of the resource</a> in the <i>Amazon Web Services Cloud Control API User Guide</i>.</p> <p>For more information about the properties of a specific resource, refer to the related topic for the resource in the
+                <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Resource and property types reference</a> in the <i>CloudFormation Users Guide</i>.</p>
+ RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - DesiredState + title: CreateResourceInput + type: object + CreateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + DeleteResourceInput: + properties: + ClientToken: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + required: + - Identifier + title: DeleteResourceInput + type: object + DeleteResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + GeneralServiceException: {} + GetResourceInput: + properties: + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + required: + - TypeName + - Identifier + title: GetResourceInput + type: object + GetResourceOutput: + properties: + ResourceDescription: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + TypeName: + type: string + type: object + GetResourceRequestStatusInput: + properties: + RequestToken: + $ref: '#/components/x-cloud-control-schemas/RequestToken' + required: + - RequestToken + title: GetResourceRequestStatusInput + type: object + GetResourceRequestStatusOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + HandlerErrorCode: + enum: + - NotUpdatable + - InvalidRequest + - AccessDenied + - InvalidCredentials + - AlreadyExists + - NotFound + - ResourceConflict + - Throttling + - ServiceLimitExceeded + - NotStabilized + - GeneralServiceException + - ServiceInternalError + - ServiceTimeout + - NetworkFailure + - InternalFailure + type: string + HandlerFailureException: {} + HandlerInternalFailureException: {} + HandlerNextToken: + maxLength: 2048 + minLength: 1 + pattern: .+ + type: string + Identifier: + maxLength: 1024 + minLength: 1 + pattern: .+ + type: string + InvalidCredentialsException: {} + InvalidRequestException: {} + MaxResults: + maximum: 100 + minimum: 1 + type: integer + NetworkFailureException: {} + NextToken: + maxLength: 2048 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + NotStabilizedException: {} + NotUpdatableException: {} + Operation: + enum: + - CREATE + - DELETE + - UPDATE + type: string + OperationStatus: + enum: + - PENDING + - IN_PROGRESS + - SUCCESS + - FAILED + - CANCEL_IN_PROGRESS + - CANCEL_COMPLETE + type: string + OperationStatuses: + items: + $ref: '#/components/x-cloud-control-schemas/OperationStatus' + type: array + Operations: + items: + $ref: '#/components/x-cloud-control-schemas/Operation' + type: array + PatchDocument: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + PrivateTypeException: {} + ProgressEvent: + example: + ErrorCode: string + EventTime: number + Identifier: string + Operation: string + OperationStatus: string + RequestToken: string + ResourceModel: string + RetryAfter: number + StatusMessage: string + TypeName: string + properties: + ErrorCode: + type: string + EventTime: + type: number + Identifier: + type: string + Operation: + type: string + OperationStatus: + type: string + RequestToken: + type: string + ResourceModel: + type: string + RetryAfter: + type: number + StatusMessage: + type: string + TypeName: + type: string + type: object + Properties: + format: password + maxLength: 65536 + minLength: 1 + pattern: '[\s\S]*' + type: string + RequestToken: + maxLength: 128 + minLength: 1 + pattern: '[-A-Za-z0-9+/=]+' + type: string + RequestTokenNotFoundException: {} + ResourceConflictException: {} + ResourceDescription: + description: Represents information about a provisioned resource. + properties: + Identifier: + type: string + Properties: + type: string + type: object + ResourceDescriptions: + items: + $ref: '#/components/x-cloud-control-schemas/ResourceDescription' + type: array + ResourceNotFoundException: {} + ResourceRequestStatusFilter: + description: The filter criteria to use in determining the requests returned. + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/OperationStatuses' + - description: >- +

The operation statuses to include in the filter.

  • PENDING: The operation has been requested, but not yet initiated.

  • IN_PROGRESS: The operation is in progress.

  • SUCCESS: The operation completed.

  • FAILED: The operation failed.

  • CANCEL_IN_PROGRESS: The operation is in the process of being canceled.

  • + CANCEL_COMPLETE: The operation has been canceled.

+ type: object + ResourceRequestStatusSummaries: + items: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: array + RoleArn: + maxLength: 2048 + minLength: 20 + pattern: arn:.+:iam::[0-9]{12}:role/.+ + type: string + ServiceInternalErrorException: {} + ServiceLimitExceededException: {} + StatusMessage: + maxLength: 1024 + minLength: 0 + pattern: '[\s\S]*' + type: string + ThrottlingException: {} + Timestamp: + format: date-time + type: string + TypeName: + maxLength: 196 + minLength: 10 + pattern: '[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}' + type: string + TypeNotFoundException: {} + TypeVersionId: + maxLength: 128 + minLength: 1 + pattern: '[A-Za-z0-9-]+' + type: string + UnsupportedActionException: {} + UpdateResourceInput: + properties: + undefined: + allOf: + - $ref: '#/components/x-cloud-control-schemas/PatchDocument' + required: + - Identifier + - PatchDocument + title: UpdateResourceInput + type: object + UpdateResourceOutput: + properties: + ProgressEvent: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + type: object + schemas: + ConfigurationDefinition: + type: object + properties: + Type: + type: string + pattern: ^[a-zA-Z0-9_\-.:/]{3,200}$ + Parameters: + $ref: '#/components/schemas/ConfigurationParametersMap' + TypeVersion: + type: string + maxLength: 128 + minLength: 1 + LocalDeploymentExecutionRoleName: + type: string + maxLength: 256 + minLength: 1 + LocalDeploymentAdministrationRoleArn: + type: string + id: + type: string + required: + - Parameters + - Type + additionalProperties: false + ConfigurationParametersMap: + type: object + x-patternProperties: + ^[A-Za-z0-9+=@_\/\s-]+$: + type: string + maxLength: 40960 + additionalProperties: false + Status: + type: string + enum: + - INITIALIZING + - DEPLOYING + - SUCCEEDED + - DELETING + - STOPPING + - FAILED + - STOPPED + - DELETE_FAILED + - STOP_FAILED + - NONE + StatusDetails: + type: object + x-patternProperties: + .+: + type: string + additionalProperties: false + StatusSummary: + type: object + properties: + StatusType: + $ref: '#/components/schemas/StatusType' + Status: + $ref: '#/components/schemas/Status' + StatusMessage: + type: string + LastUpdatedAt: + type: string + StatusDetails: + $ref: '#/components/schemas/StatusDetails' + required: + - LastUpdatedAt + - StatusType + additionalProperties: false + StatusType: + type: string + enum: + - Deployment + - AsyncExecutions + TagsMap: + type: object + x-patternProperties: + ^[A-Za-z0-9 +=@_\/:.-]+$: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9 +=@_\/:.-]+$ + additionalProperties: false + ConfigurationManager: + type: object + properties: + ConfigurationDefinitions: + type: array + items: + $ref: '#/components/schemas/ConfigurationDefinition' + CreatedAt: + type: string + Description: + type: string + pattern: ^.{0,512}$ + LastModifiedAt: + type: string + ManagerArn: + type: string + Name: + type: string + pattern: ^[ A-Za-z0-9_-]{1,50}$ + StatusSummaries: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/StatusSummary' + Tags: + $ref: '#/components/schemas/TagsMap' + required: + - ConfigurationDefinitions + x-stackql-resource-name: configuration_manager + description: Definition of AWS::SSMQuickSetup::ConfigurationManager Resource Type + x-type-name: AWS::SSMQuickSetup::ConfigurationManager + x-stackql-primary-identifier: + - ManagerArn + x-create-only-properties: + - ConfigurationDefinitions/*/Type + - ConfigurationDefinitions/*/TypeVersion + x-read-only-properties: + - CreatedAt + - LastModifiedAt + - ManagerArn + - StatusSummaries + - ConfigurationDefinitions/*/id + x-required-properties: + - ConfigurationDefinitions + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + permissions: + - ssm-quicksetup:TagResource + - ssm-quicksetup:UntagResource + x-required-permissions: + create: + - iam:GetRole + - iam:CreateServiceLinkedRole + - iam:ListRoles + - iam:PassRole + - ssm-quicksetup:CreateConfigurationManager + - ssm-quicksetup:GetConfigurationManager + - ssm-quicksetup:TagResource + - ssm-quicksetup:UntagResource + - ssm-quicksetup:UpdateConfigurationManager + - ssm:Describe* + - ssm:Get* + - ssm:List* + - ssm:DeleteAssociation + - ssm:CreateResourceDataSync + - ssm:UpdateResourceDataSync + - ssm:StartAutomationExecution + - ssm:CreateAssociation + - ssm:StartAssociationsOnce + - cloudformation:List* + - cloudformation:Describe* + - cloudformation:CreateStack + - cloudformation:CreateStackInstances + - cloudformation:CreateStackSet + - cloudformation:DeleteStack + - cloudformation:DeleteStackInstances + - cloudformation:DeleteStackSet + - cloudformation:UpdateStack + - cloudformation:UpdateStackSet + - cloudformation:StopStackSetOperation + - cloudformation:GetTemplate + - cloudformation:RollbackStack + - cloudformation:TagResource + - cloudformation:UntagResource + - organizations:Describe* + - organizations:List* + - organizations:RegisterDelegatedAdministrator + - organizations:DeregisterDelegatedAdministrator + - organizations:EnableAWSServiceAccess + read: + - ssm-quicksetup:GetConfigurationManager + - iam:GetRole + - iam:PassRole + - iam:ListRoles + - ssm:DescribeDocument + - ssm:GetDocument + update: + - iam:GetRole + - iam:CreateServiceLinkedRole + - iam:ListRoles + - iam:PassRole + - ssm-quicksetup:GetConfigurationManager + - ssm-quicksetup:TagResource + - ssm-quicksetup:UntagResource + - ssm-quicksetup:UpdateConfigurationManager + - ssm-quicksetup:UpdateConfigurationDefinition + - ssm:Describe* + - ssm:Get* + - ssm:List* + - ssm:DeleteAssociation + - ssm:CreateResourceDataSync + - ssm:UpdateResourceDataSync + - ssm:StartAutomationExecution + - ssm:CreateAssociation + - ssm:StartAssociationsOnce + - cloudformation:List* + - cloudformation:Describe* + - cloudformation:CreateStack + - cloudformation:CreateStackInstances + - cloudformation:CreateStackSet + - cloudformation:DeleteStack + - cloudformation:DeleteStackInstances + - cloudformation:DeleteStackSet + - cloudformation:UpdateStack + - cloudformation:UpdateStackSet + - cloudformation:StopStackSetOperation + - cloudformation:GetTemplate + - cloudformation:RollbackStack + - cloudformation:TagResource + - cloudformation:UntagResource + - organizations:Describe* + - organizations:List* + - organizations:RegisterDelegatedAdministrator + - organizations:DeregisterDelegatedAdministrator + - organizations:EnableAWSServiceAccess + delete: + - ssm-quicksetup:DeleteConfigurationManager + - iam:GetRole + - iam:CreateServiceLinkedRole + - iam:ListRoles + - iam:PassRole + - ssm-quicksetup:GetConfigurationManager + - ssm-quicksetup:ListConfigurationManagers + - ssm-quicksetup:TagResource + - ssm-quicksetup:UntagResource + - ssm-quicksetup:UpdateConfigurationManager + - ssm:Describe* + - ssm:Get* + - ssm:List* + - ssm:DeleteAssociation + - ssm:CreateResourceDataSync + - ssm:UpdateResourceDataSync + - ssm:StartAutomationExecution + - ssm:CreateAssociation + - ssm:StartAssociationsOnce + - cloudformation:List* + - cloudformation:Describe* + - cloudformation:CreateStack + - cloudformation:CreateStackInstances + - cloudformation:CreateStackSet + - cloudformation:DeleteStack + - cloudformation:DeleteStackInstances + - cloudformation:DeleteStackSet + - cloudformation:UpdateStack + - cloudformation:UpdateStackSet + - cloudformation:StopStackSetOperation + - cloudformation:GetTemplate + - cloudformation:RollbackStack + - cloudformation:TagResource + - cloudformation:UntagResource + - organizations:Describe* + - organizations:List* + - organizations:RegisterDelegatedAdministrator + - organizations:DeregisterDelegatedAdministrator + - organizations:EnableAWSServiceAccess + list: + - ssm-quicksetup:ListConfigurationManagers + CreateConfigurationManagerRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + ConfigurationDefinitions: + type: array + items: + $ref: '#/components/schemas/ConfigurationDefinition' + CreatedAt: + type: string + Description: + type: string + pattern: ^.{0,512}$ + LastModifiedAt: + type: string + ManagerArn: + type: string + Name: + type: string + pattern: ^[ A-Za-z0-9_-]{1,50}$ + StatusSummaries: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/StatusSummary' + Tags: + $ref: '#/components/schemas/TagsMap' + x-stackQL-stringOnly: true + x-title: CreateConfigurationManagerRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + configuration_managers: + name: configuration_managers + id: aws.ssmquicksetup.configuration_managers + x-cfn-schema-name: ConfigurationManager + x-cfn-type-name: AWS::SSMQuickSetup::ConfigurationManager + x-identifiers: + - ManagerArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ConfigurationManager&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SSMQuickSetup::ConfigurationManager" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SSMQuickSetup::ConfigurationManager" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::SSMQuickSetup::ConfigurationManager" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/configuration_managers/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/configuration_managers/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/configuration_managers/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.ConfigurationDefinitions') as configuration_definitions, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.LastModifiedAt') as last_modified_at, + JSON_EXTRACT(Properties, '$.ManagerArn') as manager_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.StatusSummaries') as status_summaries, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMQuickSetup::ConfigurationManager' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.ConfigurationDefinitions') as configuration_definitions, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.LastModifiedAt') as last_modified_at, + JSON_EXTRACT(detail.Properties, '$.ManagerArn') as manager_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.StatusSummaries') as status_summaries, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SSMQuickSetup::ConfigurationManager' + AND detail.data__TypeName = 'AWS::SSMQuickSetup::ConfigurationManager' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'ConfigurationDefinitions') as configuration_definitions, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'LastModifiedAt') as last_modified_at, + json_extract_path_text(Properties, 'ManagerArn') as manager_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'StatusSummaries') as status_summaries, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SSMQuickSetup::ConfigurationManager' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'ConfigurationDefinitions') as configuration_definitions, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'LastModifiedAt') as last_modified_at, + json_extract_path_text(detail.Properties, 'ManagerArn') as manager_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'StatusSummaries') as status_summaries, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::SSMQuickSetup::ConfigurationManager' + AND detail.data__TypeName = 'AWS::SSMQuickSetup::ConfigurationManager' + AND listing.region = 'us-east-1' + configuration_managers_list_only: + name: configuration_managers_list_only + id: aws.ssmquicksetup.configuration_managers_list_only + x-cfn-schema-name: ConfigurationManager + x-cfn-type-name: AWS::SSMQuickSetup::ConfigurationManager + x-identifiers: + - ManagerArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.ManagerArn') as manager_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSMQuickSetup::ConfigurationManager' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'ManagerArn') as manager_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::SSMQuickSetup::ConfigurationManager' + AND region = 'us-east-1' + configuration_manager_tags: + name: configuration_manager_tags + id: aws.ssmquicksetup.configuration_manager_tags + x-cfn-schema-name: ConfigurationManager + x-cfn-type-name: AWS::SSMQuickSetup::ConfigurationManager + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.ConfigurationDefinitions') as configuration_definitions, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.LastModifiedAt') as last_modified_at, + JSON_EXTRACT(detail.Properties, '$.ManagerArn') as manager_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.StatusSummaries') as status_summaries + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::SSMQuickSetup::ConfigurationManager' + AND detail.data__TypeName = 'AWS::SSMQuickSetup::ConfigurationManager' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'ConfigurationDefinitions') as configuration_definitions, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'LastModifiedAt') as last_modified_at, + json_extract_path_text(detail.Properties, 'ManagerArn') as manager_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'StatusSummaries') as status_summaries + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::SSMQuickSetup::ConfigurationManager' + AND detail.data__TypeName = 'AWS::SSMQuickSetup::ConfigurationManager' + AND listing.region = 'us-east-1' +paths: + /?Action=CreateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__ConfigurationManager&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateConfigurationManager + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateConfigurationManagerRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success +x-stackQL-config: + requestTranslate: + algorithm: drop_double_underscore_params + pagination: + requestToken: + key: NextToken + location: body + responseToken: + key: NextToken + location: body diff --git a/providers/src/aws/v00.00.00000/services/sso.yaml b/providers/src/aws/v00.00.00000/services/sso.yaml index a1139f84..7f9bf640 100644 --- a/providers/src/aws/v00.00.00000/services/sso.yaml +++ b/providers/src/aws/v00.00.00000/services/sso.yaml @@ -733,6 +733,7 @@ components: tagOnCreate: true tagUpdatable: true tagProperty: /properties/Tags + cloudFormationSystemTags: true x-required-permissions: create: - sso:CreateInstance diff --git a/providers/src/aws/v00.00.00000/services/stepfunctions.yaml b/providers/src/aws/v00.00.00000/services/stepfunctions.yaml index 69eef5bf..bfca95de 100644 --- a/providers/src/aws/v00.00.00000/services/stepfunctions.yaml +++ b/providers/src/aws/v00.00.00000/services/stepfunctions.yaml @@ -386,37 +386,58 @@ components: type: object schemas: TagsEntry: - additionalProperties: false type: object properties: - Value: - minLength: 1 - type: string - maxLength: 256 Key: - minLength: 1 type: string + minLength: 1 maxLength: 128 + Value: + type: string + minLength: 1 + maxLength: 256 + additionalProperties: false required: - Key - Value + EncryptionConfiguration: + type: object + additionalProperties: false + properties: + KmsKeyId: + type: string + minLength: 1 + maxLength: 2048 + KmsDataKeyReusePeriodSeconds: + type: integer + minimum: 60 + maximum: 900 + Type: + type: string + enum: + - CUSTOMER_MANAGED_KMS_KEY + - AWS_OWNED_KEY + required: + - Type Activity: type: object properties: Arn: - minLength: 1 type: string + minLength: 1 maxLength: 2048 + Name: + type: string + minLength: 1 + maxLength: 80 Tags: + type: array uniqueItems: false x-insertionOrder: false - type: array items: $ref: '#/components/schemas/TagsEntry' - Name: - minLength: 1 - type: string - maxLength: 80 + EncryptionConfiguration: + $ref: '#/components/schemas/EncryptionConfiguration' required: - Name x-stackql-resource-name: activity @@ -426,6 +447,7 @@ components: - Arn x-create-only-properties: - Name + - EncryptionConfiguration x-read-only-properties: - Arn x-required-properties: @@ -434,36 +456,47 @@ components: taggable: true tagOnCreate: true tagUpdatable: true - tagProperty: /properties/Tags cloudFormationSystemTags: true - x-required-permissions: - read: - - states:DescribeActivity + tagProperty: /properties/Tags + permissions: + - states:UntagResource + - states:TagResource - states:ListTagsForResource + x-required-permissions: create: - states:CreateActivity - states:TagResource + - kms:DescribeKey + read: + - states:DescribeActivity + - states:ListTagsForResource update: - states:ListTagsForResource - states:TagResource - states:UntagResource - list: - - states:ListActivities delete: - states:DescribeActivity - states:DeleteActivity - LoggingConfiguration: + list: + - states:ListActivities + CloudWatchLogsLogGroup: + type: object additionalProperties: false + properties: + LogGroupArn: + type: string + minLength: 1 + maxLength: 256 + LogDestination: type: object + additionalProperties: false + properties: + CloudWatchLogsLogGroup: + $ref: '#/components/schemas/CloudWatchLogsLogGroup' + LoggingConfiguration: + type: object + additionalProperties: false properties: - IncludeExecutionData: - type: boolean - Destinations: - minItems: 1 - x-insertionOrder: false - type: array - items: - $ref: '#/components/schemas/LogDestination' Level: type: string enum: @@ -471,98 +504,94 @@ components: - ERROR - FATAL - 'OFF' - DefinitionSubstitutions: - x-patternProperties: - .*: - anyOf: - - type: string - - type: integer - - type: boolean - additionalProperties: false - type: object - minProperties: 1 - Definition: - type: object - minProperties: 1 - LogDestination: - additionalProperties: false + IncludeExecutionData: + type: boolean + Destinations: + type: array + minItems: 1 + x-insertionOrder: false + items: + $ref: '#/components/schemas/LogDestination' + TracingConfiguration: type: object - properties: - CloudWatchLogsLogGroup: - $ref: '#/components/schemas/CloudWatchLogsLogGroup' - CloudWatchLogsLogGroup: additionalProperties: false - type: object properties: - LogGroupArn: - minLength: 1 - type: string - maxLength: 256 + Enabled: + type: boolean S3Location: - additionalProperties: false type: object + additionalProperties: false properties: Bucket: type: string - Version: - type: string Key: type: string + Version: + type: string required: - Bucket - Key - TracingConfiguration: + DefinitionSubstitutions: + type: object additionalProperties: false + x-patternProperties: + .*: + anyOf: + - type: string + - type: integer + - type: boolean + minProperties: 1 + Definition: type: object - properties: - Enabled: - type: boolean + minProperties: 1 StateMachine: type: object properties: - DefinitionSubstitutions: - $ref: '#/components/schemas/DefinitionSubstitutions' - Definition: - $ref: '#/components/schemas/Definition' - RoleArn: - minLength: 1 + Arn: type: string - maxLength: 256 + minLength: 1 + maxLength: 2048 Name: + type: string + minLength: 1 + maxLength: 80 + DefinitionString: + type: string minLength: 1 + maxLength: 1048576 + RoleArn: type: string + minLength: 1 + maxLength: 256 + StateMachineName: + type: string + minLength: 1 maxLength: 80 StateMachineType: type: string enum: - STANDARD - EXPRESS - TracingConfiguration: - $ref: '#/components/schemas/TracingConfiguration' - DefinitionString: - minLength: 1 - type: string - maxLength: 1048576 - LoggingConfiguration: - $ref: '#/components/schemas/LoggingConfiguration' StateMachineRevisionId: - minLength: 1 type: string + minLength: 1 maxLength: 256 + LoggingConfiguration: + $ref: '#/components/schemas/LoggingConfiguration' + TracingConfiguration: + $ref: '#/components/schemas/TracingConfiguration' + EncryptionConfiguration: + $ref: '#/components/schemas/EncryptionConfiguration' DefinitionS3Location: $ref: '#/components/schemas/S3Location' - Arn: - minLength: 1 - type: string - maxLength: 2048 - StateMachineName: - minLength: 1 - type: string - maxLength: 80 + DefinitionSubstitutions: + $ref: '#/components/schemas/DefinitionSubstitutions' + Definition: + $ref: '#/components/schemas/Definition' Tags: + type: array uniqueItems: false x-insertionOrder: false - type: array items: $ref: '#/components/schemas/TagsEntry' required: @@ -591,29 +620,38 @@ components: taggable: true tagOnCreate: true tagUpdatable: true - tagProperty: /properties/Tags cloudFormationSystemTags: true - x-required-permissions: - read: - - states:DescribeStateMachine + tagProperty: /properties/Tags + permissions: + - states:UntagResource + - states:TagResource - states:ListTagsForResource + x-required-permissions: create: - states:CreateStateMachine - states:DescribeStateMachine - states:TagResource - iam:PassRole - s3:GetObject + - kms:DescribeKey + - kms:GenerateDataKey + read: + - states:DescribeStateMachine + - states:ListTagsForResource + - kms:Decrypt update: - states:UpdateStateMachine - states:TagResource - states:UntagResource - states:ListTagsForResource - iam:PassRole - list: - - states:ListStateMachines + - kms:DescribeKey + - kms:GenerateDataKey delete: - states:DeleteStateMachine - states:DescribeStateMachine + list: + - states:ListStateMachines RoutingConfigurationVersion: type: object properties: @@ -759,6 +797,7 @@ components: x-create-only-properties: - StateMachineArn - StateMachineRevisionId + - Description x-write-only-properties: - StateMachineArn x-read-only-properties: @@ -793,19 +832,21 @@ components: type: object properties: Arn: - minLength: 1 type: string + minLength: 1 maxLength: 2048 + Name: + type: string + minLength: 1 + maxLength: 80 Tags: + type: array uniqueItems: false x-insertionOrder: false - type: array items: $ref: '#/components/schemas/TagsEntry' - Name: - minLength: 1 - type: string - maxLength: 80 + EncryptionConfiguration: + $ref: '#/components/schemas/EncryptionConfiguration' x-stackQL-stringOnly: true x-title: CreateActivityRequest type: object @@ -823,49 +864,51 @@ components: DesiredState: type: object properties: - DefinitionSubstitutions: - $ref: '#/components/schemas/DefinitionSubstitutions' - Definition: - $ref: '#/components/schemas/Definition' - RoleArn: - minLength: 1 + Arn: type: string - maxLength: 256 + minLength: 1 + maxLength: 2048 Name: + type: string + minLength: 1 + maxLength: 80 + DefinitionString: + type: string minLength: 1 + maxLength: 1048576 + RoleArn: type: string + minLength: 1 + maxLength: 256 + StateMachineName: + type: string + minLength: 1 maxLength: 80 StateMachineType: type: string enum: - STANDARD - EXPRESS - TracingConfiguration: - $ref: '#/components/schemas/TracingConfiguration' - DefinitionString: - minLength: 1 - type: string - maxLength: 1048576 - LoggingConfiguration: - $ref: '#/components/schemas/LoggingConfiguration' StateMachineRevisionId: - minLength: 1 type: string + minLength: 1 maxLength: 256 + LoggingConfiguration: + $ref: '#/components/schemas/LoggingConfiguration' + TracingConfiguration: + $ref: '#/components/schemas/TracingConfiguration' + EncryptionConfiguration: + $ref: '#/components/schemas/EncryptionConfiguration' DefinitionS3Location: $ref: '#/components/schemas/S3Location' - Arn: - minLength: 1 - type: string - maxLength: 2048 - StateMachineName: - minLength: 1 - type: string - maxLength: 80 + DefinitionSubstitutions: + $ref: '#/components/schemas/DefinitionSubstitutions' + Definition: + $ref: '#/components/schemas/Definition' Tags: + type: array uniqueItems: false x-insertionOrder: false - type: array items: $ref: '#/components/schemas/TagsEntry' x-stackQL-stringOnly: true @@ -1013,8 +1056,9 @@ components: region, data__Identifier, JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.Name') as name, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.Name') as name + JSON_EXTRACT(Properties, '$.EncryptionConfiguration') as encryption_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::StepFunctions::Activity' AND data__Identifier = '' AND region = 'us-east-1' @@ -1024,8 +1068,9 @@ components: SELECT detail.region, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.Name') as name + JSON_EXTRACT(detail.Properties, '$.EncryptionConfiguration') as encryption_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1040,8 +1085,9 @@ components: region, data__Identifier, json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'Name') as name, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'Name') as name + json_extract_path_text(Properties, 'EncryptionConfiguration') as encryption_configuration FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::StepFunctions::Activity' AND data__Identifier = '' AND region = 'us-east-1' @@ -1051,8 +1097,9 @@ components: SELECT detail.region, json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'Name') as name, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'Name') as name + json_extract_path_text(detail.Properties, 'EncryptionConfiguration') as encryption_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1112,7 +1159,8 @@ components: JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.Name') as name + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.EncryptionConfiguration') as encryption_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1129,7 +1177,8 @@ components: json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'Name') as name + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'EncryptionConfiguration') as encryption_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1201,18 +1250,19 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.DefinitionSubstitutions') as definition_substitutions, - JSON_EXTRACT(Properties, '$.Definition') as definition, - JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.StateMachineType') as state_machine_type, - JSON_EXTRACT(Properties, '$.TracingConfiguration') as tracing_configuration, JSON_EXTRACT(Properties, '$.DefinitionString') as definition_string, - JSON_EXTRACT(Properties, '$.LoggingConfiguration') as logging_configuration, + JSON_EXTRACT(Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(Properties, '$.StateMachineName') as state_machine_name, + JSON_EXTRACT(Properties, '$.StateMachineType') as state_machine_type, JSON_EXTRACT(Properties, '$.StateMachineRevisionId') as state_machine_revision_id, + JSON_EXTRACT(Properties, '$.LoggingConfiguration') as logging_configuration, + JSON_EXTRACT(Properties, '$.TracingConfiguration') as tracing_configuration, + JSON_EXTRACT(Properties, '$.EncryptionConfiguration') as encryption_configuration, JSON_EXTRACT(Properties, '$.DefinitionS3Location') as definition_s3_location, - JSON_EXTRACT(Properties, '$.Arn') as arn, - JSON_EXTRACT(Properties, '$.StateMachineName') as state_machine_name, + JSON_EXTRACT(Properties, '$.DefinitionSubstitutions') as definition_substitutions, + JSON_EXTRACT(Properties, '$.Definition') as definition, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::StepFunctions::StateMachine' AND data__Identifier = '' @@ -1222,18 +1272,19 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.DefinitionSubstitutions') as definition_substitutions, - JSON_EXTRACT(detail.Properties, '$.Definition') as definition, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.StateMachineType') as state_machine_type, - JSON_EXTRACT(detail.Properties, '$.TracingConfiguration') as tracing_configuration, JSON_EXTRACT(detail.Properties, '$.DefinitionString') as definition_string, - JSON_EXTRACT(detail.Properties, '$.LoggingConfiguration') as logging_configuration, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.StateMachineName') as state_machine_name, + JSON_EXTRACT(detail.Properties, '$.StateMachineType') as state_machine_type, JSON_EXTRACT(detail.Properties, '$.StateMachineRevisionId') as state_machine_revision_id, + JSON_EXTRACT(detail.Properties, '$.LoggingConfiguration') as logging_configuration, + JSON_EXTRACT(detail.Properties, '$.TracingConfiguration') as tracing_configuration, + JSON_EXTRACT(detail.Properties, '$.EncryptionConfiguration') as encryption_configuration, JSON_EXTRACT(detail.Properties, '$.DefinitionS3Location') as definition_s3_location, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.StateMachineName') as state_machine_name, + JSON_EXTRACT(detail.Properties, '$.DefinitionSubstitutions') as definition_substitutions, + JSON_EXTRACT(detail.Properties, '$.Definition') as definition, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -1248,18 +1299,19 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'DefinitionSubstitutions') as definition_substitutions, - json_extract_path_text(Properties, 'Definition') as definition, - json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'StateMachineType') as state_machine_type, - json_extract_path_text(Properties, 'TracingConfiguration') as tracing_configuration, json_extract_path_text(Properties, 'DefinitionString') as definition_string, - json_extract_path_text(Properties, 'LoggingConfiguration') as logging_configuration, + json_extract_path_text(Properties, 'RoleArn') as role_arn, + json_extract_path_text(Properties, 'StateMachineName') as state_machine_name, + json_extract_path_text(Properties, 'StateMachineType') as state_machine_type, json_extract_path_text(Properties, 'StateMachineRevisionId') as state_machine_revision_id, + json_extract_path_text(Properties, 'LoggingConfiguration') as logging_configuration, + json_extract_path_text(Properties, 'TracingConfiguration') as tracing_configuration, + json_extract_path_text(Properties, 'EncryptionConfiguration') as encryption_configuration, json_extract_path_text(Properties, 'DefinitionS3Location') as definition_s3_location, - json_extract_path_text(Properties, 'Arn') as arn, - json_extract_path_text(Properties, 'StateMachineName') as state_machine_name, + json_extract_path_text(Properties, 'DefinitionSubstitutions') as definition_substitutions, + json_extract_path_text(Properties, 'Definition') as definition, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::StepFunctions::StateMachine' AND data__Identifier = '' @@ -1269,18 +1321,19 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'DefinitionSubstitutions') as definition_substitutions, - json_extract_path_text(detail.Properties, 'Definition') as definition, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'StateMachineType') as state_machine_type, - json_extract_path_text(detail.Properties, 'TracingConfiguration') as tracing_configuration, json_extract_path_text(detail.Properties, 'DefinitionString') as definition_string, - json_extract_path_text(detail.Properties, 'LoggingConfiguration') as logging_configuration, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'StateMachineName') as state_machine_name, + json_extract_path_text(detail.Properties, 'StateMachineType') as state_machine_type, json_extract_path_text(detail.Properties, 'StateMachineRevisionId') as state_machine_revision_id, + json_extract_path_text(detail.Properties, 'LoggingConfiguration') as logging_configuration, + json_extract_path_text(detail.Properties, 'TracingConfiguration') as tracing_configuration, + json_extract_path_text(detail.Properties, 'EncryptionConfiguration') as encryption_configuration, json_extract_path_text(detail.Properties, 'DefinitionS3Location') as definition_s3_location, - json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'StateMachineName') as state_machine_name, + json_extract_path_text(detail.Properties, 'DefinitionSubstitutions') as definition_substitutions, + json_extract_path_text(detail.Properties, 'Definition') as definition, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -1340,18 +1393,19 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.DefinitionSubstitutions') as definition_substitutions, - JSON_EXTRACT(detail.Properties, '$.Definition') as definition, - JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.StateMachineType') as state_machine_type, - JSON_EXTRACT(detail.Properties, '$.TracingConfiguration') as tracing_configuration, JSON_EXTRACT(detail.Properties, '$.DefinitionString') as definition_string, - JSON_EXTRACT(detail.Properties, '$.LoggingConfiguration') as logging_configuration, + JSON_EXTRACT(detail.Properties, '$.RoleArn') as role_arn, + JSON_EXTRACT(detail.Properties, '$.StateMachineName') as state_machine_name, + JSON_EXTRACT(detail.Properties, '$.StateMachineType') as state_machine_type, JSON_EXTRACT(detail.Properties, '$.StateMachineRevisionId') as state_machine_revision_id, + JSON_EXTRACT(detail.Properties, '$.LoggingConfiguration') as logging_configuration, + JSON_EXTRACT(detail.Properties, '$.TracingConfiguration') as tracing_configuration, + JSON_EXTRACT(detail.Properties, '$.EncryptionConfiguration') as encryption_configuration, JSON_EXTRACT(detail.Properties, '$.DefinitionS3Location') as definition_s3_location, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.StateMachineName') as state_machine_name + JSON_EXTRACT(detail.Properties, '$.DefinitionSubstitutions') as definition_substitutions, + JSON_EXTRACT(detail.Properties, '$.Definition') as definition FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1367,18 +1421,19 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'DefinitionSubstitutions') as definition_substitutions, - json_extract_path_text(detail.Properties, 'Definition') as definition, - json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'StateMachineType') as state_machine_type, - json_extract_path_text(detail.Properties, 'TracingConfiguration') as tracing_configuration, json_extract_path_text(detail.Properties, 'DefinitionString') as definition_string, - json_extract_path_text(detail.Properties, 'LoggingConfiguration') as logging_configuration, + json_extract_path_text(detail.Properties, 'RoleArn') as role_arn, + json_extract_path_text(detail.Properties, 'StateMachineName') as state_machine_name, + json_extract_path_text(detail.Properties, 'StateMachineType') as state_machine_type, json_extract_path_text(detail.Properties, 'StateMachineRevisionId') as state_machine_revision_id, + json_extract_path_text(detail.Properties, 'LoggingConfiguration') as logging_configuration, + json_extract_path_text(detail.Properties, 'TracingConfiguration') as tracing_configuration, + json_extract_path_text(detail.Properties, 'EncryptionConfiguration') as encryption_configuration, json_extract_path_text(detail.Properties, 'DefinitionS3Location') as definition_s3_location, - json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'StateMachineName') as state_machine_name + json_extract_path_text(detail.Properties, 'DefinitionSubstitutions') as definition_substitutions, + json_extract_path_text(detail.Properties, 'Definition') as definition FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/synthetics.yaml b/providers/src/aws/v00.00.00000/services/synthetics.yaml index 0f461cd5..cbe16c12 100644 --- a/providers/src/aws/v00.00.00000/services/synthetics.yaml +++ b/providers/src/aws/v00.00.00000/services/synthetics.yaml @@ -453,6 +453,9 @@ components: type: array items: type: string + Ipv6AllowedForDualStack: + description: Allow outbound IPv6 traffic on VPC canaries that are connected to dual-stack subnets if set to true + type: boolean required: - SubnetIds - SecurityGroupIds @@ -521,13 +524,18 @@ components: KmsKeyArn: type: string description: KMS key Arn for encrypting artifacts when uploading to S3. You must specify KMS key Arn for SSE_KMS encryption mode only. + ResourceToTag: + type: string + description: Specifies which resources canary tags should be replicated to. + enum: + - lambda-function Canary: type: object properties: Name: description: Name of the canary. type: string - pattern: ^[0-9a-z_\-]{1,21}$ + pattern: ^[0-9a-z_\-]{1,255}$ Id: description: Id of the canary type: string @@ -579,6 +587,18 @@ components: DeleteLambdaResourcesOnCanaryDeletion: description: Deletes associated lambda resources created by Synthetics if set to True. Default is False type: boolean + ResourcesToReplicateTags: + type: array + uniqueItems: true + description: List of resources which canary tags should be replicated to. + items: + $ref: '#/components/schemas/ResourceToTag' + ProvisionedResourceCleanup: + description: Setting to control if provisioned resources created by Synthetics are deleted alongside the canary. Default is AUTOMATIC. + type: string + enum: + - AUTOMATIC + - 'OFF' required: - Name - Code @@ -600,6 +620,7 @@ components: - Code/Script - DeleteLambdaResourcesOnCanaryDeletion - StartCanaryAfterCreation + - ResourcesToReplicateTags - RunConfig/EnvironmentVariables - VisualReference x-read-only-properties: @@ -630,11 +651,13 @@ components: - lambda:CreateFunction - lambda:AddPermission - lambda:PublishVersion + - lambda:UpdateFunctionCode - lambda:UpdateFunctionConfiguration - lambda:GetFunctionConfiguration - lambda:GetLayerVersionByArn - lambda:GetLayerVersion - lambda:PublishLayerVersion + - lambda:TagResource - ec2:DescribeVpcs - ec2:DescribeSubnets - ec2:DescribeSecurityGroups @@ -653,12 +676,19 @@ components: - s3:GetBucketLocation - lambda:AddPermission - lambda:PublishVersion + - lambda:UpdateFunctionCode - lambda:UpdateFunctionConfiguration - lambda:GetFunctionConfiguration - lambda:GetLayerVersionByArn - lambda:GetLayerVersion - lambda:PublishLayerVersion + - lambda:ListTags + - lambda:TagResource + - lambda:UntagResource - iam:PassRole + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups read: - synthetics:GetCanary - synthetics:DescribeCanaries @@ -669,12 +699,14 @@ components: delete: - synthetics:DeleteCanary - synthetics:GetCanary + - lambda:DeleteFunction + - lambda:DeleteLayerVersion list: - synthetics:DescribeCanaries ResourceArn: type: string description: Provide Canary Arn associated with the group. - pattern: arn:(aws[a-zA-Z-]*)?:synthetics:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:\d{12}:canary:[0-9a-z_\-] + pattern: arn:(aws[a-zA-Z-]*)?:synthetics:[a-z]{2}((-gov)|(-iso(b|e|f?)))?-[a-z]+-\d{1}:\d{12}:canary:[0-9a-z_\-] Group: type: object properties: @@ -750,7 +782,7 @@ components: Name: description: Name of the canary. type: string - pattern: ^[0-9a-z_\-]{1,21}$ + pattern: ^[0-9a-z_\-]{1,255}$ Id: description: Id of the canary type: string @@ -802,6 +834,18 @@ components: DeleteLambdaResourcesOnCanaryDeletion: description: Deletes associated lambda resources created by Synthetics if set to True. Default is False type: boolean + ResourcesToReplicateTags: + type: array + uniqueItems: true + description: List of resources which canary tags should be replicated to. + items: + $ref: '#/components/schemas/ResourceToTag' + ProvisionedResourceCleanup: + description: Setting to control if provisioned resources created by Synthetics are deleted alongside the canary. Default is AUTOMATIC. + type: string + enum: + - AUTOMATIC + - 'OFF' x-stackQL-stringOnly: true x-title: CreateCanaryRequest type: object @@ -929,7 +973,9 @@ components: JSON_EXTRACT(Properties, '$.RunConfig') as run_config, JSON_EXTRACT(Properties, '$.StartCanaryAfterCreation') as start_canary_after_creation, JSON_EXTRACT(Properties, '$.VisualReference') as visual_reference, - JSON_EXTRACT(Properties, '$.DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion + JSON_EXTRACT(Properties, '$.DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion, + JSON_EXTRACT(Properties, '$.ResourcesToReplicateTags') as resources_to_replicate_tags, + JSON_EXTRACT(Properties, '$.ProvisionedResourceCleanup') as provisioned_resource_cleanup FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Synthetics::Canary' AND data__Identifier = '' AND region = 'us-east-1' @@ -954,7 +1000,9 @@ components: JSON_EXTRACT(detail.Properties, '$.RunConfig') as run_config, JSON_EXTRACT(detail.Properties, '$.StartCanaryAfterCreation') as start_canary_after_creation, JSON_EXTRACT(detail.Properties, '$.VisualReference') as visual_reference, - JSON_EXTRACT(detail.Properties, '$.DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion + JSON_EXTRACT(detail.Properties, '$.DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion, + JSON_EXTRACT(detail.Properties, '$.ResourcesToReplicateTags') as resources_to_replicate_tags, + JSON_EXTRACT(detail.Properties, '$.ProvisionedResourceCleanup') as provisioned_resource_cleanup FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -984,7 +1032,9 @@ components: json_extract_path_text(Properties, 'RunConfig') as run_config, json_extract_path_text(Properties, 'StartCanaryAfterCreation') as start_canary_after_creation, json_extract_path_text(Properties, 'VisualReference') as visual_reference, - json_extract_path_text(Properties, 'DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion + json_extract_path_text(Properties, 'DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion, + json_extract_path_text(Properties, 'ResourcesToReplicateTags') as resources_to_replicate_tags, + json_extract_path_text(Properties, 'ProvisionedResourceCleanup') as provisioned_resource_cleanup FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Synthetics::Canary' AND data__Identifier = '' AND region = 'us-east-1' @@ -1009,7 +1059,9 @@ components: json_extract_path_text(detail.Properties, 'RunConfig') as run_config, json_extract_path_text(detail.Properties, 'StartCanaryAfterCreation') as start_canary_after_creation, json_extract_path_text(detail.Properties, 'VisualReference') as visual_reference, - json_extract_path_text(detail.Properties, 'DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion + json_extract_path_text(detail.Properties, 'DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion, + json_extract_path_text(detail.Properties, 'ResourcesToReplicateTags') as resources_to_replicate_tags, + json_extract_path_text(detail.Properties, 'ProvisionedResourceCleanup') as provisioned_resource_cleanup FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1083,7 +1135,9 @@ components: JSON_EXTRACT(detail.Properties, '$.RunConfig') as run_config, JSON_EXTRACT(detail.Properties, '$.StartCanaryAfterCreation') as start_canary_after_creation, JSON_EXTRACT(detail.Properties, '$.VisualReference') as visual_reference, - JSON_EXTRACT(detail.Properties, '$.DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion + JSON_EXTRACT(detail.Properties, '$.DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion, + JSON_EXTRACT(detail.Properties, '$.ResourcesToReplicateTags') as resources_to_replicate_tags, + JSON_EXTRACT(detail.Properties, '$.ProvisionedResourceCleanup') as provisioned_resource_cleanup FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1114,7 +1168,9 @@ components: json_extract_path_text(detail.Properties, 'RunConfig') as run_config, json_extract_path_text(detail.Properties, 'StartCanaryAfterCreation') as start_canary_after_creation, json_extract_path_text(detail.Properties, 'VisualReference') as visual_reference, - json_extract_path_text(detail.Properties, 'DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion + json_extract_path_text(detail.Properties, 'DeleteLambdaResourcesOnCanaryDeletion') as delete_lambda_resources_on_canary_deletion, + json_extract_path_text(detail.Properties, 'ResourcesToReplicateTags') as resources_to_replicate_tags, + json_extract_path_text(detail.Properties, 'ProvisionedResourceCleanup') as provisioned_resource_cleanup FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/systemsmanagersap.yaml b/providers/src/aws/v00.00.00000/services/systemsmanagersap.yaml index 118332e5..357a6de5 100644 --- a/providers/src/aws/v00.00.00000/services/systemsmanagersap.yaml +++ b/providers/src/aws/v00.00.00000/services/systemsmanagersap.yaml @@ -425,13 +425,14 @@ components: properties: ApplicationId: type: string - pattern: '[\w\d]{1,50}' + pattern: '[\w\d\.-]{1,60}' ApplicationType: type: string enum: - HANA + - SAP_ABAP Arn: - description: The ARN of the Helix application + description: The ARN of the SSM-SAP application type: string pattern: ^arn:(.+:){2,4}.+$|^arn:(.+:){1,3}.+\/.+$ Credentials: @@ -458,6 +459,10 @@ components: items: $ref: '#/components/schemas/Tag' x-insertionOrder: true + DatabaseArn: + description: The ARN of the SAP HANA database + type: string + pattern: ^arn:(.+:){2,4}.+$|^arn:(.+:){1,3}.+\/.+$ required: - ApplicationId - ApplicationType @@ -471,11 +476,13 @@ components: - Instances - SapInstanceNumber - Sid + - DatabaseArn x-write-only-properties: - Credentials - Instances - SapInstanceNumber - Sid + - DatabaseArn x-read-only-properties: - Arn x-required-properties: @@ -487,12 +494,17 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - ssm-sap:UntagResource + - ssm-sap:TagResource + - ssm-sap:ListTagsForResource x-required-permissions: create: - ssm-sap:RegisterApplication - ssm-sap:GetApplication - ssm-sap:TagResource - ssm-sap:ListTagsForResource + - iam:CreateServiceLinkedRole read: - ssm-sap:GetApplication - ssm-sap:ListTagsForResource @@ -521,13 +533,14 @@ components: properties: ApplicationId: type: string - pattern: '[\w\d]{1,50}' + pattern: '[\w\d\.-]{1,60}' ApplicationType: type: string enum: - HANA + - SAP_ABAP Arn: - description: The ARN of the Helix application + description: The ARN of the SSM-SAP application type: string pattern: ^arn:(.+:){2,4}.+$|^arn:(.+:){1,3}.+\/.+$ Credentials: @@ -554,6 +567,10 @@ components: items: $ref: '#/components/schemas/Tag' x-insertionOrder: true + DatabaseArn: + description: The ARN of the SAP HANA database + type: string + pattern: ^arn:(.+:){2,4}.+$|^arn:(.+:){1,3}.+\/.+$ x-stackQL-stringOnly: true x-title: CreateApplicationRequest type: object @@ -636,7 +653,8 @@ components: JSON_EXTRACT(Properties, '$.Instances') as instances, JSON_EXTRACT(Properties, '$.SapInstanceNumber') as sap_instance_number, JSON_EXTRACT(Properties, '$.Sid') as sid, - JSON_EXTRACT(Properties, '$.Tags') as tags + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.DatabaseArn') as database_arn FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SystemsManagerSAP::Application' AND data__Identifier = '' AND region = 'us-east-1' @@ -652,7 +670,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Instances') as instances, JSON_EXTRACT(detail.Properties, '$.SapInstanceNumber') as sap_instance_number, JSON_EXTRACT(detail.Properties, '$.Sid') as sid, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.DatabaseArn') as database_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -673,7 +692,8 @@ components: json_extract_path_text(Properties, 'Instances') as instances, json_extract_path_text(Properties, 'SapInstanceNumber') as sap_instance_number, json_extract_path_text(Properties, 'Sid') as sid, - json_extract_path_text(Properties, 'Tags') as tags + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'DatabaseArn') as database_arn FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::SystemsManagerSAP::Application' AND data__Identifier = '' AND region = 'us-east-1' @@ -689,7 +709,8 @@ components: json_extract_path_text(detail.Properties, 'Instances') as instances, json_extract_path_text(detail.Properties, 'SapInstanceNumber') as sap_instance_number, json_extract_path_text(detail.Properties, 'Sid') as sid, - json_extract_path_text(detail.Properties, 'Tags') as tags + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'DatabaseArn') as database_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -754,7 +775,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Credentials') as credentials, JSON_EXTRACT(detail.Properties, '$.Instances') as instances, JSON_EXTRACT(detail.Properties, '$.SapInstanceNumber') as sap_instance_number, - JSON_EXTRACT(detail.Properties, '$.Sid') as sid + JSON_EXTRACT(detail.Properties, '$.Sid') as sid, + JSON_EXTRACT(detail.Properties, '$.DatabaseArn') as database_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -776,7 +798,8 @@ components: json_extract_path_text(detail.Properties, 'Credentials') as credentials, json_extract_path_text(detail.Properties, 'Instances') as instances, json_extract_path_text(detail.Properties, 'SapInstanceNumber') as sap_instance_number, - json_extract_path_text(detail.Properties, 'Sid') as sid + json_extract_path_text(detail.Properties, 'Sid') as sid, + json_extract_path_text(detail.Properties, 'DatabaseArn') as database_arn FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/transfer.yaml b/providers/src/aws/v00.00.00000/services/transfer.yaml index 2656579a..2183fabe 100644 --- a/providers/src/aws/v00.00.00000/services/transfer.yaml +++ b/providers/src/aws/v00.00.00000/services/transfer.yaml @@ -385,70 +385,213 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: - user_public_keys: - description: Details of a Transfer family server tags + DeleteSshPublicKeyRequest: + type: object + required: + - ServerId + - SshPublicKeyId + - UserName + title: DeleteSshPublicKeyRequest + properties: + ServerId: + $ref: '#/components/schemas/ServerId' + SshPublicKeyId: + $ref: '#/components/schemas/SshPublicKeyId' + UserName: + $ref: '#/components/schemas/UserName' + ImportSshPublicKeyRequest: + type: object + required: + - ServerId + - SshPublicKeyBody + - UserName + title: ImportSshPublicKeyRequest + properties: + ServerId: + $ref: '#/components/schemas/ServerId' + SshPublicKeyBody: + $ref: '#/components/schemas/SshPublicKeyBody' + UserName: + $ref: '#/components/schemas/UserName' + ImportSshPublicKeyResponse: + type: object + required: + - ServerId + - SshPublicKeyId + - UserName + properties: + ServerId: + $ref: '#/components/schemas/ServerId' + SshPublicKeyId: + $ref: '#/components/schemas/SshPublicKeyId' + UserName: + $ref: '#/components/schemas/UserName' + description: Identifies the user, the server they belong to, and the identifier of the SSH public key associated with that user. A user can have more than one key on each server that they are associated with. + InternalServiceError: {} + InvalidRequestException: {} + ResourceExistsException: {} + ResourceNotFoundException: {} + ServerId: + type: string + pattern: ^s-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + ServiceUnavailableException: {} + SshPublicKeyBody: + type: string + maxLength: 2048 + SshPublicKeyId: + type: string + pattern: ^key-[0-9a-f]{17}$ + minLength: 21 + maxLength: 21 + StartServerRequest: + type: object + required: + - ServerId + title: StartServerRequest + properties: + ServerId: + $ref: '#/components/schemas/ServerId' + StopServerRequest: + type: object + title: StopServerRequest + properties: + ServerId: + $ref: '#/components/schemas/ServerId' + ThrottlingException: {} + UserName: + type: string + pattern: ^[\w][\w@.-]{2,99}$ + minLength: 3 + maxLength: 100 + Tag: + description: Creates a key-value pair for a specific resource. type: object - additionalProperties: false properties: - data__ServerId: + Key: + type: string + description: The name assigned to the tag that you create. + minLength: 1 + maxLength: 128 + Value: type: string - description: The server id - data__UserName: + description: Contains one or more values that you assigned to the key name you create. + minLength: 0 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Agreement: + type: object + properties: + Description: + description: A textual description for the agreement. type: string - description: The user name - region: + pattern: ^[\u0021-\u007E]+$ + minLength: 1 + maxLength: 200 + ServerId: + description: A unique identifier for the server. type: string - description: The AWS region - ssh_public_key_body: + pattern: ^s-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + LocalProfileId: + description: A unique identifier for the local profile. type: string - description: The SSH public key body - ssh_public_key_id: + pattern: ^p-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + PartnerProfileId: + description: A unique identifier for the partner profile. type: string - description: The SSH public key id - date_imported: + pattern: ^p-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + BaseDirectory: + description: Specifies the base directory for the agreement. type: string - description: The date imported - x-example-where-clause: WHERE region = '' AND data__ServerId = '' AND data__UserName = '' - server_tags: - description: Details of a Transfer family server tags - type: object - additionalProperties: false - properties: - data__ServerId: + pattern: ^(|/.*)$ + maxLength: 1024 + AccessRole: + description: Specifies the access role for the agreement. type: string - description: The server id - region: + pattern: arn:.*role/.* + minLength: 20 + maxLength: 2048 + Status: + description: Specifies the status of the agreement. type: string - description: The AWS region - key: + enum: + - ACTIVE + - INACTIVE + Tags: + description: Key-value pairs that can be used to group and search for agreements. Tags are metadata attached to agreements for any purpose. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + AgreementId: + description: A unique identifier for the agreement. type: string - description: The key of the tag - value: + pattern: ^a-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + Arn: + description: Specifies the unique Amazon Resource Name (ARN) for the agreement. type: string - description: The value of the tag - x-example-where-clause: WHERE region = '' AND data__ServerId = '' - AccessDeniedException: {} - AddressAllocationId: - type: string - AddressAllocationIds: - type: array - items: - $ref: '#/components/schemas/AddressAllocationId' - Arn: - type: string - pattern: arn:.* - minLength: 20 - maxLength: 1600 - As2Transport: - type: string - enum: - - HTTP - As2Transports: - type: array - items: - $ref: '#/components/schemas/As2Transport' - minItems: 1 - maxItems: 1 + pattern: arn:.* + minLength: 20 + maxLength: 1600 + required: + - ServerId + - LocalProfileId + - PartnerProfileId + - BaseDirectory + - AccessRole + x-stackql-resource-name: agreement + description: Resource Type definition for AWS::Transfer::Agreement + x-type-name: AWS::Transfer::Agreement + x-stackql-primary-identifier: + - AgreementId + - ServerId + x-create-only-properties: + - ServerId + x-read-only-properties: + - AgreementId + - Arn + x-required-properties: + - ServerId + - LocalProfileId + - PartnerProfileId + - BaseDirectory + - AccessRole + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - transfer:CreateAgreement + - transfer:TagResource + - iam:PassRole + read: + - transfer:DescribeAgreement + update: + - transfer:UpdateAgreement + - transfer:UnTagResource + - transfer:TagResource + - iam:PassRole + delete: + - transfer:DeleteAgreement + list: + - transfer:ListAgreements Certificate: type: object properties: @@ -579,239 +722,278 @@ components: - transfer:DeleteCertificate list: - transfer:ListCertificates - ConflictException: {} - CreateServerRequest: - type: object - title: CreateServerRequest - properties: - Certificate: - $ref: '#/components/schemas/Certificate' - Domain: - $ref: '#/components/schemas/Domain' - EndpointDetails: - $ref: '#/components/schemas/EndpointDetails' - EndpointType: - $ref: '#/components/schemas/EndpointType' - HostKey: - $ref: '#/components/schemas/HostKey' - IdentityProviderDetails: - $ref: '#/components/schemas/IdentityProviderDetails' - IdentityProviderType: - $ref: '#/components/schemas/IdentityProviderType' - LoggingRole: - $ref: '#/components/schemas/Role' - PostAuthenticationLoginBanner: - $ref: '#/components/schemas/PostAuthenticationLoginBanner' - PreAuthenticationLoginBanner: - $ref: '#/components/schemas/PreAuthenticationLoginBanner' - Protocols: - $ref: '#/components/schemas/Protocols' - ProtocolDetails: - $ref: '#/components/schemas/ProtocolDetails' - SecurityPolicyName: - $ref: '#/components/schemas/SecurityPolicyName' - Tags: - $ref: '#/components/schemas/Tags' - WorkflowDetails: - $ref: '#/components/schemas/WorkflowDetails' - StructuredLogDestinations: - $ref: '#/components/schemas/StructuredLogDestinations' - CreateServerResponse: - type: object - required: - - ServerId - properties: - ServerId: - $ref: '#/components/schemas/ServerId' - CreateUserRequest: + SftpConnectorTrustedHostKey: + description: The public host key for the external server to which you are connecting. + type: string + minLength: 1 + maxLength: 2048 + Connector: type: object - required: - - Role - - ServerId - - UserName - title: CreateUserRequest properties: - HomeDirectory: - $ref: '#/components/schemas/HomeDirectory' - HomeDirectoryType: - $ref: '#/components/schemas/HomeDirectoryType' - HomeDirectoryMappings: - $ref: '#/components/schemas/HomeDirectoryMappings' - Policy: - $ref: '#/components/schemas/Policy' - PosixProfile: - $ref: '#/components/schemas/PosixProfile' - Role: - $ref: '#/components/schemas/Role' - ServerId: - $ref: '#/components/schemas/ServerId' - SshPublicKeyBody: - $ref: '#/components/schemas/SshPublicKeyBody' + AccessRole: + description: Specifies the access role for the connector. + type: string + pattern: arn:.*role/.* + minLength: 20 + maxLength: 2048 + As2Config: + description: Configuration for an AS2 connector. + type: object + properties: + LocalProfileId: + type: string + description: A unique identifier for the local profile. + pattern: ^p-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + PartnerProfileId: + type: string + description: A unique identifier for the partner profile. + pattern: ^p-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + MessageSubject: + type: string + description: The message subject for this AS2 connector configuration. + pattern: ^[\u0020-\u007E\t]+$ + minLength: 1 + maxLength: 1024 + Compression: + type: string + description: Compression setting for this AS2 connector configuration. + enum: + - ZLIB + - DISABLED + EncryptionAlgorithm: + type: string + description: Encryption algorithm for this AS2 connector configuration. + enum: + - AES128_CBC + - AES192_CBC + - AES256_CBC + - NONE + - DES_EDE3_CBC + SigningAlgorithm: + type: string + description: Signing algorithm for this AS2 connector configuration. + enum: + - SHA256 + - SHA384 + - SHA512 + - SHA1 + - NONE + MdnSigningAlgorithm: + type: string + description: MDN Signing algorithm for this AS2 connector configuration. + enum: + - SHA256 + - SHA384 + - SHA512 + - SHA1 + - NONE + - DEFAULT + MdnResponse: + type: string + description: MDN Response setting for this AS2 connector configuration. + enum: + - SYNC + - NONE + BasicAuthSecretId: + type: string + description: ARN or name of the secret in AWS Secrets Manager which contains the credentials for Basic authentication. If empty, Basic authentication is disabled for the AS2 connector + minLength: 0 + maxLength: 2048 + additionalProperties: false + SftpConfig: + description: Configuration for an SFTP connector. + type: object + properties: + UserSecretId: + type: string + description: ARN or name of the secret in AWS Secrets Manager which contains the SFTP user's private keys or passwords. + minLength: 1 + maxLength: 2048 + TrustedHostKeys: + description: List of public host keys, for the external server to which you are connecting. + type: array + maxItems: 10 + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/SftpConnectorTrustedHostKey' + additionalProperties: false + Arn: + description: Specifies the unique Amazon Resource Name (ARN) for the connector. + type: string + pattern: arn:.* + minLength: 20 + maxLength: 1600 + ConnectorId: + description: A unique identifier for the connector. + type: string + pattern: ^c-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 + LoggingRole: + description: Specifies the logging role for the connector. + type: string + pattern: arn:.*role/.* + minLength: 20 + maxLength: 2048 + ServiceManagedEgressIpAddresses: + description: The list of egress IP addresses of this connector. These IP addresses are assigned automatically when you create the connector. + type: array + x-insertionOrder: false + items: + type: string + pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$ Tags: - $ref: '#/components/schemas/Tags' - UserName: - $ref: '#/components/schemas/UserName' - CreateUserResponse: - type: object + description: Key-value pairs that can be used to group and search for connectors. Tags are metadata attached to connectors for any purpose. + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + Url: + description: URL for Connector + type: string + maxLength: 255 + SecurityPolicyName: + description: Security policy for SFTP Connector + type: string + pattern: TransferSFTPConnectorSecurityPolicy-[A-Za-z0-9-]+ + maxLength: 50 required: - - ServerId - - UserName - properties: - ServerId: - $ref: '#/components/schemas/ServerId' - UserName: - $ref: '#/components/schemas/UserName' - DateImported: + - AccessRole + - Url + x-stackql-resource-name: connector + description: Resource Type definition for AWS::Transfer::Connector + x-type-name: AWS::Transfer::Connector + x-stackql-primary-identifier: + - ConnectorId + x-read-only-properties: + - Arn + - ConnectorId + - ServiceManagedEgressIpAddresses + x-required-properties: + - AccessRole + - Url + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - transfer:CreateConnector + - transfer:TagResource + - iam:PassRole + read: + - transfer:DescribeConnector + update: + - transfer:UpdateConnector + - transfer:UnTagResource + - transfer:TagResource + - iam:PassRole + delete: + - transfer:DeleteConnector + list: + - transfer:ListConnectors + CertificateId: + description: A unique identifier for the certificate. type: string - format: date-time - DeleteServerRequest: - type: object - required: - - ServerId - title: DeleteServerRequest - properties: - ServerId: - $ref: '#/components/schemas/ServerId' - DeleteSshPublicKeyRequest: + pattern: ^cert-([0-9a-f]{17})$ + minLength: 22 + maxLength: 22 + Profile: type: object - required: - - ServerId - - SshPublicKeyId - - UserName - title: DeleteSshPublicKeyRequest properties: - ServerId: - $ref: '#/components/schemas/ServerId' - SshPublicKeyId: - $ref: '#/components/schemas/SshPublicKeyId' - UserName: - $ref: '#/components/schemas/UserName' - DeleteUserRequest: - type: object - required: - - ServerId - - UserName - title: DeleteUserRequest - properties: - ServerId: - $ref: '#/components/schemas/ServerId' - UserName: - $ref: '#/components/schemas/UserName' - DescribeServerRequest: - type: object - required: - - ServerId - title: DescribeServerRequest - properties: - ServerId: - $ref: '#/components/schemas/ServerId' - DescribeServerResponse: - type: object - required: - - Server - properties: - Server: - $ref: '#/components/schemas/DescribedServer' - DescribeUserRequest: - type: object - required: - - ServerId - - UserName - title: DescribeUserRequest - properties: - ServerId: - $ref: '#/components/schemas/ServerId' - UserName: - $ref: '#/components/schemas/UserName' - DescribeUserResponse: - type: object - required: - - ServerId - - User - properties: - ServerId: - $ref: '#/components/schemas/ServerId' - User: - $ref: '#/components/schemas/DescribedUser' - DescribedServer: - type: object - required: - - Arn - properties: - Arn: - $ref: '#/components/schemas/Arn' - Certificate: - $ref: '#/components/schemas/Certificate' - ProtocolDetails: - $ref: '#/components/schemas/ProtocolDetails' - Domain: - $ref: '#/components/schemas/Domain' - EndpointDetails: - $ref: '#/components/schemas/EndpointDetails' - EndpointType: - $ref: '#/components/schemas/EndpointType' - HostKeyFingerprint: - $ref: '#/components/schemas/HostKeyFingerprint' - IdentityProviderDetails: - $ref: '#/components/schemas/IdentityProviderDetails' - IdentityProviderType: - $ref: '#/components/schemas/IdentityProviderType' - LoggingRole: - $ref: '#/components/schemas/Role' - PostAuthenticationLoginBanner: - $ref: '#/components/schemas/PostAuthenticationLoginBanner' - PreAuthenticationLoginBanner: - $ref: '#/components/schemas/PreAuthenticationLoginBanner' - Protocols: - $ref: '#/components/schemas/Protocols' - S3StorageOptions: - type: object - SecurityPolicyName: - $ref: '#/components/schemas/SecurityPolicyName' - ServerId: - $ref: '#/components/schemas/ServerId' - State: - $ref: '#/components/schemas/State' - Tags: - $ref: '#/components/schemas/Tags' - UserCount: - $ref: '#/components/schemas/UserCount' - WorkflowDetails: - $ref: '#/components/schemas/WorkflowDetails' - StructuredLogDestinations: - $ref: '#/components/schemas/StructuredLogDestinations' - description: Describes the properties of a file transfer protocol-enabled server that was specified. - DescribedUser: - type: object + As2Id: + description: AS2 identifier agreed with a trading partner. + type: string + pattern: ^[\u0020-\u007E\s]*$ + minLength: 1 + maxLength: 128 + ProfileType: + description: Enum specifying whether the profile is local or associated with a trading partner. + type: string + enum: + - LOCAL + - PARTNER + Tags: + description: An array of key-value pairs to apply to this resource. + type: array + uniqueItems: true + maxItems: 50 + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + CertificateIds: + description: List of the certificate IDs associated with this profile to be used for encryption and signing of AS2 messages. + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/CertificateId' + Arn: + description: Specifies the unique Amazon Resource Name (ARN) for the profile. + type: string + pattern: arn:.* + minLength: 20 + maxLength: 1600 + ProfileId: + description: A unique identifier for the profile + type: string + pattern: ^p-([0-9a-f]{17})$ + minLength: 19 + maxLength: 19 required: + - As2Id + - ProfileType + x-stackql-resource-name: profile + description: Resource Type definition for AWS::Transfer::Profile + x-type-name: AWS::Transfer::Profile + x-stackql-primary-identifier: + - ProfileId + x-create-only-properties: + - ProfileType + x-read-only-properties: - Arn - properties: - Arn: - $ref: '#/components/schemas/Arn' - HomeDirectory: - $ref: '#/components/schemas/HomeDirectory' - HomeDirectoryMappings: - $ref: '#/components/schemas/HomeDirectoryMappings' - HomeDirectoryType: - $ref: '#/components/schemas/HomeDirectoryType' - Policy: - $ref: '#/components/schemas/Policy' - PosixProfile: - $ref: '#/components/schemas/PosixProfile' - Role: - $ref: '#/components/schemas/Role' - SshPublicKeys: - $ref: '#/components/schemas/SshPublicKeys' - Tags: - $ref: '#/components/schemas/Tags' - UserName: - $ref: '#/components/schemas/UserName' - description: Describes the properties of a user that was specified. - DirectoryId: + - ProfileId + x-required-properties: + - As2Id + - ProfileType + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + x-required-permissions: + create: + - transfer:CreateProfile + - transfer:TagResource + read: + - transfer:DescribeProfile + update: + - transfer:UpdateProfile + - transfer:UnTagResource + - transfer:TagResource + delete: + - transfer:DeleteProfile + list: + - transfer:ListProfiles + As2Transport: type: string - pattern: ^d-[0-9a-f]{10}$ - minLength: 12 - maxLength: 12 + enum: + - HTTP + DirectoryListingOptimization: + type: string + description: Indicates whether optimization to directory listing on S3 servers is used. Disabled by default for compatibility. + enum: + - ENABLED + - DISABLED Domain: type: string enum: @@ -821,75 +1003,62 @@ components: type: object properties: AddressAllocationIds: - $ref: '#/components/schemas/AddressAllocationIds' + type: array + x-insertionOrder: true + items: + type: string SubnetIds: - $ref: '#/components/schemas/SubnetIds' + type: array + x-insertionOrder: true + items: + type: string VpcEndpointId: - $ref: '#/components/schemas/VpcEndpointId' + type: string + maxLength: 22 + minLength: 22 + pattern: ^vpce-[0-9a-f]{17}$ VpcId: - $ref: '#/components/schemas/VpcId' + type: string SecurityGroupIds: - $ref: '#/components/schemas/SecurityGroupIds' - description: >- -

The virtual private cloud (VPC) endpoint settings that are configured for your file transfer protocol-enabled server. With a VPC endpoint, you can restrict access to your server and resources only within your VPC. To control incoming internet traffic, invoke the UpdateServer API and attach an Elastic IP address to your server's endpoint.

After May 19, 2021, you won't be able to create a server using EndpointType=VPC_ENDPOINT in your Amazon Web - Servicesaccount if your account hasn't already done so before May 19, 2021. If you have already created servers with EndpointType=VPC_ENDPOINT in your Amazon Web Servicesaccount on or before May 19, 2021, you will not be affected. After this date, use EndpointType=VPC.

For more information, see https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.

 + type: array + x-insertionOrder: false + items: + type: string + maxLength: 20 + minLength: 11 + pattern: ^sg-[0-9a-f]{8,17}$ + additionalProperties: false EndpointType: type: string enum: - PUBLIC - VPC - VPC_ENDPOINT - Function: - type: string - pattern: ^arn:[a-z-]+:lambda:.*$ - minLength: 1 - maxLength: 170 - HomeDirectory: - type: string - pattern: ^$|/.* - maxLength: 1024 - HomeDirectoryMapEntry: - type: object - required: - - Entry - - Target - properties: - Entry: - $ref: '#/components/schemas/MapEntry' - Target: - $ref: '#/components/schemas/MapTarget' - description: '

Represents an object that contains entries and targets for HomeDirectoryMappings.

The following is an Entry and Target pair example for chroot.

[ { "Entry": "/", "Target": "/bucket_name/home/mydirectory" } ]

' - HomeDirectoryMappings: - type: array - items: - $ref: '#/components/schemas/HomeDirectoryMapEntry' - minItems: 1 - maxItems: 50 - HomeDirectoryType: - type: string - enum: - - PATH - - LOGICAL - HostKey: - type: string - maxLength: 4096 - format: password - HostKeyFingerprint: - type: string IdentityProviderDetails: type: object properties: Url: - $ref: '#/components/schemas/Url' + type: string + maxLength: 255 + minLength: 0 InvocationRole: - $ref: '#/components/schemas/Role' + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:.*role/\S+$ DirectoryId: - $ref: '#/components/schemas/DirectoryId' + type: string + maxLength: 12 + minLength: 12 + pattern: ^d-[0-9a-f]{10}$ Function: - $ref: '#/components/schemas/Function' + type: string + maxLength: 170 + minLength: 1 + pattern: ^arn:[a-z-]+:lambda:.*$ SftpAuthenticationMethods: $ref: '#/components/schemas/SftpAuthenticationMethods' - description: Returns information related to the type of user authentication that is in use for a file transfer protocol-enabled server's users. A server can have only one method of authentication. + additionalProperties: false IdentityProviderType: type: string enum: @@ -897,856 +1066,453 @@ components: - API_GATEWAY - AWS_DIRECTORY_SERVICE - AWS_LAMBDA - description: >- -

The mode of authentication for a server. The default value is SERVICE_MANAGED, which allows you to store and access user credentials within the Transfer Family service.

Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connector. This option also requires you to provide a Directory ID - by using the IdentityProviderDetails parameter.

Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the IdentityProviderDetails parameter.

Use the AWS_LAMBDA value to directly use an Lambda function as your identity provider. If you choose this value, you must - specify the ARN for the Lambda function in the Function parameter for the IdentityProviderDetails data type.

- ImportSshPublicKeyRequest: + Protocol: + type: string + enum: + - SFTP + - FTP + - FTPS + - AS2 + ProtocolDetails: type: object - required: - - ServerId - - SshPublicKeyBody - - UserName - title: ImportSshPublicKeyRequest properties: - ServerId: - $ref: '#/components/schemas/ServerId' - SshPublicKeyBody: - $ref: '#/components/schemas/SshPublicKeyBody' - UserName: - $ref: '#/components/schemas/UserName' - ImportSshPublicKeyResponse: + PassiveIp: + type: string + maxLength: 15 + minLength: 0 + TlsSessionResumptionMode: + $ref: '#/components/schemas/TlsSessionResumptionMode' + SetStatOption: + $ref: '#/components/schemas/SetStatOption' + As2Transports: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/As2Transport' + maxItems: 1 + minItems: 1 + additionalProperties: false + S3StorageOptions: type: object - required: - - ServerId - - SshPublicKeyId - - UserName properties: - ServerId: - $ref: '#/components/schemas/ServerId' - SshPublicKeyId: - $ref: '#/components/schemas/SshPublicKeyId' - UserName: - $ref: '#/components/schemas/UserName' - description: Identifies the user, the server they belong to, and the identifier of the SSH public key associated with that user. A user can have more than one key on each server that they are associated with. - InternalServiceError: {} - InvalidNextTokenException: {} - InvalidRequestException: {} - ListServersRequest: + DirectoryListingOptimization: + $ref: '#/components/schemas/DirectoryListingOptimization' + additionalProperties: false + SetStatOption: + type: string + enum: + - DEFAULT + - ENABLE_NO_OP + SftpAuthenticationMethods: + type: string + enum: + - PASSWORD + - PUBLIC_KEY + - PUBLIC_KEY_OR_PASSWORD + - PUBLIC_KEY_AND_PASSWORD + State: + type: string + enum: + - OFFLINE + - ONLINE + - STARTING + - STOPPING + - START_FAILED + - STOP_FAILED + TlsSessionResumptionMode: + type: string + enum: + - DISABLED + - ENABLED + - ENFORCED + WorkflowDetail: type: object - title: ListServersRequest properties: - MaxResults: - $ref: '#/components/schemas/MaxResults' - NextToken: - $ref: '#/components/schemas/NextToken' - ListServersResponse: - type: object + WorkflowId: + type: string + maxLength: 19 + minLength: 19 + pattern: ^w-([a-z0-9]{17})$ + ExecutionRole: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:.*role/\S+$ required: - - Servers - properties: - NextToken: - $ref: '#/components/schemas/NextToken' - Servers: - $ref: '#/components/schemas/ListedServers' - ListUsersRequest: - type: object - required: - - ServerId - title: ListUsersRequest - properties: - MaxResults: - $ref: '#/components/schemas/MaxResults' - NextToken: - $ref: '#/components/schemas/NextToken' - ServerId: - $ref: '#/components/schemas/ServerId' - ListUsersResponse: + - ExecutionRole + - WorkflowId + additionalProperties: false + WorkflowDetails: type: object - required: - - ServerId - - Users properties: - NextToken: - $ref: '#/components/schemas/NextToken' - ServerId: - $ref: '#/components/schemas/ServerId' - Users: - $ref: '#/components/schemas/ListedUsers' - ListedServer: + OnUpload: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/WorkflowDetail' + maxItems: 1 + minItems: 0 + OnPartialUpload: + type: array + x-insertionOrder: true + items: + $ref: '#/components/schemas/WorkflowDetail' + maxItems: 1 + minItems: 0 + additionalProperties: false + Server: type: object - required: - - Arn properties: Arn: - $ref: '#/components/schemas/Arn' + type: string + maxLength: 1600 + minLength: 20 + pattern: ^arn:\S+$ + As2ServiceManagedEgressIpAddresses: + type: array + x-insertionOrder: false + items: + type: string + pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$ + description: The list of egress IP addresses of this server. These IP addresses are only relevant for servers that use the AS2 protocol. They are used for sending asynchronous MDNs. These IP addresses are assigned automatically when you create an AS2 server. Additionally, if you update an existing server and add the AS2 protocol, static IP addresses are assigned as well. + Certificate: + type: string + maxLength: 1600 + minLength: 0 Domain: $ref: '#/components/schemas/Domain' - IdentityProviderType: - $ref: '#/components/schemas/IdentityProviderType' + EndpointDetails: + $ref: '#/components/schemas/EndpointDetails' EndpointType: $ref: '#/components/schemas/EndpointType' + IdentityProviderDetails: + $ref: '#/components/schemas/IdentityProviderDetails' + IdentityProviderType: + $ref: '#/components/schemas/IdentityProviderType' LoggingRole: - $ref: '#/components/schemas/Role' + type: string + maxLength: 2048 + minLength: 0 + pattern: ^(|arn:.*role/\S+)$ + PostAuthenticationLoginBanner: + type: string + maxLength: 4096 + minLength: 0 + pattern: ^[\x09-\x0D\x20-\x7E]*$ + PreAuthenticationLoginBanner: + type: string + maxLength: 4096 + minLength: 0 + pattern: ^[\x09-\x0D\x20-\x7E]*$ + ProtocolDetails: + $ref: '#/components/schemas/ProtocolDetails' + Protocols: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Protocol' + maxItems: 4 + minItems: 1 + S3StorageOptions: + $ref: '#/components/schemas/S3StorageOptions' + SecurityPolicyName: + type: string + maxLength: 100 + minLength: 0 + pattern: ^TransferSecurityPolicy-.+$ ServerId: - $ref: '#/components/schemas/ServerId' + type: string + maxLength: 19 + minLength: 19 + pattern: ^s-([0-9a-f]{17})$ State: $ref: '#/components/schemas/State' - UserCount: - $ref: '#/components/schemas/UserCount' - description: Returns properties of a file transfer protocol-enabled server that was specified. - ListedServers: - type: array - items: - $ref: '#/components/schemas/ListedServer' - ListedUser: - type: object - required: + StructuredLogDestinations: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 1600 + minLength: 20 + pattern: ^arn:\S+$ + maxItems: 1 + minItems: 0 + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + minItems: 1 + WorkflowDetails: + $ref: '#/components/schemas/WorkflowDetails' + x-stackql-resource-name: server + description: Definition of AWS::Transfer::Server Resource Type + x-type-name: AWS::Transfer::Server + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - ServerId + x-create-only-properties: + - Domain + - IdentityProviderType + x-conditional-create-only-properties: + - EndpointDetails + - EndpointDetails/AddressAllocationIds + x-write-only-properties: + - IdentityProviderType + x-read-only-properties: - Arn + - As2ServiceManagedEgressIpAddresses + - ServerId + - State + x-tagging: + cloudFormationSystemTags: true + permissions: + - transfer:TagResource + - transfer:UnTagResource + - transfer:ListTagsForResource + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + x-required-permissions: + create: + - apigateway:GET + - ds:AuthorizeApplication + - ds:DescribeDirectories + - ec2:AssociateAddress + - ec2:CreateVpcEndpoint + - ec2:DescribeAddresses + - ec2:DescribeNetworkInterfaces + - ec2:DescribeVpcEndpoints + - iam:PassRole + - logs:CreateLogDelivery + - logs:DeleteLogDelivery + - logs:DescribeLogGroups + - logs:DescribeResourcePolicies + - logs:GetLogDelivery + - logs:ListLogDeliveries + - logs:PutResourcePolicy + - logs:UpdateLogDelivery + - transfer:CreateServer + - transfer:DescribeServer + - transfer:StartServer + - transfer:StopServer + - transfer:TagResource + - transfer:UpdateServer + read: + - ec2:DescribeVpcEndpoints + - transfer:DescribeServer + update: + - apigateway:GET + - ec2:AssociateAddress + - ec2:CreateVpcEndpoint + - ec2:DeleteVpcEndpoints + - ec2:DescribeAddresses + - ec2:DescribeNetworkInterfaces + - ec2:DescribeVpcEndpoints + - ec2:DisassociateAddress + - ec2:ModifyVpcEndpoint + - iam:PassRole + - logs:CreateLogDelivery + - logs:DeleteLogDelivery + - logs:DescribeLogGroups + - logs:DescribeResourcePolicies + - logs:GetLogDelivery + - logs:ListLogDeliveries + - logs:PutResourcePolicy + - logs:UpdateLogDelivery + - transfer:DescribeServer + - transfer:StartServer + - transfer:StopServer + - transfer:TagResource + - transfer:UnTagResource + - transfer:UpdateServer + delete: + - ds:DescribeDirectories + - ds:UnauthorizeApplication + - ec2:DeleteVpcEndpoints + - ec2:DescribeAddresses + - ec2:DescribeNetworkInterfaces + - ec2:DescribeVpcEndpoints + - ec2:DisassociateAddress + - logs:DeleteLogDelivery + - logs:GetLogDelivery + - logs:ListLogDeliveries + - transfer:DeleteServer + list: + - transfer:ListServers + HomeDirectoryMapEntry: + type: object properties: - Arn: - $ref: '#/components/schemas/Arn' - HomeDirectory: - $ref: '#/components/schemas/HomeDirectory' - HomeDirectoryType: - $ref: '#/components/schemas/HomeDirectoryType' - Role: - $ref: '#/components/schemas/Role' - SshPublicKeyCount: - $ref: '#/components/schemas/SshPublicKeyCount' - UserName: - $ref: '#/components/schemas/UserName' - description: Returns properties of the user that you specify. - ListedUsers: - type: array - items: - $ref: '#/components/schemas/ListedUser' - MapEntry: - type: string - pattern: ^/.* - maxLength: 1024 - MapTarget: - type: string - pattern: ^/.* - maxLength: 1024 - MaxResults: - type: integer - minimum: 1 - maximum: 1000 - NextToken: - type: string - minLength: 1 - maxLength: 6144 - NullableRole: - type: string - pattern: ^$|arn:.*role/.* - maxLength: 2048 - OnPartialUploadWorkflowDetails: - type: array - items: - $ref: '#/components/schemas/WorkflowDetail' - maxItems: 1 - OnUploadWorkflowDetails: - type: array - items: - $ref: '#/components/schemas/WorkflowDetail' - maxItems: 1 - PassiveIp: + Entry: + type: string + maxLength: 1024 + minLength: 0 + pattern: ^/.*$ + Target: + type: string + maxLength: 1024 + minLength: 0 + pattern: ^/.*$ + Type: + $ref: '#/components/schemas/MapType' + required: + - Entry + - Target + additionalProperties: false + HomeDirectoryType: type: string - maxLength: 15 - Policy: + enum: + - PATH + - LOGICAL + MapType: type: string - maxLength: 2048 - PosixId: - type: integer - minimum: 0 - maximum: 4294967295 + enum: + - FILE + - DIRECTORY PosixProfile: type: object - required: - - Uid - - Gid properties: Uid: - $ref: '#/components/schemas/PosixId' + type: number + maximum: 4294967295 + minimum: 0 Gid: - $ref: '#/components/schemas/PosixId' + type: number + maximum: 4294967295 + minimum: 0 SecondaryGids: - $ref: '#/components/schemas/SecondaryGids' - description: The full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. The POSIX permissions that are set on files and directories in your file system determine the level of access your users get when transferring files into and out of your Amazon EFS file systems. - PostAuthenticationLoginBanner: - type: string - pattern: '[\x09-\x0D\x20-\x7E]*' - maxLength: 512 - PreAuthenticationLoginBanner: - type: string - pattern: '[\x09-\x0D\x20-\x7E]*' - maxLength: 512 - Protocol: - type: string - enum: - - SFTP - - FTP - - FTPS - - AS2 - ProtocolDetails: - type: object - properties: - PassiveIp: - $ref: '#/components/schemas/PassiveIp' - TlsSessionResumptionMode: - $ref: '#/components/schemas/TlsSessionResumptionMode' - SetStatOption: - $ref: '#/components/schemas/SetStatOption' - As2Transports: - $ref: '#/components/schemas/As2Transports' - description: ' The protocol settings that are configured for your server. ' - Protocols: - type: array - items: - $ref: '#/components/schemas/Protocol' - minItems: 1 - maxItems: 4 - ResourceExistsException: {} - ResourceNotFoundException: {} - Role: - type: string - pattern: arn:.*role/.* - minLength: 20 - maxLength: 2048 - SecondaryGids: - type: array - items: - $ref: '#/components/schemas/PosixId' - minItems: 0 - maxItems: 16 - SecurityGroupId: - type: string - pattern: ^sg-[0-9a-f]{8,17}$ - minLength: 11 - maxLength: 20 - SecurityGroupIds: - type: array - items: - $ref: '#/components/schemas/SecurityGroupId' - SecurityPolicyName: - type: string - pattern: TransferSecurityPolicy-.+ - maxLength: 100 - ServerId: - type: string - pattern: ^s-([0-9a-f]{17})$ - minLength: 19 - maxLength: 19 - ServiceUnavailableException: {} - SetStatOption: - type: string - enum: - - DEFAULT - - ENABLE_NO_OP - SftpAuthenticationMethods: - type: string - enum: - - PASSWORD - - PUBLIC_KEY - - PUBLIC_KEY_OR_PASSWORD - - PUBLIC_KEY_AND_PASSWORD - SshPublicKey: - type: object + type: array + x-insertionOrder: false + items: + type: number + maximum: 4294967295 + minimum: 0 + maxItems: 16 + minItems: 0 required: - - DateImported - - SshPublicKeyBody - - SshPublicKeyId - properties: - DateImported: - $ref: '#/components/schemas/DateImported' - SshPublicKeyBody: - $ref: '#/components/schemas/SshPublicKeyBody' - SshPublicKeyId: - $ref: '#/components/schemas/SshPublicKeyId' - description: Provides information about the public Secure Shell (SSH) key that is associated with a Transfer Family user for the specific file transfer protocol-enabled server (as identified by ServerId). The information returned includes the date the key was imported, the public key contents, and the public key ID. A user can store more than one SSH public key associated with their user name on a specific server. - SshPublicKeyBody: - type: string - maxLength: 2048 - SshPublicKeyCount: - type: integer - SshPublicKeyId: - type: string - pattern: ^key-[0-9a-f]{17}$ - minLength: 21 - maxLength: 21 - SshPublicKeys: - type: array - items: - $ref: '#/components/schemas/SshPublicKey' - maxItems: 5 - StartServerRequest: + - Gid + - Uid + additionalProperties: false + User: type: object - required: - - ServerId - title: StartServerRequest properties: - ServerId: - $ref: '#/components/schemas/ServerId' - State: - type: string - enum: - - OFFLINE - - ONLINE - - STARTING - - STOPPING - - START_FAILED - - STOP_FAILED - description: >- -

Describes the condition of a file transfer protocol-enabled server with respect to its ability to perform file operations. There are six possible states: OFFLINE, ONLINE, STARTING, STOPPING, START_FAILED, and STOP_FAILED.

OFFLINE indicates that the server exists, but that it is not available for file operations. ONLINE indicates that the server is available to perform file - operations. STARTING indicates that the server's was instantiated, but the server is not yet available to perform file operations. Under normal conditions, it can take a couple of minutes for the server to be completely operational. Both START_FAILED and STOP_FAILED are error conditions.

- StopServerRequest: - type: object - title: StopServerRequest - properties: - ServerId: - $ref: '#/components/schemas/ServerId' - StructuredLogDestinations: - type: array - items: - $ref: '#/components/schemas/Arn' - minItems: 0 - maxItems: 1 - SubnetId: - type: string - SubnetIds: - type: array - items: - $ref: '#/components/schemas/SubnetId' - Tag: - description: Creates a key-value pair for a specific resource. - type: object - properties: - Key: + Arn: type: string - description: The name assigned to the tag that you create. - minLength: 1 - maxLength: 128 - Value: + maxLength: 1600 + minLength: 20 + pattern: ^arn:\S+$ + HomeDirectory: type: string - description: Contains one or more values that you assigned to the key name you create. + maxLength: 1024 minLength: 0 - maxLength: 256 - required: - - Key - - Value - additionalProperties: false - TagKey: - type: string - maxLength: 128 - TagValue: - type: string - maxLength: 256 - Tags: - type: array - items: - $ref: '#/components/schemas/Tag' - minItems: 1 - maxItems: 50 - ThrottlingException: {} - TlsSessionResumptionMode: - type: string - enum: - - DISABLED - - ENABLED - - ENFORCED - UpdateServerRequest: - type: object - required: - - ServerId - title: UpdateServerRequest - properties: - Certificate: - $ref: '#/components/schemas/Certificate' - ProtocolDetails: - $ref: '#/components/schemas/ProtocolDetails' - EndpointDetails: - $ref: '#/components/schemas/EndpointDetails' - EndpointType: - $ref: '#/components/schemas/EndpointType' - HostKey: - $ref: '#/components/schemas/HostKey' - IdentityProviderDetails: - $ref: '#/components/schemas/IdentityProviderDetails' - LoggingRole: - $ref: '#/components/schemas/NullableRole' - PostAuthenticationLoginBanner: - $ref: '#/components/schemas/PostAuthenticationLoginBanner' - PreAuthenticationLoginBanner: - $ref: '#/components/schemas/PreAuthenticationLoginBanner' - Protocols: - $ref: '#/components/schemas/Protocols' - SecurityPolicyName: - $ref: '#/components/schemas/SecurityPolicyName' - ServerId: - $ref: '#/components/schemas/ServerId' - WorkflowDetails: - $ref: '#/components/schemas/WorkflowDetails' - StructuredLogDestinations: - $ref: '#/components/schemas/StructuredLogDestinations' - UpdateServerResponse: - type: object - required: - - ServerId - properties: - ServerId: - $ref: '#/components/schemas/ServerId' - UpdateUserRequest: - type: object - required: - - ServerId - - UserName - title: UpdateUserRequest - properties: - HomeDirectory: - $ref: '#/components/schemas/HomeDirectory' + pattern: ^(|/.*)$ + HomeDirectoryMappings: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/HomeDirectoryMapEntry' + maxItems: 50000 + minItems: 1 HomeDirectoryType: $ref: '#/components/schemas/HomeDirectoryType' - HomeDirectoryMappings: - $ref: '#/components/schemas/HomeDirectoryMappings' Policy: - $ref: '#/components/schemas/Policy' + type: string + maxLength: 2048 + minLength: 0 PosixProfile: $ref: '#/components/schemas/PosixProfile' Role: - $ref: '#/components/schemas/Role' - ServerId: - $ref: '#/components/schemas/ServerId' - UserName: - $ref: '#/components/schemas/UserName' - UpdateUserResponse: - type: object - required: - - ServerId - - UserName - properties: - ServerId: - $ref: '#/components/schemas/ServerId' - UserName: - $ref: '#/components/schemas/UserName' - description: ' UpdateUserResponse returns the user name and identifier for the request to update a user''s properties.' - Url: - type: string - maxLength: 255 - UserCount: - type: integer - UserName: - type: string - pattern: ^[\w][\w@.-]{2,99}$ - minLength: 3 - maxLength: 100 - VpcEndpointId: - type: string - pattern: ^vpce-[0-9a-f]{17}$ - minLength: 22 - maxLength: 22 - VpcId: - type: string - WorkflowDetail: - type: object - required: - - WorkflowId - - ExecutionRole - properties: - WorkflowId: - $ref: '#/components/schemas/WorkflowId' - ExecutionRole: - $ref: '#/components/schemas/Role' - description:

Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.

In addition to a workflow to execute when a file is uploaded completely, WorkflowDetails can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when the server session disconnects while the file is still being uploaded.

- WorkflowDetails: - type: object - properties: - OnUpload: - $ref: '#/components/schemas/OnUploadWorkflowDetails' - OnPartialUpload: - $ref: '#/components/schemas/OnPartialUploadWorkflowDetails' - description: Container for the WorkflowDetail data type. It is used by actions that trigger a workflow to begin execution. - WorkflowId: - type: string - pattern: ^w-([a-z0-9]{17})$ - minLength: 19 - maxLength: 19 - Agreement: - type: object - properties: - Description: - description: A textual description for the agreement. type: string - pattern: ^[\u0021-\u007E]+$ - minLength: 1 - maxLength: 200 + maxLength: 2048 + minLength: 20 + pattern: ^arn:.*role/\S+$ ServerId: - description: A unique identifier for the server. - type: string - pattern: ^s-([0-9a-f]{17})$ - minLength: 19 - maxLength: 19 - LocalProfileId: - description: A unique identifier for the local profile. type: string - pattern: ^p-([0-9a-f]{17})$ - minLength: 19 maxLength: 19 - PartnerProfileId: - description: A unique identifier for the partner profile. - type: string - pattern: ^p-([0-9a-f]{17})$ minLength: 19 - maxLength: 19 - BaseDirectory: - description: Specifies the base directory for the agreement. - type: string - pattern: ^(|/.*)$ - maxLength: 1024 - AccessRole: - description: Specifies the access role for the agreement. - type: string - pattern: arn:.*role/.* - minLength: 20 - maxLength: 2048 - Status: - description: Specifies the status of the agreement. - type: string - enum: - - ACTIVE - - INACTIVE + pattern: ^s-([0-9a-f]{17})$ + SshPublicKeys: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 2048 + minLength: 0 + pattern: ^\s*(ssh|ecdsa)-[a-z0-9-]+[ \t]+(([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{1,3})?(={0,3})?)(\s*|[ \t]+[\S \t]*\s*)$ + description: This represents the SSH User Public Keys for CloudFormation resource Tags: - description: Key-value pairs that can be used to group and search for agreements. Tags are metadata attached to agreements for any purpose. type: array - maxItems: 50 - uniqueItems: true x-insertionOrder: false items: $ref: '#/components/schemas/Tag' - AgreementId: - description: A unique identifier for the agreement. - type: string - pattern: ^a-([0-9a-f]{17})$ - minLength: 19 - maxLength: 19 - Arn: - description: Specifies the unique Amazon Resource Name (ARN) for the agreement. + maxItems: 50 + minItems: 1 + UserName: type: string - pattern: arn:.* - minLength: 20 - maxLength: 1600 + maxLength: 100 + minLength: 3 + pattern: ^[\w][\w@.-]{2,99}$ required: + - Role - ServerId - - LocalProfileId - - PartnerProfileId - - BaseDirectory - - AccessRole - x-stackql-resource-name: agreement - description: Resource Type definition for AWS::Transfer::Agreement - x-type-name: AWS::Transfer::Agreement + - UserName + x-stackql-resource-name: user + description: Definition of AWS::Transfer::User Resource Type + x-type-name: AWS::Transfer::User x-stackql-primary-identifier: - - AgreementId - - ServerId + - Arn + x-stackql-additional-identifiers: + - - ServerId + - UserName x-create-only-properties: - ServerId + - UserName x-read-only-properties: - - AgreementId - Arn x-required-properties: + - Role - ServerId - - LocalProfileId - - PartnerProfileId - - BaseDirectory - - AccessRole + - UserName x-tagging: - taggable: true - tagOnCreate: true - tagUpdatable: true cloudFormationSystemTags: true + permissions: + - transfer:TagResource + - transfer:UnTagResource + - transfer:ListTagsForResource + tagOnCreate: true tagProperty: /properties/Tags + tagUpdatable: true + taggable: true x-required-permissions: create: - - transfer:CreateAgreement - - transfer:TagResource - iam:PassRole + - transfer:CreateUser + - transfer:DescribeUser + - transfer:ImportSshPublicKey + - transfer:TagResource read: - - transfer:DescribeAgreement + - transfer:DescribeUser update: - - transfer:UpdateAgreement - - transfer:UnTagResource - - transfer:TagResource - iam:PassRole + - transfer:DeleteSshPublicKey + - transfer:DescribeUser + - transfer:ImportSshPublicKey + - transfer:TagResource + - transfer:UnTagResource + - transfer:UpdateUser delete: - - transfer:DeleteAgreement + - transfer:DeleteUser list: - - transfer:ListAgreements - SftpConnectorTrustedHostKey: - description: The public host key for the external server to which you are connecting. - type: string - minLength: 1 - maxLength: 2048 - Connector: + - transfer:ListUsers + S3Tag: + description: Specifies the key-value pair that are assigned to a file during the execution of a Tagging step. type: object properties: - AccessRole: - description: Specifies the access role for the connector. - type: string - pattern: arn:.*role/.* - minLength: 20 - maxLength: 2048 - As2Config: - description: Configuration for an AS2 connector. - type: object - properties: - LocalProfileId: - type: string - description: A unique identifier for the local profile. - pattern: ^p-([0-9a-f]{17})$ - minLength: 19 - maxLength: 19 - PartnerProfileId: - type: string - description: A unique identifier for the partner profile. - pattern: ^p-([0-9a-f]{17})$ - minLength: 19 - maxLength: 19 - MessageSubject: - type: string - description: The message subject for this AS2 connector configuration. - pattern: ^[\u0020-\u007E\t]+$ - minLength: 1 - maxLength: 1024 - Compression: - type: string - description: Compression setting for this AS2 connector configuration. - enum: - - ZLIB - - DISABLED - EncryptionAlgorithm: - type: string - description: Encryption algorithm for this AS2 connector configuration. - enum: - - AES128_CBC - - AES192_CBC - - AES256_CBC - - NONE - - DES_EDE3_CBC - SigningAlgorithm: - type: string - description: Signing algorithm for this AS2 connector configuration. - enum: - - SHA256 - - SHA384 - - SHA512 - - SHA1 - - NONE - MdnSigningAlgorithm: - type: string - description: MDN Signing algorithm for this AS2 connector configuration. - enum: - - SHA256 - - SHA384 - - SHA512 - - SHA1 - - NONE - - DEFAULT - MdnResponse: - type: string - description: MDN Response setting for this AS2 connector configuration. - enum: - - SYNC - - NONE - BasicAuthSecretId: - type: string - description: ARN or name of the secret in AWS Secrets Manager which contains the credentials for Basic authentication. If empty, Basic authentication is disabled for the AS2 connector - minLength: 0 - maxLength: 2048 - additionalProperties: false - SftpConfig: - description: Configuration for an SFTP connector. - type: object - properties: - UserSecretId: - type: string - description: ARN or name of the secret in AWS Secrets Manager which contains the SFTP user's private keys or passwords. - minLength: 1 - maxLength: 2048 - TrustedHostKeys: - description: List of public host keys, for the external server to which you are connecting. - type: array - maxItems: 10 - uniqueItems: false - x-insertionOrder: false - items: - $ref: '#/components/schemas/SftpConnectorTrustedHostKey' - additionalProperties: false - Arn: - description: Specifies the unique Amazon Resource Name (ARN) for the connector. - type: string - pattern: arn:.* - minLength: 20 - maxLength: 1600 - ConnectorId: - description: A unique identifier for the connector. - type: string - pattern: ^c-([0-9a-f]{17})$ - minLength: 19 - maxLength: 19 - LoggingRole: - description: Specifies the logging role for the connector. - type: string - pattern: arn:.*role/.* - minLength: 20 - maxLength: 2048 - ServiceManagedEgressIpAddresses: - description: The list of egress IP addresses of this connector. These IP addresses are assigned automatically when you create the connector. - type: array - items: - type: string - pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$ - Tags: - description: Key-value pairs that can be used to group and search for connectors. Tags are metadata attached to connectors for any purpose. - type: array - maxItems: 50 - uniqueItems: true - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - Url: - description: URL for Connector - type: string - maxLength: 255 - SecurityPolicyName: - description: Security policy for SFTP Connector - type: string - pattern: TransferSFTPConnectorSecurityPolicy-[A-Za-z0-9-]+ - maxLength: 50 - required: - - AccessRole - - Url - x-stackql-resource-name: connector - description: Resource Type definition for AWS::Transfer::Connector - x-type-name: AWS::Transfer::Connector - x-stackql-primary-identifier: - - ConnectorId - x-read-only-properties: - - Arn - - ConnectorId - - ServiceManagedEgressIpAddresses - x-required-properties: - - AccessRole - - Url - x-tagging: - taggable: true - tagOnCreate: true - tagUpdatable: true - cloudFormationSystemTags: true - tagProperty: /properties/Tags - x-required-permissions: - create: - - transfer:CreateConnector - - transfer:TagResource - - iam:PassRole - read: - - transfer:DescribeConnector - update: - - transfer:UpdateConnector - - transfer:UnTagResource - - transfer:TagResource - - iam:PassRole - delete: - - transfer:DeleteConnector - list: - - transfer:ListConnectors - CertificateId: - description: A unique identifier for the certificate. - type: string - pattern: ^cert-([0-9a-f]{17})$ - minLength: 22 - maxLength: 22 - Profile: - type: object - properties: - As2Id: - description: AS2 identifier agreed with a trading partner. - type: string - pattern: ^[\u0020-\u007E\s]*$ - minLength: 1 - maxLength: 128 - ProfileType: - description: Enum specifying whether the profile is local or associated with a trading partner. - type: string - enum: - - LOCAL - - PARTNER - Tags: - description: An array of key-value pairs to apply to this resource. - type: array - uniqueItems: true - maxItems: 50 - x-insertionOrder: false - items: - $ref: '#/components/schemas/Tag' - CertificateIds: - description: List of the certificate IDs associated with this profile to be used for encryption and signing of AS2 messages. - type: array - x-insertionOrder: false - items: - $ref: '#/components/schemas/CertificateId' - Arn: - description: Specifies the unique Amazon Resource Name (ARN) for the profile. - type: string - pattern: arn:.* - minLength: 20 - maxLength: 1600 - ProfileId: - description: A unique identifier for the profile - type: string - pattern: ^p-([0-9a-f]{17})$ - minLength: 19 - maxLength: 19 - required: - - As2Id - - ProfileType - x-stackql-resource-name: profile - description: Resource Type definition for AWS::Transfer::Profile - x-type-name: AWS::Transfer::Profile - x-stackql-primary-identifier: - - ProfileId - x-create-only-properties: - - ProfileType - x-read-only-properties: - - Arn - - ProfileId - x-required-properties: - - As2Id - - ProfileType - x-tagging: - taggable: true - tagOnCreate: true - tagUpdatable: true - cloudFormationSystemTags: true - tagProperty: /properties/Tags - x-required-permissions: - create: - - transfer:CreateProfile - - transfer:TagResource - read: - - transfer:DescribeProfile - update: - - transfer:UpdateProfile - - transfer:UnTagResource - - transfer:TagResource - delete: - - transfer:DeleteProfile - list: - - transfer:ListProfiles - S3Tag: - description: Specifies the key-value pair that are assigned to a file during the execution of a Tagging step. - type: object - properties: - Key: - description: The name assigned to the tag that you create. + Key: + description: The name assigned to the tag that you create. type: string minLength: 1 maxLength: 128 @@ -2333,6 +2099,7 @@ components: ServiceManagedEgressIpAddresses: description: The list of egress IP addresses of this connector. These IP addresses are assigned automatically when you create the connector. type: array + x-insertionOrder: false items: type: string pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$ @@ -2412,7 +2179,7 @@ components: x-title: CreateProfileRequest type: object required: [] - CreateWorkflowRequest: + CreateServerRequest: properties: ClientToken: type: string @@ -2425,16 +2192,189 @@ components: DesiredState: type: object properties: - OnExceptionSteps: - description: Specifies the steps (actions) to take if any errors are encountered during execution of the workflow. + Arn: + type: string + maxLength: 1600 + minLength: 20 + pattern: ^arn:\S+$ + As2ServiceManagedEgressIpAddresses: type: array - maxItems: 8 - uniqueItems: true - x-insertionOrder: true + x-insertionOrder: false items: - $ref: '#/components/schemas/WorkflowStep' - Steps: - description: Specifies the details for the steps that are in the specified workflow. + type: string + pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$ + description: The list of egress IP addresses of this server. These IP addresses are only relevant for servers that use the AS2 protocol. They are used for sending asynchronous MDNs. These IP addresses are assigned automatically when you create an AS2 server. Additionally, if you update an existing server and add the AS2 protocol, static IP addresses are assigned as well. + Certificate: + type: string + maxLength: 1600 + minLength: 0 + Domain: + $ref: '#/components/schemas/Domain' + EndpointDetails: + $ref: '#/components/schemas/EndpointDetails' + EndpointType: + $ref: '#/components/schemas/EndpointType' + IdentityProviderDetails: + $ref: '#/components/schemas/IdentityProviderDetails' + IdentityProviderType: + $ref: '#/components/schemas/IdentityProviderType' + LoggingRole: + type: string + maxLength: 2048 + minLength: 0 + pattern: ^(|arn:.*role/\S+)$ + PostAuthenticationLoginBanner: + type: string + maxLength: 4096 + minLength: 0 + pattern: ^[\x09-\x0D\x20-\x7E]*$ + PreAuthenticationLoginBanner: + type: string + maxLength: 4096 + minLength: 0 + pattern: ^[\x09-\x0D\x20-\x7E]*$ + ProtocolDetails: + $ref: '#/components/schemas/ProtocolDetails' + Protocols: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Protocol' + maxItems: 4 + minItems: 1 + S3StorageOptions: + $ref: '#/components/schemas/S3StorageOptions' + SecurityPolicyName: + type: string + maxLength: 100 + minLength: 0 + pattern: ^TransferSecurityPolicy-.+$ + ServerId: + type: string + maxLength: 19 + minLength: 19 + pattern: ^s-([0-9a-f]{17})$ + State: + $ref: '#/components/schemas/State' + StructuredLogDestinations: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 1600 + minLength: 20 + pattern: ^arn:\S+$ + maxItems: 1 + minItems: 0 + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + minItems: 1 + WorkflowDetails: + $ref: '#/components/schemas/WorkflowDetails' + x-stackQL-stringOnly: true + x-title: CreateServerRequest + type: object + required: [] + CreateUserRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Arn: + type: string + maxLength: 1600 + minLength: 20 + pattern: ^arn:\S+$ + HomeDirectory: + type: string + maxLength: 1024 + minLength: 0 + pattern: ^(|/.*)$ + HomeDirectoryMappings: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/HomeDirectoryMapEntry' + maxItems: 50000 + minItems: 1 + HomeDirectoryType: + $ref: '#/components/schemas/HomeDirectoryType' + Policy: + type: string + maxLength: 2048 + minLength: 0 + PosixProfile: + $ref: '#/components/schemas/PosixProfile' + Role: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:.*role/\S+$ + ServerId: + type: string + maxLength: 19 + minLength: 19 + pattern: ^s-([0-9a-f]{17})$ + SshPublicKeys: + type: array + x-insertionOrder: false + items: + type: string + maxLength: 2048 + minLength: 0 + pattern: ^\s*(ssh|ecdsa)-[a-z0-9-]+[ \t]+(([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{1,3})?(={0,3})?)(\s*|[ \t]+[\S \t]*\s*)$ + description: This represents the SSH User Public Keys for CloudFormation resource + Tags: + type: array + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + maxItems: 50 + minItems: 1 + UserName: + type: string + maxLength: 100 + minLength: 3 + pattern: ^[\w][\w@.-]{2,99}$ + x-stackQL-stringOnly: true + x-title: CreateUserRequest + type: object + required: [] + CreateWorkflowRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + OnExceptionSteps: + description: Specifies the steps (actions) to take if any errors are encountered during execution of the workflow. + type: array + maxItems: 8 + uniqueItems: true + x-insertionOrder: true + items: + $ref: '#/components/schemas/WorkflowStep' + Steps: + description: Specifies the details for the steps that are in the specified workflow. type: array maxItems: 8 uniqueItems: true @@ -2481,214 +2421,233 @@ components: x-stackQL-resources: servers: name: servers - x-cfn-schema-name: DescribedServer + x-cfn-schema-name: Server x-example-where-clause: WHERE region = 'us-east-1' AND ServerId = '' - x-type: native + x-type: cloud_control methods: - create_server: + start_server: serviceName: transfer operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.CreateServer?__nativeEndpoint=true/post' + $ref: '#/paths/~1?__X-Amz-Target=TransferService.StartServer?__nativeEndpoint=true/post' request: mediaType: application/x-amz-json-1.1 - default: | - {} response: - mediaType: application/json openAPIDocKey: '200' - list_servers: + stop_server: serviceName: transfer operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.ListServers?__nativeEndpoint=true/post' + $ref: '#/paths/~1?__X-Amz-Target=TransferService.StopServer?__nativeEndpoint=true/post' request: mediaType: application/x-amz-json-1.1 - default: | - {} response: - objectKey: $.Servers - mediaType: application/json openAPIDocKey: '200' - describe_server: - serviceName: transfer + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.DescribeServer?__nativeEndpoint=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Server&__detailTransformed=true/post' request: - mediaType: application/x-amz-json-1.1 + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Transfer::Server" + } response: - objectKey: $.Server mediaType: application/json openAPIDocKey: '200' - update_server: - serviceName: transfer + update_resource: operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.UpdateServer?__nativeEndpoint=true/post' + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' request: - mediaType: application/x-amz-json-1.1 + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Transfer::Server" + } response: mediaType: application/json openAPIDocKey: '200' - delete_server: - serviceName: transfer - operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.DeleteServer?__nativeEndpoint=true/post' - request: - mediaType: application/x-amz-json-1.1 - response: - openAPIDocKey: '200' - start_server: - serviceName: transfer - operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.StartServer?__nativeEndpoint=true/post' - request: - mediaType: application/x-amz-json-1.1 - response: - openAPIDocKey: '200' - stop_server: - serviceName: transfer + delete_resource: operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.StopServer?__nativeEndpoint=true/post' + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' request: - mediaType: application/x-amz-json-1.1 + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Transfer::Server" + } response: + mediaType: application/json openAPIDocKey: '200' id: aws.transfer.servers sqlVerbs: delete: - - $ref: '#/components/x-stackQL-resources/servers/methods/delete_server' + - $ref: '#/components/x-stackQL-resources/servers/methods/delete_resource' insert: - - $ref: '#/components/x-stackQL-resources/servers/methods/create_server' - select: - - $ref: '#/components/x-stackQL-resources/servers/methods/describe_server' - - $ref: '#/components/x-stackQL-resources/servers/methods/list_servers' + - $ref: '#/components/x-stackQL-resources/servers/methods/create_resource' + select: [] update: - - $ref: '#/components/x-stackQL-resources/servers/methods/update_server' + - $ref: '#/components/x-stackQL-resources/servers/methods/update_resource' title: servers - users: - name: users - x-cfn-schema-name: DescribedUser - x-example-where-clause: WHERE region = 'us-east-1' AND ServerId = '' AND UserName = '' + x-cfn-type-name: AWS::Transfer::Server + x-identifiers: + - Arn + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.As2ServiceManagedEgressIpAddresses') as as2_service_managed_egress_ip_addresses, + JSON_EXTRACT(Properties, '$.Certificate') as certificate, + JSON_EXTRACT(Properties, '$.Domain') as domain, + JSON_EXTRACT(Properties, '$.EndpointDetails') as endpoint_details, + JSON_EXTRACT(Properties, '$.EndpointType') as endpoint_type, + JSON_EXTRACT(Properties, '$.IdentityProviderDetails') as identity_provider_details, + JSON_EXTRACT(Properties, '$.IdentityProviderType') as identity_provider_type, + JSON_EXTRACT(Properties, '$.LoggingRole') as logging_role, + JSON_EXTRACT(Properties, '$.PostAuthenticationLoginBanner') as post_authentication_login_banner, + JSON_EXTRACT(Properties, '$.PreAuthenticationLoginBanner') as pre_authentication_login_banner, + JSON_EXTRACT(Properties, '$.ProtocolDetails') as protocol_details, + JSON_EXTRACT(Properties, '$.Protocols') as protocols, + JSON_EXTRACT(Properties, '$.S3StorageOptions') as s3_storage_options, + JSON_EXTRACT(Properties, '$.SecurityPolicyName') as security_policy_name, + JSON_EXTRACT(Properties, '$.ServerId') as server_id, + JSON_EXTRACT(Properties, '$.State') as state, + JSON_EXTRACT(Properties, '$.StructuredLogDestinations') as structured_log_destinations, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.WorkflowDetails') as workflow_details + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Server' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.As2ServiceManagedEgressIpAddresses') as as2_service_managed_egress_ip_addresses, + JSON_EXTRACT(detail.Properties, '$.Certificate') as certificate, + JSON_EXTRACT(detail.Properties, '$.Domain') as domain, + JSON_EXTRACT(detail.Properties, '$.EndpointDetails') as endpoint_details, + JSON_EXTRACT(detail.Properties, '$.EndpointType') as endpoint_type, + JSON_EXTRACT(detail.Properties, '$.IdentityProviderDetails') as identity_provider_details, + JSON_EXTRACT(detail.Properties, '$.IdentityProviderType') as identity_provider_type, + JSON_EXTRACT(detail.Properties, '$.LoggingRole') as logging_role, + JSON_EXTRACT(detail.Properties, '$.PostAuthenticationLoginBanner') as post_authentication_login_banner, + JSON_EXTRACT(detail.Properties, '$.PreAuthenticationLoginBanner') as pre_authentication_login_banner, + JSON_EXTRACT(detail.Properties, '$.ProtocolDetails') as protocol_details, + JSON_EXTRACT(detail.Properties, '$.Protocols') as protocols, + JSON_EXTRACT(detail.Properties, '$.S3StorageOptions') as s3_storage_options, + JSON_EXTRACT(detail.Properties, '$.SecurityPolicyName') as security_policy_name, + JSON_EXTRACT(detail.Properties, '$.ServerId') as server_id, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.StructuredLogDestinations') as structured_log_destinations, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.WorkflowDetails') as workflow_details + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Transfer::Server' + AND detail.data__TypeName = 'AWS::Transfer::Server' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'As2ServiceManagedEgressIpAddresses') as as2_service_managed_egress_ip_addresses, + json_extract_path_text(Properties, 'Certificate') as certificate, + json_extract_path_text(Properties, 'Domain') as domain, + json_extract_path_text(Properties, 'EndpointDetails') as endpoint_details, + json_extract_path_text(Properties, 'EndpointType') as endpoint_type, + json_extract_path_text(Properties, 'IdentityProviderDetails') as identity_provider_details, + json_extract_path_text(Properties, 'IdentityProviderType') as identity_provider_type, + json_extract_path_text(Properties, 'LoggingRole') as logging_role, + json_extract_path_text(Properties, 'PostAuthenticationLoginBanner') as post_authentication_login_banner, + json_extract_path_text(Properties, 'PreAuthenticationLoginBanner') as pre_authentication_login_banner, + json_extract_path_text(Properties, 'ProtocolDetails') as protocol_details, + json_extract_path_text(Properties, 'Protocols') as protocols, + json_extract_path_text(Properties, 'S3StorageOptions') as s3_storage_options, + json_extract_path_text(Properties, 'SecurityPolicyName') as security_policy_name, + json_extract_path_text(Properties, 'ServerId') as server_id, + json_extract_path_text(Properties, 'State') as state, + json_extract_path_text(Properties, 'StructuredLogDestinations') as structured_log_destinations, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'WorkflowDetails') as workflow_details + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Server' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'As2ServiceManagedEgressIpAddresses') as as2_service_managed_egress_ip_addresses, + json_extract_path_text(detail.Properties, 'Certificate') as certificate, + json_extract_path_text(detail.Properties, 'Domain') as domain, + json_extract_path_text(detail.Properties, 'EndpointDetails') as endpoint_details, + json_extract_path_text(detail.Properties, 'EndpointType') as endpoint_type, + json_extract_path_text(detail.Properties, 'IdentityProviderDetails') as identity_provider_details, + json_extract_path_text(detail.Properties, 'IdentityProviderType') as identity_provider_type, + json_extract_path_text(detail.Properties, 'LoggingRole') as logging_role, + json_extract_path_text(detail.Properties, 'PostAuthenticationLoginBanner') as post_authentication_login_banner, + json_extract_path_text(detail.Properties, 'PreAuthenticationLoginBanner') as pre_authentication_login_banner, + json_extract_path_text(detail.Properties, 'ProtocolDetails') as protocol_details, + json_extract_path_text(detail.Properties, 'Protocols') as protocols, + json_extract_path_text(detail.Properties, 'S3StorageOptions') as s3_storage_options, + json_extract_path_text(detail.Properties, 'SecurityPolicyName') as security_policy_name, + json_extract_path_text(detail.Properties, 'ServerId') as server_id, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'StructuredLogDestinations') as structured_log_destinations, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'WorkflowDetails') as workflow_details + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Transfer::Server' + AND detail.data__TypeName = 'AWS::Transfer::Server' + AND listing.region = 'us-east-1' + public_keys: + name: public_keys + x-description: Imports or deletes a public key for a user x-type: native methods: - list_users: - serviceName: transfer - operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.ListUsers?__nativeEndpoint=true/post' - request: - mediaType: application/x-amz-json-1.1 - response: - objectKey: $.Users - mediaType: application/json - openAPIDocKey: '200' - describe_user: - serviceName: transfer - operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.DescribeUser?__nativeEndpoint=true/post' - request: - mediaType: application/x-amz-json-1.1 - response: - objectKey: $.User - mediaType: application/json - openAPIDocKey: '200' - create_user: - serviceName: transfer - operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.CreateUser?__nativeEndpoint=true/post' - request: - mediaType: application/x-amz-json-1.1 - response: - mediaType: application/json - openAPIDocKey: '200' - update_user: + import_public_key: serviceName: transfer operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.UpdateUser?__nativeEndpoint=true/post' + $ref: '#/paths/~1?__X-Amz-Target=TransferService.ImportSshPublicKey?__nativeEndpoint=true/post' request: mediaType: application/x-amz-json-1.1 response: mediaType: application/json openAPIDocKey: '200' - delete_user: + delete_public_key: serviceName: transfer operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.DeleteUser?__nativeEndpoint=true/post' + $ref: '#/paths/~1?__X-Amz-Target=TransferService.DeleteSshPublicKey?__nativeEndpoint=true/post' request: mediaType: application/x-amz-json-1.1 response: openAPIDocKey: '200' - id: aws.transfer.users + id: aws.transfer.public_keys sqlVerbs: delete: - - $ref: '#/components/x-stackQL-resources/users/methods/delete_user' - insert: - - $ref: '#/components/x-stackQL-resources/users/methods/create_user' - select: - - $ref: '#/components/x-stackQL-resources/users/methods/describe_user' - - $ref: '#/components/x-stackQL-resources/users/methods/list_users' - update: - - $ref: '#/components/x-stackQL-resources/users/methods/update_user' - title: users - public_keys: - name: public_keys - x-description: Imports or deletes a public key for a user - x-type: native - methods: - import_public_key: - serviceName: transfer - operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.ImportSshPublicKey?__nativeEndpoint=true/post' - request: - mediaType: application/x-amz-json-1.1 - response: - mediaType: application/json - openAPIDocKey: '200' - delete_public_key: - serviceName: transfer - operation: - $ref: '#/paths/~1?__X-Amz-Target=TransferService.DeleteSshPublicKey?__nativeEndpoint=true/post' - request: - mediaType: application/x-amz-json-1.1 - response: - openAPIDocKey: '200' - id: aws.transfer.public_keys - sqlVerbs: - delete: - - $ref: '#/components/x-stackQL-resources/public_keys/methods/delete_public_key' + - $ref: '#/components/x-stackQL-resources/public_keys/methods/delete_public_key' insert: - $ref: '#/components/x-stackQL-resources/public_keys/methods/import_public_key' select: [] update: [] title: public_keys - server_tags: - name: server_tags - id: aws.transfer.server_tags - x-cfn-schema-name: server_tags - x-type: view - config: - views: - select: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - data__ServerId, - region, - JSON_EXTRACT(json_each.value, '$.Key') as key, - JSON_EXTRACT(json_each.value, '$.Value') as value - FROM aws.transfer.servers, json_each(Tags) - WHERE region = 'us-east-1' - AND data__ServerId = 's-ab1234567890123cd' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - data__ServerId, - region, - json_array_elements_text(Tags)::jsonb ->> 'Key' as key, - json_array_elements_text(Tags)::jsonb ->> 'Value' as value - FROM - aws.transfer.servers - WHERE - region = 'us-east-1' - AND data__ServerId = 's-ab1234567890123cd' user_public_keys: name: user_public_keys id: aws.transfer.user_public_keys @@ -2700,32 +2659,30 @@ components: predicate: sqlDialect == "sqlite3" ddl: |- SELECT - data__ServerId, - data__UserName, - region, - JSON_EXTRACT(json_each.value, '$.SshPublicKeyBody') as ssh_public_key_body, - JSON_EXTRACT(json_each.value, '$.SshPublicKeyId') as ssh_public_key_id, - JSON_EXTRACT(json_each.value, '$.DateImported') as date_imported - FROM aws.transfer.users, json_each(SshPublicKeys) - WHERE region = 'us-east-1' - AND data__ServerId = 's-ab1234567890123cd' - AND data__UserName = 'my_user_name' + region, + server_id, + user_name, + json_each.value as ssh_public_key + FROM + aws.transfer.users, json_each(ssh_public_keys) + WHERE + region = 'us-east-1' + AND server_id = 's-ab1234567890123cd' + AND user_name = 'my_user_name' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT - data__ServerId, - data__UserName, region, - json_array_elements_text(SshPublicKeys)::jsonb ->> 'SshPublicKeyBody' as ssh_public_key_body, - json_array_elements_text(SshPublicKeys)::jsonb ->> 'SshPublicKeyId' as ssh_public_key_id, - json_array_elements_text(SshPublicKeys)::jsonb ->> 'DateImported' as date_imported + server_id, + user_name, + json_array_elements_text(ssh_public_keys) as ssh_public_key FROM aws.transfer.users WHERE region = 'us-east-1' - AND data__ServerId = 's-ab1234567890123cd' - AND data__UserName = 'my_user_name' + AND server_id = 's-ab1234567890123cd' + AND user_name = 'my_user_name' agreements: name: agreements id: aws.transfer.agreements @@ -3660,13 +3617,125 @@ components: WHERE listing.data__TypeName = 'AWS::Transfer::Profile' AND detail.data__TypeName = 'AWS::Transfer::Profile' AND listing.region = 'us-east-1' - workflows: - name: workflows - id: aws.transfer.workflows - x-cfn-schema-name: Workflow - x-cfn-type-name: AWS::Transfer::Workflow + servers_list_only: + name: servers_list_only + id: aws.transfer.servers_list_only + x-cfn-schema-name: Server + x-cfn-type-name: AWS::Transfer::Server x-identifiers: - - WorkflowId + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Server' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Server' + AND region = 'us-east-1' + server_tags: + name: server_tags + id: aws.transfer.server_tags + x-cfn-schema-name: Server + x-cfn-type-name: AWS::Transfer::Server + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.As2ServiceManagedEgressIpAddresses') as as2_service_managed_egress_ip_addresses, + JSON_EXTRACT(detail.Properties, '$.Certificate') as certificate, + JSON_EXTRACT(detail.Properties, '$.Domain') as domain, + JSON_EXTRACT(detail.Properties, '$.EndpointDetails') as endpoint_details, + JSON_EXTRACT(detail.Properties, '$.EndpointType') as endpoint_type, + JSON_EXTRACT(detail.Properties, '$.IdentityProviderDetails') as identity_provider_details, + JSON_EXTRACT(detail.Properties, '$.IdentityProviderType') as identity_provider_type, + JSON_EXTRACT(detail.Properties, '$.LoggingRole') as logging_role, + JSON_EXTRACT(detail.Properties, '$.PostAuthenticationLoginBanner') as post_authentication_login_banner, + JSON_EXTRACT(detail.Properties, '$.PreAuthenticationLoginBanner') as pre_authentication_login_banner, + JSON_EXTRACT(detail.Properties, '$.ProtocolDetails') as protocol_details, + JSON_EXTRACT(detail.Properties, '$.Protocols') as protocols, + JSON_EXTRACT(detail.Properties, '$.S3StorageOptions') as s3_storage_options, + JSON_EXTRACT(detail.Properties, '$.SecurityPolicyName') as security_policy_name, + JSON_EXTRACT(detail.Properties, '$.ServerId') as server_id, + JSON_EXTRACT(detail.Properties, '$.State') as state, + JSON_EXTRACT(detail.Properties, '$.StructuredLogDestinations') as structured_log_destinations, + JSON_EXTRACT(detail.Properties, '$.WorkflowDetails') as workflow_details + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Transfer::Server' + AND detail.data__TypeName = 'AWS::Transfer::Server' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'As2ServiceManagedEgressIpAddresses') as as2_service_managed_egress_ip_addresses, + json_extract_path_text(detail.Properties, 'Certificate') as certificate, + json_extract_path_text(detail.Properties, 'Domain') as domain, + json_extract_path_text(detail.Properties, 'EndpointDetails') as endpoint_details, + json_extract_path_text(detail.Properties, 'EndpointType') as endpoint_type, + json_extract_path_text(detail.Properties, 'IdentityProviderDetails') as identity_provider_details, + json_extract_path_text(detail.Properties, 'IdentityProviderType') as identity_provider_type, + json_extract_path_text(detail.Properties, 'LoggingRole') as logging_role, + json_extract_path_text(detail.Properties, 'PostAuthenticationLoginBanner') as post_authentication_login_banner, + json_extract_path_text(detail.Properties, 'PreAuthenticationLoginBanner') as pre_authentication_login_banner, + json_extract_path_text(detail.Properties, 'ProtocolDetails') as protocol_details, + json_extract_path_text(detail.Properties, 'Protocols') as protocols, + json_extract_path_text(detail.Properties, 'S3StorageOptions') as s3_storage_options, + json_extract_path_text(detail.Properties, 'SecurityPolicyName') as security_policy_name, + json_extract_path_text(detail.Properties, 'ServerId') as server_id, + json_extract_path_text(detail.Properties, 'State') as state, + json_extract_path_text(detail.Properties, 'StructuredLogDestinations') as structured_log_destinations, + json_extract_path_text(detail.Properties, 'WorkflowDetails') as workflow_details + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Transfer::Server' + AND detail.data__TypeName = 'AWS::Transfer::Server' + AND listing.region = 'us-east-1' + users: + name: users + id: aws.transfer.users + x-cfn-schema-name: User + x-cfn-type-name: AWS::Transfer::User + x-identifiers: + - Arn x-type: cloud_control methods: create_resource: @@ -3674,12 +3743,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Workflow&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__User&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Transfer::Workflow" + "TypeName": "AWS::Transfer::User" } response: mediaType: application/json @@ -3691,7 +3760,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Transfer::Workflow" + "TypeName": "AWS::Transfer::User" } response: mediaType: application/json @@ -3703,18 +3772,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Transfer::Workflow" + "TypeName": "AWS::Transfer::User" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/workflows/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/users/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/workflows/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/users/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/workflows/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/users/methods/update_resource' config: views: select: @@ -3723,32 +3792,42 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.OnExceptionSteps') as on_exception_steps, - JSON_EXTRACT(Properties, '$.Steps') as steps, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.HomeDirectory') as home_directory, + JSON_EXTRACT(Properties, '$.HomeDirectoryMappings') as home_directory_mappings, + JSON_EXTRACT(Properties, '$.HomeDirectoryType') as home_directory_type, + JSON_EXTRACT(Properties, '$.Policy') as policy, + JSON_EXTRACT(Properties, '$.PosixProfile') as posix_profile, + JSON_EXTRACT(Properties, '$.Role') as role, + JSON_EXTRACT(Properties, '$.ServerId') as server_id, + JSON_EXTRACT(Properties, '$.SshPublicKeys') as ssh_public_keys, JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.WorkflowId') as workflow_id, - JSON_EXTRACT(Properties, '$.Arn') as arn - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Workflow' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.UserName') as user_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::User' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.OnExceptionSteps') as on_exception_steps, - JSON_EXTRACT(detail.Properties, '$.Steps') as steps, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.HomeDirectory') as home_directory, + JSON_EXTRACT(detail.Properties, '$.HomeDirectoryMappings') as home_directory_mappings, + JSON_EXTRACT(detail.Properties, '$.HomeDirectoryType') as home_directory_type, + JSON_EXTRACT(detail.Properties, '$.Policy') as policy, + JSON_EXTRACT(detail.Properties, '$.PosixProfile') as posix_profile, + JSON_EXTRACT(detail.Properties, '$.Role') as role, + JSON_EXTRACT(detail.Properties, '$.ServerId') as server_id, + JSON_EXTRACT(detail.Properties, '$.SshPublicKeys') as ssh_public_keys, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.WorkflowId') as workflow_id, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn + JSON_EXTRACT(detail.Properties, '$.UserName') as user_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Transfer::Workflow' - AND detail.data__TypeName = 'AWS::Transfer::Workflow' + WHERE listing.data__TypeName = 'AWS::Transfer::User' + AND detail.data__TypeName = 'AWS::Transfer::User' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -3756,40 +3835,50 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'OnExceptionSteps') as on_exception_steps, - json_extract_path_text(Properties, 'Steps') as steps, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'HomeDirectory') as home_directory, + json_extract_path_text(Properties, 'HomeDirectoryMappings') as home_directory_mappings, + json_extract_path_text(Properties, 'HomeDirectoryType') as home_directory_type, + json_extract_path_text(Properties, 'Policy') as policy, + json_extract_path_text(Properties, 'PosixProfile') as posix_profile, + json_extract_path_text(Properties, 'Role') as role, + json_extract_path_text(Properties, 'ServerId') as server_id, + json_extract_path_text(Properties, 'SshPublicKeys') as ssh_public_keys, json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'WorkflowId') as workflow_id, - json_extract_path_text(Properties, 'Arn') as arn - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Workflow' - AND data__Identifier = '' + json_extract_path_text(Properties, 'UserName') as user_name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::User' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'OnExceptionSteps') as on_exception_steps, - json_extract_path_text(detail.Properties, 'Steps') as steps, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'HomeDirectory') as home_directory, + json_extract_path_text(detail.Properties, 'HomeDirectoryMappings') as home_directory_mappings, + json_extract_path_text(detail.Properties, 'HomeDirectoryType') as home_directory_type, + json_extract_path_text(detail.Properties, 'Policy') as policy, + json_extract_path_text(detail.Properties, 'PosixProfile') as posix_profile, + json_extract_path_text(detail.Properties, 'Role') as role, + json_extract_path_text(detail.Properties, 'ServerId') as server_id, + json_extract_path_text(detail.Properties, 'SshPublicKeys') as ssh_public_keys, json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'WorkflowId') as workflow_id, - json_extract_path_text(detail.Properties, 'Arn') as arn + json_extract_path_text(detail.Properties, 'UserName') as user_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Transfer::Workflow' - AND detail.data__TypeName = 'AWS::Transfer::Workflow' + WHERE listing.data__TypeName = 'AWS::Transfer::User' + AND detail.data__TypeName = 'AWS::Transfer::User' AND listing.region = 'us-east-1' - workflows_list_only: - name: workflows_list_only - id: aws.transfer.workflows_list_only - x-cfn-schema-name: Workflow - x-cfn-type-name: AWS::Transfer::Workflow + users_list_only: + name: users_list_only + id: aws.transfer.users_list_only + x-cfn-schema-name: User + x-cfn-type-name: AWS::Transfer::User x-identifiers: - - WorkflowId + - Arn x-type: cloud_control_view methods: {} sqlVerbs: @@ -3803,22 +3892,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.WorkflowId') as workflow_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Workflow' + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::User' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'WorkflowId') as workflow_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Workflow' + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::User' AND region = 'us-east-1' - workflow_tags: - name: workflow_tags - id: aws.transfer.workflow_tags - x-cfn-schema-name: Workflow - x-cfn-type-name: AWS::Transfer::Workflow + user_tags: + name: user_tags + id: aws.transfer.user_tags + x-cfn-schema-name: User + x-cfn-type-name: AWS::Transfer::User x-type: cloud_control_view methods: {} sqlVerbs: @@ -3834,18 +3923,23 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.OnExceptionSteps') as on_exception_steps, - JSON_EXTRACT(detail.Properties, '$.Steps') as steps, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.WorkflowId') as workflow_id, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.HomeDirectory') as home_directory, + JSON_EXTRACT(detail.Properties, '$.HomeDirectoryMappings') as home_directory_mappings, + JSON_EXTRACT(detail.Properties, '$.HomeDirectoryType') as home_directory_type, + JSON_EXTRACT(detail.Properties, '$.Policy') as policy, + JSON_EXTRACT(detail.Properties, '$.PosixProfile') as posix_profile, + JSON_EXTRACT(detail.Properties, '$.Role') as role, + JSON_EXTRACT(detail.Properties, '$.ServerId') as server_id, + JSON_EXTRACT(detail.Properties, '$.SshPublicKeys') as ssh_public_keys, + JSON_EXTRACT(detail.Properties, '$.UserName') as user_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::Transfer::Workflow' - AND detail.data__TypeName = 'AWS::Transfer::Workflow' + WHERE listing.data__TypeName = 'AWS::Transfer::User' + AND detail.data__TypeName = 'AWS::Transfer::User' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -3854,830 +3948,233 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'OnExceptionSteps') as on_exception_steps, - json_extract_path_text(detail.Properties, 'Steps') as steps, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'WorkflowId') as workflow_id, - json_extract_path_text(detail.Properties, 'Arn') as arn + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'HomeDirectory') as home_directory, + json_extract_path_text(detail.Properties, 'HomeDirectoryMappings') as home_directory_mappings, + json_extract_path_text(detail.Properties, 'HomeDirectoryType') as home_directory_type, + json_extract_path_text(detail.Properties, 'Policy') as policy, + json_extract_path_text(detail.Properties, 'PosixProfile') as posix_profile, + json_extract_path_text(detail.Properties, 'Role') as role, + json_extract_path_text(detail.Properties, 'ServerId') as server_id, + json_extract_path_text(detail.Properties, 'SshPublicKeys') as ssh_public_keys, + json_extract_path_text(detail.Properties, 'UserName') as user_name FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::Transfer::Workflow' - AND detail.data__TypeName = 'AWS::Transfer::Workflow' + WHERE listing.data__TypeName = 'AWS::Transfer::User' + AND detail.data__TypeName = 'AWS::Transfer::User' AND listing.region = 'us-east-1' -paths: - /?Action=CreateResource&Version=2021-09-30: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: CreateResource - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?Action=DeleteResource&Version=2021-09-30: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: DeleteResource - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.DeleteResource - enum: - - CloudApiService.DeleteResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' - description: Success - /?Action=UpdateResource&Version=2021-09-30: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: UpdateResource - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.UpdateResource - enum: - - CloudApiService.UpdateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - properties: - ClientName: - type: string - Identifier: - $ref: '#/components/x-cloud-control-schemas/Identifier' - PatchDocument: - type: string - RoleArn: - $ref: '#/components/x-cloud-control-schemas/RoleArn' - TypeName: - $ref: '#/components/x-cloud-control-schemas/TypeName' - TypeVersionId: - $ref: '#/components/x-cloud-control-schemas/TypeVersionId' - required: - - Identifier - - PatchDocument - type: object - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' - description: Success - /?Action=CreateResource&Version=2021-09-30&__Agreement&__detailTransformed=true: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: CreateAgreement - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateAgreementRequest' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?Action=CreateResource&Version=2021-09-30&__Certificate&__detailTransformed=true: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: CreateCertificate - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateCertificateRequest' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?Action=CreateResource&Version=2021-09-30&__Connector&__detailTransformed=true: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: CreateConnector - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateConnectorRequest' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?Action=CreateResource&Version=2021-09-30&__Profile&__detailTransformed=true: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: CreateProfile - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateProfileRequest' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?Action=CreateResource&Version=2021-09-30&__Workflow&__detailTransformed=true: - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - post: - operationId: CreateWorkflow - parameters: - - description: Action Header - in: header - name: X-Amz-Target - required: false - schema: - default: CloudApiService.CreateResource - enum: - - CloudApiService.CreateResource - type: string - - in: header - name: Content-Type - required: false - schema: - default: application/x-amz-json-1.0 - enum: - - application/x-amz-json-1.0 - type: string - requestBody: - content: - application/x-amz-json-1.0: - schema: - $ref: '#/components/schemas/CreateWorkflowRequest' - required: true - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/x-cloud-control-schemas/ProgressEvent' - description: Success - /?__X-Amz-Target=TransferService.CreateServer?__nativeEndpoint=true: - post: - operationId: CreateServer - description: Instantiates an auto-scaling virtual server based on the selected file transfer protocol in Amazon Web Services. When you make updates to your file transfer protocol-enabled server or when you work with users, use the service-generated ServerId property that is assigned to the newly created server. - responses: - '200': - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/CreateServerResponse' - '480': - description: AccessDeniedException - content: - application/json: - schema: - $ref: '#/components/schemas/AccessDeniedException' - '481': - description: ServiceUnavailableException - content: - application/json: - schema: - $ref: '#/components/schemas/ServiceUnavailableException' - '482': - description: InternalServiceError - content: - application/json: - schema: - $ref: '#/components/schemas/InternalServiceError' - '483': - description: InvalidRequestException - content: - application/json: - schema: - $ref: '#/components/schemas/InvalidRequestException' - '484': - description: ResourceExistsException - content: - application/json: - schema: - $ref: '#/components/schemas/ResourceExistsException' - '485': - description: ResourceNotFoundException - content: - application/json: - schema: - $ref: '#/components/schemas/ResourceNotFoundException' - '486': - description: ThrottlingException - content: - application/json: - schema: - $ref: '#/components/schemas/ThrottlingException' - requestBody: - required: true - content: - application/x-amz-json-1.1: - schema: - $ref: '#/components/schemas/CreateServerRequest' - parameters: - - name: X-Amz-Target - in: header - schema: - type: string - default: TransferService.CreateServer - enum: - - TransferService.CreateServer - servers: - - url: https://transfer.{region}.amazonaws.com - variables: - region: - description: The AWS region - enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 - description: The AWS Transfer multi-region endpoint - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.CreateUser?__nativeEndpoint=true: - post: - operationId: CreateUser - description: >- - Creates a user and associates them with an existing file transfer protocol-enabled server. You can only create and associate users with servers that have the IdentityProviderType set to SERVICE_MANAGED. Using parameters for CreateUser, you can specify the user name, set the home directory, store the user's public key, and assign the user's Identity and Access Management (IAM) role. You can also optionally add a session policy, and assign metadata - with tags that can be used to group and search for users. - responses: - '200': - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/CreateUserResponse' - '480': - description: ServiceUnavailableException - content: - application/json: - schema: - $ref: '#/components/schemas/ServiceUnavailableException' - '481': - description: InternalServiceError - content: - application/json: - schema: - $ref: '#/components/schemas/InternalServiceError' - '482': - description: InvalidRequestException - content: - application/json: - schema: - $ref: '#/components/schemas/InvalidRequestException' - '483': - description: ResourceExistsException - content: - application/json: - schema: - $ref: '#/components/schemas/ResourceExistsException' - '484': - description: ResourceNotFoundException - content: - application/json: - schema: - $ref: '#/components/schemas/ResourceNotFoundException' - requestBody: - required: true - content: - application/x-amz-json-1.1: - schema: - $ref: '#/components/schemas/CreateUserRequest' - parameters: - - name: X-Amz-Target - in: header - schema: - type: string - default: TransferService.CreateUser - enum: - - TransferService.CreateUser - servers: - - url: https://transfer.{region}.amazonaws.com - variables: - region: - description: The AWS region - enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 - description: The AWS Transfer multi-region endpoint - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.DeleteServer?__nativeEndpoint=true: - post: - operationId: DeleteServer - description:

Deletes the file transfer protocol-enabled server that you specify.

No response returns from this operation.

- responses: - '200': - description: Success - '480': - description: AccessDeniedException - content: - application/json: - schema: - $ref: '#/components/schemas/AccessDeniedException' - '481': - description: ServiceUnavailableException - content: - application/json: - schema: - $ref: '#/components/schemas/ServiceUnavailableException' - '482': - description: InternalServiceError - content: - application/json: - schema: - $ref: '#/components/schemas/InternalServiceError' - '483': - description: InvalidRequestException - content: - application/json: - schema: - $ref: '#/components/schemas/InvalidRequestException' - '484': - description: ResourceNotFoundException - content: - application/json: - schema: - $ref: '#/components/schemas/ResourceNotFoundException' - requestBody: - required: true - content: - application/x-amz-json-1.1: - schema: - $ref: '#/components/schemas/DeleteServerRequest' - parameters: - - name: X-Amz-Target - in: header - schema: - type: string - default: TransferService.DeleteServer - enum: - - TransferService.DeleteServer - servers: - - url: https://transfer.{region}.amazonaws.com - variables: - region: - description: The AWS region - enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 - description: The AWS Transfer multi-region endpoint - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.DeleteSshPublicKey?__nativeEndpoint=true: - post: - operationId: DeleteSshPublicKey - description: Deletes a user's Secure Shell (SSH) public key. - responses: - '200': - description: Success - '480': - description: ServiceUnavailableException - content: - application/json: - schema: - $ref: '#/components/schemas/ServiceUnavailableException' - '481': - description: InternalServiceError - content: - application/json: - schema: - $ref: '#/components/schemas/InternalServiceError' - '482': - description: InvalidRequestException - content: - application/json: - schema: - $ref: '#/components/schemas/InvalidRequestException' - '483': - description: ResourceNotFoundException - content: - application/json: - schema: - $ref: '#/components/schemas/ResourceNotFoundException' - '484': - description: ThrottlingException - content: - application/json: - schema: - $ref: '#/components/schemas/ThrottlingException' - requestBody: - required: true - content: - application/x-amz-json-1.1: - schema: - $ref: '#/components/schemas/DeleteSshPublicKeyRequest' - parameters: - - name: X-Amz-Target - in: header - schema: - type: string - default: TransferService.DeleteSshPublicKey - enum: - - TransferService.DeleteSshPublicKey - servers: - - url: https://transfer.{region}.amazonaws.com - variables: - region: - description: The AWS region - enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 - description: The AWS Transfer multi-region endpoint - parameters: - - $ref: '#/components/parameters/X-Amz-Content-Sha256' - - $ref: '#/components/parameters/X-Amz-Date' - - $ref: '#/components/parameters/X-Amz-Algorithm' - - $ref: '#/components/parameters/X-Amz-Credential' - - $ref: '#/components/parameters/X-Amz-Security-Token' - - $ref: '#/components/parameters/X-Amz-Signature' - - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.DeleteUser?__nativeEndpoint=true: - post: - operationId: DeleteUser - description:

Deletes the user belonging to a file transfer protocol-enabled server you specify.

No response returns from this operation.

When you delete a user from a server, the user's information is lost.

 - responses: - '200': - description: Success - '480': - description: ServiceUnavailableException - content: - application/json: - schema: - $ref: '#/components/schemas/ServiceUnavailableException' - '481': - description: InternalServiceError - content: - application/json: - schema: - $ref: '#/components/schemas/InternalServiceError' - '482': - description: InvalidRequestException - content: - application/json: - schema: - $ref: '#/components/schemas/InvalidRequestException' - '483': - description: ResourceNotFoundException - content: - application/json: - schema: - $ref: '#/components/schemas/ResourceNotFoundException' - requestBody: - required: true - content: - application/x-amz-json-1.1: - schema: - $ref: '#/components/schemas/DeleteUserRequest' - parameters: - - name: X-Amz-Target - in: header - schema: - type: string - default: TransferService.DeleteUser - enum: - - TransferService.DeleteUser - servers: - - url: https://transfer.{region}.amazonaws.com - variables: - region: - description: The AWS region - enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 - description: The AWS Transfer multi-region endpoint + workflows: + name: workflows + id: aws.transfer.workflows + x-cfn-schema-name: Workflow + x-cfn-type-name: AWS::Transfer::Workflow + x-identifiers: + - WorkflowId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Workflow&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Transfer::Workflow" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Transfer::Workflow" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Transfer::Workflow" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/workflows/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/workflows/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/workflows/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.OnExceptionSteps') as on_exception_steps, + JSON_EXTRACT(Properties, '$.Steps') as steps, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.WorkflowId') as workflow_id, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Workflow' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.OnExceptionSteps') as on_exception_steps, + JSON_EXTRACT(detail.Properties, '$.Steps') as steps, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.WorkflowId') as workflow_id, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Transfer::Workflow' + AND detail.data__TypeName = 'AWS::Transfer::Workflow' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'OnExceptionSteps') as on_exception_steps, + json_extract_path_text(Properties, 'Steps') as steps, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'WorkflowId') as workflow_id, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Transfer::Workflow' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'OnExceptionSteps') as on_exception_steps, + json_extract_path_text(detail.Properties, 'Steps') as steps, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'WorkflowId') as workflow_id, + json_extract_path_text(detail.Properties, 'Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Transfer::Workflow' + AND detail.data__TypeName = 'AWS::Transfer::Workflow' + AND listing.region = 'us-east-1' + workflows_list_only: + name: workflows_list_only + id: aws.transfer.workflows_list_only + x-cfn-schema-name: Workflow + x-cfn-type-name: AWS::Transfer::Workflow + x-identifiers: + - WorkflowId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.WorkflowId') as workflow_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Workflow' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'WorkflowId') as workflow_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Transfer::Workflow' + AND region = 'us-east-1' + workflow_tags: + name: workflow_tags + id: aws.transfer.workflow_tags + x-cfn-schema-name: Workflow + x-cfn-type-name: AWS::Transfer::Workflow + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.OnExceptionSteps') as on_exception_steps, + JSON_EXTRACT(detail.Properties, '$.Steps') as steps, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.WorkflowId') as workflow_id, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Transfer::Workflow' + AND detail.data__TypeName = 'AWS::Transfer::Workflow' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'OnExceptionSteps') as on_exception_steps, + json_extract_path_text(detail.Properties, 'Steps') as steps, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'WorkflowId') as workflow_id, + json_extract_path_text(detail.Properties, 'Arn') as arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Transfer::Workflow' + AND detail.data__TypeName = 'AWS::Transfer::Workflow' + AND listing.region = 'us-east-1' +paths: + /?Action=CreateResource&Version=2021-09-30: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -4686,86 +4183,82 @@ paths: - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.DescribeServer?__nativeEndpoint=true: post: - operationId: DescribeServer - description:

Describes a file transfer protocol-enabled server that you specify by passing the ServerId parameter.

The response contains a description of a server's properties. When you set EndpointType to VPC, the response will contain the EndpointDetails.

+ operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true responses: '200': - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/DescribeServerResponse' - '480': - description: ServiceUnavailableException - content: - application/json: - schema: - $ref: '#/components/schemas/ServiceUnavailableException' - '481': - description: InternalServiceError - content: - application/json: - schema: - $ref: '#/components/schemas/InternalServiceError' - '482': - description: InvalidRequestException - content: - application/json: - schema: - $ref: '#/components/schemas/InvalidRequestException' - '483': - description: ResourceNotFoundException content: application/json: schema: - $ref: '#/components/schemas/ResourceNotFoundException' - requestBody: - required: true - content: - application/x-amz-json-1.1: - schema: - $ref: '#/components/schemas/DescribeServerRequest' + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource parameters: - - name: X-Amz-Target + - description: Action Header in: header + name: X-Amz-Target + required: false schema: - type: string - default: TransferService.DescribeServer + default: CloudApiService.DeleteResource enum: - - TransferService.DescribeServer - servers: - - url: https://transfer.{region}.amazonaws.com - variables: - region: - description: The AWS region + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 - description: The AWS Transfer multi-region endpoint + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -4774,86 +4267,98 @@ paths: - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.DescribeUser?__nativeEndpoint=true: post: - operationId: DescribeUser - description:

Describes the user assigned to the specific file transfer protocol-enabled server, as identified by its ServerId property.

The response from this call returns the properties of the user associated with the ServerId value that was specified.

+ operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true responses: '200': - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/DescribeUserResponse' - '480': - description: ServiceUnavailableException - content: - application/json: - schema: - $ref: '#/components/schemas/ServiceUnavailableException' - '481': - description: InternalServiceError - content: - application/json: - schema: - $ref: '#/components/schemas/InternalServiceError' - '482': - description: InvalidRequestException - content: - application/json: - schema: - $ref: '#/components/schemas/InvalidRequestException' - '483': - description: ResourceNotFoundException content: application/json: schema: - $ref: '#/components/schemas/ResourceNotFoundException' - requestBody: - required: true - content: - application/x-amz-json-1.1: - schema: - $ref: '#/components/schemas/DescribeUserRequest' + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Agreement&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateAgreement parameters: - - name: X-Amz-Target + - description: Action Header in: header + name: X-Amz-Target + required: false schema: - type: string - default: TransferService.DescribeUser - enum: - - TransferService.DescribeUser - servers: - - url: https://transfer.{region}.amazonaws.com - variables: - region: - description: The AWS region - enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 - description: The AWS Transfer multi-region endpoint + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateAgreementRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Certificate&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -4862,98 +4367,40 @@ paths: - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.ImportSshPublicKey?__nativeEndpoint=true: post: - operationId: ImportSshPublicKey - description:

Adds a Secure Shell (SSH) public key to a Transfer Family user identified by a UserName value assigned to the specific file transfer protocol-enabled server, identified by ServerId.

The response returns the UserName value, the ServerId value, and the name of the SshPublicKeyId.

- responses: - '200': - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/ImportSshPublicKeyResponse' - '480': - description: ServiceUnavailableException - content: - application/json: - schema: - $ref: '#/components/schemas/ServiceUnavailableException' - '481': - description: InternalServiceError - content: - application/json: - schema: - $ref: '#/components/schemas/InternalServiceError' - '482': - description: InvalidRequestException - content: - application/json: - schema: - $ref: '#/components/schemas/InvalidRequestException' - '483': - description: ResourceExistsException - content: - application/json: - schema: - $ref: '#/components/schemas/ResourceExistsException' - '484': - description: ResourceNotFoundException - content: - application/json: - schema: - $ref: '#/components/schemas/ResourceNotFoundException' - '485': - description: ThrottlingException - content: - application/json: - schema: - $ref: '#/components/schemas/ThrottlingException' - requestBody: - required: true - content: - application/x-amz-json-1.1: - schema: - $ref: '#/components/schemas/ImportSshPublicKeyRequest' + operationId: CreateCertificate parameters: - - name: X-Amz-Target + - description: Action Header in: header + name: X-Amz-Target + required: false schema: - type: string - default: TransferService.ImportSshPublicKey + default: CloudApiService.CreateResource enum: - - TransferService.ImportSshPublicKey - servers: - - url: https://transfer.{region}.amazonaws.com - variables: - region: - description: The AWS region + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 - description: The AWS Transfer multi-region endpoint + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateCertificateRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Connector&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -4962,101 +4409,82 @@ paths: - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.ListServers?__nativeEndpoint=true: post: - operationId: ListServers - description: | - Lists the file transfer protocol-enabled - servers that are associated with your - Amazon Web Services account. + operationId: CreateConnector + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateConnectorRequest' + required: true responses: '200': - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/ListServersResponse' - '480': - description: ServiceUnavailableException - content: - application/json: - schema: - $ref: '#/components/schemas/ServiceUnavailableException' - '481': - description: InternalServiceError content: application/json: schema: - $ref: '#/components/schemas/InternalServiceError' - '482': - description: InvalidNextTokenException - content: - application/json: - schema: - $ref: '#/components/schemas/InvalidNextTokenException' - '483': - description: InvalidRequestException - content: - application/json: - schema: - $ref: '#/components/schemas/InvalidRequestException' - requestBody: - required: true - content: - application/x-amz-json-1.1: - schema: - $ref: '#/components/schemas/ListServersRequest' + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Profile&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateProfile parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit + - description: Action Header + in: header + name: X-Amz-Target required: false - - name: NextToken - in: query schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource type: string - description: Pagination token + - in: header + name: Content-Type required: false - - name: X-Amz-Target - in: header schema: - type: string - default: TransferService.ListServers - enum: - - TransferService.ListServers - servers: - - url: https://transfer.{region}.amazonaws.com - variables: - region: - description: The AWS region + default: application/x-amz-json-1.0 enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 - description: The AWS Transfer multi-region endpoint + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateProfileRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Server&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5065,104 +4493,82 @@ paths: - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.ListUsers?__nativeEndpoint=true: post: - operationId: ListUsers - description: Lists the users for a file transfer protocol-enabled server that you specify by passing the ServerId parameter. + operationId: CreateServer + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateServerRequest' + required: true responses: '200': - description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/ListUsersResponse' - '480': - description: ServiceUnavailableException - content: - application/json: - schema: - $ref: '#/components/schemas/ServiceUnavailableException' - '481': - description: InternalServiceError - content: - application/json: - schema: - $ref: '#/components/schemas/InternalServiceError' - '482': - description: InvalidNextTokenException - content: - application/json: - schema: - $ref: '#/components/schemas/InvalidNextTokenException' - '483': - description: InvalidRequestException content: application/json: schema: - $ref: '#/components/schemas/InvalidRequestException' - '484': - description: ResourceNotFoundException - content: - application/json: - schema: - $ref: '#/components/schemas/ResourceNotFoundException' - requestBody: - required: true - content: - application/x-amz-json-1.1: - schema: - $ref: '#/components/schemas/ListUsersRequest' + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__User&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateUser parameters: - - name: MaxResults - in: query - schema: - type: string - description: Pagination limit + - description: Action Header + in: header + name: X-Amz-Target required: false - - name: NextToken - in: query schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource type: string - description: Pagination token + - in: header + name: Content-Type required: false - - name: X-Amz-Target - in: header schema: - type: string - default: TransferService.ListUsers - enum: - - TransferService.ListUsers - servers: - - url: https://transfer.{region}.amazonaws.com - variables: - region: - description: The AWS region + default: application/x-amz-json-1.0 enum: - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - - us-gov-west-1 - - us-gov-east-1 - - ca-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-central-1 - - eu-south-1 - - af-south-1 - - ap-northeast-1 - - ap-northeast-2 - - ap-northeast-3 - - ap-southeast-1 - - ap-southeast-2 - - ap-east-1 - - ap-south-1 - - sa-east-1 - - me-south-1 - default: us-east-1 - description: The AWS Transfer multi-region endpoint + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateUserRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__Workflow&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -5171,12 +4577,43 @@ paths: - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.StartServer?__nativeEndpoint=true: post: - operationId: StartServer - description: >- -

Changes the state of a file transfer protocol-enabled server from OFFLINE to ONLINE. It has no impact on a server that is already ONLINE. An ONLINE server can accept and process file transfer jobs.

The state of STARTING indicates that the server is in an intermediate state, either not fully able to respond, or not fully online. The values of START_FAILED can indicate an error condition.

No - response is returned from this call.

+ operationId: CreateWorkflow + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateWorkflowRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?__X-Amz-Target=TransferService.DeleteSshPublicKey?__nativeEndpoint=true: + post: + operationId: DeleteSshPublicKey + description: Deletes a user's Secure Shell (SSH) public key. responses: '200': description: Success @@ -5215,15 +4652,15 @@ paths: content: application/x-amz-json-1.1: schema: - $ref: '#/components/schemas/StartServerRequest' + $ref: '#/components/schemas/DeleteSshPublicKeyRequest' parameters: - name: X-Amz-Target in: header schema: type: string - default: TransferService.StartServer + default: TransferService.DeleteSshPublicKey enum: - - TransferService.StartServer + - TransferService.DeleteSshPublicKey servers: - url: https://transfer.{region}.amazonaws.com variables: @@ -5263,15 +4700,17 @@ paths: - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.StopServer?__nativeEndpoint=true: + /?__X-Amz-Target=TransferService.ImportSshPublicKey?__nativeEndpoint=true: post: - operationId: StopServer - description: >- -

Changes the state of a file transfer protocol-enabled server from ONLINE to OFFLINE. An OFFLINE server cannot accept and process file transfer jobs. Information tied to your server, such as server and user properties, are not affected by stopping your server.

Stopping the server does not reduce or impact your file transfer protocol endpoint billing; you must delete the server to stop being billed.

The state of - STOPPING indicates that the server is in an intermediate state, either not fully able to respond, or not fully offline. The values of STOP_FAILED can indicate an error condition.

No response is returned from this call.

+ operationId: ImportSshPublicKey + description:

Adds a Secure Shell (SSH) public key to a Transfer Family user identified by a UserName value assigned to the specific file transfer protocol-enabled server, identified by ServerId.

The response returns the UserName value, the ServerId value, and the name of the SshPublicKeyId.

responses: '200': description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/ImportSshPublicKeyResponse' '480': description: ServiceUnavailableException content: @@ -5291,12 +4730,18 @@ paths: schema: $ref: '#/components/schemas/InvalidRequestException' '483': + description: ResourceExistsException + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceExistsException' + '484': description: ResourceNotFoundException content: application/json: schema: $ref: '#/components/schemas/ResourceNotFoundException' - '484': + '485': description: ThrottlingException content: application/json: @@ -5307,15 +4752,15 @@ paths: content: application/x-amz-json-1.1: schema: - $ref: '#/components/schemas/StopServerRequest' + $ref: '#/components/schemas/ImportSshPublicKeyRequest' parameters: - name: X-Amz-Target in: header schema: type: string - default: TransferService.StopServer + default: TransferService.ImportSshPublicKey enum: - - TransferService.StopServer + - TransferService.ImportSshPublicKey servers: - url: https://transfer.{region}.amazonaws.com variables: @@ -5355,60 +4800,40 @@ paths: - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.UpdateServer?__nativeEndpoint=true: + /?__X-Amz-Target=TransferService.StartServer?__nativeEndpoint=true: post: - operationId: UpdateServer - description:

Updates the file transfer protocol-enabled server's properties after that server has been created.

The UpdateServer call returns the ServerId of the server you updated.

+ operationId: StartServer + description: >- +

Changes the state of a file transfer protocol-enabled server from OFFLINE to ONLINE. It has no impact on a server that is already ONLINE. An ONLINE server can accept and process file transfer jobs.

The state of STARTING indicates that the server is in an intermediate state, either not fully able to respond, or not fully online. The values of START_FAILED can indicate an error condition.

No + response is returned from this call.

responses: '200': description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/UpdateServerResponse' '480': - description: AccessDeniedException - content: - application/json: - schema: - $ref: '#/components/schemas/AccessDeniedException' - '481': description: ServiceUnavailableException content: application/json: schema: $ref: '#/components/schemas/ServiceUnavailableException' - '482': - description: ConflictException - content: - application/json: - schema: - $ref: '#/components/schemas/ConflictException' - '483': + '481': description: InternalServiceError content: application/json: schema: $ref: '#/components/schemas/InternalServiceError' - '484': + '482': description: InvalidRequestException content: application/json: schema: $ref: '#/components/schemas/InvalidRequestException' - '485': - description: ResourceExistsException - content: - application/json: - schema: - $ref: '#/components/schemas/ResourceExistsException' - '486': + '483': description: ResourceNotFoundException content: application/json: schema: $ref: '#/components/schemas/ResourceNotFoundException' - '487': + '484': description: ThrottlingException content: application/json: @@ -5419,15 +4844,15 @@ paths: content: application/x-amz-json-1.1: schema: - $ref: '#/components/schemas/UpdateServerRequest' + $ref: '#/components/schemas/StartServerRequest' parameters: - name: X-Amz-Target in: header schema: type: string - default: TransferService.UpdateServer + default: TransferService.StartServer enum: - - TransferService.UpdateServer + - TransferService.StartServer servers: - url: https://transfer.{region}.amazonaws.com variables: @@ -5467,17 +4892,15 @@ paths: - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' - /?__X-Amz-Target=TransferService.UpdateUser?__nativeEndpoint=true: + /?__X-Amz-Target=TransferService.StopServer?__nativeEndpoint=true: post: - operationId: UpdateUser - description: '

Assigns new properties to a user. Parameters you pass modify any or all of the following: the home directory, role, and policy for the UserName and ServerId you specify.

The response returns the ServerId and the UserName for the updated user.

' + operationId: StopServer + description: >- +

Changes the state of a file transfer protocol-enabled server from ONLINE to OFFLINE. An OFFLINE server cannot accept and process file transfer jobs. Information tied to your server, such as server and user properties, are not affected by stopping your server.

Stopping the server does not reduce or impact your file transfer protocol endpoint billing; you must delete the server to stop being billed.

The state of + STOPPING indicates that the server is in an intermediate state, either not fully able to respond, or not fully offline. The values of STOP_FAILED can indicate an error condition.

No response is returned from this call.

responses: '200': description: Success - content: - application/json: - schema: - $ref: '#/components/schemas/UpdateUserResponse' '480': description: ServiceUnavailableException content: @@ -5513,15 +4936,15 @@ paths: content: application/x-amz-json-1.1: schema: - $ref: '#/components/schemas/UpdateUserRequest' + $ref: '#/components/schemas/StopServerRequest' parameters: - name: X-Amz-Target in: header schema: type: string - default: TransferService.UpdateUser + default: TransferService.StopServer enum: - - TransferService.UpdateUser + - TransferService.StopServer servers: - url: https://transfer.{region}.amazonaws.com variables: diff --git a/providers/src/aws/v00.00.00000/services/verifiedpermissions.yaml b/providers/src/aws/v00.00.00000/services/verifiedpermissions.yaml index ba42a67f..37c53433 100644 --- a/providers/src/aws/v00.00.00000/services/verifiedpermissions.yaml +++ b/providers/src/aws/v00.00.00000/services/verifiedpermissions.yaml @@ -429,6 +429,14 @@ components: required: - CognitoUserPoolConfiguration additionalProperties: false + - type: object + title: OpenIdConnectConfiguration + properties: + OpenIdConnectConfiguration: + $ref: '#/components/schemas/OpenIdConnectConfiguration' + required: + - OpenIdConnectConfiguration + additionalProperties: false IdentitySourceDetails: type: object properties: @@ -455,6 +463,94 @@ components: OpenIdIssuer: $ref: '#/components/schemas/OpenIdIssuer' additionalProperties: false + OpenIdConnectAccessTokenConfiguration: + type: object + properties: + PrincipalIdClaim: + type: string + default: sub + minLength: 1 + Audiences: + type: array + items: + type: string + maxLength: 255 + minLength: 1 + maxItems: 255 + minItems: 1 + x-insertionOrder: false + additionalProperties: false + OpenIdConnectConfiguration: + type: object + properties: + Issuer: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^https://.*$ + EntityIdPrefix: + type: string + maxLength: 100 + minLength: 1 + GroupConfiguration: + $ref: '#/components/schemas/OpenIdConnectGroupConfiguration' + TokenSelection: + $ref: '#/components/schemas/OpenIdConnectTokenSelection' + required: + - Issuer + - TokenSelection + additionalProperties: false + OpenIdConnectGroupConfiguration: + type: object + properties: + GroupClaim: + type: string + minLength: 1 + GroupEntityType: + type: string + maxLength: 200 + minLength: 1 + pattern: ^([_a-zA-Z][_a-zA-Z0-9]*::)*[_a-zA-Z][_a-zA-Z0-9]*$ + required: + - GroupClaim + - GroupEntityType + additionalProperties: false + OpenIdConnectIdentityTokenConfiguration: + type: object + properties: + PrincipalIdClaim: + type: string + default: sub + minLength: 1 + ClientIds: + type: array + items: + type: string + maxLength: 255 + minLength: 1 + pattern: ^.*$ + maxItems: 1000 + minItems: 0 + x-insertionOrder: false + additionalProperties: false + OpenIdConnectTokenSelection: + oneOf: + - type: object + title: AccessTokenOnly + properties: + AccessTokenOnly: + $ref: '#/components/schemas/OpenIdConnectAccessTokenConfiguration' + required: + - AccessTokenOnly + additionalProperties: false + - type: object + title: IdentityTokenOnly + properties: + IdentityTokenOnly: + $ref: '#/components/schemas/OpenIdConnectIdentityTokenConfiguration' + required: + - IdentityTokenOnly + additionalProperties: false OpenIdIssuer: type: string enum: diff --git a/providers/src/aws/v00.00.00000/services/voiceid.yaml b/providers/src/aws/v00.00.00000/services/voiceid.yaml index 9e8d4a36..81156714 100644 --- a/providers/src/aws/v00.00.00000/services/voiceid.yaml +++ b/providers/src/aws/v00.00.00000/services/voiceid.yaml @@ -447,10 +447,6 @@ components: x-type-name: AWS::VoiceID::Domain x-stackql-primary-identifier: - DomainId - x-write-only-properties: - - Description - - Name - - ServerSideEncryptionConfiguration x-read-only-properties: - DomainId x-required-properties: @@ -461,7 +457,10 @@ components: tagOnCreate: true tagUpdatable: true cloudFormationSystemTags: true - tagProperty: '#/properties/Tags' + tagProperty: /properties/Tags + permissions: + - voiceid:TagResource + - voiceid:UntagResource x-required-permissions: create: - voiceid:CreateDomain diff --git a/providers/src/aws/v00.00.00000/services/vpclattice.yaml b/providers/src/aws/v00.00.00000/services/vpclattice.yaml index 69aafc63..fa68735e 100644 --- a/providers/src/aws/v00.00.00000/services/vpclattice.yaml +++ b/providers/src/aws/v00.00.00000/services/vpclattice.yaml @@ -431,8 +431,13 @@ components: ResourceIdentifier: type: string maxLength: 2048 - minLength: 20 - pattern: ^((((sn)|(svc))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}))$ + minLength: 17 + pattern: ^((((sn)|(svc)|(rcfg))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(resourceconfiguration/rcfg)|(service/svc))-[0-9a-z]{17}))$ + ServiceNetworkLogType: + type: string + enum: + - SERVICE + - RESOURCE Tags: type: array x-insertionOrder: false @@ -451,6 +456,8 @@ components: x-stackql-additional-identifiers: - - Id - - ResourceIdentifier + - DestinationArn + - ServiceNetworkLogType x-create-only-properties: - ResourceIdentifier x-write-only-properties: @@ -468,6 +475,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - vpc-lattice:UntagResource + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource x-required-permissions: create: - vpc-lattice:CreateAccessLogSubscription @@ -497,6 +508,7 @@ components: update: - vpc-lattice:GetAccessLogSubscription - vpc-lattice:UpdateAccessLogSubscription + - vpc-lattice:ListTagsForResource - vpc-lattice:TagResource - vpc-lattice:UntagResource - logs:UpdateLogDelivery @@ -537,7 +549,7 @@ components: type: string pattern: ^((((sn)|(svc))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}))$ maxLength: 200 - minLength: 21 + minLength: 17 Policy: type: object State: @@ -707,6 +719,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - vpc-lattice:UntagResource + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource x-required-permissions: create: - vpc-lattice:CreateListener @@ -726,6 +742,285 @@ components: - vpc-lattice:DeleteListener list: - vpc-lattice:ListListeners + IpResource: + minLength: 4 + type: string + maxLength: 39 + PortRange: + minLength: 1 + pattern: ^((\d{1,5}\-\d{1,5})|(\d+))$ + type: string + maxLength: 11 + DnsResource: + additionalProperties: false + type: object + properties: + IpAddressType: + type: string + enum: + - IPV4 + - IPV6 + - DUALSTACK + DomainName: + minLength: 3 + type: string + maxLength: 255 + required: + - DomainName + - IpAddressType + ArnResource: + pattern: ^arn.* + type: string + maxLength: 1224 + Id: + minLength: 22 + pattern: ^rcfg-[0-9a-z]{17}$ + type: string + maxLength: 22 + ResourceConfiguration: + type: object + properties: + AllowAssociationToSharableServiceNetwork: + type: boolean + ProtocolType: + type: string + enum: + - TCP + ResourceConfigurationType: + type: string + enum: + - GROUP + - CHILD + - SINGLE + - ARN + PortRanges: + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/PortRange' + ResourceConfigurationDefinition: + oneOf: + - additionalProperties: false + type: object + title: IpResource + properties: + IpResource: + $ref: '#/components/schemas/IpResource' + required: + - IpResource + - additionalProperties: false + type: object + title: ArnResource + properties: + ArnResource: + $ref: '#/components/schemas/ArnResource' + required: + - ArnResource + - additionalProperties: false + type: object + title: DnsResource + properties: + DnsResource: + $ref: '#/components/schemas/DnsResource' + required: + - DnsResource + type: object + Id: + $ref: '#/components/schemas/Id' + ResourceGatewayId: + type: string + Arn: + minLength: 20 + pattern: ^arn:[a-z0-9f\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}$ + type: string + maxLength: 2048 + ResourceConfigurationAuthType: + type: string + enum: + - NONE + - AWS_IAM + ResourceConfigurationGroupId: + $ref: '#/components/schemas/Id' + Tags: + minItems: 0 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + Name: + minLength: 3 + pattern: ^(?!rcfg-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + type: string + maxLength: 40 + required: [] + x-stackql-resource-name: resource_configuration + description: VpcLattice ResourceConfiguration CFN resource + x-type-name: AWS::VpcLattice::ResourceConfiguration + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Id + x-create-only-properties: + - ResourceGatewayId + - ResourceConfigurationType + - ProtocolType + - ResourceConfigurationAuthType + x-write-only-properties: + - ResourceConfigurationAuthType + - ResourceConfigurationGroupId + x-read-only-properties: + - Id + - Arn + x-required-properties: [] + x-tagging: + permissions: + - vpc-lattice:UntagResource + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: true + x-required-permissions: + read: + - vpc-lattice:GetResourceConfiguration + - vpc-lattice:ListTagsForResource + create: + - ec2:DescribeSubnets + - vpc-lattice:CreateResourceConfiguration + - vpc-lattice:GetResourceConfiguration + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource + update: + - ec2:DescribeSubnets + - vpc-lattice:TagResource + - vpc-lattice:UntagResource + - vpc-lattice:ListTagsForResource + - vpc-lattice:UpdateResourceConfiguration + - vpc-lattice:GetResourceConfiguration + list: + - vpc-lattice:ListResourceConfigurations + delete: + - vpc-lattice:DeleteResourceConfiguration + - vpc-lattice:GetResourceConfiguration + - vpc-lattice:UntagResource + ResourceGateway: + type: object + properties: + IpAddressType: + type: string + enum: + - IPV4 + - IPV6 + - DUALSTACK + VpcIdentifier: + minLength: 5 + type: string + maxLength: 50 + Id: + minLength: 17 + pattern: ^((rgw-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:resourcegateway/rgw-[0-9a-z]{17}))$ + type: string + maxLength: 2048 + Arn: + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:resourcegateway/rgw-[0-9a-z]{17}$ + type: string + maxLength: 2048 + SubnetIds: + uniqueItems: true + description: The ID of one or more subnets in which to create an endpoint network interface. + x-insertionOrder: false + type: array + items: + relationshipRef: + typeName: AWS::EC2::Subnet + propertyPath: /properties/SubnetId + type: string + SecurityGroupIds: + uniqueItems: true + description: The ID of one or more security groups to associate with the endpoint network interface. + x-insertionOrder: false + type: array + items: + anyOf: + - relationshipRef: + typeName: AWS::EC2::SecurityGroup + propertyPath: /properties/GroupId + - relationshipRef: + typeName: AWS::EC2::SecurityGroup + propertyPath: /properties/Id + - relationshipRef: + typeName: AWS::EC2::VPC + propertyPath: /properties/DefaultSecurityGroup + type: string + Tags: + minItems: 0 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + Name: + minLength: 3 + pattern: ^(?!rgw-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + type: string + maxLength: 40 + x-stackql-resource-name: resource_gateway + description: 'Creates a resource gateway for a service. ' + x-type-name: AWS::VpcLattice::ResourceGateway + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Id + x-create-only-properties: + - VpcIdentifier + - SubnetIds + - IpAddressType + - Name + x-read-only-properties: + - Id + - Arn + x-tagging: + permissions: + - vpc-lattice:UntagResource + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource + taggable: true + tagOnCreate: true + tagUpdatable: true + tagProperty: /properties/Tags + cloudFormationSystemTags: false + x-required-permissions: + read: + - vpc-lattice:GetResourceGateway + - vpc-lattice:ListTagsForResource + create: + - vpc-lattice:CreateResourceGateway + - vpc-lattice:GetResourceGateway + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + update: + - vpc-lattice:UpdateResourceGateway + - vpc-lattice:GetResourceGateway + - vpc-lattice:TagResource + - vpc-lattice:UntagResource + - vpc-lattice:ListTagsForResource + - ec2:DescribeVpcs + - ec2:DescribeSubnets + - ec2:DescribeSecurityGroups + list: + - vpc-lattice:ListResourceGateways + delete: + - vpc-lattice:DeleteResourceGateway + - vpc-lattice:GetResourceGateway ResourcePolicy: type: object properties: @@ -939,6 +1234,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - vpc-lattice:UntagResource + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource x-required-permissions: create: - vpc-lattice:CreateRule @@ -953,8 +1252,10 @@ components: - vpc-lattice:GetRule - vpc-lattice:TagResource - vpc-lattice:UntagResource + - vpc-lattice:ListTagsForResource delete: - vpc-lattice:DeleteRule + - vpc-lattice:UntagResource list: - vpc-lattice:ListRules DnsEntry: @@ -1044,6 +1345,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - vpc-lattice:UntagResource + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource x-required-permissions: create: - vpc-lattice:CreateService @@ -1065,8 +1370,17 @@ components: delete: - vpc-lattice:DeleteService - vpc-lattice:GetService + - vpc-lattice:UntagResource list: - vpc-lattice:ListServices + SharingConfig: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + required: + - enabled ServiceNetwork: type: object properties: @@ -1103,6 +1417,8 @@ components: maxItems: 50 items: $ref: '#/components/schemas/Tag' + SharingConfig: + $ref: '#/components/schemas/SharingConfig' x-stackql-resource-name: service_network description: A service network is a logical boundary for a collection of services. You can associate services and VPCs with a service network. x-type-name: AWS::VpcLattice::ServiceNetwork @@ -1124,6 +1440,10 @@ components: tagUpdatable: true cloudFormationSystemTags: false tagProperty: /properties/Tags + permissions: + - vpc-lattice:UntagResource + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource x-required-permissions: create: - vpc-lattice:GetServiceNetwork @@ -1139,67 +1459,143 @@ components: - vpc-lattice:UpdateServiceNetwork - vpc-lattice:TagResource - vpc-lattice:UntagResource + - vpc-lattice:ListTagsForResource delete: - vpc-lattice:DeleteServiceNetwork + - vpc-lattice:UntagResource list: - vpc-lattice:ListServiceNetworks - ServiceNetworkServiceAssociation: + ServiceNetworkResourceAssociation: type: object properties: + Id: + type: string + minLength: 22 + maxLength: 22 + pattern: ^snra-[0-9a-f]{17}$ Arn: type: string + minLength: 22 maxLength: 2048 - minLength: 20 - pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetworkserviceassociation/snsa-[0-9a-z]{17}$ - CreatedAt: - type: string - DnsEntry: - $ref: '#/components/schemas/DnsEntry' - Id: + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetworkresourceassociation/snra-[0-9a-f]{17}$ + ResourceConfigurationId: type: string - maxLength: 2048 minLength: 17 - pattern: ^snsa-[0-9a-z]{17}$ - ServiceNetworkArn: - type: string maxLength: 2048 - minLength: 20 - pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetwork/sn-[0-9a-z]{17}$ + pattern: ^rcfg-[0-9a-z]{17}$ ServiceNetworkId: type: string - maxLength: 20 - minLength: 20 - pattern: ^sn-[0-9a-z]{17}$ - ServiceNetworkIdentifier: - type: string - maxLength: 2048 - minLength: 20 - pattern: ^((sn-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetwork/sn-[0-9a-z]{17}))$ - ServiceNetworkName: - type: string - maxLength: 63 minLength: 3 - pattern: ^(?!servicenetwork-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ - ServiceArn: - type: string - maxLength: 2048 - minLength: 20 - pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:service/svc-[0-9a-z]{17}$ - ServiceId: - type: string - maxLength: 21 - minLength: 21 - pattern: ^svc-[0-9a-z]{17}$ - ServiceIdentifier: - type: string maxLength: 2048 - minLength: 20 - pattern: ^((svc-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:service/svc-[0-9a-z]{17}))$ - ServiceName: - type: string - maxLength: 40 - minLength: 3 - pattern: ^(?!svc-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + pattern: ^((sn-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetwork/sn-[0-9a-z]{17}))$ + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + x-stackql-resource-name: service_network_resource_association + description: VpcLattice ServiceNetworkResourceAssociation CFN resource + x-type-name: AWS::VpcLattice::ServiceNetworkResourceAssociation + x-stackql-primary-identifier: + - Arn + x-stackql-additional-identifiers: + - - Id + x-create-only-properties: + - ResourceConfigurationId + - ServiceNetworkId + x-read-only-properties: + - Id + - Arn + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - vpc-lattice:UntagResource + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource + x-required-permissions: + create: + - vpc-lattice:CreateServiceNetworkResourceAssociation + - vpc-lattice:GetServiceNetworkResourceAssociation + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource + read: + - vpc-lattice:GetServiceNetworkResourceAssociation + - vpc-lattice:ListTagsForResource + update: + - vpc-lattice:TagResource + - vpc-lattice:UntagResource + - vpc-lattice:GetServiceNetworkResourceAssociation + - vpc-lattice:ListTagsForResource + delete: + - vpc-lattice:DeleteServiceNetworkResourceAssociation + - vpc-lattice:GetServiceNetworkResourceAssociation + - vpc-lattice:UntagResource + list: + - vpc-lattice:ListServiceNetworkResourceAssociations + ServiceNetworkServiceAssociation: + type: object + properties: + Arn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetworkserviceassociation/snsa-[0-9a-z]{17}$ + CreatedAt: + type: string + DnsEntry: + $ref: '#/components/schemas/DnsEntry' + Id: + type: string + maxLength: 2048 + minLength: 17 + pattern: ^snsa-[0-9a-z]{17}$ + ServiceNetworkArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetwork/sn-[0-9a-z]{17}$ + ServiceNetworkId: + type: string + maxLength: 20 + minLength: 20 + pattern: ^sn-[0-9a-z]{17}$ + ServiceNetworkIdentifier: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^((sn-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetwork/sn-[0-9a-z]{17}))$ + ServiceNetworkName: + type: string + maxLength: 63 + minLength: 3 + pattern: ^(?!servicenetwork-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + ServiceArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:service/svc-[0-9a-z]{17}$ + ServiceId: + type: string + maxLength: 21 + minLength: 21 + pattern: ^svc-[0-9a-z]{17}$ + ServiceIdentifier: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^((svc-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:service/svc-[0-9a-z]{17}))$ + ServiceName: + type: string + maxLength: 40 + minLength: 3 + pattern: ^(?!svc-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ Status: type: string enum: @@ -1250,6 +1646,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - vpc-lattice:UntagResource + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource x-required-permissions: create: - vpc-lattice:CreateServiceNetworkServiceAssociation @@ -1267,6 +1667,7 @@ components: delete: - vpc-lattice:DeleteServiceNetworkServiceAssociation - vpc-lattice:GetServiceNetworkServiceAssociation + - vpc-lattice:UntagResource list: - vpc-lattice:ListServiceNetworkServiceAssociations ServiceNetworkVpcAssociation: @@ -1370,6 +1771,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - vpc-lattice:UntagResource + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource x-required-permissions: create: - vpc-lattice:CreateServiceNetworkVpcAssociation @@ -1392,6 +1797,7 @@ components: delete: - vpc-lattice:DeleteServiceNetworkVpcAssociation - vpc-lattice:GetServiceNetworkVpcAssociation + - vpc-lattice:UntagResource list: - vpc-lattice:ListServiceNetworkVpcAssociations HealthCheckConfig: @@ -1588,6 +1994,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - vpc-lattice:UntagResource + - vpc-lattice:TagResource + - vpc-lattice:ListTagsForResource x-required-permissions: create: - vpc-lattice:CreateTargetGroup @@ -1675,8 +2085,13 @@ components: ResourceIdentifier: type: string maxLength: 2048 - minLength: 20 - pattern: ^((((sn)|(svc))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}))$ + minLength: 17 + pattern: ^((((sn)|(svc)|(rcfg))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(resourceconfiguration/rcfg)|(service/svc))-[0-9a-z]{17}))$ + ServiceNetworkLogType: + type: string + enum: + - SERVICE + - RESOURCE Tags: type: array x-insertionOrder: false @@ -1706,7 +2121,7 @@ components: type: string pattern: ^((((sn)|(svc))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}))$ maxLength: 200 - minLength: 21 + minLength: 17 Policy: type: object State: @@ -1785,6 +2200,174 @@ components: x-title: CreateListenerRequest type: object required: [] + CreateResourceConfigurationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AllowAssociationToSharableServiceNetwork: + type: boolean + ProtocolType: + type: string + enum: + - TCP + ResourceConfigurationType: + type: string + enum: + - GROUP + - CHILD + - SINGLE + - ARN + PortRanges: + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/PortRange' + ResourceConfigurationDefinition: + oneOf: + - additionalProperties: false + type: object + title: IpResource + properties: + IpResource: + $ref: '#/components/schemas/IpResource' + required: + - IpResource + - additionalProperties: false + type: object + title: ArnResource + properties: + ArnResource: + $ref: '#/components/schemas/ArnResource' + required: + - ArnResource + - additionalProperties: false + type: object + title: DnsResource + properties: + DnsResource: + $ref: '#/components/schemas/DnsResource' + required: + - DnsResource + type: object + Id: + $ref: '#/components/schemas/Id' + ResourceGatewayId: + type: string + Arn: + minLength: 20 + pattern: ^arn:[a-z0-9f\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}$ + type: string + maxLength: 2048 + ResourceConfigurationAuthType: + type: string + enum: + - NONE + - AWS_IAM + ResourceConfigurationGroupId: + $ref: '#/components/schemas/Id' + Tags: + minItems: 0 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + Name: + minLength: 3 + pattern: ^(?!rcfg-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + type: string + maxLength: 40 + x-stackQL-stringOnly: true + x-title: CreateResourceConfigurationRequest + type: object + required: [] + CreateResourceGatewayRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + IpAddressType: + type: string + enum: + - IPV4 + - IPV6 + - DUALSTACK + VpcIdentifier: + minLength: 5 + type: string + maxLength: 50 + Id: + minLength: 17 + pattern: ^((rgw-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:resourcegateway/rgw-[0-9a-z]{17}))$ + type: string + maxLength: 2048 + Arn: + minLength: 20 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:resourcegateway/rgw-[0-9a-z]{17}$ + type: string + maxLength: 2048 + SubnetIds: + uniqueItems: true + description: The ID of one or more subnets in which to create an endpoint network interface. + x-insertionOrder: false + type: array + items: + relationshipRef: + typeName: AWS::EC2::Subnet + propertyPath: /properties/SubnetId + type: string + SecurityGroupIds: + uniqueItems: true + description: The ID of one or more security groups to associate with the endpoint network interface. + x-insertionOrder: false + type: array + items: + anyOf: + - relationshipRef: + typeName: AWS::EC2::SecurityGroup + propertyPath: /properties/GroupId + - relationshipRef: + typeName: AWS::EC2::SecurityGroup + propertyPath: /properties/Id + - relationshipRef: + typeName: AWS::EC2::VPC + propertyPath: /properties/DefaultSecurityGroup + type: string + Tags: + minItems: 0 + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + type: array + items: + $ref: '#/components/schemas/Tag' + Name: + minLength: 3 + pattern: ^(?!rgw-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$ + type: string + maxLength: 40 + x-stackQL-stringOnly: true + x-title: CreateResourceGatewayRequest + type: object + required: [] CreateResourcePolicyRequest: properties: ClientToken: @@ -1981,10 +2564,57 @@ components: maxItems: 50 items: $ref: '#/components/schemas/Tag' + SharingConfig: + $ref: '#/components/schemas/SharingConfig' x-stackQL-stringOnly: true x-title: CreateServiceNetworkRequest type: object required: [] + CreateServiceNetworkResourceAssociationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Id: + type: string + minLength: 22 + maxLength: 22 + pattern: ^snra-[0-9a-f]{17}$ + Arn: + type: string + minLength: 22 + maxLength: 2048 + pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetworkresourceassociation/snra-[0-9a-f]{17}$ + ResourceConfigurationId: + type: string + minLength: 17 + maxLength: 2048 + pattern: ^rcfg-[0-9a-z]{17}$ + ServiceNetworkId: + type: string + minLength: 3 + maxLength: 2048 + pattern: ^((sn-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetwork/sn-[0-9a-z]{17}))$ + Tags: + type: array + x-insertionOrder: false + uniqueItems: true + minItems: 0 + maxItems: 50 + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateServiceNetworkResourceAssociationRequest + type: object + required: [] CreateServiceNetworkServiceAssociationRequest: properties: ClientToken: @@ -2303,6 +2933,7 @@ components: JSON_EXTRACT(Properties, '$.ResourceArn') as resource_arn, JSON_EXTRACT(Properties, '$.ResourceId') as resource_id, JSON_EXTRACT(Properties, '$.ResourceIdentifier') as resource_identifier, + JSON_EXTRACT(Properties, '$.ServiceNetworkLogType') as service_network_log_type, JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::AccessLogSubscription' AND data__Identifier = '' @@ -2318,6 +2949,7 @@ components: JSON_EXTRACT(detail.Properties, '$.ResourceArn') as resource_arn, JSON_EXTRACT(detail.Properties, '$.ResourceId') as resource_id, JSON_EXTRACT(detail.Properties, '$.ResourceIdentifier') as resource_identifier, + JSON_EXTRACT(detail.Properties, '$.ServiceNetworkLogType') as service_network_log_type, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -2338,6 +2970,7 @@ components: json_extract_path_text(Properties, 'ResourceArn') as resource_arn, json_extract_path_text(Properties, 'ResourceId') as resource_id, json_extract_path_text(Properties, 'ResourceIdentifier') as resource_identifier, + json_extract_path_text(Properties, 'ServiceNetworkLogType') as service_network_log_type, json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::AccessLogSubscription' AND data__Identifier = '' @@ -2353,6 +2986,7 @@ components: json_extract_path_text(detail.Properties, 'ResourceArn') as resource_arn, json_extract_path_text(detail.Properties, 'ResourceId') as resource_id, json_extract_path_text(detail.Properties, 'ResourceIdentifier') as resource_identifier, + json_extract_path_text(detail.Properties, 'ServiceNetworkLogType') as service_network_log_type, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail @@ -2417,7 +3051,8 @@ components: JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.ResourceArn') as resource_arn, JSON_EXTRACT(detail.Properties, '$.ResourceId') as resource_id, - JSON_EXTRACT(detail.Properties, '$.ResourceIdentifier') as resource_identifier + JSON_EXTRACT(detail.Properties, '$.ResourceIdentifier') as resource_identifier, + JSON_EXTRACT(detail.Properties, '$.ServiceNetworkLogType') as service_network_log_type FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2438,7 +3073,8 @@ components: json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'ResourceArn') as resource_arn, json_extract_path_text(detail.Properties, 'ResourceId') as resource_id, - json_extract_path_text(detail.Properties, 'ResourceIdentifier') as resource_identifier + json_extract_path_text(detail.Properties, 'ResourceIdentifier') as resource_identifier, + json_extract_path_text(detail.Properties, 'ServiceNetworkLogType') as service_network_log_type FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2759,13 +3395,475 @@ components: WHERE listing.data__TypeName = 'AWS::VpcLattice::Listener' AND detail.data__TypeName = 'AWS::VpcLattice::Listener' AND listing.region = 'us-east-1' - resource_policies: - name: resource_policies - id: aws.vpclattice.resource_policies - x-cfn-schema-name: ResourcePolicy - x-cfn-type-name: AWS::VpcLattice::ResourcePolicy + resource_configurations: + name: resource_configurations + id: aws.vpclattice.resource_configurations + x-cfn-schema-name: ResourceConfiguration + x-cfn-type-name: AWS::VpcLattice::ResourceConfiguration x-identifiers: - - ResourceArn + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ResourceConfiguration&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::VpcLattice::ResourceConfiguration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::VpcLattice::ResourceConfiguration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::VpcLattice::ResourceConfiguration" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/resource_configurations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/resource_configurations/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/resource_configurations/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AllowAssociationToSharableServiceNetwork') as allow_association_to_sharable_service_network, + JSON_EXTRACT(Properties, '$.ProtocolType') as protocol_type, + JSON_EXTRACT(Properties, '$.ResourceConfigurationType') as resource_configuration_type, + JSON_EXTRACT(Properties, '$.PortRanges') as port_ranges, + JSON_EXTRACT(Properties, '$.ResourceConfigurationDefinition') as resource_configuration_definition, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.ResourceGatewayId') as resource_gateway_id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ResourceConfigurationAuthType') as resource_configuration_auth_type, + JSON_EXTRACT(Properties, '$.ResourceConfigurationGroupId') as resource_configuration_group_id, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ResourceConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AllowAssociationToSharableServiceNetwork') as allow_association_to_sharable_service_network, + JSON_EXTRACT(detail.Properties, '$.ProtocolType') as protocol_type, + JSON_EXTRACT(detail.Properties, '$.ResourceConfigurationType') as resource_configuration_type, + JSON_EXTRACT(detail.Properties, '$.PortRanges') as port_ranges, + JSON_EXTRACT(detail.Properties, '$.ResourceConfigurationDefinition') as resource_configuration_definition, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.ResourceGatewayId') as resource_gateway_id, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ResourceConfigurationAuthType') as resource_configuration_auth_type, + JSON_EXTRACT(detail.Properties, '$.ResourceConfigurationGroupId') as resource_configuration_group_id, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::VpcLattice::ResourceConfiguration' + AND detail.data__TypeName = 'AWS::VpcLattice::ResourceConfiguration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AllowAssociationToSharableServiceNetwork') as allow_association_to_sharable_service_network, + json_extract_path_text(Properties, 'ProtocolType') as protocol_type, + json_extract_path_text(Properties, 'ResourceConfigurationType') as resource_configuration_type, + json_extract_path_text(Properties, 'PortRanges') as port_ranges, + json_extract_path_text(Properties, 'ResourceConfigurationDefinition') as resource_configuration_definition, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'ResourceGatewayId') as resource_gateway_id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ResourceConfigurationAuthType') as resource_configuration_auth_type, + json_extract_path_text(Properties, 'ResourceConfigurationGroupId') as resource_configuration_group_id, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ResourceConfiguration' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AllowAssociationToSharableServiceNetwork') as allow_association_to_sharable_service_network, + json_extract_path_text(detail.Properties, 'ProtocolType') as protocol_type, + json_extract_path_text(detail.Properties, 'ResourceConfigurationType') as resource_configuration_type, + json_extract_path_text(detail.Properties, 'PortRanges') as port_ranges, + json_extract_path_text(detail.Properties, 'ResourceConfigurationDefinition') as resource_configuration_definition, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'ResourceGatewayId') as resource_gateway_id, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ResourceConfigurationAuthType') as resource_configuration_auth_type, + json_extract_path_text(detail.Properties, 'ResourceConfigurationGroupId') as resource_configuration_group_id, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::VpcLattice::ResourceConfiguration' + AND detail.data__TypeName = 'AWS::VpcLattice::ResourceConfiguration' + AND listing.region = 'us-east-1' + resource_configurations_list_only: + name: resource_configurations_list_only + id: aws.vpclattice.resource_configurations_list_only + x-cfn-schema-name: ResourceConfiguration + x-cfn-type-name: AWS::VpcLattice::ResourceConfiguration + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ResourceConfiguration' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ResourceConfiguration' + AND region = 'us-east-1' + resource_configuration_tags: + name: resource_configuration_tags + id: aws.vpclattice.resource_configuration_tags + x-cfn-schema-name: ResourceConfiguration + x-cfn-type-name: AWS::VpcLattice::ResourceConfiguration + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AllowAssociationToSharableServiceNetwork') as allow_association_to_sharable_service_network, + JSON_EXTRACT(detail.Properties, '$.ProtocolType') as protocol_type, + JSON_EXTRACT(detail.Properties, '$.ResourceConfigurationType') as resource_configuration_type, + JSON_EXTRACT(detail.Properties, '$.PortRanges') as port_ranges, + JSON_EXTRACT(detail.Properties, '$.ResourceConfigurationDefinition') as resource_configuration_definition, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.ResourceGatewayId') as resource_gateway_id, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ResourceConfigurationAuthType') as resource_configuration_auth_type, + JSON_EXTRACT(detail.Properties, '$.ResourceConfigurationGroupId') as resource_configuration_group_id, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::VpcLattice::ResourceConfiguration' + AND detail.data__TypeName = 'AWS::VpcLattice::ResourceConfiguration' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AllowAssociationToSharableServiceNetwork') as allow_association_to_sharable_service_network, + json_extract_path_text(detail.Properties, 'ProtocolType') as protocol_type, + json_extract_path_text(detail.Properties, 'ResourceConfigurationType') as resource_configuration_type, + json_extract_path_text(detail.Properties, 'PortRanges') as port_ranges, + json_extract_path_text(detail.Properties, 'ResourceConfigurationDefinition') as resource_configuration_definition, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'ResourceGatewayId') as resource_gateway_id, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ResourceConfigurationAuthType') as resource_configuration_auth_type, + json_extract_path_text(detail.Properties, 'ResourceConfigurationGroupId') as resource_configuration_group_id, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::VpcLattice::ResourceConfiguration' + AND detail.data__TypeName = 'AWS::VpcLattice::ResourceConfiguration' + AND listing.region = 'us-east-1' + resource_gateways: + name: resource_gateways + id: aws.vpclattice.resource_gateways + x-cfn-schema-name: ResourceGateway + x-cfn-type-name: AWS::VpcLattice::ResourceGateway + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ResourceGateway&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::VpcLattice::ResourceGateway" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::VpcLattice::ResourceGateway" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::VpcLattice::ResourceGateway" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/resource_gateways/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/resource_gateways/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/resource_gateways/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.IpAddressType') as ip_address_type, + JSON_EXTRACT(Properties, '$.VpcIdentifier') as vpc_identifier, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ResourceGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.IpAddressType') as ip_address_type, + JSON_EXTRACT(detail.Properties, '$.VpcIdentifier') as vpc_identifier, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(detail.Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::VpcLattice::ResourceGateway' + AND detail.data__TypeName = 'AWS::VpcLattice::ResourceGateway' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'IpAddressType') as ip_address_type, + json_extract_path_text(Properties, 'VpcIdentifier') as vpc_identifier, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ResourceGateway' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'IpAddressType') as ip_address_type, + json_extract_path_text(detail.Properties, 'VpcIdentifier') as vpc_identifier, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(detail.Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::VpcLattice::ResourceGateway' + AND detail.data__TypeName = 'AWS::VpcLattice::ResourceGateway' + AND listing.region = 'us-east-1' + resource_gateways_list_only: + name: resource_gateways_list_only + id: aws.vpclattice.resource_gateways_list_only + x-cfn-schema-name: ResourceGateway + x-cfn-type-name: AWS::VpcLattice::ResourceGateway + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ResourceGateway' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ResourceGateway' + AND region = 'us-east-1' + resource_gateway_tags: + name: resource_gateway_tags + id: aws.vpclattice.resource_gateway_tags + x-cfn-schema-name: ResourceGateway + x-cfn-type-name: AWS::VpcLattice::ResourceGateway + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.IpAddressType') as ip_address_type, + JSON_EXTRACT(detail.Properties, '$.VpcIdentifier') as vpc_identifier, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.SubnetIds') as subnet_ids, + JSON_EXTRACT(detail.Properties, '$.SecurityGroupIds') as security_group_ids, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::VpcLattice::ResourceGateway' + AND detail.data__TypeName = 'AWS::VpcLattice::ResourceGateway' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'IpAddressType') as ip_address_type, + json_extract_path_text(detail.Properties, 'VpcIdentifier') as vpc_identifier, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'SubnetIds') as subnet_ids, + json_extract_path_text(detail.Properties, 'SecurityGroupIds') as security_group_ids, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::VpcLattice::ResourceGateway' + AND detail.data__TypeName = 'AWS::VpcLattice::ResourceGateway' + AND listing.region = 'us-east-1' + resource_policies: + name: resource_policies + id: aws.vpclattice.resource_policies + x-cfn-schema-name: ResourcePolicy + x-cfn-type-name: AWS::VpcLattice::ResourcePolicy + x-identifiers: + - ResourceArn x-type: cloud_control methods: create_resource: @@ -3170,17 +4268,245 @@ components: region, data__Identifier, json_extract_path_text(Properties, 'Arn') as arn, - json_extract_path_text(Properties, 'AuthType') as auth_type, + json_extract_path_text(Properties, 'AuthType') as auth_type, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'DnsEntry') as dns_entry, + json_extract_path_text(Properties, 'Id') as id, + json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Status') as status, + json_extract_path_text(Properties, 'CertificateArn') as certificate_arn, + json_extract_path_text(Properties, 'CustomDomainName') as custom_domain_name, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::Service' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'AuthType') as auth_type, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'DnsEntry') as dns_entry, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'CertificateArn') as certificate_arn, + json_extract_path_text(detail.Properties, 'CustomDomainName') as custom_domain_name, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::VpcLattice::Service' + AND detail.data__TypeName = 'AWS::VpcLattice::Service' + AND listing.region = 'us-east-1' + services_list_only: + name: services_list_only + id: aws.vpclattice.services_list_only + x-cfn-schema-name: Service + x-cfn-type-name: AWS::VpcLattice::Service + x-identifiers: + - Arn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::Service' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'Arn') as arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::Service' + AND region = 'us-east-1' + service_tags: + name: service_tags + id: aws.vpclattice.service_tags + x-cfn-schema-name: Service + x-cfn-type-name: AWS::VpcLattice::Service + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.DnsEntry') as dns_entry, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Status') as status, + JSON_EXTRACT(detail.Properties, '$.CertificateArn') as certificate_arn, + JSON_EXTRACT(detail.Properties, '$.CustomDomainName') as custom_domain_name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::VpcLattice::Service' + AND detail.data__TypeName = 'AWS::VpcLattice::Service' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'AuthType') as auth_type, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'DnsEntry') as dns_entry, + json_extract_path_text(detail.Properties, 'Id') as id, + json_extract_path_text(detail.Properties, 'LastUpdatedAt') as last_updated_at, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Status') as status, + json_extract_path_text(detail.Properties, 'CertificateArn') as certificate_arn, + json_extract_path_text(detail.Properties, 'CustomDomainName') as custom_domain_name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::VpcLattice::Service' + AND detail.data__TypeName = 'AWS::VpcLattice::Service' + AND listing.region = 'us-east-1' + service_networks: + name: service_networks + id: aws.vpclattice.service_networks + x-cfn-schema-name: ServiceNetwork + x-cfn-type-name: AWS::VpcLattice::ServiceNetwork + x-identifiers: + - Arn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ServiceNetwork&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::VpcLattice::ServiceNetwork" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::VpcLattice::ServiceNetwork" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::VpcLattice::ServiceNetwork" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/service_networks/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/service_networks/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/service_networks/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.Id') as id, + JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.SharingConfig') as sharing_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.Id') as id, + JSON_EXTRACT(detail.Properties, '$.LastUpdatedAt') as last_updated_at, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.SharingConfig') as sharing_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + AND detail.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'CreatedAt') as created_at, - json_extract_path_text(Properties, 'DnsEntry') as dns_entry, json_extract_path_text(Properties, 'Id') as id, json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'Status') as status, - json_extract_path_text(Properties, 'CertificateArn') as certificate_arn, - json_extract_path_text(Properties, 'CustomDomainName') as custom_domain_name, - json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::Service' + json_extract_path_text(Properties, 'AuthType') as auth_type, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'SharingConfig') as sharing_config + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetwork' AND data__Identifier = '' AND region = 'us-east-1' fallback: @@ -3189,28 +4515,25 @@ components: SELECT detail.region, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'AuthType') as auth_type, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'DnsEntry') as dns_entry, json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'LastUpdatedAt') as last_updated_at, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Status') as status, - json_extract_path_text(detail.Properties, 'CertificateArn') as certificate_arn, - json_extract_path_text(detail.Properties, 'CustomDomainName') as custom_domain_name, - json_extract_path_text(detail.Properties, 'Tags') as tags + json_extract_path_text(detail.Properties, 'AuthType') as auth_type, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'SharingConfig') as sharing_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::VpcLattice::Service' - AND detail.data__TypeName = 'AWS::VpcLattice::Service' + WHERE listing.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + AND detail.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' AND listing.region = 'us-east-1' - services_list_only: - name: services_list_only - id: aws.vpclattice.services_list_only - x-cfn-schema-name: Service - x-cfn-type-name: AWS::VpcLattice::Service + service_networks_list_only: + name: service_networks_list_only + id: aws.vpclattice.service_networks_list_only + x-cfn-schema-name: ServiceNetwork + x-cfn-type-name: AWS::VpcLattice::ServiceNetwork x-identifiers: - Arn x-type: cloud_control_view @@ -3227,7 +4550,7 @@ components: SELECT region, JSON_EXTRACT(Properties, '$.Arn') as arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::Service' + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetwork' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -3235,13 +4558,13 @@ components: SELECT region, json_extract_path_text(Properties, 'Arn') as arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::Service' + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetwork' AND region = 'us-east-1' - service_tags: - name: service_tags - id: aws.vpclattice.service_tags - x-cfn-schema-name: Service - x-cfn-type-name: AWS::VpcLattice::Service + service_network_tags: + name: service_network_tags + id: aws.vpclattice.service_network_tags + x-cfn-schema-name: ServiceNetwork + x-cfn-type-name: AWS::VpcLattice::ServiceNetwork x-type: cloud_control_view methods: {} sqlVerbs: @@ -3258,22 +4581,19 @@ components: JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.AuthType') as auth_type, JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, - JSON_EXTRACT(detail.Properties, '$.DnsEntry') as dns_entry, JSON_EXTRACT(detail.Properties, '$.Id') as id, JSON_EXTRACT(detail.Properties, '$.LastUpdatedAt') as last_updated_at, JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.Status') as status, - JSON_EXTRACT(detail.Properties, '$.CertificateArn') as certificate_arn, - JSON_EXTRACT(detail.Properties, '$.CustomDomainName') as custom_domain_name + JSON_EXTRACT(detail.Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(detail.Properties, '$.SharingConfig') as sharing_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::VpcLattice::Service' - AND detail.data__TypeName = 'AWS::VpcLattice::Service' + WHERE listing.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + AND detail.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -3283,28 +4603,25 @@ components: json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'AuthType') as auth_type, json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, - json_extract_path_text(detail.Properties, 'DnsEntry') as dns_entry, json_extract_path_text(detail.Properties, 'Id') as id, json_extract_path_text(detail.Properties, 'LastUpdatedAt') as last_updated_at, json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'Status') as status, - json_extract_path_text(detail.Properties, 'CertificateArn') as certificate_arn, - json_extract_path_text(detail.Properties, 'CustomDomainName') as custom_domain_name + json_extract_path_text(detail.Properties, 'AuthType') as auth_type, + json_extract_path_text(detail.Properties, 'SharingConfig') as sharing_config FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::VpcLattice::Service' - AND detail.data__TypeName = 'AWS::VpcLattice::Service' + WHERE listing.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + AND detail.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' AND listing.region = 'us-east-1' - service_networks: - name: service_networks - id: aws.vpclattice.service_networks - x-cfn-schema-name: ServiceNetwork - x-cfn-type-name: AWS::VpcLattice::ServiceNetwork + service_network_resource_associations: + name: service_network_resource_associations + id: aws.vpclattice.service_network_resource_associations + x-cfn-schema-name: ServiceNetworkResourceAssociation + x-cfn-type-name: AWS::VpcLattice::ServiceNetworkResourceAssociation x-identifiers: - Arn x-type: cloud_control @@ -3314,12 +4631,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ServiceNetwork&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__ServiceNetworkResourceAssociation&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::VpcLattice::ServiceNetwork" + "TypeName": "AWS::VpcLattice::ServiceNetworkResourceAssociation" } response: mediaType: application/json @@ -3331,7 +4648,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::VpcLattice::ServiceNetwork" + "TypeName": "AWS::VpcLattice::ServiceNetworkResourceAssociation" } response: mediaType: application/json @@ -3343,18 +4660,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::VpcLattice::ServiceNetwork" + "TypeName": "AWS::VpcLattice::ServiceNetworkResourceAssociation" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/service_networks/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/service_network_resource_associations/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/service_networks/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/service_network_resource_associations/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/service_networks/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/service_network_resource_associations/methods/update_resource' config: views: select: @@ -3363,14 +4680,12 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Arn') as arn, - JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(Properties, '$.Id') as id, - JSON_EXTRACT(Properties, '$.LastUpdatedAt') as last_updated_at, - JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(Properties, '$.Arn') as arn, + JSON_EXTRACT(Properties, '$.ResourceConfigurationId') as resource_configuration_id, + JSON_EXTRACT(Properties, '$.ServiceNetworkId') as service_network_id, JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetworkResourceAssociation' AND data__Identifier = '' AND region = 'us-east-1' fallback: @@ -3378,19 +4693,17 @@ components: ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.Id') as id, - JSON_EXTRACT(detail.Properties, '$.LastUpdatedAt') as last_updated_at, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.AuthType') as auth_type, + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ResourceConfigurationId') as resource_configuration_id, + JSON_EXTRACT(detail.Properties, '$.ServiceNetworkId') as service_network_id, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' - AND detail.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + WHERE listing.data__TypeName = 'AWS::VpcLattice::ServiceNetworkResourceAssociation' + AND detail.data__TypeName = 'AWS::VpcLattice::ServiceNetworkResourceAssociation' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -3398,14 +4711,12 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Arn') as arn, - json_extract_path_text(Properties, 'CreatedAt') as created_at, json_extract_path_text(Properties, 'Id') as id, - json_extract_path_text(Properties, 'LastUpdatedAt') as last_updated_at, - json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'AuthType') as auth_type, + json_extract_path_text(Properties, 'Arn') as arn, + json_extract_path_text(Properties, 'ResourceConfigurationId') as resource_configuration_id, + json_extract_path_text(Properties, 'ServiceNetworkId') as service_network_id, json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetworkResourceAssociation' AND data__Identifier = '' AND region = 'us-east-1' fallback: @@ -3413,25 +4724,23 @@ components: ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'Id') as id, - json_extract_path_text(detail.Properties, 'LastUpdatedAt') as last_updated_at, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'AuthType') as auth_type, + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ResourceConfigurationId') as resource_configuration_id, + json_extract_path_text(detail.Properties, 'ServiceNetworkId') as service_network_id, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' - AND detail.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + WHERE listing.data__TypeName = 'AWS::VpcLattice::ServiceNetworkResourceAssociation' + AND detail.data__TypeName = 'AWS::VpcLattice::ServiceNetworkResourceAssociation' AND listing.region = 'us-east-1' - service_networks_list_only: - name: service_networks_list_only - id: aws.vpclattice.service_networks_list_only - x-cfn-schema-name: ServiceNetwork - x-cfn-type-name: AWS::VpcLattice::ServiceNetwork + service_network_resource_associations_list_only: + name: service_network_resource_associations_list_only + id: aws.vpclattice.service_network_resource_associations_list_only + x-cfn-schema-name: ServiceNetworkResourceAssociation + x-cfn-type-name: AWS::VpcLattice::ServiceNetworkResourceAssociation x-identifiers: - Arn x-type: cloud_control_view @@ -3448,7 +4757,7 @@ components: SELECT region, JSON_EXTRACT(Properties, '$.Arn') as arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetworkResourceAssociation' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -3456,13 +4765,13 @@ components: SELECT region, json_extract_path_text(Properties, 'Arn') as arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::VpcLattice::ServiceNetworkResourceAssociation' AND region = 'us-east-1' - service_network_tags: - name: service_network_tags - id: aws.vpclattice.service_network_tags - x-cfn-schema-name: ServiceNetwork - x-cfn-type-name: AWS::VpcLattice::ServiceNetwork + service_network_resource_association_tags: + name: service_network_resource_association_tags + id: aws.vpclattice.service_network_resource_association_tags + x-cfn-schema-name: ServiceNetworkResourceAssociation + x-cfn-type-name: AWS::VpcLattice::ServiceNetworkResourceAssociation x-type: cloud_control_view methods: {} sqlVerbs: @@ -3478,19 +4787,17 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.Id') as id, - JSON_EXTRACT(detail.Properties, '$.LastUpdatedAt') as last_updated_at, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.AuthType') as auth_type + JSON_EXTRACT(detail.Properties, '$.Arn') as arn, + JSON_EXTRACT(detail.Properties, '$.ResourceConfigurationId') as resource_configuration_id, + JSON_EXTRACT(detail.Properties, '$.ServiceNetworkId') as service_network_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' - AND detail.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + WHERE listing.data__TypeName = 'AWS::VpcLattice::ServiceNetworkResourceAssociation' + AND detail.data__TypeName = 'AWS::VpcLattice::ServiceNetworkResourceAssociation' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -3499,19 +4806,17 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'Id') as id, - json_extract_path_text(detail.Properties, 'LastUpdatedAt') as last_updated_at, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'AuthType') as auth_type + json_extract_path_text(detail.Properties, 'Arn') as arn, + json_extract_path_text(detail.Properties, 'ResourceConfigurationId') as resource_configuration_id, + json_extract_path_text(detail.Properties, 'ServiceNetworkId') as service_network_id FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' - AND detail.data__TypeName = 'AWS::VpcLattice::ServiceNetwork' + WHERE listing.data__TypeName = 'AWS::VpcLattice::ServiceNetworkResourceAssociation' + AND detail.data__TypeName = 'AWS::VpcLattice::ServiceNetworkResourceAssociation' AND listing.region = 'us-east-1' service_network_service_associations: name: service_network_service_associations @@ -4511,6 +5816,90 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__ResourceConfiguration&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResourceConfiguration + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateResourceConfigurationRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__ResourceGateway&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateResourceGateway + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateResourceGatewayRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__ResourcePolicy&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' @@ -4679,6 +6068,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__ServiceNetworkResourceAssociation&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateServiceNetworkResourceAssociation + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateServiceNetworkResourceAssociationRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__ServiceNetworkServiceAssociation&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/wafv2.yaml b/providers/src/aws/v00.00.00000/services/wafv2.yaml index 535fb903..29b3180d 100644 --- a/providers/src/aws/v00.00.00000/services/wafv2.yaml +++ b/providers/src/aws/v00.00.00000/services/wafv2.yaml @@ -477,10 +477,11 @@ components: - IPAddressVersion - Scope x-tagging: - cloudFormationSystemTags: false - tagOnCreate: false - tagUpdatable: false - taggable: false + cloudFormationSystemTags: true + tagOnCreate: true + tagUpdatable: true + taggable: true + tagProperty: /properties/Tags x-required-permissions: create: - wafv2:CreateIPSet @@ -496,6 +497,8 @@ components: - wafv2:UpdateIPSet - wafv2:GetIPSet - wafv2:ListTagsForResource + - wafv2:TagResource + - wafv2:UntagResource list: - wafv2:listIPSets Filter: @@ -745,10 +748,11 @@ components: - Scope - RegularExpressionList x-tagging: - cloudFormationSystemTags: false - tagOnCreate: false - tagUpdatable: false - taggable: false + cloudFormationSystemTags: true + tagOnCreate: true + tagUpdatable: true + taggable: true + tagProperty: /properties/Tags x-required-permissions: create: - wafv2:CreateRegexPatternSet @@ -764,6 +768,8 @@ components: - wafv2:UpdateRegexPatternSet - wafv2:GetRegexPatternSet - wafv2:ListTagsForResource + - wafv2:TagResource + - wafv2:UntagResource list: - wafv2:listRegexPatternSets AndStatement: @@ -1041,7 +1047,7 @@ components: additionalProperties: false RateLimit: type: integer - minimum: 100 + minimum: 10 maximum: 2000000000 EvaluationWindowSec: type: integer @@ -1344,10 +1350,11 @@ components: - Scope - VisibilityConfig x-tagging: - cloudFormationSystemTags: false - tagOnCreate: false - tagUpdatable: false - taggable: false + cloudFormationSystemTags: true + tagOnCreate: true + tagUpdatable: true + taggable: true + tagProperty: /properties/Tags x-required-permissions: create: - wafv2:CreateRuleGroup @@ -1360,6 +1367,8 @@ components: - wafv2:GetRuleGroup - wafv2:ListTagsForResource update: + - wafv2:TagResource + - wafv2:UntagResource - wafv2:UpdateRuleGroup - wafv2:GetRuleGroup - wafv2:ListTagsForResource @@ -2207,10 +2216,11 @@ components: - Scope - VisibilityConfig x-tagging: - cloudFormationSystemTags: false - tagOnCreate: false - tagUpdatable: false - taggable: false + cloudFormationSystemTags: true + tagOnCreate: true + tagUpdatable: true + taggable: true + tagProperty: /properties/Tags x-required-permissions: create: - wafv2:CreateWebACL @@ -2226,6 +2236,8 @@ components: - wafv2:UpdateWebACL - wafv2:GetWebACL - wafv2:ListTagsForResource + - wafv2:TagResource + - wafv2:UntagResource list: - wafv2:listWebACLs WebACLAssociation: diff --git a/providers/src/aws/v00.00.00000/services/wisdom.yaml b/providers/src/aws/v00.00.00000/services/wisdom.yaml index cd38f1d1..b3a848f2 100644 --- a/providers/src/aws/v00.00.00000/services/wisdom.yaml +++ b/providers/src/aws/v00.00.00000/services/wisdom.yaml @@ -385,437 +385,4279 @@ components: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' type: object schemas: - AssistantType: + AIAgentAssociationConfigurationType: type: string enum: - - AGENT - ServerSideEncryptionConfiguration: + - KNOWLEDGE_BASE + AIAgentConfiguration: + oneOf: + - type: object + title: ManualSearchAIAgentConfiguration + properties: + ManualSearchAIAgentConfiguration: + $ref: '#/components/schemas/ManualSearchAIAgentConfiguration' + required: + - ManualSearchAIAgentConfiguration + additionalProperties: false + - type: object + title: AnswerRecommendationAIAgentConfiguration + properties: + AnswerRecommendationAIAgentConfiguration: + $ref: '#/components/schemas/AnswerRecommendationAIAgentConfiguration' + required: + - AnswerRecommendationAIAgentConfiguration + additionalProperties: false + - type: object + title: SelfServiceAIAgentConfiguration + properties: + SelfServiceAIAgentConfiguration: + $ref: '#/components/schemas/SelfServiceAIAgentConfiguration' + required: + - SelfServiceAIAgentConfiguration + additionalProperties: false + AIAgentType: + type: string + enum: + - MANUAL_SEARCH + - ANSWER_RECOMMENDATION + - SELF_SERVICE + SelfServiceAIAgentConfiguration: type: object properties: - KmsKeyId: + SelfServicePreProcessingAIPromptId: type: string - maxLength: 4096 - minLength: 1 + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + SelfServiceAnswerGenerationAIPromptId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + SelfServiceAIGuardrailId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + AssociationConfigurations: + type: array + items: + $ref: '#/components/schemas/AssociationConfiguration' additionalProperties: false - Tag: + AnswerRecommendationAIAgentConfiguration: + type: object + properties: + IntentLabelingGenerationAIPromptId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + QueryReformulationAIPromptId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + AnswerGenerationAIPromptId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + AnswerGenerationAIGuardrailId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + AssociationConfigurations: + type: array + items: + $ref: '#/components/schemas/AssociationConfiguration' + additionalProperties: false + AssociationConfiguration: + type: object + properties: + AssociationId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AssociationType: + $ref: '#/components/schemas/AIAgentAssociationConfigurationType' + AssociationConfigurationData: + $ref: '#/components/schemas/AssociationConfigurationData' additionalProperties: false + AssociationConfigurationData: + oneOf: + - type: object + title: KnowledgeBaseAssociationConfigurationData + properties: + KnowledgeBaseAssociationConfigurationData: + $ref: '#/components/schemas/KnowledgeBaseAssociationConfigurationData' + required: + - KnowledgeBaseAssociationConfigurationData + additionalProperties: false + KnowledgeBaseAssociationConfigurationData: + type: object + properties: + ContentTagFilter: + $ref: '#/components/schemas/TagFilter' + MaxResults: + type: number + maximum: 100 + minimum: 1 + OverrideKnowledgeBaseSearchType: + $ref: '#/components/schemas/KnowledgeBaseSearchType' + additionalProperties: false + KnowledgeBaseSearchType: + type: string + enum: + - HYBRID + - SEMANTIC + ManualSearchAIAgentConfiguration: + type: object + properties: + AnswerGenerationAIPromptId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + AnswerGenerationAIGuardrailId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + AssociationConfigurations: + type: array + items: + $ref: '#/components/schemas/AssociationConfiguration' + additionalProperties: false + OrCondition: + oneOf: + - type: object + title: AndConditions + properties: + AndConditions: + type: array + items: + $ref: '#/components/schemas/TagCondition' + required: + - AndConditions + additionalProperties: false + - type: object + title: TagCondition + properties: + TagCondition: + $ref: '#/components/schemas/TagCondition' + required: + - TagCondition + additionalProperties: false + TagCondition: + type: object properties: Key: + type: string maxLength: 128 minLength: 1 pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ - type: string Value: + type: string maxLength: 256 minLength: 1 - type: string required: - Key - - Value + additionalProperties: false + TagFilter: + oneOf: + - type: object + title: TagCondition + properties: + TagCondition: + $ref: '#/components/schemas/TagCondition' + required: + - TagCondition + additionalProperties: false + - type: object + title: AndConditions + properties: + AndConditions: + type: array + items: + $ref: '#/components/schemas/TagCondition' + required: + - AndConditions + additionalProperties: false + - type: object + title: OrConditions + properties: + OrConditions: + type: array + items: + $ref: '#/components/schemas/OrCondition' + required: + - OrConditions + additionalProperties: false + Tags: type: object - Assistant: + x-patternProperties: + ^(?!aws:)[a-zA-Z+-=._:/]+$: + type: string + maxLength: 256 + minLength: 1 + additionalProperties: false + AIAgent: type: object properties: - Type: - $ref: '#/components/schemas/AssistantType' - Description: + AIAgentId: type: string - maxLength: 255 - minLength: 1 - AssistantArn: + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}$ + AIAgentArn: type: string - pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ AssistantId: type: string - pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ - ServerSideEncryptionConfiguration: - $ref: '#/components/schemas/ServerSideEncryptionConfiguration' - Tags: - x-insertionOrder: false - uniqueItems: true - items: - $ref: '#/components/schemas/Tag' - type: array + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + Configuration: + $ref: '#/components/schemas/AIAgentConfiguration' + Description: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\s_.,-]+ Name: type: string maxLength: 255 minLength: 1 + pattern: ^[a-zA-Z0-9\s_.,-]+ + Tags: + $ref: '#/components/schemas/Tags' + Type: + $ref: '#/components/schemas/AIAgentType' + ModifiedTimeSeconds: + type: number required: - - Name + - AssistantId + - Configuration - Type - x-stackql-resource-name: assistant - description: Definition of AWS::Wisdom::Assistant Resource Type - x-type-name: AWS::Wisdom::Assistant + x-stackql-resource-name: ai_agent + description: Definition of AWS::Wisdom::AIAgent Resource Type + x-type-name: AWS::Wisdom::AIAgent x-stackql-primary-identifier: + - AIAgentId - AssistantId x-stackql-additional-identifiers: - - - AssistantArn + - - AIAgentArn + - AssistantArn x-create-only-properties: - - Description + - AssistantId - Name - - ServerSideEncryptionConfiguration - Tags - Type x-read-only-properties: - - AssistantId + - AIAgentArn + - AIAgentId - AssistantArn + - ModifiedTimeSeconds x-required-properties: - - Name + - AssistantId + - Configuration - Type - x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - wisdom:TagResource x-required-permissions: create: - - kms:CreateGrant - - kms:DescribeKey - - wisdom:CreateAssistant + - wisdom:CreateAIAgent - wisdom:TagResource - update: - - wisdom:GetAssistant read: - - wisdom:GetAssistant - list: - - wisdom:ListAssistants + - wisdom:GetAIAgent + update: + - wisdom:UpdateAIAgent delete: - - wisdom:DeleteAssistant - AssociationData: - type: object - properties: - KnowledgeBaseId: - type: string - pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ - required: - - KnowledgeBaseId - additionalProperties: false - AssociationType: - type: string - enum: - - KNOWLEDGE_BASE - AssistantAssociation: + - wisdom:DeleteAIAgent + list: + - wisdom:ListAIAgents + AIAgentVersion: type: object properties: - AssistantAssociationArn: + AIAgentArn: type: string pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ AssistantArn: type: string pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ - AssistantAssociationId: + AIAgentId: type: string pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ AssistantId: type: string pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ - Association: - $ref: '#/components/schemas/AssociationData' - AssociationType: - $ref: '#/components/schemas/AssociationType' - Tags: - x-insertionOrder: false - uniqueItems: true - items: - $ref: '#/components/schemas/Tag' - type: array + AIAgentVersionId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + VersionNumber: + type: number + ModifiedTimeSeconds: + type: number required: - - Association - - AssociationType - AssistantId - x-stackql-resource-name: assistant_association - description: Definition of AWS::Wisdom::AssistantAssociation Resource Type - x-type-name: AWS::Wisdom::AssistantAssociation + - AIAgentId + x-stackql-resource-name: ai_agent_version + description: Definition of AWS::Wisdom::AIAgentVersion Resource Type + x-type-name: AWS::Wisdom::AIAgentVersion x-stackql-primary-identifier: - - AssistantAssociationId - AssistantId + - AIAgentId + - VersionNumber x-stackql-additional-identifiers: - - - AssistantAssociationArn + - - AIAgentArn - AssistantArn x-create-only-properties: - - Association - - AssociationType - AssistantId - - Tags + - AIAgentId + - ModifiedTimeSeconds x-read-only-properties: - - AssistantAssociationId - - AssistantAssociationArn + - AIAgentVersionId + - AIAgentArn - AssistantArn + - VersionNumber x-required-properties: - - Association - - AssociationType - AssistantId - x-replacement-strategy: delete_then_create + - AIAgentId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false x-required-permissions: create: - - wisdom:CreateAssistantAssociation - - wisdom:TagResource - update: - - wisdom:GetAssistantAssociation + - wisdom:CreateAIAgentVersion read: - - wisdom:GetAssistantAssociation - list: - - wisdom:ListAssistantAssociations + - wisdom:GetAIAgent + - wisdom:GetAIAgentVersion + update: + - wisdom:GetAIAgent + - wisdom:GetAIAgentVersion delete: - - wisdom:DeleteAssistantAssociation - AppIntegrationsConfiguration: + - wisdom:DeleteAIAgentVersion + list: + - wisdom:ListAIAgentVersions + AIGuardrailContentPolicyConfig: type: object + description: Content policy config for a guardrail. properties: - ObjectFields: + FiltersConfig: type: array items: - type: string - maxLength: 4096 - minLength: 1 - x-insertionOrder: false - maxItems: 100 + $ref: '#/components/schemas/GuardrailContentFilterConfig' + maxItems: 6 minItems: 1 - AppIntegrationArn: - type: string - maxLength: 2048 - minLength: 1 - pattern: ^arn:[a-z-]+?:[a-z-]+?:[a-z0-9-]*?:([0-9]{12})?:[a-zA-Z0-9-:/]+$ + description: List of content filter configs in content policy. required: - - AppIntegrationArn + - FiltersConfig additionalProperties: false - KnowledgeBaseType: - type: string - enum: - - EXTERNAL - - CUSTOM - RenderingConfiguration: + AIGuardrailContextualGroundingPolicyConfig: type: object + description: Contextual grounding policy config for a guardrail. properties: - TemplateUri: - type: string - maxLength: 4096 - minLength: 1 + FiltersConfig: + type: array + items: + $ref: '#/components/schemas/GuardrailContextualGroundingFilterConfig' + minItems: 1 + description: List of contextual grounding filter configs. + required: + - FiltersConfig additionalProperties: false - SourceConfiguration: + AIGuardrailSensitiveInformationPolicyConfig: type: object + description: Sensitive information policy config for a guardrail. properties: - AppIntegrations: - $ref: '#/components/schemas/AppIntegrationsConfiguration' - oneOf: - - required: - - AppIntegrations + PiiEntitiesConfig: + type: array + items: + $ref: '#/components/schemas/GuardrailPiiEntityConfig' + minItems: 1 + uniqueItems: true + description: List of entities. + RegexesConfig: + type: array + items: + $ref: '#/components/schemas/GuardrailRegexConfig' + minItems: 1 + description: List of regex. additionalProperties: false - KnowledgeBase: + AIGuardrailTopicPolicyConfig: type: object + description: Topic policy config for a guardrail. properties: - Description: - type: string - maxLength: 255 - minLength: 1 - KnowledgeBaseArn: - type: string - pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ - KnowledgeBaseId: - type: string - pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ - KnowledgeBaseType: - $ref: '#/components/schemas/KnowledgeBaseType' - Name: - type: string - maxLength: 255 - minLength: 1 - RenderingConfiguration: - $ref: '#/components/schemas/RenderingConfiguration' - ServerSideEncryptionConfiguration: - $ref: '#/components/schemas/ServerSideEncryptionConfiguration' - SourceConfiguration: - $ref: '#/components/schemas/SourceConfiguration' - Tags: - x-insertionOrder: false - uniqueItems: true + TopicsConfig: + type: array items: - $ref: '#/components/schemas/Tag' + $ref: '#/components/schemas/GuardrailTopicConfig' + minItems: 1 + description: List of topic configs in topic policy. + required: + - TopicsConfig + additionalProperties: false + AIGuardrailWordPolicyConfig: + type: object + description: Word policy config for a guardrail. + properties: + WordsConfig: type: array + items: + $ref: '#/components/schemas/GuardrailWordConfig' + minItems: 1 + description: List of custom word configs. + ManagedWordListsConfig: + type: array + items: + $ref: '#/components/schemas/GuardrailManagedWordsConfig' + description: A config for the list of managed words. + additionalProperties: false + GuardrailContentFilterConfig: + type: object + description: Content filter config in content policy. + properties: + Type: + $ref: '#/components/schemas/GuardrailContentFilterType' + InputStrength: + $ref: '#/components/schemas/GuardrailFilterStrength' + OutputStrength: + $ref: '#/components/schemas/GuardrailFilterStrength' required: - - KnowledgeBaseType + - InputStrength + - OutputStrength + - Type + additionalProperties: false + GuardrailContentFilterType: + type: string + description: Type of text to text filter in content policy + enum: + - SEXUAL + - VIOLENCE + - HATE + - INSULTS + - MISCONDUCT + - PROMPT_ATTACK + GuardrailContextualGroundingFilterConfig: + type: object + description: A config for grounding filter. + properties: + Type: + $ref: '#/components/schemas/GuardrailContextualGroundingFilterType' + Threshold: + type: number + default: 0 + minimum: 0 + description: The threshold for this filter. + required: + - Threshold + - Type + additionalProperties: false + GuardrailContextualGroundingFilterType: + type: string + description: Type of contextual grounding filter + enum: + - GROUNDING + - RELEVANCE + GuardrailFilterStrength: + type: string + description: Strength for filters + enum: + - NONE + - LOW + - MEDIUM + - HIGH + GuardrailManagedWordsConfig: + type: object + description: A managed words config. + properties: + Type: + $ref: '#/components/schemas/GuardrailManagedWordsType' + required: + - Type + additionalProperties: false + GuardrailManagedWordsType: + type: string + description: Options for managed words. + enum: + - PROFANITY + GuardrailPiiEntityConfig: + type: object + description: Pii entity configuration. + properties: + Type: + $ref: '#/components/schemas/GuardrailPiiEntityType' + Action: + $ref: '#/components/schemas/GuardrailSensitiveInformationAction' + required: + - Action + - Type + additionalProperties: false + GuardrailPiiEntityType: + type: string + description: The currently supported PII entities + enum: + - ADDRESS + - AGE + - AWS_ACCESS_KEY + - AWS_SECRET_KEY + - CA_HEALTH_NUMBER + - CA_SOCIAL_INSURANCE_NUMBER + - CREDIT_DEBIT_CARD_CVV + - CREDIT_DEBIT_CARD_EXPIRY + - CREDIT_DEBIT_CARD_NUMBER + - DRIVER_ID + - EMAIL + - INTERNATIONAL_BANK_ACCOUNT_NUMBER + - IP_ADDRESS + - LICENSE_PLATE + - MAC_ADDRESS + - NAME + - PASSWORD + - PHONE + - PIN + - SWIFT_CODE + - UK_NATIONAL_HEALTH_SERVICE_NUMBER + - UK_NATIONAL_INSURANCE_NUMBER + - UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER + - URL + - USERNAME + - US_BANK_ACCOUNT_NUMBER + - US_BANK_ROUTING_NUMBER + - US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER + - US_PASSPORT_NUMBER + - US_SOCIAL_SECURITY_NUMBER + - VEHICLE_IDENTIFICATION_NUMBER + GuardrailRegexConfig: + type: object + description: A regex configuration. + properties: + Name: + type: string + maxLength: 100 + minLength: 1 + description: The regex name. + Description: + type: string + maxLength: 1000 + minLength: 1 + description: The regex description. + Pattern: + type: string + minLength: 1 + description: The regex pattern. + Action: + $ref: '#/components/schemas/GuardrailSensitiveInformationAction' + required: + - Action - Name - x-stackql-resource-name: knowledge_base - description: Definition of AWS::Wisdom::KnowledgeBase Resource Type - x-type-name: AWS::Wisdom::KnowledgeBase + - Pattern + additionalProperties: false + GuardrailSensitiveInformationAction: + type: string + description: Options for sensitive information action. + enum: + - BLOCK + - ANONYMIZE + GuardrailTopicConfig: + type: object + description: Topic config in topic policy. + properties: + Name: + type: string + maxLength: 100 + minLength: 1 + pattern: ^[0-9a-zA-Z-_ !?.]+$ + description: Name of topic in topic policy + Definition: + type: string + maxLength: 200 + minLength: 1 + description: Definition of topic in topic policy + Examples: + type: array + items: + type: string + maxLength: 100 + minLength: 1 + description: Text example in topic policy + minItems: 0 + description: List of text examples + Type: + $ref: '#/components/schemas/GuardrailTopicType' + required: + - Definition + - Name + - Type + additionalProperties: false + GuardrailTopicType: + type: string + description: Type of topic in a policy + enum: + - DENY + GuardrailWordConfig: + type: object + description: A custom word config. + properties: + Text: + type: string + minLength: 1 + description: The custom word text. + required: + - Text + additionalProperties: false + AIGuardrail: + type: object + properties: + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + AIGuardrailArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + AIGuardrailId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}$ + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\s_.,-]+ + BlockedInputMessaging: + type: string + maxLength: 500 + minLength: 1 + description: Messaging for when violations are detected in text + BlockedOutputsMessaging: + type: string + maxLength: 500 + minLength: 1 + description: Messaging for when violations are detected in text + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the guardrail or its version + TopicPolicyConfig: + $ref: '#/components/schemas/AIGuardrailTopicPolicyConfig' + ContentPolicyConfig: + $ref: '#/components/schemas/AIGuardrailContentPolicyConfig' + WordPolicyConfig: + $ref: '#/components/schemas/AIGuardrailWordPolicyConfig' + SensitiveInformationPolicyConfig: + $ref: '#/components/schemas/AIGuardrailSensitiveInformationPolicyConfig' + ContextualGroundingPolicyConfig: + $ref: '#/components/schemas/AIGuardrailContextualGroundingPolicyConfig' + Tags: + $ref: '#/components/schemas/Tags' + required: + - AssistantId + - BlockedInputMessaging + - BlockedOutputsMessaging + x-stackql-resource-name: ai_guardrail + description: Definition of AWS::Wisdom::AIGuardrail Resource Type + x-type-name: AWS::Wisdom::AIGuardrail x-stackql-primary-identifier: - - KnowledgeBaseId + - AIGuardrailId + - AssistantId x-stackql-additional-identifiers: - - - KnowledgeBaseArn + - - AIGuardrailArn + - AssistantArn x-create-only-properties: - - Description - - KnowledgeBaseType + - AssistantId - Name - - ServerSideEncryptionConfiguration - - SourceConfiguration - Tags x-read-only-properties: - - KnowledgeBaseId - - KnowledgeBaseArn + - AIGuardrailArn + - AIGuardrailId + - AssistantArn x-required-properties: - - KnowledgeBaseType - - Name - x-replacement-strategy: delete_then_create + - AssistantId + - BlockedInputMessaging + - BlockedOutputsMessaging + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - wisdom:TagResource x-required-permissions: create: - - appflow:CreateFlow - - appflow:DeleteFlow - - appflow:StartFlow - - appflow:TagResource - - appflow:UseConnectorProfile - - app-integrations:CreateDataIntegrationAssociation - - app-integrations:GetDataIntegration - - kms:DescribeKey - - kms:CreateGrant - - kms:ListGrants - - wisdom:CreateKnowledgeBase + - wisdom:CreateAIGuardrail - wisdom:TagResource + read: + - wisdom:GetAIGuardrail update: - - wisdom:GetKnowledgeBase + - wisdom:UpdateAIGuardrail delete: - - appflow:DeleteFlow - - appflow:StopFlow - - app-integrations:DeleteDataIntegrationAssociation - - wisdom:DeleteKnowledgeBase + - wisdom:DeleteAIGuardrail list: - - wisdom:ListKnowledgeBases - read: - - wisdom:GetKnowledgeBase - CreateAssistantRequest: + - wisdom:ListAIGuardrails + AIGuardrailVersion: + type: object properties: - ClientToken: + AIGuardrailArn: type: string - RoleArn: + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantArn: type: string - TypeName: + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AIGuardrailId: type: string - TypeVersionId: + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AssistantId: type: string - DesiredState: - type: object + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AIGuardrailVersionId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + VersionNumber: + type: number + ModifiedTimeSeconds: + type: number + required: + - AssistantId + - AIGuardrailId + x-stackql-resource-name: ai_guardrail_version + description: Definition of AWS::Wisdom::AIGuardrailVersion Resource Type + x-type-name: AWS::Wisdom::AIGuardrailVersion + x-stackql-primary-identifier: + - AssistantId + - AIGuardrailId + - VersionNumber + x-stackql-additional-identifiers: + - - AIGuardrailArn + - AssistantArn + x-create-only-properties: + - AssistantId + - AIGuardrailId + - ModifiedTimeSeconds + x-read-only-properties: + - AIGuardrailVersionId + - AIGuardrailArn + - AssistantArn + - VersionNumber + x-required-properties: + - AssistantId + - AIGuardrailId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - wisdom:CreateAIGuardrailVersion + read: + - wisdom:GetAIGuardrail + - wisdom:GetAIGuardrailVersion + update: + - wisdom:GetAIGuardrail + - wisdom:GetAIGuardrailVersion + delete: + - wisdom:DeleteAIGuardrailVersion + list: + - wisdom:ListAIGuardrailVersions + AIPromptAPIFormat: + type: string + enum: + - ANTHROPIC_CLAUDE_MESSAGES + - ANTHROPIC_CLAUDE_TEXT_COMPLETIONS + AIPromptTemplateConfiguration: + type: object + oneOf: + - type: object + title: TextFullAIPromptEditTemplateConfiguration properties: - Type: - $ref: '#/components/schemas/AssistantType' - Description: - type: string - maxLength: 255 - minLength: 1 - AssistantArn: - type: string - pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ - AssistantId: - type: string - pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ - ServerSideEncryptionConfiguration: - $ref: '#/components/schemas/ServerSideEncryptionConfiguration' - Tags: - x-insertionOrder: false - uniqueItems: true - items: - $ref: '#/components/schemas/Tag' - type: array - Name: - type: string - maxLength: 255 - minLength: 1 - x-stackQL-stringOnly: true - x-title: CreateAssistantRequest + TextFullAIPromptEditTemplateConfiguration: + $ref: '#/components/schemas/TextFullAIPromptEditTemplateConfiguration' + required: + - TextFullAIPromptEditTemplateConfiguration + additionalProperties: false + AIPromptTemplateType: + type: string + enum: + - TEXT + AIPromptType: + type: string + enum: + - ANSWER_GENERATION + - INTENT_LABELING_GENERATION + - QUERY_REFORMULATION + - SELF_SERVICE_PRE_PROCESSING + - SELF_SERVICE_ANSWER_GENERATION + TextFullAIPromptEditTemplateConfiguration: type: object - required: [] - CreateAssistantAssociationRequest: properties: - ClientToken: + Text: type: string - RoleArn: + maxLength: 200000 + minLength: 1 + required: + - Text + additionalProperties: false + AIPrompt: + type: object + properties: + AIPromptId: type: string - TypeName: + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}$ + AIPromptArn: type: string - TypeVersionId: + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + ApiFormat: + $ref: '#/components/schemas/AIPromptAPIFormat' + AssistantId: type: string - DesiredState: - type: object - properties: - AssistantAssociationArn: - type: string - pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ - AssistantArn: - type: string - pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ - AssistantAssociationId: - type: string - pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ - AssistantId: - type: string - pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ - Association: - $ref: '#/components/schemas/AssociationData' - AssociationType: - $ref: '#/components/schemas/AssociationType' - Tags: - x-insertionOrder: false - uniqueItems: true - items: - $ref: '#/components/schemas/Tag' - type: array - x-stackQL-stringOnly: true - x-title: CreateAssistantAssociationRequest - type: object - required: [] - CreateKnowledgeBaseRequest: - properties: - ClientToken: + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + AssistantArn: type: string - RoleArn: + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + Description: type: string - TypeName: + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\s_.,-]+ + ModelId: type: string - TypeVersionId: + maxLength: 2048 + minLength: 1 + Name: type: string - DesiredState: - type: object - properties: - Description: - type: string - maxLength: 255 - minLength: 1 - KnowledgeBaseArn: - type: string - pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ - KnowledgeBaseId: - type: string - pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ - KnowledgeBaseType: - $ref: '#/components/schemas/KnowledgeBaseType' - Name: - type: string - maxLength: 255 - minLength: 1 - RenderingConfiguration: - $ref: '#/components/schemas/RenderingConfiguration' - ServerSideEncryptionConfiguration: - $ref: '#/components/schemas/ServerSideEncryptionConfiguration' - SourceConfiguration: - $ref: '#/components/schemas/SourceConfiguration' - Tags: - x-insertionOrder: false - uniqueItems: true - items: - $ref: '#/components/schemas/Tag' - type: array - x-stackQL-stringOnly: true - x-title: CreateKnowledgeBaseRequest + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\s_.,-]+ + Tags: + $ref: '#/components/schemas/Tags' + TemplateConfiguration: + $ref: '#/components/schemas/AIPromptTemplateConfiguration' + TemplateType: + $ref: '#/components/schemas/AIPromptTemplateType' + Type: + $ref: '#/components/schemas/AIPromptType' + ModifiedTimeSeconds: + type: number + required: + - ApiFormat + - ModelId + - TemplateConfiguration + - TemplateType + - Type + x-stackql-resource-name: ai_prompt + description: Definition of AWS::Wisdom::AIPrompt Resource Type + x-type-name: AWS::Wisdom::AIPrompt + x-stackql-primary-identifier: + - AIPromptId + - AssistantId + x-stackql-additional-identifiers: + - - AIPromptArn + - AssistantArn + x-create-only-properties: + - ApiFormat + - AssistantId + - ModelId + - Name + - Tags + - TemplateType + - Type + x-read-only-properties: + - AIPromptArn + - AIPromptId + - AssistantArn + - ModifiedTimeSeconds + x-required-properties: + - ApiFormat + - ModelId + - TemplateConfiguration + - TemplateType + - Type + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - wisdom:TagResource + x-required-permissions: + create: + - wisdom:CreateAIPrompt + - wisdom:TagResource + read: + - wisdom:GetAIPrompt + update: + - wisdom:UpdateAIPrompt + delete: + - wisdom:DeleteAIPrompt + list: + - wisdom:ListAIPrompts + AIPromptVersion: type: object - required: [] - securitySchemes: - hmac: - type: apiKey - name: Authorization - in: header - description: Amazon Signature authorization v4 - x-amazon-apigateway-authtype: awsSigv4 - x-stackQL-resources: + properties: + AIPromptArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AIPromptId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AIPromptVersionId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + VersionNumber: + type: number + ModifiedTimeSeconds: + type: number + required: + - AssistantId + - AIPromptId + x-stackql-resource-name: ai_prompt_version + description: Definition of AWS::Wisdom::AIPromptVersion Resource Type + x-type-name: AWS::Wisdom::AIPromptVersion + x-stackql-primary-identifier: + - AssistantId + - AIPromptId + - VersionNumber + x-stackql-additional-identifiers: + - - AIPromptArn + - AssistantArn + x-create-only-properties: + - AssistantId + - AIPromptId + - ModifiedTimeSeconds + x-read-only-properties: + - AIPromptArn + - AIPromptVersionId + - AssistantArn + - VersionNumber + x-required-properties: + - AssistantId + - AIPromptId + x-tagging: + taggable: false + tagOnCreate: false + tagUpdatable: false + cloudFormationSystemTags: false + x-required-permissions: + create: + - wisdom:CreateAIPromptVersion + read: + - wisdom:GetAIPrompt + - wisdom:GetAIPromptVersion + update: + - wisdom:GetAIPrompt + - wisdom:GetAIPromptVersion + delete: + - wisdom:DeleteAIPromptVersion + list: + - wisdom:ListAIPromptVersions + AssistantType: + type: string + enum: + - AGENT + ServerSideEncryptionConfiguration: + type: object + properties: + KmsKeyId: + type: string + maxLength: 4096 + minLength: 1 + additionalProperties: false + Tag: + description: A key-value pair to associate with a resource. + type: object + properties: + Key: + description: 'The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -' + type: string + pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$ + minLength: 1 + maxLength: 128 + Value: + description: 'The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -' + type: string + minLength: 1 + maxLength: 256 + required: + - Key + - Value + additionalProperties: false + Assistant: + type: object + properties: + Type: + $ref: '#/components/schemas/AssistantType' + Description: + type: string + maxLength: 255 + minLength: 1 + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + ServerSideEncryptionConfiguration: + $ref: '#/components/schemas/ServerSideEncryptionConfiguration' + Tags: + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + type: array + Name: + type: string + maxLength: 255 + minLength: 1 + required: + - Name + - Type + x-stackql-resource-name: assistant + description: Definition of AWS::Wisdom::Assistant Resource Type + x-type-name: AWS::Wisdom::Assistant + x-stackql-primary-identifier: + - AssistantId + x-stackql-additional-identifiers: + - - AssistantArn + x-create-only-properties: + - Description + - Name + - ServerSideEncryptionConfiguration + - Tags + - Type + x-read-only-properties: + - AssistantId + - AssistantArn + x-required-properties: + - Name + - Type + x-replacement-strategy: delete_then_create + x-required-permissions: + create: + - kms:CreateGrant + - kms:DescribeKey + - wisdom:CreateAssistant + - wisdom:TagResource + update: + - wisdom:GetAssistant + read: + - wisdom:GetAssistant + list: + - wisdom:ListAssistants + delete: + - wisdom:DeleteAssistant + AssociationData: + type: object + properties: + KnowledgeBaseId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + required: + - KnowledgeBaseId + additionalProperties: false + AssociationType: + type: string + enum: + - KNOWLEDGE_BASE + AssistantAssociation: + type: object + properties: + AssistantAssociationArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantAssociationId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + Association: + $ref: '#/components/schemas/AssociationData' + AssociationType: + $ref: '#/components/schemas/AssociationType' + Tags: + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + type: array + required: + - Association + - AssociationType + - AssistantId + x-stackql-resource-name: assistant_association + description: Definition of AWS::Wisdom::AssistantAssociation Resource Type + x-type-name: AWS::Wisdom::AssistantAssociation + x-stackql-primary-identifier: + - AssistantAssociationId + - AssistantId + x-stackql-additional-identifiers: + - - AssistantAssociationArn + - AssistantArn + x-create-only-properties: + - Association + - AssociationType + - AssistantId + - Tags + x-read-only-properties: + - AssistantAssociationId + - AssistantAssociationArn + - AssistantArn + x-required-properties: + - Association + - AssociationType + - AssistantId + x-replacement-strategy: delete_then_create + x-required-permissions: + create: + - wisdom:CreateAssistantAssociation + - wisdom:TagResource + update: + - wisdom:GetAssistantAssociation + read: + - wisdom:GetAssistantAssociation + list: + - wisdom:ListAssistantAssociations + delete: + - wisdom:DeleteAssistantAssociation + AppIntegrationsConfiguration: + type: object + properties: + ObjectFields: + type: array + items: + type: string + maxLength: 4096 + minLength: 1 + x-insertionOrder: false + maxItems: 100 + minItems: 1 + AppIntegrationArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:[a-z-]+?:[a-z-]+?:[a-z0-9-]*?:([0-9]{12})?:[a-zA-Z0-9-:/]+$ + required: + - AppIntegrationArn + additionalProperties: false + KnowledgeBaseType: + type: string + enum: + - EXTERNAL + - CUSTOM + - MESSAGE_TEMPLATES + - MANAGED + RenderingConfiguration: + type: object + properties: + TemplateUri: + type: string + maxLength: 4096 + minLength: 1 + additionalProperties: false + SeedUrl: + type: object + additionalProperties: false + properties: + Url: + type: string + pattern: ^https?://[A-Za-z0-9][^\s]*$ + UrlFilterPattern: + type: string + maxLength: 1000 + minLength: 1 + UrlFilterList: + type: array + items: + $ref: '#/components/schemas/UrlFilterPattern' + maxItems: 25 + minItems: 1 + WebCrawlerConfiguration: + type: object + additionalProperties: false + properties: + UrlConfiguration: + type: object + additionalProperties: false + properties: + SeedUrls: + type: array + items: + $ref: '#/components/schemas/SeedUrl' + maxItems: 100 + minItems: 1 + CrawlerLimits: + type: object + additionalProperties: false + properties: + RateLimit: + type: number + minimum: 1 + maximum: 3000 + InclusionFilters: + $ref: '#/components/schemas/UrlFilterList' + ExclusionFilters: + $ref: '#/components/schemas/UrlFilterList' + Scope: + type: string + enum: + - HOST_ONLY + - SUBDOMAINS + required: + - UrlConfiguration + ManagedSourceConfiguration: + oneOf: + - type: object + properties: + WebCrawlerConfiguration: + $ref: '#/components/schemas/WebCrawlerConfiguration' + required: + - WebCrawlerConfiguration + additionalProperties: false + FixedSizeChunkingConfiguration: + type: object + additionalProperties: false + properties: + MaxTokens: + type: number + minimum: 1 + OverlapPercentage: + type: number + minimum: 1 + maximum: 99 + required: + - MaxTokens + - OverlapPercentage + HierarchicalChunkingLevelConfiguration: + type: object + additionalProperties: false + properties: + MaxTokens: + type: number + minimum: 1 + maximum: 8192 + required: + - MaxTokens + HierarchicalChunkingConfiguration: + type: object + additionalProperties: false + properties: + LevelConfigurations: + type: array + items: + $ref: '#/components/schemas/HierarchicalChunkingLevelConfiguration' + maxItems: 2 + minItems: 2 + OverlapTokens: + type: number + minimum: 1 + required: + - LevelConfigurations + - OverlapTokens + SemanticChunkingConfiguration: + type: object + additionalProperties: false + properties: + MaxTokens: + type: number + minimum: 1 + BufferSize: + type: number + minimum: 0 + maximum: 1 + BreakpointPercentileThreshold: + type: number + minimum: 50 + maximum: 99 + required: + - MaxTokens + - BufferSize + - BreakpointPercentileThreshold + BedrockFoundationModelConfiguration: + type: object + additionalProperties: false + properties: + ModelArn: + type: string + maxLength: 2048 + minLength: 1 + pattern: ^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model\/anthropic.claude-3-haiku-20240307-v1:0$ + ParsingPrompt: + type: object + additionalProperties: false + properties: + ParsingPromptText: + type: string + maxLength: 10000 + minLength: 1 + required: + - ParsingPromptText + required: + - ModelArn + VectorIngestionConfiguration: + type: object + additionalProperties: false + properties: + ChunkingConfiguration: + type: object + additionalProperties: false + properties: + ChunkingStrategy: + type: string + enum: + - FIXED_SIZE + - NONE + - HIERARCHICAL + - SEMANTIC + FixedSizeChunkingConfiguration: + $ref: '#/components/schemas/FixedSizeChunkingConfiguration' + HierarchicalChunkingConfiguration: + $ref: '#/components/schemas/HierarchicalChunkingConfiguration' + SemanticChunkingConfiguration: + $ref: '#/components/schemas/SemanticChunkingConfiguration' + required: + - ChunkingStrategy + ParsingConfiguration: + type: object + additionalProperties: false + properties: + ParsingStrategy: + type: string + enum: + - BEDROCK_FOUNDATION_MODEL + BedrockFoundationModelConfiguration: + $ref: '#/components/schemas/BedrockFoundationModelConfiguration' + required: + - ParsingStrategy + SourceConfiguration: + oneOf: + - type: object + title: AppIntegrationsConfiguration + properties: + AppIntegrations: + $ref: '#/components/schemas/AppIntegrationsConfiguration' + required: + - AppIntegrations + additionalProperties: false + - type: object + title: ManagedSourceConfiguration + properties: + ManagedSourceConfiguration: + $ref: '#/components/schemas/ManagedSourceConfiguration' + required: + - ManagedSourceConfiguration + additionalProperties: false + KnowledgeBase: + type: object + properties: + Description: + type: string + maxLength: 255 + minLength: 1 + KnowledgeBaseArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + KnowledgeBaseId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + KnowledgeBaseType: + $ref: '#/components/schemas/KnowledgeBaseType' + Name: + type: string + maxLength: 255 + minLength: 1 + RenderingConfiguration: + $ref: '#/components/schemas/RenderingConfiguration' + ServerSideEncryptionConfiguration: + $ref: '#/components/schemas/ServerSideEncryptionConfiguration' + SourceConfiguration: + $ref: '#/components/schemas/SourceConfiguration' + VectorIngestionConfiguration: + $ref: '#/components/schemas/VectorIngestionConfiguration' + Tags: + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + type: array + required: + - KnowledgeBaseType + - Name + x-stackql-resource-name: knowledge_base + description: Definition of AWS::Wisdom::KnowledgeBase Resource Type + x-type-name: AWS::Wisdom::KnowledgeBase + x-stackql-primary-identifier: + - KnowledgeBaseId + x-stackql-additional-identifiers: + - - KnowledgeBaseArn + x-create-only-properties: + - Description + - KnowledgeBaseType + - Name + - ServerSideEncryptionConfiguration + - SourceConfiguration + - Tags + x-read-only-properties: + - KnowledgeBaseId + - KnowledgeBaseArn + x-required-properties: + - KnowledgeBaseType + - Name + x-replacement-strategy: delete_then_create + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + permissions: + - wisdom:TagResource + x-required-permissions: + create: + - appflow:CreateFlow + - appflow:DeleteFlow + - appflow:StartFlow + - appflow:TagResource + - appflow:UseConnectorProfile + - app-integrations:CreateDataIntegrationAssociation + - app-integrations:GetDataIntegration + - kms:DescribeKey + - kms:CreateGrant + - kms:ListGrants + - wisdom:CreateKnowledgeBase + - wisdom:TagResource + update: + - wisdom:GetKnowledgeBase + delete: + - appflow:DeleteFlow + - appflow:StopFlow + - app-integrations:DeleteDataIntegrationAssociation + - wisdom:DeleteKnowledgeBase + list: + - wisdom:ListKnowledgeBases + read: + - wisdom:GetKnowledgeBase + ChannelSubtype: + description: The channel subtype this message template applies to. + type: string + enum: + - EMAIL + - SMS + Content: + description: The content of the message template. + type: object + properties: + EmailMessageTemplateContent: + $ref: '#/components/schemas/EmailMessageTemplateContent' + SmsMessageTemplateContent: + $ref: '#/components/schemas/SmsMessageTemplateContent' + oneOf: + - required: + - EmailMessageTemplateContent + - required: + - SmsMessageTemplateContent + additionalProperties: false + EmailMessageTemplateContent: + description: The content of message template that applies to email channel subtype. + type: object + properties: + Subject: + description: The subject line, or title, to use in email messages. + type: string + minLength: 1 + Body: + $ref: '#/components/schemas/EmailMessageTemplateContentBody' + Headers: + description: The email headers to include in email messages. + type: array + items: + $ref: '#/components/schemas/EmailMessageTemplateHeader' + uniqueItems: true + x-insertionOrder: true + minItems: 0 + maxItems: 15 + required: + - Subject + - Body + - Headers + additionalProperties: false + EmailMessageTemplateContentBody: + description: The body to use in email messages. + type: object + properties: + PlainText: + description: The message body, in plain text format, to use in email messages that are based on the message template. We recommend using plain text format for email clients that don't render HTML content and clients that are connected to high-latency networks, such as mobile devices. + $ref: '#/components/schemas/MessageTemplateBodyContentProvider' + Html: + description: The message body, in HTML format, to use in email messages that are based on the message template. We recommend using HTML format for email clients that render HTML content. You can include links, formatted text, and more in an HTML message. + $ref: '#/components/schemas/MessageTemplateBodyContentProvider' + additionalProperties: false + EmailMessageTemplateHeader: + description: The email header to include in email messages. + type: object + properties: + Name: + description: The name of the email header. + type: string + pattern: ^[!-9;-@A-~]+$ + minLength: 1 + maxLength: 126 + Value: + description: The value of the email header. + type: string + pattern: '[ -~]*' + minLength: 1 + maxLength: 870 + additionalProperties: false + SmsMessageTemplateContent: + description: The content of message template that applies to SMS channel subtype. + type: object + properties: + Body: + $ref: '#/components/schemas/SmsMessageTemplateContentBody' + required: + - Body + additionalProperties: false + SmsMessageTemplateContentBody: + description: The body to use in SMS messages. + type: object + properties: + PlainText: + $ref: '#/components/schemas/MessageTemplateBodyContentProvider' + additionalProperties: false + MessageTemplateBodyContentProvider: + description: The container of message template body. + type: object + properties: + Content: + type: string + minLength: 1 + additionalProperties: false + MessageTemplateAttributes: + description: An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable. + type: object + properties: + SystemAttributes: + $ref: '#/components/schemas/SystemAttributes' + AgentAttributes: + $ref: '#/components/schemas/AgentAttributes' + CustomerProfileAttributes: + $ref: '#/components/schemas/CustomerProfileAttributes' + CustomAttributes: + $ref: '#/components/schemas/CustomAttributes' + additionalProperties: false + SystemAttributes: + description: The system attributes that are used with the message template. + type: object + properties: + Name: + description: The name of the task. + type: string + minLength: 1 + maxLength: 32767 + CustomerEndpoint: + description: The CustomerEndpoint attribute. + $ref: '#/components/schemas/SystemEndpointAttributes' + SystemEndpoint: + description: The SystemEndpoint attribute. + $ref: '#/components/schemas/SystemEndpointAttributes' + additionalProperties: false + SystemEndpointAttributes: + description: The system endpoint attributes that are used with the message template. + type: object + properties: + Address: + description: The customer's phone number if used with customerEndpoint, or the number the customer dialed to call your contact center if used with systemEndpoint. + type: string + minLength: 1 + maxLength: 32767 + additionalProperties: false + AgentAttributes: + description: The agent attributes that are used with the message template. + type: object + properties: + FirstName: + description: The agent’s first name as entered in their Amazon Connect user account. + type: string + minLength: 1 + maxLength: 32767 + LastName: + description: The agent’s last name as entered in their Amazon Connect user account. + type: string + minLength: 1 + maxLength: 32767 + additionalProperties: false + CustomerProfileAttributes: + description: The customer profile attributes that are used with the message template. + type: object + properties: + ProfileId: + description: The unique identifier of a customer profile. + type: string + minLength: 1 + maxLength: 32767 + ProfileARN: + description: The ARN of a customer profile. + type: string + minLength: 1 + maxLength: 32767 + FirstName: + description: The customer's first name. + type: string + minLength: 1 + maxLength: 32767 + MiddleName: + description: The customer's middle name. + type: string + minLength: 1 + maxLength: 32767 + LastName: + description: The customer's last name. + type: string + minLength: 1 + maxLength: 32767 + AccountNumber: + description: A unique account number that you have given to the customer. + type: string + minLength: 1 + maxLength: 32767 + EmailAddress: + description: The customer's email address, which has not been specified as a personal or business address. + type: string + minLength: 1 + maxLength: 32767 + PhoneNumber: + description: The customer's phone number, which has not been specified as a mobile, home, or business number. + type: string + minLength: 1 + maxLength: 32767 + AdditionalInformation: + description: Any additional information relevant to the customer's profile. + type: string + minLength: 1 + maxLength: 32767 + PartyType: + description: The customer's party type. + type: string + minLength: 1 + maxLength: 32767 + BusinessName: + description: The name of the customer's business. + type: string + minLength: 1 + maxLength: 32767 + BirthDate: + description: The customer's birth date. + type: string + minLength: 1 + maxLength: 32767 + Gender: + description: The customer's gender. + type: string + minLength: 1 + maxLength: 32767 + MobilePhoneNumber: + description: The customer's mobile phone number. + type: string + minLength: 1 + maxLength: 32767 + HomePhoneNumber: + description: The customer's home phone number. + type: string + minLength: 1 + maxLength: 32767 + BusinessPhoneNumber: + description: The customer's business phone number. + type: string + minLength: 1 + maxLength: 32767 + BusinessEmailAddress: + description: The customer's business email address. + type: string + minLength: 1 + maxLength: 32767 + Address1: + description: The first line of a customer address. + type: string + minLength: 1 + maxLength: 32767 + Address2: + description: The second line of a customer address. + type: string + minLength: 1 + maxLength: 32767 + Address3: + description: The third line of a customer address. + type: string + minLength: 1 + maxLength: 32767 + Address4: + description: The fourth line of a customer address. + type: string + minLength: 1 + maxLength: 32767 + City: + description: The city in which a customer lives. + type: string + minLength: 1 + maxLength: 32767 + County: + description: The county in which a customer lives. + type: string + minLength: 1 + maxLength: 32767 + Country: + description: The country in which a customer lives. + type: string + minLength: 1 + maxLength: 32767 + PostalCode: + description: The postal code of a customer address. + type: string + minLength: 1 + maxLength: 32767 + Province: + description: The province in which a customer lives. + type: string + minLength: 1 + maxLength: 32767 + State: + description: The state in which a customer lives. + type: string + minLength: 1 + maxLength: 32767 + ShippingAddress1: + description: The first line of a customer’s shipping address. + type: string + minLength: 1 + maxLength: 32767 + ShippingAddress2: + description: The second line of a customer’s shipping address. + type: string + minLength: 1 + maxLength: 32767 + ShippingAddress3: + description: The third line of a customer’s shipping address. + type: string + minLength: 1 + maxLength: 32767 + ShippingAddress4: + description: The fourth line of a customer’s shipping address + type: string + minLength: 1 + maxLength: 32767 + ShippingCity: + description: The city of a customer’s shipping address. + type: string + minLength: 1 + maxLength: 32767 + ShippingCounty: + description: The county of a customer’s shipping address. + type: string + minLength: 1 + maxLength: 32767 + ShippingCountry: + description: The country of a customer’s shipping address. + type: string + minLength: 1 + maxLength: 32767 + ShippingPostalCode: + description: The postal code of a customer’s shipping address. + type: string + minLength: 1 + maxLength: 32767 + ShippingProvince: + description: The province of a customer’s shipping address. + type: string + minLength: 1 + maxLength: 32767 + ShippingState: + description: The state of a customer’s shipping address. + type: string + minLength: 1 + maxLength: 32767 + MailingAddress1: + description: The first line of a customer’s mailing address. + type: string + minLength: 1 + maxLength: 32767 + MailingAddress2: + description: The second line of a customer’s mailing address. + type: string + minLength: 1 + maxLength: 32767 + MailingAddress3: + description: The third line of a customer’s mailing address. + type: string + minLength: 1 + maxLength: 32767 + MailingAddress4: + description: The fourth line of a customer’s mailing address. + type: string + minLength: 1 + maxLength: 32767 + MailingCity: + description: The city of a customer’s mailing address. + type: string + minLength: 1 + maxLength: 32767 + MailingCounty: + description: The county of a customer’s mailing address. + type: string + minLength: 1 + maxLength: 32767 + MailingCountry: + description: The country of a customer’s mailing address. + type: string + minLength: 1 + maxLength: 32767 + MailingPostalCode: + description: The postal code of a customer’s mailing address + type: string + minLength: 1 + maxLength: 32767 + MailingProvince: + description: The province of a customer’s mailing address. + type: string + minLength: 1 + maxLength: 32767 + MailingState: + description: The state of a customer’s mailing address. + type: string + minLength: 1 + maxLength: 32767 + BillingAddress1: + description: The first line of a customer’s billing address. + type: string + minLength: 1 + maxLength: 32767 + BillingAddress2: + description: The second line of a customer’s billing address. + type: string + minLength: 1 + maxLength: 32767 + BillingAddress3: + description: The third line of a customer’s billing address. + type: string + minLength: 1 + maxLength: 32767 + BillingAddress4: + description: The fourth line of a customer’s billing address. + type: string + minLength: 1 + maxLength: 32767 + BillingCity: + description: The city of a customer’s billing address. + type: string + minLength: 1 + maxLength: 32767 + BillingCounty: + description: The county of a customer’s billing address. + type: string + minLength: 1 + maxLength: 32767 + BillingCountry: + description: The country of a customer’s billing address. + type: string + minLength: 1 + maxLength: 32767 + BillingPostalCode: + description: The postal code of a customer’s billing address. + type: string + minLength: 1 + maxLength: 32767 + BillingProvince: + description: The province of a customer’s billing address. + type: string + minLength: 1 + maxLength: 32767 + BillingState: + description: The state of a customer’s billing address. + type: string + minLength: 1 + maxLength: 32767 + Custom: + $ref: '#/components/schemas/CustomAttributes' + additionalProperties: false + CustomAttributes: + description: The custom attributes that are used with the message template. + type: object + x-patternProperties: + ^[a-zA-Z0-9\s._:/=+@-]*$: + description: Value of a custom attribute. + type: string + minLength: 1 + maxLength: 32767 + additionalProperties: false + GroupingConfiguration: + description: The configuration information of the user groups that the message template is accessible to. + type: object + properties: + Criteria: + description: The criteria used for grouping Amazon Q in Connect users. + type: string + minLength: 1 + maxLength: 100 + Values: + description: The list of values that define different groups of Amazon Q in Connect users. + type: array + items: + $ref: '#/components/schemas/GroupingValue' + x-insertionOrder: true + uniqueItems: true + required: + - Criteria + - Values + additionalProperties: false + GroupingValue: + description: The value that define the group of Amazon Q in Connect users. + type: string + minLength: 1 + maxLength: 2048 + MessageTemplate: + type: object + properties: + KnowledgeBaseArn: + description: The Amazon Resource Name (ARN) of the knowledge base to which the message template belongs. + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + MessageTemplateId: + description: The unique identifier of the message template. + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + MessageTemplateArn: + description: The Amazon Resource Name (ARN) of the message template. + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + Name: + description: The name of the message template. + type: string + pattern: ^[a-zA-Z0-9\\s_.,-]+ + minLength: 1 + maxLength: 255 + ChannelSubtype: + $ref: '#/components/schemas/ChannelSubtype' + Content: + $ref: '#/components/schemas/Content' + Description: + description: The description of the message template. + type: string + pattern: ^[a-zA-Z0-9\\s_.,-]+ + minLength: 1 + maxLength: 255 + Language: + description: The language code value for the language in which the message template is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW + type: string + minLength: 2 + maxLength: 5 + GroupingConfiguration: + $ref: '#/components/schemas/GroupingConfiguration' + DefaultAttributes: + $ref: '#/components/schemas/MessageTemplateAttributes' + MessageTemplateContentSha256: + description: The content SHA256 of the message template. + type: string + minLength: 1 + maxLength: 64 + Tags: + description: 'The tags used to organize, track, or control access for this resource. For example, { "tags": {"key1":"value1", "key2":"value2"} }.' + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + type: array + required: + - KnowledgeBaseArn + - ChannelSubtype + - Name + - Content + x-stackql-resource-name: message_template + description: Definition of AWS::Wisdom::MessageTemplate Resource Type + x-type-name: AWS::Wisdom::MessageTemplate + x-stackql-primary-identifier: + - MessageTemplateArn + x-create-only-properties: + - KnowledgeBaseArn + - ChannelSubtype + x-read-only-properties: + - MessageTemplateId + - MessageTemplateArn + - MessageTemplateContentSha256 + x-required-properties: + - KnowledgeBaseArn + - ChannelSubtype + - Name + - Content + x-replacement-strategy: create_then_delete + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - wisdom:TagResource + - wisdom:UntagResource + x-required-permissions: + create: + - wisdom:CreateMessageTemplate + - wisdom:GetMessageTemplate + - wisdom:TagResource + - connect:SearchRoutingProfiles + - connect:DescribeRoutingProfile + update: + - wisdom:UpdateMessageTemplate + - wisdom:UpdateMessageTemplateMetadata + - wisdom:GetMessageTemplate + - wisdom:TagResource + - wisdom:UntagResource + - connect:SearchRoutingProfiles + - connect:DescribeRoutingProfile + delete: + - wisdom:DeleteMessageTemplate + - wisdom:UntagResource + list: + - wisdom:ListMessageTemplates + read: + - wisdom:GetMessageTemplate + MessageTemplateVersion: + type: object + properties: + MessageTemplateArn: + description: The unqualified Amazon Resource Name (ARN) of the message template. + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + MessageTemplateVersionArn: + description: The unqualified Amazon Resource Name (ARN) of the message template version. + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}):[0-9]+?$ + MessageTemplateContentSha256: + description: The content SHA256 of the message template. + type: string + minLength: 1 + maxLength: 64 + MessageTemplateVersionNumber: + description: Current version number of the message template. + type: number + required: + - MessageTemplateArn + x-stackql-resource-name: message_template_version + description: A version for the specified customer-managed message template within the specified knowledge base. + x-type-name: AWS::Wisdom::MessageTemplateVersion + x-stackql-primary-identifier: + - MessageTemplateVersionArn + x-create-only-properties: + - MessageTemplateArn + x-conditional-create-only-properties: + - MessageTemplateContentSha256 + x-read-only-properties: + - MessageTemplateVersionNumber + - MessageTemplateVersionArn + x-required-properties: + - MessageTemplateArn + x-tagging: + taggable: false + x-required-permissions: + create: + - wisdom:CreateMessageTemplateVersion + - wisdom:ListMessageTemplateVersions + delete: + - wisdom:DeleteMessageTemplate + update: + - wisdom:CreateMessageTemplateVersion + list: + - wisdom:ListMessageTemplateVersions + read: + - wisdom:GetMessageTemplate + CreateAIAgentRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AIAgentId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}$ + AIAgentArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + Configuration: + $ref: '#/components/schemas/AIAgentConfiguration' + Description: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\s_.,-]+ + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\s_.,-]+ + Tags: + $ref: '#/components/schemas/Tags' + Type: + $ref: '#/components/schemas/AIAgentType' + ModifiedTimeSeconds: + type: number + x-stackQL-stringOnly: true + x-title: CreateAIAgentRequest + type: object + required: [] + CreateAIAgentVersionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AIAgentArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AIAgentId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AIAgentVersionId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + VersionNumber: + type: number + ModifiedTimeSeconds: + type: number + x-stackQL-stringOnly: true + x-title: CreateAIAgentVersionRequest + type: object + required: [] + CreateAIGuardrailRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + AIGuardrailArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + AIGuardrailId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}$ + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\s_.,-]+ + BlockedInputMessaging: + type: string + maxLength: 500 + minLength: 1 + description: Messaging for when violations are detected in text + BlockedOutputsMessaging: + type: string + maxLength: 500 + minLength: 1 + description: Messaging for when violations are detected in text + Description: + type: string + maxLength: 200 + minLength: 1 + description: Description of the guardrail or its version + TopicPolicyConfig: + $ref: '#/components/schemas/AIGuardrailTopicPolicyConfig' + ContentPolicyConfig: + $ref: '#/components/schemas/AIGuardrailContentPolicyConfig' + WordPolicyConfig: + $ref: '#/components/schemas/AIGuardrailWordPolicyConfig' + SensitiveInformationPolicyConfig: + $ref: '#/components/schemas/AIGuardrailSensitiveInformationPolicyConfig' + ContextualGroundingPolicyConfig: + $ref: '#/components/schemas/AIGuardrailContextualGroundingPolicyConfig' + Tags: + $ref: '#/components/schemas/Tags' + x-stackQL-stringOnly: true + x-title: CreateAIGuardrailRequest + type: object + required: [] + CreateAIGuardrailVersionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AIGuardrailArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AIGuardrailId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AIGuardrailVersionId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + VersionNumber: + type: number + ModifiedTimeSeconds: + type: number + x-stackQL-stringOnly: true + x-title: CreateAIGuardrailVersionRequest + type: object + required: [] + CreateAIPromptRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AIPromptId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}$ + AIPromptArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + ApiFormat: + $ref: '#/components/schemas/AIPromptAPIFormat' + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$ + Description: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\s_.,-]+ + ModelId: + type: string + maxLength: 2048 + minLength: 1 + Name: + type: string + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\s_.,-]+ + Tags: + $ref: '#/components/schemas/Tags' + TemplateConfiguration: + $ref: '#/components/schemas/AIPromptTemplateConfiguration' + TemplateType: + $ref: '#/components/schemas/AIPromptTemplateType' + Type: + $ref: '#/components/schemas/AIPromptType' + ModifiedTimeSeconds: + type: number + x-stackQL-stringOnly: true + x-title: CreateAIPromptRequest + type: object + required: [] + CreateAIPromptVersionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AIPromptArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AIPromptId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AIPromptVersionId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$ + VersionNumber: + type: number + ModifiedTimeSeconds: + type: number + x-stackQL-stringOnly: true + x-title: CreateAIPromptVersionRequest + type: object + required: [] + CreateAssistantRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Type: + $ref: '#/components/schemas/AssistantType' + Description: + type: string + maxLength: 255 + minLength: 1 + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + ServerSideEncryptionConfiguration: + $ref: '#/components/schemas/ServerSideEncryptionConfiguration' + Tags: + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + type: array + Name: + type: string + maxLength: 255 + minLength: 1 + x-stackQL-stringOnly: true + x-title: CreateAssistantRequest + type: object + required: [] + CreateAssistantAssociationRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AssistantAssociationArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + AssistantAssociationId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + AssistantId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + Association: + $ref: '#/components/schemas/AssociationData' + AssociationType: + $ref: '#/components/schemas/AssociationType' + Tags: + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + type: array + x-stackQL-stringOnly: true + x-title: CreateAssistantAssociationRequest + type: object + required: [] + CreateKnowledgeBaseRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + Description: + type: string + maxLength: 255 + minLength: 1 + KnowledgeBaseArn: + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + KnowledgeBaseId: + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + KnowledgeBaseType: + $ref: '#/components/schemas/KnowledgeBaseType' + Name: + type: string + maxLength: 255 + minLength: 1 + RenderingConfiguration: + $ref: '#/components/schemas/RenderingConfiguration' + ServerSideEncryptionConfiguration: + $ref: '#/components/schemas/ServerSideEncryptionConfiguration' + SourceConfiguration: + $ref: '#/components/schemas/SourceConfiguration' + VectorIngestionConfiguration: + $ref: '#/components/schemas/VectorIngestionConfiguration' + Tags: + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + type: array + x-stackQL-stringOnly: true + x-title: CreateKnowledgeBaseRequest + type: object + required: [] + CreateMessageTemplateRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + KnowledgeBaseArn: + description: The Amazon Resource Name (ARN) of the knowledge base to which the message template belongs. + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + MessageTemplateId: + description: The unique identifier of the message template. + type: string + pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + MessageTemplateArn: + description: The Amazon Resource Name (ARN) of the message template. + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + Name: + description: The name of the message template. + type: string + pattern: ^[a-zA-Z0-9\\s_.,-]+ + minLength: 1 + maxLength: 255 + ChannelSubtype: + $ref: '#/components/schemas/ChannelSubtype' + Content: + $ref: '#/components/schemas/Content' + Description: + description: The description of the message template. + type: string + pattern: ^[a-zA-Z0-9\\s_.,-]+ + minLength: 1 + maxLength: 255 + Language: + description: The language code value for the language in which the message template is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW + type: string + minLength: 2 + maxLength: 5 + GroupingConfiguration: + $ref: '#/components/schemas/GroupingConfiguration' + DefaultAttributes: + $ref: '#/components/schemas/MessageTemplateAttributes' + MessageTemplateContentSha256: + description: The content SHA256 of the message template. + type: string + minLength: 1 + maxLength: 64 + Tags: + description: 'The tags used to organize, track, or control access for this resource. For example, { "tags": {"key1":"value1", "key2":"value2"} }.' + x-insertionOrder: false + uniqueItems: true + items: + $ref: '#/components/schemas/Tag' + type: array + x-stackQL-stringOnly: true + x-title: CreateMessageTemplateRequest + type: object + required: [] + CreateMessageTemplateVersionRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + MessageTemplateArn: + description: The unqualified Amazon Resource Name (ARN) of the message template. + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$ + MessageTemplateVersionArn: + description: The unqualified Amazon Resource Name (ARN) of the message template version. + type: string + pattern: ^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}):[0-9]+?$ + MessageTemplateContentSha256: + description: The content SHA256 of the message template. + type: string + minLength: 1 + maxLength: 64 + MessageTemplateVersionNumber: + description: Current version number of the message template. + type: number + x-stackQL-stringOnly: true + x-title: CreateMessageTemplateVersionRequest + type: object + required: [] + securitySchemes: + hmac: + type: apiKey + name: Authorization + in: header + description: Amazon Signature authorization v4 + x-amazon-apigateway-authtype: awsSigv4 + x-stackQL-resources: + ai_agents: + name: ai_agents + id: aws.wisdom.ai_agents + x-cfn-schema-name: AIAgent + x-cfn-type-name: AWS::Wisdom::AIAgent + x-identifiers: + - AIAgentId + - AssistantId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AIAgent&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIAgent" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIAgent" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIAgent" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/ai_agents/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/ai_agents/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/ai_agents/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AIAgentId') as a_iagent_id, + JSON_EXTRACT(Properties, '$.AIAgentArn') as a_iagent_arn, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(Properties, '$.Configuration') as configuration, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AIAgent' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AIAgentId') as a_iagent_id, + JSON_EXTRACT(detail.Properties, '$.AIAgentArn') as a_iagent_arn, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.Configuration') as configuration, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AIAgent' + AND detail.data__TypeName = 'AWS::Wisdom::AIAgent' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AIAgentId') as a_iagent_id, + json_extract_path_text(Properties, 'AIAgentArn') as a_iagent_arn, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(Properties, 'Configuration') as configuration, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AIAgent' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AIAgentId') as a_iagent_id, + json_extract_path_text(detail.Properties, 'AIAgentArn') as a_iagent_arn, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'Configuration') as configuration, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AIAgent' + AND detail.data__TypeName = 'AWS::Wisdom::AIAgent' + AND listing.region = 'us-east-1' + ai_agents_list_only: + name: ai_agents_list_only + id: aws.wisdom.ai_agents_list_only + x-cfn-schema-name: AIAgent + x-cfn-type-name: AWS::Wisdom::AIAgent + x-identifiers: + - AIAgentId + - AssistantId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AIAgentId') as a_iagent_id, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AIAgent' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AIAgentId') as a_iagent_id, + json_extract_path_text(Properties, 'AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AIAgent' + AND region = 'us-east-1' + ai_agent_tags: + name: ai_agent_tags + id: aws.wisdom.ai_agent_tags + x-cfn-schema-name: AIAgent + x-cfn-type-name: AWS::Wisdom::AIAgent + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AIAgentId') as a_iagent_id, + JSON_EXTRACT(detail.Properties, '$.AIAgentArn') as a_iagent_arn, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.Configuration') as configuration, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Wisdom::AIAgent' + AND detail.data__TypeName = 'AWS::Wisdom::AIAgent' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AIAgentId') as a_iagent_id, + json_extract_path_text(detail.Properties, 'AIAgentArn') as a_iagent_arn, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'Configuration') as configuration, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Wisdom::AIAgent' + AND detail.data__TypeName = 'AWS::Wisdom::AIAgent' + AND listing.region = 'us-east-1' + ai_agent_versions: + name: ai_agent_versions + id: aws.wisdom.ai_agent_versions + x-cfn-schema-name: AIAgentVersion + x-cfn-type-name: AWS::Wisdom::AIAgentVersion + x-identifiers: + - AssistantId + - AIAgentId + - VersionNumber + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AIAgentVersion&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIAgentVersion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIAgentVersion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIAgentVersion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/ai_agent_versions/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/ai_agent_versions/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/ai_agent_versions/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AIAgentArn') as a_iagent_arn, + JSON_EXTRACT(Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(Properties, '$.AIAgentId') as a_iagent_id, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.AIAgentVersionId') as a_iagent_version_id, + JSON_EXTRACT(Properties, '$.VersionNumber') as version_number, + JSON_EXTRACT(Properties, '$.ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AIAgentVersion' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AIAgentArn') as a_iagent_arn, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.AIAgentId') as a_iagent_id, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.AIAgentVersionId') as a_iagent_version_id, + JSON_EXTRACT(detail.Properties, '$.VersionNumber') as version_number, + JSON_EXTRACT(detail.Properties, '$.ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AIAgentVersion' + AND detail.data__TypeName = 'AWS::Wisdom::AIAgentVersion' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AIAgentArn') as a_iagent_arn, + json_extract_path_text(Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(Properties, 'AIAgentId') as a_iagent_id, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'AIAgentVersionId') as a_iagent_version_id, + json_extract_path_text(Properties, 'VersionNumber') as version_number, + json_extract_path_text(Properties, 'ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AIAgentVersion' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AIAgentArn') as a_iagent_arn, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'AIAgentId') as a_iagent_id, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'AIAgentVersionId') as a_iagent_version_id, + json_extract_path_text(detail.Properties, 'VersionNumber') as version_number, + json_extract_path_text(detail.Properties, 'ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AIAgentVersion' + AND detail.data__TypeName = 'AWS::Wisdom::AIAgentVersion' + AND listing.region = 'us-east-1' + ai_agent_versions_list_only: + name: ai_agent_versions_list_only + id: aws.wisdom.ai_agent_versions_list_only + x-cfn-schema-name: AIAgentVersion + x-cfn-type-name: AWS::Wisdom::AIAgentVersion + x-identifiers: + - AssistantId + - AIAgentId + - VersionNumber + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.AIAgentId') as a_iagent_id, + JSON_EXTRACT(Properties, '$.VersionNumber') as version_number + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AIAgentVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'AIAgentId') as a_iagent_id, + json_extract_path_text(Properties, 'VersionNumber') as version_number + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AIAgentVersion' + AND region = 'us-east-1' + ai_guardrails: + name: ai_guardrails + id: aws.wisdom.ai_guardrails + x-cfn-schema-name: AIGuardrail + x-cfn-type-name: AWS::Wisdom::AIGuardrail + x-identifiers: + - AIGuardrailId + - AssistantId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AIGuardrail&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIGuardrail" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIGuardrail" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIGuardrail" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/ai_guardrails/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/ai_guardrails/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/ai_guardrails/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(Properties, '$.AIGuardrailArn') as a_iguardrail_arn, + JSON_EXTRACT(Properties, '$.AIGuardrailId') as a_iguardrail_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.BlockedInputMessaging') as blocked_input_messaging, + JSON_EXTRACT(Properties, '$.BlockedOutputsMessaging') as blocked_outputs_messaging, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.TopicPolicyConfig') as topic_policy_config, + JSON_EXTRACT(Properties, '$.ContentPolicyConfig') as content_policy_config, + JSON_EXTRACT(Properties, '$.WordPolicyConfig') as word_policy_config, + JSON_EXTRACT(Properties, '$.SensitiveInformationPolicyConfig') as sensitive_information_policy_config, + JSON_EXTRACT(Properties, '$.ContextualGroundingPolicyConfig') as contextual_grounding_policy_config, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AIGuardrail' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.AIGuardrailArn') as a_iguardrail_arn, + JSON_EXTRACT(detail.Properties, '$.AIGuardrailId') as a_iguardrail_id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.BlockedInputMessaging') as blocked_input_messaging, + JSON_EXTRACT(detail.Properties, '$.BlockedOutputsMessaging') as blocked_outputs_messaging, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.TopicPolicyConfig') as topic_policy_config, + JSON_EXTRACT(detail.Properties, '$.ContentPolicyConfig') as content_policy_config, + JSON_EXTRACT(detail.Properties, '$.WordPolicyConfig') as word_policy_config, + JSON_EXTRACT(detail.Properties, '$.SensitiveInformationPolicyConfig') as sensitive_information_policy_config, + JSON_EXTRACT(detail.Properties, '$.ContextualGroundingPolicyConfig') as contextual_grounding_policy_config, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AIGuardrail' + AND detail.data__TypeName = 'AWS::Wisdom::AIGuardrail' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(Properties, 'AIGuardrailArn') as a_iguardrail_arn, + json_extract_path_text(Properties, 'AIGuardrailId') as a_iguardrail_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'BlockedInputMessaging') as blocked_input_messaging, + json_extract_path_text(Properties, 'BlockedOutputsMessaging') as blocked_outputs_messaging, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'TopicPolicyConfig') as topic_policy_config, + json_extract_path_text(Properties, 'ContentPolicyConfig') as content_policy_config, + json_extract_path_text(Properties, 'WordPolicyConfig') as word_policy_config, + json_extract_path_text(Properties, 'SensitiveInformationPolicyConfig') as sensitive_information_policy_config, + json_extract_path_text(Properties, 'ContextualGroundingPolicyConfig') as contextual_grounding_policy_config, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AIGuardrail' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'AIGuardrailArn') as a_iguardrail_arn, + json_extract_path_text(detail.Properties, 'AIGuardrailId') as a_iguardrail_id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'BlockedInputMessaging') as blocked_input_messaging, + json_extract_path_text(detail.Properties, 'BlockedOutputsMessaging') as blocked_outputs_messaging, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'TopicPolicyConfig') as topic_policy_config, + json_extract_path_text(detail.Properties, 'ContentPolicyConfig') as content_policy_config, + json_extract_path_text(detail.Properties, 'WordPolicyConfig') as word_policy_config, + json_extract_path_text(detail.Properties, 'SensitiveInformationPolicyConfig') as sensitive_information_policy_config, + json_extract_path_text(detail.Properties, 'ContextualGroundingPolicyConfig') as contextual_grounding_policy_config, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AIGuardrail' + AND detail.data__TypeName = 'AWS::Wisdom::AIGuardrail' + AND listing.region = 'us-east-1' + ai_guardrails_list_only: + name: ai_guardrails_list_only + id: aws.wisdom.ai_guardrails_list_only + x-cfn-schema-name: AIGuardrail + x-cfn-type-name: AWS::Wisdom::AIGuardrail + x-identifiers: + - AIGuardrailId + - AssistantId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AIGuardrailId') as a_iguardrail_id, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AIGuardrail' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AIGuardrailId') as a_iguardrail_id, + json_extract_path_text(Properties, 'AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AIGuardrail' + AND region = 'us-east-1' + ai_guardrail_tags: + name: ai_guardrail_tags + id: aws.wisdom.ai_guardrail_tags + x-cfn-schema-name: AIGuardrail + x-cfn-type-name: AWS::Wisdom::AIGuardrail + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.AIGuardrailArn') as a_iguardrail_arn, + JSON_EXTRACT(detail.Properties, '$.AIGuardrailId') as a_iguardrail_id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.BlockedInputMessaging') as blocked_input_messaging, + JSON_EXTRACT(detail.Properties, '$.BlockedOutputsMessaging') as blocked_outputs_messaging, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.TopicPolicyConfig') as topic_policy_config, + JSON_EXTRACT(detail.Properties, '$.ContentPolicyConfig') as content_policy_config, + JSON_EXTRACT(detail.Properties, '$.WordPolicyConfig') as word_policy_config, + JSON_EXTRACT(detail.Properties, '$.SensitiveInformationPolicyConfig') as sensitive_information_policy_config, + JSON_EXTRACT(detail.Properties, '$.ContextualGroundingPolicyConfig') as contextual_grounding_policy_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Wisdom::AIGuardrail' + AND detail.data__TypeName = 'AWS::Wisdom::AIGuardrail' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'AIGuardrailArn') as a_iguardrail_arn, + json_extract_path_text(detail.Properties, 'AIGuardrailId') as a_iguardrail_id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'BlockedInputMessaging') as blocked_input_messaging, + json_extract_path_text(detail.Properties, 'BlockedOutputsMessaging') as blocked_outputs_messaging, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'TopicPolicyConfig') as topic_policy_config, + json_extract_path_text(detail.Properties, 'ContentPolicyConfig') as content_policy_config, + json_extract_path_text(detail.Properties, 'WordPolicyConfig') as word_policy_config, + json_extract_path_text(detail.Properties, 'SensitiveInformationPolicyConfig') as sensitive_information_policy_config, + json_extract_path_text(detail.Properties, 'ContextualGroundingPolicyConfig') as contextual_grounding_policy_config + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Wisdom::AIGuardrail' + AND detail.data__TypeName = 'AWS::Wisdom::AIGuardrail' + AND listing.region = 'us-east-1' + ai_guardrail_versions: + name: ai_guardrail_versions + id: aws.wisdom.ai_guardrail_versions + x-cfn-schema-name: AIGuardrailVersion + x-cfn-type-name: AWS::Wisdom::AIGuardrailVersion + x-identifiers: + - AssistantId + - AIGuardrailId + - VersionNumber + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AIGuardrailVersion&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIGuardrailVersion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIGuardrailVersion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIGuardrailVersion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/ai_guardrail_versions/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/ai_guardrail_versions/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/ai_guardrail_versions/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AIGuardrailArn') as a_iguardrail_arn, + JSON_EXTRACT(Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(Properties, '$.AIGuardrailId') as a_iguardrail_id, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.AIGuardrailVersionId') as a_iguardrail_version_id, + JSON_EXTRACT(Properties, '$.VersionNumber') as version_number, + JSON_EXTRACT(Properties, '$.ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AIGuardrailVersion' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AIGuardrailArn') as a_iguardrail_arn, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.AIGuardrailId') as a_iguardrail_id, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.AIGuardrailVersionId') as a_iguardrail_version_id, + JSON_EXTRACT(detail.Properties, '$.VersionNumber') as version_number, + JSON_EXTRACT(detail.Properties, '$.ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AIGuardrailVersion' + AND detail.data__TypeName = 'AWS::Wisdom::AIGuardrailVersion' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AIGuardrailArn') as a_iguardrail_arn, + json_extract_path_text(Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(Properties, 'AIGuardrailId') as a_iguardrail_id, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'AIGuardrailVersionId') as a_iguardrail_version_id, + json_extract_path_text(Properties, 'VersionNumber') as version_number, + json_extract_path_text(Properties, 'ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AIGuardrailVersion' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AIGuardrailArn') as a_iguardrail_arn, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'AIGuardrailId') as a_iguardrail_id, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'AIGuardrailVersionId') as a_iguardrail_version_id, + json_extract_path_text(detail.Properties, 'VersionNumber') as version_number, + json_extract_path_text(detail.Properties, 'ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AIGuardrailVersion' + AND detail.data__TypeName = 'AWS::Wisdom::AIGuardrailVersion' + AND listing.region = 'us-east-1' + ai_guardrail_versions_list_only: + name: ai_guardrail_versions_list_only + id: aws.wisdom.ai_guardrail_versions_list_only + x-cfn-schema-name: AIGuardrailVersion + x-cfn-type-name: AWS::Wisdom::AIGuardrailVersion + x-identifiers: + - AssistantId + - AIGuardrailId + - VersionNumber + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.AIGuardrailId') as a_iguardrail_id, + JSON_EXTRACT(Properties, '$.VersionNumber') as version_number + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AIGuardrailVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'AIGuardrailId') as a_iguardrail_id, + json_extract_path_text(Properties, 'VersionNumber') as version_number + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AIGuardrailVersion' + AND region = 'us-east-1' + ai_prompts: + name: ai_prompts + id: aws.wisdom.ai_prompts + x-cfn-schema-name: AIPrompt + x-cfn-type-name: AWS::Wisdom::AIPrompt + x-identifiers: + - AIPromptId + - AssistantId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AIPrompt&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIPrompt" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIPrompt" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIPrompt" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/ai_prompts/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/ai_prompts/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/ai_prompts/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AIPromptId') as a_iprompt_id, + JSON_EXTRACT(Properties, '$.AIPromptArn') as a_iprompt_arn, + JSON_EXTRACT(Properties, '$.ApiFormat') as api_format, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.ModelId') as model_id, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.TemplateConfiguration') as template_configuration, + JSON_EXTRACT(Properties, '$.TemplateType') as template_type, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AIPrompt' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AIPromptId') as a_iprompt_id, + JSON_EXTRACT(detail.Properties, '$.AIPromptArn') as a_iprompt_arn, + JSON_EXTRACT(detail.Properties, '$.ApiFormat') as api_format, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.ModelId') as model_id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.TemplateConfiguration') as template_configuration, + JSON_EXTRACT(detail.Properties, '$.TemplateType') as template_type, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AIPrompt' + AND detail.data__TypeName = 'AWS::Wisdom::AIPrompt' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AIPromptId') as a_iprompt_id, + json_extract_path_text(Properties, 'AIPromptArn') as a_iprompt_arn, + json_extract_path_text(Properties, 'ApiFormat') as api_format, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'ModelId') as model_id, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'TemplateConfiguration') as template_configuration, + json_extract_path_text(Properties, 'TemplateType') as template_type, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AIPrompt' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AIPromptId') as a_iprompt_id, + json_extract_path_text(detail.Properties, 'AIPromptArn') as a_iprompt_arn, + json_extract_path_text(detail.Properties, 'ApiFormat') as api_format, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'ModelId') as model_id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'TemplateConfiguration') as template_configuration, + json_extract_path_text(detail.Properties, 'TemplateType') as template_type, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AIPrompt' + AND detail.data__TypeName = 'AWS::Wisdom::AIPrompt' + AND listing.region = 'us-east-1' + ai_prompts_list_only: + name: ai_prompts_list_only + id: aws.wisdom.ai_prompts_list_only + x-cfn-schema-name: AIPrompt + x-cfn-type-name: AWS::Wisdom::AIPrompt + x-identifiers: + - AIPromptId + - AssistantId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AIPromptId') as a_iprompt_id, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AIPrompt' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AIPromptId') as a_iprompt_id, + json_extract_path_text(Properties, 'AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AIPrompt' + AND region = 'us-east-1' + ai_prompt_tags: + name: ai_prompt_tags + id: aws.wisdom.ai_prompt_tags + x-cfn-schema-name: AIPrompt + x-cfn-type-name: AWS::Wisdom::AIPrompt + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AIPromptId') as a_iprompt_id, + JSON_EXTRACT(detail.Properties, '$.AIPromptArn') as a_iprompt_arn, + JSON_EXTRACT(detail.Properties, '$.ApiFormat') as api_format, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.ModelId') as model_id, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.TemplateConfiguration') as template_configuration, + JSON_EXTRACT(detail.Properties, '$.TemplateType') as template_type, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Wisdom::AIPrompt' + AND detail.data__TypeName = 'AWS::Wisdom::AIPrompt' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AIPromptId') as a_iprompt_id, + json_extract_path_text(detail.Properties, 'AIPromptArn') as a_iprompt_arn, + json_extract_path_text(detail.Properties, 'ApiFormat') as api_format, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'ModelId') as model_id, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'TemplateConfiguration') as template_configuration, + json_extract_path_text(detail.Properties, 'TemplateType') as template_type, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Wisdom::AIPrompt' + AND detail.data__TypeName = 'AWS::Wisdom::AIPrompt' + AND listing.region = 'us-east-1' + ai_prompt_versions: + name: ai_prompt_versions + id: aws.wisdom.ai_prompt_versions + x-cfn-schema-name: AIPromptVersion + x-cfn-type-name: AWS::Wisdom::AIPromptVersion + x-identifiers: + - AssistantId + - AIPromptId + - VersionNumber + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AIPromptVersion&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIPromptVersion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIPromptVersion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AIPromptVersion" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/ai_prompt_versions/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/ai_prompt_versions/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/ai_prompt_versions/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AIPromptArn') as a_iprompt_arn, + JSON_EXTRACT(Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(Properties, '$.AIPromptId') as a_iprompt_id, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.AIPromptVersionId') as a_iprompt_version_id, + JSON_EXTRACT(Properties, '$.VersionNumber') as version_number, + JSON_EXTRACT(Properties, '$.ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AIPromptVersion' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AIPromptArn') as a_iprompt_arn, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.AIPromptId') as a_iprompt_id, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.AIPromptVersionId') as a_iprompt_version_id, + JSON_EXTRACT(detail.Properties, '$.VersionNumber') as version_number, + JSON_EXTRACT(detail.Properties, '$.ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AIPromptVersion' + AND detail.data__TypeName = 'AWS::Wisdom::AIPromptVersion' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AIPromptArn') as a_iprompt_arn, + json_extract_path_text(Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(Properties, 'AIPromptId') as a_iprompt_id, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'AIPromptVersionId') as a_iprompt_version_id, + json_extract_path_text(Properties, 'VersionNumber') as version_number, + json_extract_path_text(Properties, 'ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AIPromptVersion' + AND data__Identifier = '||' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AIPromptArn') as a_iprompt_arn, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'AIPromptId') as a_iprompt_id, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'AIPromptVersionId') as a_iprompt_version_id, + json_extract_path_text(detail.Properties, 'VersionNumber') as version_number, + json_extract_path_text(detail.Properties, 'ModifiedTimeSeconds') as modified_time_seconds + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AIPromptVersion' + AND detail.data__TypeName = 'AWS::Wisdom::AIPromptVersion' + AND listing.region = 'us-east-1' + ai_prompt_versions_list_only: + name: ai_prompt_versions_list_only + id: aws.wisdom.ai_prompt_versions_list_only + x-cfn-schema-name: AIPromptVersion + x-cfn-type-name: AWS::Wisdom::AIPromptVersion + x-identifiers: + - AssistantId + - AIPromptId + - VersionNumber + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.AIPromptId') as a_iprompt_id, + JSON_EXTRACT(Properties, '$.VersionNumber') as version_number + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AIPromptVersion' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'AIPromptId') as a_iprompt_id, + json_extract_path_text(Properties, 'VersionNumber') as version_number + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AIPromptVersion' + AND region = 'us-east-1' assistants: name: assistants id: aws.wisdom.assistants x-cfn-schema-name: Assistant x-cfn-type-name: AWS::Wisdom::Assistant x-identifiers: - - AssistantId + - AssistantId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Assistant&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::Assistant" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::Assistant" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::Assistant" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/assistants/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/assistants/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/assistants/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.Type') as type, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::Assistant' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::Assistant' + AND detail.data__TypeName = 'AWS::Wisdom::Assistant' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'Type') as type, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'Name') as name + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::Assistant' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::Assistant' + AND detail.data__TypeName = 'AWS::Wisdom::Assistant' + AND listing.region = 'us-east-1' + assistants_list_only: + name: assistants_list_only + id: aws.wisdom.assistants_list_only + x-cfn-schema-name: Assistant + x-cfn-type-name: AWS::Wisdom::Assistant + x-identifiers: + - AssistantId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::Assistant' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::Assistant' + AND region = 'us-east-1' + assistant_tags: + name: assistant_tags + id: aws.wisdom.assistant_tags + x-cfn-schema-name: Assistant + x-cfn-type-name: AWS::Wisdom::Assistant + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.Type') as type, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + JSON_EXTRACT(detail.Properties, '$.Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Wisdom::Assistant' + AND detail.data__TypeName = 'AWS::Wisdom::Assistant' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'Type') as type, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, + json_extract_path_text(detail.Properties, 'Name') as name + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Wisdom::Assistant' + AND detail.data__TypeName = 'AWS::Wisdom::Assistant' + AND listing.region = 'us-east-1' + assistant_associations: + name: assistant_associations + id: aws.wisdom.assistant_associations + x-cfn-schema-name: AssistantAssociation + x-cfn-type-name: AWS::Wisdom::AssistantAssociation + x-identifiers: + - AssistantAssociationId + - AssistantId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AssistantAssociation&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AssistantAssociation" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AssistantAssociation" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::Wisdom::AssistantAssociation" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/assistant_associations/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/assistant_associations/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/assistant_associations/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AssistantAssociationArn') as assistant_association_arn, + JSON_EXTRACT(Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(Properties, '$.AssistantAssociationId') as assistant_association_id, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.Association') as association, + JSON_EXTRACT(Properties, '$.AssociationType') as association_type, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AssistantAssociationArn') as assistant_association_arn, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.AssistantAssociationId') as assistant_association_id, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.Association') as association, + JSON_EXTRACT(detail.Properties, '$.AssociationType') as association_type, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND detail.data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AssistantAssociationArn') as assistant_association_arn, + json_extract_path_text(Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(Properties, 'AssistantAssociationId') as assistant_association_id, + json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'Association') as association, + json_extract_path_text(Properties, 'AssociationType') as association_type, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND data__Identifier = '|' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AssistantAssociationArn') as assistant_association_arn, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'AssistantAssociationId') as assistant_association_id, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'Association') as association, + json_extract_path_text(detail.Properties, 'AssociationType') as association_type, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND detail.data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND listing.region = 'us-east-1' + assistant_associations_list_only: + name: assistant_associations_list_only + id: aws.wisdom.assistant_associations_list_only + x-cfn-schema-name: AssistantAssociation + x-cfn-type-name: AWS::Wisdom::AssistantAssociation + x-identifiers: + - AssistantAssociationId + - AssistantId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.AssistantAssociationId') as assistant_association_id, + JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'AssistantAssociationId') as assistant_association_id, + json_extract_path_text(Properties, 'AssistantId') as assistant_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND region = 'us-east-1' + assistant_association_tags: + name: assistant_association_tags + id: aws.wisdom.assistant_association_tags + x-cfn-schema-name: AssistantAssociation + x-cfn-type-name: AWS::Wisdom::AssistantAssociation + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AssistantAssociationArn') as assistant_association_arn, + JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, + JSON_EXTRACT(detail.Properties, '$.AssistantAssociationId') as assistant_association_id, + JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.Association') as association, + JSON_EXTRACT(detail.Properties, '$.AssociationType') as association_type + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND detail.data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AssistantAssociationArn') as assistant_association_arn, + json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, + json_extract_path_text(detail.Properties, 'AssistantAssociationId') as assistant_association_id, + json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'Association') as association, + json_extract_path_text(detail.Properties, 'AssociationType') as association_type + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND detail.data__TypeName = 'AWS::Wisdom::AssistantAssociation' + AND listing.region = 'us-east-1' + knowledge_bases: + name: knowledge_bases + id: aws.wisdom.knowledge_bases + x-cfn-schema-name: KnowledgeBase + x-cfn-type-name: AWS::Wisdom::KnowledgeBase + x-identifiers: + - KnowledgeBaseId x-type: cloud_control methods: create_resource: @@ -823,12 +4665,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__Assistant&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__KnowledgeBase&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Wisdom::Assistant" + "TypeName": "AWS::Wisdom::KnowledgeBase" } response: mediaType: application/json @@ -840,7 +4682,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Wisdom::Assistant" + "TypeName": "AWS::Wisdom::KnowledgeBase" } response: mediaType: application/json @@ -852,18 +4694,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Wisdom::Assistant" + "TypeName": "AWS::Wisdom::KnowledgeBase" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/assistants/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/knowledge_bases/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/assistants/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/knowledge_bases/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/assistants/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/knowledge_bases/methods/update_resource' config: views: select: @@ -872,34 +4714,40 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Type') as type, JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.AssistantArn') as assistant_arn, - JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, + JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id, + JSON_EXTRACT(Properties, '$.KnowledgeBaseType') as knowledge_base_type, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.RenderingConfiguration') as rendering_configuration, JSON_EXTRACT(Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - JSON_EXTRACT(Properties, '$.Tags') as tags, - JSON_EXTRACT(Properties, '$.Name') as name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::Assistant' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.SourceConfiguration') as source_configuration, + JSON_EXTRACT(Properties, '$.VectorIngestionConfiguration') as vector_ingestion_configuration, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::KnowledgeBase' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Type') as type, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, - JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseId') as knowledge_base_id, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseType') as knowledge_base_type, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.RenderingConfiguration') as rendering_configuration, JSON_EXTRACT(detail.Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags, - JSON_EXTRACT(detail.Properties, '$.Name') as name + JSON_EXTRACT(detail.Properties, '$.SourceConfiguration') as source_configuration, + JSON_EXTRACT(detail.Properties, '$.VectorIngestionConfiguration') as vector_ingestion_configuration, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Wisdom::Assistant' - AND detail.data__TypeName = 'AWS::Wisdom::Assistant' + WHERE listing.data__TypeName = 'AWS::Wisdom::KnowledgeBase' + AND detail.data__TypeName = 'AWS::Wisdom::KnowledgeBase' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -907,42 +4755,48 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Type') as type, json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'AssistantArn') as assistant_arn, - json_extract_path_text(Properties, 'AssistantId') as assistant_id, + json_extract_path_text(Properties, 'KnowledgeBaseArn') as knowledge_base_arn, + json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id, + json_extract_path_text(Properties, 'KnowledgeBaseType') as knowledge_base_type, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'RenderingConfiguration') as rendering_configuration, json_extract_path_text(Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - json_extract_path_text(Properties, 'Tags') as tags, - json_extract_path_text(Properties, 'Name') as name - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::Assistant' - AND data__Identifier = '' + json_extract_path_text(Properties, 'SourceConfiguration') as source_configuration, + json_extract_path_text(Properties, 'VectorIngestionConfiguration') as vector_ingestion_configuration, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::KnowledgeBase' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Type') as type, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, - json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'KnowledgeBaseArn') as knowledge_base_arn, + json_extract_path_text(detail.Properties, 'KnowledgeBaseId') as knowledge_base_id, + json_extract_path_text(detail.Properties, 'KnowledgeBaseType') as knowledge_base_type, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'RenderingConfiguration') as rendering_configuration, json_extract_path_text(detail.Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - json_extract_path_text(detail.Properties, 'Tags') as tags, - json_extract_path_text(detail.Properties, 'Name') as name + json_extract_path_text(detail.Properties, 'SourceConfiguration') as source_configuration, + json_extract_path_text(detail.Properties, 'VectorIngestionConfiguration') as vector_ingestion_configuration, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Wisdom::Assistant' - AND detail.data__TypeName = 'AWS::Wisdom::Assistant' + WHERE listing.data__TypeName = 'AWS::Wisdom::KnowledgeBase' + AND detail.data__TypeName = 'AWS::Wisdom::KnowledgeBase' AND listing.region = 'us-east-1' - assistants_list_only: - name: assistants_list_only - id: aws.wisdom.assistants_list_only - x-cfn-schema-name: Assistant - x-cfn-type-name: AWS::Wisdom::Assistant + knowledge_bases_list_only: + name: knowledge_bases_list_only + id: aws.wisdom.knowledge_bases_list_only + x-cfn-schema-name: KnowledgeBase + x-cfn-type-name: AWS::Wisdom::KnowledgeBase x-identifiers: - - AssistantId + - KnowledgeBaseId x-type: cloud_control_view methods: {} sqlVerbs: @@ -956,22 +4810,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::Assistant' + JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::KnowledgeBase' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'AssistantId') as assistant_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::Assistant' + json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::KnowledgeBase' AND region = 'us-east-1' - assistant_tags: - name: assistant_tags - id: aws.wisdom.assistant_tags - x-cfn-schema-name: Assistant - x-cfn-type-name: AWS::Wisdom::Assistant + knowledge_base_tags: + name: knowledge_base_tags + id: aws.wisdom.knowledge_base_tags + x-cfn-schema-name: KnowledgeBase + x-cfn-type-name: AWS::Wisdom::KnowledgeBase x-type: cloud_control_view methods: {} sqlVerbs: @@ -987,19 +4841,22 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Type') as type, JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, - JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseId') as knowledge_base_id, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseType') as knowledge_base_type, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.RenderingConfiguration') as rendering_configuration, JSON_EXTRACT(detail.Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - JSON_EXTRACT(detail.Properties, '$.Name') as name + JSON_EXTRACT(detail.Properties, '$.SourceConfiguration') as source_configuration, + JSON_EXTRACT(detail.Properties, '$.VectorIngestionConfiguration') as vector_ingestion_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::Wisdom::Assistant' - AND detail.data__TypeName = 'AWS::Wisdom::Assistant' + WHERE listing.data__TypeName = 'AWS::Wisdom::KnowledgeBase' + AND detail.data__TypeName = 'AWS::Wisdom::KnowledgeBase' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -1008,28 +4865,30 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Type') as type, json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, - json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, + json_extract_path_text(detail.Properties, 'KnowledgeBaseArn') as knowledge_base_arn, + json_extract_path_text(detail.Properties, 'KnowledgeBaseId') as knowledge_base_id, + json_extract_path_text(detail.Properties, 'KnowledgeBaseType') as knowledge_base_type, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'RenderingConfiguration') as rendering_configuration, json_extract_path_text(detail.Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - json_extract_path_text(detail.Properties, 'Name') as name + json_extract_path_text(detail.Properties, 'SourceConfiguration') as source_configuration, + json_extract_path_text(detail.Properties, 'VectorIngestionConfiguration') as vector_ingestion_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::Wisdom::Assistant' - AND detail.data__TypeName = 'AWS::Wisdom::Assistant' + WHERE listing.data__TypeName = 'AWS::Wisdom::KnowledgeBase' + AND detail.data__TypeName = 'AWS::Wisdom::KnowledgeBase' AND listing.region = 'us-east-1' - assistant_associations: - name: assistant_associations - id: aws.wisdom.assistant_associations - x-cfn-schema-name: AssistantAssociation - x-cfn-type-name: AWS::Wisdom::AssistantAssociation + message_templates: + name: message_templates + id: aws.wisdom.message_templates + x-cfn-schema-name: MessageTemplate + x-cfn-type-name: AWS::Wisdom::MessageTemplate x-identifiers: - - AssistantAssociationId - - AssistantId + - MessageTemplateArn x-type: cloud_control methods: create_resource: @@ -1037,12 +4896,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__AssistantAssociation&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__MessageTemplate&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Wisdom::AssistantAssociation" + "TypeName": "AWS::Wisdom::MessageTemplate" } response: mediaType: application/json @@ -1054,7 +4913,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Wisdom::AssistantAssociation" + "TypeName": "AWS::Wisdom::MessageTemplate" } response: mediaType: application/json @@ -1066,18 +4925,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Wisdom::AssistantAssociation" + "TypeName": "AWS::Wisdom::MessageTemplate" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/assistant_associations/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/message_templates/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/assistant_associations/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/message_templates/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/assistant_associations/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/message_templates/methods/update_resource' config: views: select: @@ -1086,34 +4945,44 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.AssistantAssociationArn') as assistant_association_arn, - JSON_EXTRACT(Properties, '$.AssistantArn') as assistant_arn, - JSON_EXTRACT(Properties, '$.AssistantAssociationId') as assistant_association_id, - JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id, - JSON_EXTRACT(Properties, '$.Association') as association, - JSON_EXTRACT(Properties, '$.AssociationType') as association_type, + JSON_EXTRACT(Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, + JSON_EXTRACT(Properties, '$.MessageTemplateId') as message_template_id, + JSON_EXTRACT(Properties, '$.MessageTemplateArn') as message_template_arn, + JSON_EXTRACT(Properties, '$.Name') as name, + JSON_EXTRACT(Properties, '$.ChannelSubtype') as channel_subtype, + JSON_EXTRACT(Properties, '$.Content') as content, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.Language') as language, + JSON_EXTRACT(Properties, '$.GroupingConfiguration') as grouping_configuration, + JSON_EXTRACT(Properties, '$.DefaultAttributes') as default_attributes, + JSON_EXTRACT(Properties, '$.MessageTemplateContentSha256') as message_template_content_sha256, JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AssistantAssociation' - AND data__Identifier = '|' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::MessageTemplate' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.AssistantAssociationArn') as assistant_association_arn, - JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, - JSON_EXTRACT(detail.Properties, '$.AssistantAssociationId') as assistant_association_id, - JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, - JSON_EXTRACT(detail.Properties, '$.Association') as association, - JSON_EXTRACT(detail.Properties, '$.AssociationType') as association_type, + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, + JSON_EXTRACT(detail.Properties, '$.MessageTemplateId') as message_template_id, + JSON_EXTRACT(detail.Properties, '$.MessageTemplateArn') as message_template_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ChannelSubtype') as channel_subtype, + JSON_EXTRACT(detail.Properties, '$.Content') as content, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Language') as language, + JSON_EXTRACT(detail.Properties, '$.GroupingConfiguration') as grouping_configuration, + JSON_EXTRACT(detail.Properties, '$.DefaultAttributes') as default_attributes, + JSON_EXTRACT(detail.Properties, '$.MessageTemplateContentSha256') as message_template_content_sha256, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Wisdom::AssistantAssociation' - AND detail.data__TypeName = 'AWS::Wisdom::AssistantAssociation' + WHERE listing.data__TypeName = 'AWS::Wisdom::MessageTemplate' + AND detail.data__TypeName = 'AWS::Wisdom::MessageTemplate' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -1121,43 +4990,52 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'AssistantAssociationArn') as assistant_association_arn, - json_extract_path_text(Properties, 'AssistantArn') as assistant_arn, - json_extract_path_text(Properties, 'AssistantAssociationId') as assistant_association_id, - json_extract_path_text(Properties, 'AssistantId') as assistant_id, - json_extract_path_text(Properties, 'Association') as association, - json_extract_path_text(Properties, 'AssociationType') as association_type, + json_extract_path_text(Properties, 'KnowledgeBaseArn') as knowledge_base_arn, + json_extract_path_text(Properties, 'MessageTemplateId') as message_template_id, + json_extract_path_text(Properties, 'MessageTemplateArn') as message_template_arn, + json_extract_path_text(Properties, 'Name') as name, + json_extract_path_text(Properties, 'ChannelSubtype') as channel_subtype, + json_extract_path_text(Properties, 'Content') as content, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'Language') as language, + json_extract_path_text(Properties, 'GroupingConfiguration') as grouping_configuration, + json_extract_path_text(Properties, 'DefaultAttributes') as default_attributes, + json_extract_path_text(Properties, 'MessageTemplateContentSha256') as message_template_content_sha256, json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::AssistantAssociation' - AND data__Identifier = '|' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::MessageTemplate' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'AssistantAssociationArn') as assistant_association_arn, - json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, - json_extract_path_text(detail.Properties, 'AssistantAssociationId') as assistant_association_id, - json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, - json_extract_path_text(detail.Properties, 'Association') as association, - json_extract_path_text(detail.Properties, 'AssociationType') as association_type, + json_extract_path_text(detail.Properties, 'KnowledgeBaseArn') as knowledge_base_arn, + json_extract_path_text(detail.Properties, 'MessageTemplateId') as message_template_id, + json_extract_path_text(detail.Properties, 'MessageTemplateArn') as message_template_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ChannelSubtype') as channel_subtype, + json_extract_path_text(detail.Properties, 'Content') as content, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Language') as language, + json_extract_path_text(detail.Properties, 'GroupingConfiguration') as grouping_configuration, + json_extract_path_text(detail.Properties, 'DefaultAttributes') as default_attributes, + json_extract_path_text(detail.Properties, 'MessageTemplateContentSha256') as message_template_content_sha256, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Wisdom::AssistantAssociation' - AND detail.data__TypeName = 'AWS::Wisdom::AssistantAssociation' + WHERE listing.data__TypeName = 'AWS::Wisdom::MessageTemplate' + AND detail.data__TypeName = 'AWS::Wisdom::MessageTemplate' AND listing.region = 'us-east-1' - assistant_associations_list_only: - name: assistant_associations_list_only - id: aws.wisdom.assistant_associations_list_only - x-cfn-schema-name: AssistantAssociation - x-cfn-type-name: AWS::Wisdom::AssistantAssociation + message_templates_list_only: + name: message_templates_list_only + id: aws.wisdom.message_templates_list_only + x-cfn-schema-name: MessageTemplate + x-cfn-type-name: AWS::Wisdom::MessageTemplate x-identifiers: - - AssistantAssociationId - - AssistantId + - MessageTemplateArn x-type: cloud_control_view methods: {} sqlVerbs: @@ -1171,24 +5049,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.AssistantAssociationId') as assistant_association_id, - JSON_EXTRACT(Properties, '$.AssistantId') as assistant_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AssistantAssociation' + JSON_EXTRACT(Properties, '$.MessageTemplateArn') as message_template_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::MessageTemplate' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'AssistantAssociationId') as assistant_association_id, - json_extract_path_text(Properties, 'AssistantId') as assistant_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::AssistantAssociation' + json_extract_path_text(Properties, 'MessageTemplateArn') as message_template_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::MessageTemplate' AND region = 'us-east-1' - assistant_association_tags: - name: assistant_association_tags - id: aws.wisdom.assistant_association_tags - x-cfn-schema-name: AssistantAssociation - x-cfn-type-name: AWS::Wisdom::AssistantAssociation + message_template_tags: + name: message_template_tags + id: aws.wisdom.message_template_tags + x-cfn-schema-name: MessageTemplate + x-cfn-type-name: AWS::Wisdom::MessageTemplate x-type: cloud_control_view methods: {} sqlVerbs: @@ -1204,19 +5080,24 @@ components: detail.region, JSON_EXTRACT(json_each.value, '$.Key') as tag_key, JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.AssistantAssociationArn') as assistant_association_arn, - JSON_EXTRACT(detail.Properties, '$.AssistantArn') as assistant_arn, - JSON_EXTRACT(detail.Properties, '$.AssistantAssociationId') as assistant_association_id, - JSON_EXTRACT(detail.Properties, '$.AssistantId') as assistant_id, - JSON_EXTRACT(detail.Properties, '$.Association') as association, - JSON_EXTRACT(detail.Properties, '$.AssociationType') as association_type + JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, + JSON_EXTRACT(detail.Properties, '$.MessageTemplateId') as message_template_id, + JSON_EXTRACT(detail.Properties, '$.MessageTemplateArn') as message_template_arn, + JSON_EXTRACT(detail.Properties, '$.Name') as name, + JSON_EXTRACT(detail.Properties, '$.ChannelSubtype') as channel_subtype, + JSON_EXTRACT(detail.Properties, '$.Content') as content, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.Language') as language, + JSON_EXTRACT(detail.Properties, '$.GroupingConfiguration') as grouping_configuration, + JSON_EXTRACT(detail.Properties, '$.DefaultAttributes') as default_attributes, + JSON_EXTRACT(detail.Properties, '$.MessageTemplateContentSha256') as message_template_content_sha256 FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::Wisdom::AssistantAssociation' - AND detail.data__TypeName = 'AWS::Wisdom::AssistantAssociation' + WHERE listing.data__TypeName = 'AWS::Wisdom::MessageTemplate' + AND detail.data__TypeName = 'AWS::Wisdom::MessageTemplate' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -1225,27 +5106,32 @@ components: detail.region, json_extract_path_text(json_each.value, 'Key') as tag_key, json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'AssistantAssociationArn') as assistant_association_arn, - json_extract_path_text(detail.Properties, 'AssistantArn') as assistant_arn, - json_extract_path_text(detail.Properties, 'AssistantAssociationId') as assistant_association_id, - json_extract_path_text(detail.Properties, 'AssistantId') as assistant_id, - json_extract_path_text(detail.Properties, 'Association') as association, - json_extract_path_text(detail.Properties, 'AssociationType') as association_type + json_extract_path_text(detail.Properties, 'KnowledgeBaseArn') as knowledge_base_arn, + json_extract_path_text(detail.Properties, 'MessageTemplateId') as message_template_id, + json_extract_path_text(detail.Properties, 'MessageTemplateArn') as message_template_arn, + json_extract_path_text(detail.Properties, 'Name') as name, + json_extract_path_text(detail.Properties, 'ChannelSubtype') as channel_subtype, + json_extract_path_text(detail.Properties, 'Content') as content, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'Language') as language, + json_extract_path_text(detail.Properties, 'GroupingConfiguration') as grouping_configuration, + json_extract_path_text(detail.Properties, 'DefaultAttributes') as default_attributes, + json_extract_path_text(detail.Properties, 'MessageTemplateContentSha256') as message_template_content_sha256 FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::Wisdom::AssistantAssociation' - AND detail.data__TypeName = 'AWS::Wisdom::AssistantAssociation' + WHERE listing.data__TypeName = 'AWS::Wisdom::MessageTemplate' + AND detail.data__TypeName = 'AWS::Wisdom::MessageTemplate' AND listing.region = 'us-east-1' - knowledge_bases: - name: knowledge_bases - id: aws.wisdom.knowledge_bases - x-cfn-schema-name: KnowledgeBase - x-cfn-type-name: AWS::Wisdom::KnowledgeBase + message_template_versions: + name: message_template_versions + id: aws.wisdom.message_template_versions + x-cfn-schema-name: MessageTemplateVersion + x-cfn-type-name: AWS::Wisdom::MessageTemplateVersion x-identifiers: - - KnowledgeBaseId + - MessageTemplateVersionArn x-type: cloud_control methods: create_resource: @@ -1253,12 +5139,12 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__KnowledgeBase&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__MessageTemplateVersion&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Wisdom::KnowledgeBase" + "TypeName": "AWS::Wisdom::MessageTemplateVersion" } response: mediaType: application/json @@ -1270,7 +5156,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Wisdom::KnowledgeBase" + "TypeName": "AWS::Wisdom::MessageTemplateVersion" } response: mediaType: application/json @@ -1282,18 +5168,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::Wisdom::KnowledgeBase" + "TypeName": "AWS::Wisdom::MessageTemplateVersion" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/knowledge_bases/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/message_template_versions/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/knowledge_bases/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/message_template_versions/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/knowledge_bases/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/message_template_versions/methods/update_resource' config: views: select: @@ -1302,38 +5188,28 @@ components: SELECT region, data__Identifier, - JSON_EXTRACT(Properties, '$.Description') as description, - JSON_EXTRACT(Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, - JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id, - JSON_EXTRACT(Properties, '$.KnowledgeBaseType') as knowledge_base_type, - JSON_EXTRACT(Properties, '$.Name') as name, - JSON_EXTRACT(Properties, '$.RenderingConfiguration') as rendering_configuration, - JSON_EXTRACT(Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - JSON_EXTRACT(Properties, '$.SourceConfiguration') as source_configuration, - JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::KnowledgeBase' - AND data__Identifier = '' + JSON_EXTRACT(Properties, '$.MessageTemplateArn') as message_template_arn, + JSON_EXTRACT(Properties, '$.MessageTemplateVersionArn') as message_template_version_arn, + JSON_EXTRACT(Properties, '$.MessageTemplateContentSha256') as message_template_content_sha256, + JSON_EXTRACT(Properties, '$.MessageTemplateVersionNumber') as message_template_version_number + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::MessageTemplateVersion' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" ddl: |- SELECT detail.region, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseId') as knowledge_base_id, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseType') as knowledge_base_type, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.RenderingConfiguration') as rendering_configuration, - JSON_EXTRACT(detail.Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - JSON_EXTRACT(detail.Properties, '$.SourceConfiguration') as source_configuration, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags + JSON_EXTRACT(detail.Properties, '$.MessageTemplateArn') as message_template_arn, + JSON_EXTRACT(detail.Properties, '$.MessageTemplateVersionArn') as message_template_version_arn, + JSON_EXTRACT(detail.Properties, '$.MessageTemplateContentSha256') as message_template_content_sha256, + JSON_EXTRACT(detail.Properties, '$.MessageTemplateVersionNumber') as message_template_version_number FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Wisdom::KnowledgeBase' - AND detail.data__TypeName = 'AWS::Wisdom::KnowledgeBase' + WHERE listing.data__TypeName = 'AWS::Wisdom::MessageTemplateVersion' + AND detail.data__TypeName = 'AWS::Wisdom::MessageTemplateVersion' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -1341,46 +5217,36 @@ components: SELECT region, data__Identifier, - json_extract_path_text(Properties, 'Description') as description, - json_extract_path_text(Properties, 'KnowledgeBaseArn') as knowledge_base_arn, - json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id, - json_extract_path_text(Properties, 'KnowledgeBaseType') as knowledge_base_type, - json_extract_path_text(Properties, 'Name') as name, - json_extract_path_text(Properties, 'RenderingConfiguration') as rendering_configuration, - json_extract_path_text(Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - json_extract_path_text(Properties, 'SourceConfiguration') as source_configuration, - json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::KnowledgeBase' - AND data__Identifier = '' + json_extract_path_text(Properties, 'MessageTemplateArn') as message_template_arn, + json_extract_path_text(Properties, 'MessageTemplateVersionArn') as message_template_version_arn, + json_extract_path_text(Properties, 'MessageTemplateContentSha256') as message_template_content_sha256, + json_extract_path_text(Properties, 'MessageTemplateVersionNumber') as message_template_version_number + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::Wisdom::MessageTemplateVersion' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT detail.region, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'KnowledgeBaseArn') as knowledge_base_arn, - json_extract_path_text(detail.Properties, 'KnowledgeBaseId') as knowledge_base_id, - json_extract_path_text(detail.Properties, 'KnowledgeBaseType') as knowledge_base_type, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'RenderingConfiguration') as rendering_configuration, - json_extract_path_text(detail.Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - json_extract_path_text(detail.Properties, 'SourceConfiguration') as source_configuration, - json_extract_path_text(detail.Properties, 'Tags') as tags + json_extract_path_text(detail.Properties, 'MessageTemplateArn') as message_template_arn, + json_extract_path_text(detail.Properties, 'MessageTemplateVersionArn') as message_template_version_arn, + json_extract_path_text(detail.Properties, 'MessageTemplateContentSha256') as message_template_content_sha256, + json_extract_path_text(detail.Properties, 'MessageTemplateVersionNumber') as message_template_version_number FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::Wisdom::KnowledgeBase' - AND detail.data__TypeName = 'AWS::Wisdom::KnowledgeBase' + WHERE listing.data__TypeName = 'AWS::Wisdom::MessageTemplateVersion' + AND detail.data__TypeName = 'AWS::Wisdom::MessageTemplateVersion' AND listing.region = 'us-east-1' - knowledge_bases_list_only: - name: knowledge_bases_list_only - id: aws.wisdom.knowledge_bases_list_only - x-cfn-schema-name: KnowledgeBase - x-cfn-type-name: AWS::Wisdom::KnowledgeBase + message_template_versions_list_only: + name: message_template_versions_list_only + id: aws.wisdom.message_template_versions_list_only + x-cfn-schema-name: MessageTemplateVersion + x-cfn-type-name: AWS::Wisdom::MessageTemplateVersion x-identifiers: - - KnowledgeBaseId + - MessageTemplateVersionArn x-type: cloud_control_view methods: {} sqlVerbs: @@ -1394,76 +5260,17 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.KnowledgeBaseId') as knowledge_base_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::KnowledgeBase' + JSON_EXTRACT(Properties, '$.MessageTemplateVersionArn') as message_template_version_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::MessageTemplateVersion' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'KnowledgeBaseId') as knowledge_base_id - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::KnowledgeBase' + json_extract_path_text(Properties, 'MessageTemplateVersionArn') as message_template_version_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::Wisdom::MessageTemplateVersion' AND region = 'us-east-1' - knowledge_base_tags: - name: knowledge_base_tags - id: aws.wisdom.knowledge_base_tags - x-cfn-schema-name: KnowledgeBase - x-cfn-type-name: AWS::Wisdom::KnowledgeBase - x-type: cloud_control_view - methods: {} - sqlVerbs: - insert: [] - delete: [] - update: [] - config: - views: - select: - predicate: sqlDialect == "sqlite3" - ddl: |- - SELECT - detail.region, - JSON_EXTRACT(json_each.value, '$.Key') as tag_key, - JSON_EXTRACT(json_each.value, '$.Value') as tag_value, - JSON_EXTRACT(detail.Properties, '$.Description') as description, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseArn') as knowledge_base_arn, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseId') as knowledge_base_id, - JSON_EXTRACT(detail.Properties, '$.KnowledgeBaseType') as knowledge_base_type, - JSON_EXTRACT(detail.Properties, '$.Name') as name, - JSON_EXTRACT(detail.Properties, '$.RenderingConfiguration') as rendering_configuration, - JSON_EXTRACT(detail.Properties, '$.ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - JSON_EXTRACT(detail.Properties, '$.SourceConfiguration') as source_configuration - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::Wisdom::KnowledgeBase' - AND detail.data__TypeName = 'AWS::Wisdom::KnowledgeBase' - AND listing.region = 'us-east-1' - fallback: - predicate: sqlDialect == "postgres" - ddl: |- - SELECT - detail.region, - json_extract_path_text(json_each.value, 'Key') as tag_key, - json_extract_path_text(json_each.value, 'Value') as tag_value, - json_extract_path_text(detail.Properties, 'Description') as description, - json_extract_path_text(detail.Properties, 'KnowledgeBaseArn') as knowledge_base_arn, - json_extract_path_text(detail.Properties, 'KnowledgeBaseId') as knowledge_base_id, - json_extract_path_text(detail.Properties, 'KnowledgeBaseType') as knowledge_base_type, - json_extract_path_text(detail.Properties, 'Name') as name, - json_extract_path_text(detail.Properties, 'RenderingConfiguration') as rendering_configuration, - json_extract_path_text(detail.Properties, 'ServerSideEncryptionConfiguration') as server_side_encryption_configuration, - json_extract_path_text(detail.Properties, 'SourceConfiguration') as source_configuration - FROM aws.cloud_control.resources listing - LEFT OUTER JOIN aws.cloud_control.resource detail - ON detail.data__Identifier = listing.Identifier - AND detail.region = listing.region - ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::Wisdom::KnowledgeBase' - AND detail.data__TypeName = 'AWS::Wisdom::KnowledgeBase' - AND listing.region = 'us-east-1' paths: /?Action=CreateResource&Version=2021-09-30: parameters: @@ -1475,7 +5282,149 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: CreateResource + operationId: CreateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=DeleteResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: DeleteResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.DeleteResource + enum: + - CloudApiService.DeleteResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + description: Success + /?Action=UpdateResource&Version=2021-09-30: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: UpdateResource + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.UpdateResource + enum: + - CloudApiService.UpdateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + properties: + ClientName: + type: string + Identifier: + $ref: '#/components/x-cloud-control-schemas/Identifier' + PatchDocument: + type: string + RoleArn: + $ref: '#/components/x-cloud-control-schemas/RoleArn' + TypeName: + $ref: '#/components/x-cloud-control-schemas/TypeName' + TypeVersionId: + $ref: '#/components/x-cloud-control-schemas/TypeVersionId' + required: + - Identifier + - PatchDocument + type: object + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + description: Success + /?Action=CreateResource&Version=2021-09-30&__AIAgent&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateAIAgent parameters: - description: Action Header in: header @@ -1498,7 +5447,7 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/x-cloud-control-schemas/CreateResourceInput' + $ref: '#/components/schemas/CreateAIAgentRequest' required: true responses: '200': @@ -1507,7 +5456,7 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=DeleteResource&Version=2021-09-30: + /?Action=CreateResource&Version=2021-09-30&__AIAgentVersion&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -1517,16 +5466,16 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: DeleteResource + operationId: CreateAIAgentVersion parameters: - description: Action Header in: header name: X-Amz-Target required: false schema: - default: CloudApiService.DeleteResource + default: CloudApiService.CreateResource enum: - - CloudApiService.DeleteResource + - CloudApiService.CreateResource type: string - in: header name: Content-Type @@ -1540,16 +5489,16 @@ paths: content: application/x-amz-json-1.0: schema: - $ref: '#/components/x-cloud-control-schemas/DeleteResourceInput' + $ref: '#/components/schemas/CreateAIAgentVersionRequest' required: true responses: '200': content: application/json: schema: - $ref: '#/components/x-cloud-control-schemas/DeleteResourceOutput' + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success - /?Action=UpdateResource&Version=2021-09-30: + /?Action=CreateResource&Version=2021-09-30&__AIGuardrail&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' @@ -1559,16 +5508,16 @@ paths: - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: - operationId: UpdateResource + operationId: CreateAIGuardrail parameters: - description: Action Header in: header name: X-Amz-Target required: false schema: - default: CloudApiService.UpdateResource + default: CloudApiService.CreateResource enum: - - CloudApiService.UpdateResource + - CloudApiService.CreateResource type: string - in: header name: Content-Type @@ -1582,30 +5531,140 @@ paths: content: application/x-amz-json-1.0: schema: - properties: - ClientName: - type: string - Identifier: - $ref: '#/components/x-cloud-control-schemas/Identifier' - PatchDocument: - type: string - RoleArn: - $ref: '#/components/x-cloud-control-schemas/RoleArn' - TypeName: - $ref: '#/components/x-cloud-control-schemas/TypeName' - TypeVersionId: - $ref: '#/components/x-cloud-control-schemas/TypeVersionId' - required: - - Identifier - - PatchDocument - type: object + $ref: '#/components/schemas/CreateAIGuardrailRequest' required: true responses: '200': content: application/json: schema: - $ref: '#/components/x-cloud-control-schemas/UpdateResourceOutput' + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__AIGuardrailVersion&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateAIGuardrailVersion + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateAIGuardrailVersionRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__AIPrompt&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateAIPrompt + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateAIPromptRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__AIPromptVersion&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateAIPromptVersion + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateAIPromptVersionRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success /?Action=CreateResource&Version=2021-09-30&__Assistant&__detailTransformed=true: parameters: @@ -1733,6 +5792,90 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__MessageTemplate&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateMessageTemplate + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateMessageTemplateRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success + /?Action=CreateResource&Version=2021-09-30&__MessageTemplateVersion&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateMessageTemplateVersion + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateMessageTemplateVersionRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params diff --git a/providers/src/aws/v00.00.00000/services/workspaces.yaml b/providers/src/aws/v00.00.00000/services/workspaces.yaml index 1a368eb7..d90c0474 100644 --- a/providers/src/aws/v00.00.00000/services/workspaces.yaml +++ b/providers/src/aws/v00.00.00000/services/workspaces.yaml @@ -411,15 +411,15 @@ components: pattern: ^[a-zA-Z0-9]+$ Tag: type: object - additionalProperties: false properties: Key: type: string Value: type: string required: - - Value - Key + - Value + additionalProperties: false ConnectionAlias: type: object properties: @@ -473,6 +473,128 @@ components: - workspaces:DescribeConnectionAliases delete: - workspaces:DeleteConnectionAlias + ApplicationSettingsStatus: + type: string + enum: + - DISABLED + - ENABLED + Capacity: + type: object + properties: + DesiredUserSessions: + type: integer + minimum: 0 + required: + - DesiredUserSessions + additionalProperties: false + ApplicationSettings: + type: object + properties: + Status: + $ref: '#/components/schemas/ApplicationSettingsStatus' + SettingsGroup: + type: string + pattern: ^[A-Za-z0-9_./()!*'-]+$ + maxLength: 100 + required: + - Status + additionalProperties: false + TimeoutSettings: + type: object + properties: + DisconnectTimeoutInSeconds: + type: integer + minimum: 60 + maximum: 36000 + IdleDisconnectTimeoutInSeconds: + type: integer + minimum: 0 + maximum: 36000 + MaxUserDurationInSeconds: + type: integer + minimum: 600 + maximum: 432000 + required: [] + additionalProperties: false + WorkspacesPool: + type: object + properties: + PoolId: + type: string + pattern: ^wspool-[0-9a-z]{9}$ + PoolArn: + type: string + pattern: ^arn:aws[a-z-]{0,7}:[A-Za-z0-9][A-za-z0-9_/.-]{0,62}:[A-za-z0-9_/.-]{0,63}:[A-za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-za-z0-9_/.-]{0,127}$ + Capacity: + $ref: '#/components/schemas/Capacity' + PoolName: + type: string + pattern: ^[A-Za-z0-9][A-Za-z0-9_.-]{0,63}$ + Description: + type: string + pattern: ^[a-zA-Z0-9_./() -]+$ + minLength: 1 + maxLength: 255 + CreatedAt: + type: string + BundleId: + type: string + pattern: ^wsb-[0-9a-z]{8,63}$ + DirectoryId: + type: string + pattern: ^wsd-[0-9a-z]{8,63}$ + minLength: 10 + maxLength: 65 + ApplicationSettings: + $ref: '#/components/schemas/ApplicationSettings' + TimeoutSettings: + $ref: '#/components/schemas/TimeoutSettings' + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + required: + - PoolName + - BundleId + - DirectoryId + - Capacity + x-stackql-resource-name: workspaces_pool + description: Resource Type definition for AWS::WorkSpaces::WorkspacesPool + x-type-name: AWS::WorkSpaces::WorkspacesPool + x-stackql-primary-identifier: + - PoolId + x-create-only-properties: + - PoolName + x-read-only-properties: + - PoolId + - PoolArn + - CreatedAt + x-required-properties: + - PoolName + - BundleId + - DirectoryId + - Capacity + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: false + cloudFormationSystemTags: false + tagProperty: /properties/Tags + x-required-permissions: + create: + - workspaces:CreateWorkspacesPool + - workspaces:DescribeWorkspacesPools + read: + - workspaces:DescribeWorkspacesPools + update: + - workspaces:UpdateWorkspacesPool + delete: + - workspaces:DescribeWorkspacesPools + - workspaces:TerminateWorkspacesPool + list: + - workspaces:DescribeWorkspacesPools CreateConnectionAliasRequest: properties: ClientToken: @@ -517,6 +639,59 @@ components: x-title: CreateConnectionAliasRequest type: object required: [] + CreateWorkspacesPoolRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + PoolId: + type: string + pattern: ^wspool-[0-9a-z]{9}$ + PoolArn: + type: string + pattern: ^arn:aws[a-z-]{0,7}:[A-Za-z0-9][A-za-z0-9_/.-]{0,62}:[A-za-z0-9_/.-]{0,63}:[A-za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-za-z0-9_/.-]{0,127}$ + Capacity: + $ref: '#/components/schemas/Capacity' + PoolName: + type: string + pattern: ^[A-Za-z0-9][A-Za-z0-9_.-]{0,63}$ + Description: + type: string + pattern: ^[a-zA-Z0-9_./() -]+$ + minLength: 1 + maxLength: 255 + CreatedAt: + type: string + BundleId: + type: string + pattern: ^wsb-[0-9a-z]{8,63}$ + DirectoryId: + type: string + pattern: ^wsd-[0-9a-z]{8,63}$ + minLength: 10 + maxLength: 65 + ApplicationSettings: + $ref: '#/components/schemas/ApplicationSettings' + TimeoutSettings: + $ref: '#/components/schemas/TimeoutSettings' + Tags: + type: array + uniqueItems: false + x-insertionOrder: false + items: + $ref: '#/components/schemas/Tag' + x-stackQL-stringOnly: true + x-title: CreateWorkspacesPoolRequest + type: object + required: [] securitySchemes: hmac: type: apiKey @@ -597,6 +772,243 @@ components: FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpaces::ConnectionAlias' AND data__Identifier = '' AND region = 'us-east-1' + workspaces_pools: + name: workspaces_pools + id: aws.workspaces.workspaces_pools + x-cfn-schema-name: WorkspacesPool + x-cfn-type-name: AWS::WorkSpaces::WorkspacesPool + x-identifiers: + - PoolId + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__WorkspacesPool&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::WorkSpaces::WorkspacesPool" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::WorkSpaces::WorkspacesPool" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::WorkSpaces::WorkspacesPool" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/workspaces_pools/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/workspaces_pools/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/workspaces_pools/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.PoolId') as pool_id, + JSON_EXTRACT(Properties, '$.PoolArn') as pool_arn, + JSON_EXTRACT(Properties, '$.Capacity') as capacity, + JSON_EXTRACT(Properties, '$.PoolName') as pool_name, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(Properties, '$.BundleId') as bundle_id, + JSON_EXTRACT(Properties, '$.DirectoryId') as directory_id, + JSON_EXTRACT(Properties, '$.ApplicationSettings') as application_settings, + JSON_EXTRACT(Properties, '$.TimeoutSettings') as timeout_settings, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpaces::WorkspacesPool' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.PoolId') as pool_id, + JSON_EXTRACT(detail.Properties, '$.PoolArn') as pool_arn, + JSON_EXTRACT(detail.Properties, '$.Capacity') as capacity, + JSON_EXTRACT(detail.Properties, '$.PoolName') as pool_name, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.BundleId') as bundle_id, + JSON_EXTRACT(detail.Properties, '$.DirectoryId') as directory_id, + JSON_EXTRACT(detail.Properties, '$.ApplicationSettings') as application_settings, + JSON_EXTRACT(detail.Properties, '$.TimeoutSettings') as timeout_settings, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::WorkSpaces::WorkspacesPool' + AND detail.data__TypeName = 'AWS::WorkSpaces::WorkspacesPool' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'PoolId') as pool_id, + json_extract_path_text(Properties, 'PoolArn') as pool_arn, + json_extract_path_text(Properties, 'Capacity') as capacity, + json_extract_path_text(Properties, 'PoolName') as pool_name, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'CreatedAt') as created_at, + json_extract_path_text(Properties, 'BundleId') as bundle_id, + json_extract_path_text(Properties, 'DirectoryId') as directory_id, + json_extract_path_text(Properties, 'ApplicationSettings') as application_settings, + json_extract_path_text(Properties, 'TimeoutSettings') as timeout_settings, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpaces::WorkspacesPool' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'PoolId') as pool_id, + json_extract_path_text(detail.Properties, 'PoolArn') as pool_arn, + json_extract_path_text(detail.Properties, 'Capacity') as capacity, + json_extract_path_text(detail.Properties, 'PoolName') as pool_name, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'BundleId') as bundle_id, + json_extract_path_text(detail.Properties, 'DirectoryId') as directory_id, + json_extract_path_text(detail.Properties, 'ApplicationSettings') as application_settings, + json_extract_path_text(detail.Properties, 'TimeoutSettings') as timeout_settings, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::WorkSpaces::WorkspacesPool' + AND detail.data__TypeName = 'AWS::WorkSpaces::WorkspacesPool' + AND listing.region = 'us-east-1' + workspaces_pools_list_only: + name: workspaces_pools_list_only + id: aws.workspaces.workspaces_pools_list_only + x-cfn-schema-name: WorkspacesPool + x-cfn-type-name: AWS::WorkSpaces::WorkspacesPool + x-identifiers: + - PoolId + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.PoolId') as pool_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpaces::WorkspacesPool' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'PoolId') as pool_id + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpaces::WorkspacesPool' + AND region = 'us-east-1' + workspaces_pool_tags: + name: workspaces_pool_tags + id: aws.workspaces.workspaces_pool_tags + x-cfn-schema-name: WorkspacesPool + x-cfn-type-name: AWS::WorkSpaces::WorkspacesPool + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.PoolId') as pool_id, + JSON_EXTRACT(detail.Properties, '$.PoolArn') as pool_arn, + JSON_EXTRACT(detail.Properties, '$.Capacity') as capacity, + JSON_EXTRACT(detail.Properties, '$.PoolName') as pool_name, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, + JSON_EXTRACT(detail.Properties, '$.BundleId') as bundle_id, + JSON_EXTRACT(detail.Properties, '$.DirectoryId') as directory_id, + JSON_EXTRACT(detail.Properties, '$.ApplicationSettings') as application_settings, + JSON_EXTRACT(detail.Properties, '$.TimeoutSettings') as timeout_settings + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::WorkSpaces::WorkspacesPool' + AND detail.data__TypeName = 'AWS::WorkSpaces::WorkspacesPool' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'PoolId') as pool_id, + json_extract_path_text(detail.Properties, 'PoolArn') as pool_arn, + json_extract_path_text(detail.Properties, 'Capacity') as capacity, + json_extract_path_text(detail.Properties, 'PoolName') as pool_name, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, + json_extract_path_text(detail.Properties, 'BundleId') as bundle_id, + json_extract_path_text(detail.Properties, 'DirectoryId') as directory_id, + json_extract_path_text(detail.Properties, 'ApplicationSettings') as application_settings, + json_extract_path_text(detail.Properties, 'TimeoutSettings') as timeout_settings + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::WorkSpaces::WorkspacesPool' + AND detail.data__TypeName = 'AWS::WorkSpaces::WorkspacesPool' + AND listing.region = 'us-east-1' paths: /?Action=CreateResource&Version=2021-09-30: parameters: @@ -782,6 +1194,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__WorkspacesPool&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateWorkspacesPool + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateWorkspacesPoolRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success x-stackQL-config: requestTranslate: algorithm: drop_double_underscore_params diff --git a/providers/src/aws/v00.00.00000/services/workspacesthinclient.yaml b/providers/src/aws/v00.00.00000/services/workspacesthinclient.yaml index 02cea1ff..9d4ac53a 100644 --- a/providers/src/aws/v00.00.00000/services/workspacesthinclient.yaml +++ b/providers/src/aws/v00.00.00000/services/workspacesthinclient.yaml @@ -559,6 +559,14 @@ components: description: An array of key-value pairs to apply to this resource. items: $ref: '#/components/schemas/Tag' + DeviceCreationTags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to the newly created devices for this environment. + items: + $ref: '#/components/schemas/Tag' required: - DesktopArn x-stackql-resource-name: environment @@ -588,6 +596,10 @@ components: tagUpdatable: true cloudFormationSystemTags: true tagProperty: /properties/Tags + permissions: + - thinclient:UntagResource + - thinclient:ListTagsForResource + - thinclient:TagResource x-required-permissions: create: - thinclient:CreateEnvironment @@ -622,7 +634,7 @@ components: - kms:Decrypt - kms:RetireGrant list: - - thinclient:ListEnvironment + - thinclient:ListEnvironments - thinclient:ListTagsForResource - kms:Decrypt CreateEnvironmentRequest: @@ -734,6 +746,14 @@ components: description: An array of key-value pairs to apply to this resource. items: $ref: '#/components/schemas/Tag' + DeviceCreationTags: + type: array + maxItems: 50 + uniqueItems: true + x-insertionOrder: false + description: An array of key-value pairs to apply to the newly created devices for this environment. + items: + $ref: '#/components/schemas/Tag' x-stackQL-stringOnly: true x-title: CreateEnvironmentRequest type: object @@ -827,7 +847,8 @@ components: JSON_EXTRACT(Properties, '$.UpdatedAt') as updated_at, JSON_EXTRACT(Properties, '$.Arn') as arn, JSON_EXTRACT(Properties, '$.KmsKeyArn') as kms_key_arn, - JSON_EXTRACT(Properties, '$.Tags') as tags + JSON_EXTRACT(Properties, '$.Tags') as tags, + JSON_EXTRACT(Properties, '$.DeviceCreationTags') as device_creation_tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesThinClient::Environment' AND data__Identifier = '' AND region = 'us-east-1' @@ -854,7 +875,8 @@ components: JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, - JSON_EXTRACT(detail.Properties, '$.Tags') as tags + JSON_EXTRACT(detail.Properties, '$.Tags') as tags, + JSON_EXTRACT(detail.Properties, '$.DeviceCreationTags') as device_creation_tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -886,7 +908,8 @@ components: json_extract_path_text(Properties, 'UpdatedAt') as updated_at, json_extract_path_text(Properties, 'Arn') as arn, json_extract_path_text(Properties, 'KmsKeyArn') as kms_key_arn, - json_extract_path_text(Properties, 'Tags') as tags + json_extract_path_text(Properties, 'Tags') as tags, + json_extract_path_text(Properties, 'DeviceCreationTags') as device_creation_tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesThinClient::Environment' AND data__Identifier = '' AND region = 'us-east-1' @@ -913,7 +936,8 @@ components: json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, json_extract_path_text(detail.Properties, 'Arn') as arn, json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, - json_extract_path_text(detail.Properties, 'Tags') as tags + json_extract_path_text(detail.Properties, 'Tags') as tags, + json_extract_path_text(detail.Properties, 'DeviceCreationTags') as device_creation_tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -989,7 +1013,8 @@ components: JSON_EXTRACT(detail.Properties, '$.CreatedAt') as created_at, JSON_EXTRACT(detail.Properties, '$.UpdatedAt') as updated_at, JSON_EXTRACT(detail.Properties, '$.Arn') as arn, - JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn + JSON_EXTRACT(detail.Properties, '$.KmsKeyArn') as kms_key_arn, + JSON_EXTRACT(detail.Properties, '$.DeviceCreationTags') as device_creation_tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -1022,7 +1047,8 @@ components: json_extract_path_text(detail.Properties, 'CreatedAt') as created_at, json_extract_path_text(detail.Properties, 'UpdatedAt') as updated_at, json_extract_path_text(detail.Properties, 'Arn') as arn, - json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn + json_extract_path_text(detail.Properties, 'KmsKeyArn') as kms_key_arn, + json_extract_path_text(detail.Properties, 'DeviceCreationTags') as device_creation_tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier diff --git a/providers/src/aws/v00.00.00000/services/workspacesweb.yaml b/providers/src/aws/v00.00.00000/services/workspacesweb.yaml index a6ca6bb6..378468df 100644 --- a/providers/src/aws/v00.00.00000/services/workspacesweb.yaml +++ b/providers/src/aws/v00.00.00000/services/workspacesweb.yaml @@ -463,16 +463,22 @@ components: tagProperty: /properties/Tags tagUpdatable: true taggable: true + permissions: + - workspaces-web:UntagResource + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource x-required-permissions: create: - workspaces-web:CreateBrowserSettings - workspaces-web:GetBrowserSettings - workspaces-web:ListTagsForResource - workspaces-web:TagResource - - kms:CreateGrant - kms:DescribeKey - kms:GenerateDataKey - kms:Decrypt + - kms:GenerateDataKeyWithoutPlaintext + - kms:ReEncryptTo + - kms:ReEncryptFrom read: - workspaces-web:GetBrowserSettings - workspaces-web:ListBrowserSettings @@ -501,6 +507,219 @@ components: - kms:Decrypt list: - workspaces-web:ListBrowserSettings + CustomPattern: + type: object + properties: + PatternName: + type: string + maxLength: 20 + minLength: 1 + pattern: ^[_\-\d\w]+$ + PatternRegex: + type: string + maxLength: 300 + minLength: 0 + pattern: ^\/((?:[^\n])+)\/([gimsuyvd]{0,8})$ + PatternDescription: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[ _\-\d\w]+$ + KeywordRegex: + type: string + maxLength: 300 + minLength: 0 + pattern: ^\/((?:[^\n])+)\/([gimsuyvd]{0,8})$ + required: + - PatternName + - PatternRegex + additionalProperties: false + InlineRedactionConfiguration: + type: object + properties: + InlineRedactionPatterns: + type: array + items: + $ref: '#/components/schemas/InlineRedactionPattern' + maxItems: 150 + minItems: 0 + GlobalEnforcedUrls: + type: array + items: + type: string + pattern: ^((([a-zA-Z][a-zA-Z0-9+.-]*):\/\/(\*|[\w%._\-\+~#=@]+)?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?)|(\*|[\w%._\-\+~#=@]+\.[\w%._\-\+~#=@]+)(?::(\d{1,5}))?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\/\/)?\*))$ + maxItems: 100 + minItems: 1 + GlobalExemptUrls: + type: array + items: + type: string + pattern: ^((([a-zA-Z][a-zA-Z0-9+.-]*):\/\/(\*|[\w%._\-\+~#=@]+)?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?)|(\*|[\w%._\-\+~#=@]+\.[\w%._\-\+~#=@]+)(?::(\d{1,5}))?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\/\/)?\*))$ + maxItems: 100 + minItems: 1 + GlobalConfidenceLevel: + type: number + maximum: 3 + minimum: 1 + required: + - InlineRedactionPatterns + additionalProperties: false + InlineRedactionPattern: + type: object + properties: + BuiltInPatternId: + type: string + maxLength: 50 + minLength: 1 + pattern: ^[_\-\d\w]+$ + CustomPattern: + $ref: '#/components/schemas/CustomPattern' + RedactionPlaceHolder: + $ref: '#/components/schemas/RedactionPlaceHolder' + EnforcedUrls: + type: array + items: + type: string + pattern: ^((([a-zA-Z][a-zA-Z0-9+.-]*):\/\/(\*|[\w%._\-\+~#=@]+)?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?)|(\*|[\w%._\-\+~#=@]+\.[\w%._\-\+~#=@]+)(?::(\d{1,5}))?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\/\/)?\*))$ + maxItems: 20 + minItems: 1 + ExemptUrls: + type: array + items: + type: string + pattern: ^((([a-zA-Z][a-zA-Z0-9+.-]*):\/\/(\*|[\w%._\-\+~#=@]+)?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?)|(\*|[\w%._\-\+~#=@]+\.[\w%._\-\+~#=@]+)(?::(\d{1,5}))?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\/\/)?\*))$ + maxItems: 20 + minItems: 1 + ConfidenceLevel: + type: number + maximum: 3 + minimum: 1 + required: + - RedactionPlaceHolder + additionalProperties: false + RedactionPlaceHolder: + type: object + properties: + RedactionPlaceHolderType: + $ref: '#/components/schemas/RedactionPlaceHolderType' + RedactionPlaceHolderText: + type: string + maxLength: 20 + minLength: 1 + pattern: ^[*_\-\d\w]+$ + required: + - RedactionPlaceHolderType + additionalProperties: false + RedactionPlaceHolderType: + type: string + enum: + - CustomText + DataProtectionSettings: + type: object + properties: + AdditionalEncryptionContext: + $ref: '#/components/schemas/EncryptionContextMap' + AssociatedPortalArns: + type: array + items: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + CreationDate: + type: string + format: date-time + CustomerManagedKey: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$ + DataProtectionSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + Description: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[ _\-\d\w]+$ + DisplayName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[ _\-\d\w]+$ + InlineRedactionConfiguration: + $ref: '#/components/schemas/InlineRedactionConfiguration' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-stackql-resource-name: data_protection_settings + description: Definition of AWS::WorkSpacesWeb::DataProtectionSettings Resource Type + x-type-name: AWS::WorkSpacesWeb::DataProtectionSettings + x-stackql-primary-identifier: + - DataProtectionSettingsArn + x-create-only-properties: + - AdditionalEncryptionContext + - CustomerManagedKey + x-read-only-properties: + - AssociatedPortalArns + - CreationDate + - DataProtectionSettingsArn + x-tagging: + cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + permissions: + - workspaces-web:UntagResource + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource + x-required-permissions: + create: + - workspaces-web:CreateDataProtectionSettings + - workspaces-web:GetDataProtectionSettings + - workspaces-web:ListDataProtectionSettings + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + - kms:GenerateDataKeyWithoutPlaintext + - kms:ReEncryptTo + - kms:ReEncryptFrom + read: + - workspaces-web:GetDataProtectionSettings + - workspaces-web:ListDataProtectionSettings + - workspaces-web:ListTagsForResource + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + update: + - workspaces-web:UpdateDataProtectionSettings + - workspaces-web:GetDataProtectionSettings + - workspaces-web:ListDataProtectionSettings + - workspaces-web:TagResource + - workspaces-web:UntagResource + - workspaces-web:ListTagsForResource + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + delete: + - workspaces-web:GetDataProtectionSettings + - workspaces-web:ListDataProtectionSettings + - workspaces-web:DeleteDataProtectionSettings + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + list: + - workspaces-web:ListDataProtectionSettings + - kms:Decrypt + - kms:DescribeKey IdentityProviderDetails: type: object x-patternProperties: @@ -541,6 +760,13 @@ components: maxLength: 2048 minLength: 20 pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-insertionOrder: false required: - IdentityProviderDetails - IdentityProviderName @@ -561,10 +787,15 @@ components: - IdentityProviderName - IdentityProviderType x-tagging: - taggable: false - tagOnCreate: false - tagUpdatable: false cloudFormationSystemTags: false + tagOnCreate: true + tagProperty: /properties/Tags + tagUpdatable: true + taggable: true + permissions: + - workspaces-web:UntagResource + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource x-required-permissions: create: - workspaces-web:CreateIdentityProvider @@ -674,6 +905,10 @@ components: tagProperty: /properties/Tags tagUpdatable: true taggable: true + permissions: + - workspaces-web:UntagResource + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource x-required-permissions: create: - workspaces-web:CreateIpAccessSettings @@ -681,10 +916,12 @@ components: - workspaces-web:ListIpAccessSettings - workspaces-web:ListTagsForResource - workspaces-web:TagResource - - kms:CreateGrant - kms:DescribeKey - kms:GenerateDataKey - kms:Decrypt + - kms:GenerateDataKeyWithoutPlaintext + - kms:ReEncryptTo + - kms:ReEncryptFrom read: - workspaces-web:GetIpAccessSettings - workspaces-web:ListIpAccessSettings @@ -784,6 +1021,10 @@ components: tagProperty: /properties/Tags tagUpdatable: true taggable: true + permissions: + - workspaces-web:UntagResource + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource x-required-permissions: create: - workspaces-web:CreateNetworkSettings @@ -852,6 +1093,11 @@ components: maxLength: 2048 minLength: 20 pattern: ^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$ + DataProtectionSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ DisplayName: type: string maxLength: 64 @@ -942,22 +1188,29 @@ components: tagProperty: /properties/Tags tagUpdatable: true taggable: true + permissions: + - workspaces-web:UntagResource + - workspaces-web:List* + - workspaces-web:TagResource x-required-permissions: create: - workspaces-web:CreatePortal - - workspaces-web:GetPortal - - workspaces-web:GetPortalServiceProviderMetadata + - workspaces-web:GetPortal* - workspaces-web:AssociateBrowserSettings - workspaces-web:AssociateIpAccessSettings - workspaces-web:AssociateNetworkSettings - workspaces-web:AssociateTrustStore - workspaces-web:AssociateUserAccessLoggingSettings - workspaces-web:AssociateUserSettings - - workspaces-web:ListTagsForResource + - workspaces-web:AssociateDataProtectionSettings + - workspaces-web:List* - workspaces-web:TagResource - - kms:CreateGrant + - kms:DescribeKey - kms:GenerateDataKey - kms:Decrypt + - kms:GenerateDataKeyWithoutPlaintext + - kms:ReEncryptTo + - kms:ReEncryptFrom - ec2:CreateNetworkInterface - ec2:CreateNetworkInterfacePermission - ec2:DeleteNetworkInterface @@ -965,17 +1218,16 @@ components: - ec2:ModifyNetworkInterfaceAttribute - kinesis:PutRecord - kinesis:PutRecords - - kinesis:DescribeStreamSummary + - kinesis:Describe* - sso:CreateManagedApplicationInstance - - sso:DescribeRegisteredRegions + - sso:Describe* read: - - workspaces-web:GetPortal - - workspaces-web:GetPortalServiceProviderMetadata - - workspaces-web:ListTagsForResource + - workspaces-web:GetPortal* + - workspaces-web:List* - kms:Decrypt + - kms:DescribeKey update: - - workspaces-web:GetPortal - - workspaces-web:GetPortalServiceProviderMetadata + - workspaces-web:GetPortal* - workspaces-web:UpdatePortal - workspaces-web:AssociateBrowserSettings - workspaces-web:AssociateIpAccessSettings @@ -983,19 +1235,22 @@ components: - workspaces-web:AssociateTrustStore - workspaces-web:AssociateUserAccessLoggingSettings - workspaces-web:AssociateUserSettings + - workspaces-web:AssociateDataProtectionSettings - workspaces-web:DisassociateBrowserSettings - workspaces-web:DisassociateIpAccessSettings - workspaces-web:DisassociateNetworkSettings - workspaces-web:DisassociateTrustStore - workspaces-web:DisassociateUserAccessLoggingSettings - workspaces-web:DisassociateUserSettings - - workspaces-web:ListTagsForResource + - workspaces-web:DisassociateDataProtectionSettings + - workspaces-web:List* - workspaces-web:TagResource - workspaces-web:UntagResource - kms:CreateGrant - kms:Encrypt - kms:GenerateDataKey - kms:Decrypt + - kms:DescribeKey - ec2:CreateNetworkInterface - ec2:CreateNetworkInterfacePermission - ec2:DeleteNetworkInterface @@ -1003,14 +1258,14 @@ components: - ec2:ModifyNetworkInterfaceAttribute - kinesis:PutRecord - kinesis:PutRecords - - kinesis:DescribeStreamSummary + - kinesis:Describe* - sso:CreateManagedApplicationInstance - sso:DeleteManagedApplicationInstance - - sso:DescribeRegisteredRegions + - sso:Describe* - sso:GetApplicationInstance - - sso:ListApplicationInstances + - sso:List* delete: - - workspaces-web:GetPortal + - workspaces-web:GetPortal* - workspaces-web:DeletePortal - workspaces-web:DisassociateBrowserSettings - workspaces-web:DisassociateIpAccessSettings @@ -1018,11 +1273,14 @@ components: - workspaces-web:DisassociateTrustStore - workspaces-web:DisassociateUserAccessLoggingSettings - workspaces-web:DisassociateUserSettings + - workspaces-web:DisassociateDataProtectionSettings - kms:Decrypt + - kms:DescribeKey - sso:DeleteManagedApplicationInstance list: - - workspaces-web:ListPortals + - workspaces-web:List* - kms:Decrypt + - kms:DescribeKey TrustStore: type: object properties: @@ -1069,6 +1327,10 @@ components: tagProperty: /properties/Tags tagUpdatable: true taggable: true + permissions: + - workspaces-web:UntagResource + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource x-required-permissions: create: - workspaces-web:CreateTrustStore @@ -1144,6 +1406,10 @@ components: tagProperty: /properties/Tags tagUpdatable: true taggable: true + permissions: + - workspaces-web:UntagResource + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource x-required-permissions: create: - workspaces-web:CreateUserAccessLoggingSettings @@ -1263,6 +1529,8 @@ components: maxLength: 2048 minLength: 20 pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + DeepLinkAllowed: + $ref: '#/components/schemas/EnabledType' required: - CopyAllowed - DownloadAllowed @@ -1274,9 +1542,6 @@ components: x-type-name: AWS::WorkSpacesWeb::UserSettings x-stackql-primary-identifier: - UserSettingsArn - x-create-only-properties: - - AdditionalEncryptionContext - - CustomerManagedKey x-read-only-properties: - AssociatedPortalArns - UserSettingsArn @@ -1292,16 +1557,22 @@ components: tagProperty: /properties/Tags tagUpdatable: true taggable: true + permissions: + - workspaces-web:UntagResource + - workspaces-web:ListTagsForResource + - workspaces-web:TagResource x-required-permissions: create: - workspaces-web:CreateUserSettings - workspaces-web:GetUserSettings - workspaces-web:ListTagsForResource - workspaces-web:TagResource - - kms:CreateGrant - kms:DescribeKey - kms:GenerateDataKey - kms:Decrypt + - kms:GenerateDataKeyWithoutPlaintext + - kms:ReEncryptTo + - kms:ReEncryptFrom read: - workspaces-web:GetUserSettings - workspaces-web:ListTagsForResource @@ -1381,6 +1652,63 @@ components: x-title: CreateBrowserSettingsRequest type: object required: [] + CreateDataProtectionSettingsRequest: + properties: + ClientToken: + type: string + RoleArn: + type: string + TypeName: + type: string + TypeVersionId: + type: string + DesiredState: + type: object + properties: + AdditionalEncryptionContext: + $ref: '#/components/schemas/EncryptionContextMap' + AssociatedPortalArns: + type: array + items: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + CreationDate: + type: string + format: date-time + CustomerManagedKey: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$ + DataProtectionSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + Description: + type: string + maxLength: 256 + minLength: 1 + pattern: ^[ _\-\d\w]+$ + DisplayName: + type: string + maxLength: 64 + minLength: 1 + pattern: ^[ _\-\d\w]+$ + InlineRedactionConfiguration: + $ref: '#/components/schemas/InlineRedactionConfiguration' + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-stackQL-stringOnly: true + x-title: CreateDataProtectionSettingsRequest + type: object + required: [] CreateIdentityProviderRequest: properties: ClientToken: @@ -1413,6 +1741,13 @@ components: maxLength: 2048 minLength: 20 pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + Tags: + type: array + items: + $ref: '#/components/schemas/Tag' + maxItems: 200 + minItems: 0 + x-insertionOrder: false x-stackQL-stringOnly: true x-title: CreateIdentityProviderRequest type: object @@ -1575,6 +1910,11 @@ components: maxLength: 2048 minLength: 20 pattern: ^arn:[\w+=\/,.@-]+:kms:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:key\/[a-zA-Z0-9-]+$ + DataProtectionSettingsArn: + type: string + maxLength: 2048 + minLength: 20 + pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ DisplayName: type: string maxLength: 64 @@ -1793,6 +2133,8 @@ components: maxLength: 2048 minLength: 20 pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$ + DeepLinkAllowed: + $ref: '#/components/schemas/EnabledType' x-stackQL-stringOnly: true x-title: CreateUserSettingsRequest type: object @@ -1819,12 +2161,219 @@ components: requestBodyTranslate: algorithm: naive_DesiredState operation: - $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__BrowserSettings&__detailTransformed=true/post' + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__BrowserSettings&__detailTransformed=true/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::WorkSpacesWeb::BrowserSettings" + } + response: + mediaType: application/json + openAPIDocKey: '200' + update_resource: + operation: + $ref: '#/paths/~1?Action=UpdateResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::WorkSpacesWeb::BrowserSettings" + } + response: + mediaType: application/json + openAPIDocKey: '200' + delete_resource: + operation: + $ref: '#/paths/~1?Action=DeleteResource&Version=2021-09-30/post' + request: + mediaType: application/x-amz-json-1.0 + base: |- + { + "TypeName": "AWS::WorkSpacesWeb::BrowserSettings" + } + response: + mediaType: application/json + openAPIDocKey: '200' + sqlVerbs: + insert: + - $ref: '#/components/x-stackQL-resources/browser_settings/methods/create_resource' + delete: + - $ref: '#/components/x-stackQL-resources/browser_settings/methods/delete_resource' + update: + - $ref: '#/components/x-stackQL-resources/browser_settings/methods/update_resource' + config: + views: + select: + predicate: sqlDialect == "sqlite3" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + JSON_EXTRACT(Properties, '$.AdditionalEncryptionContext') as additional_encryption_context, + JSON_EXTRACT(Properties, '$.AssociatedPortalArns') as associated_portal_arns, + JSON_EXTRACT(Properties, '$.BrowserPolicy') as browser_policy, + JSON_EXTRACT(Properties, '$.BrowserSettingsArn') as browser_settings_arn, + JSON_EXTRACT(Properties, '$.CustomerManagedKey') as customer_managed_key, + JSON_EXTRACT(Properties, '$.Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(detail.Properties, '$.AdditionalEncryptionContext') as additional_encryption_context, + JSON_EXTRACT(detail.Properties, '$.AssociatedPortalArns') as associated_portal_arns, + JSON_EXTRACT(detail.Properties, '$.BrowserPolicy') as browser_policy, + JSON_EXTRACT(detail.Properties, '$.BrowserSettingsArn') as browser_settings_arn, + JSON_EXTRACT(detail.Properties, '$.CustomerManagedKey') as customer_managed_key, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND detail.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] + ddl: |- + SELECT + region, + data__Identifier, + json_extract_path_text(Properties, 'AdditionalEncryptionContext') as additional_encryption_context, + json_extract_path_text(Properties, 'AssociatedPortalArns') as associated_portal_arns, + json_extract_path_text(Properties, 'BrowserPolicy') as browser_policy, + json_extract_path_text(Properties, 'BrowserSettingsArn') as browser_settings_arn, + json_extract_path_text(Properties, 'CustomerManagedKey') as customer_managed_key, + json_extract_path_text(Properties, 'Tags') as tags + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND data__Identifier = '' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(detail.Properties, 'AdditionalEncryptionContext') as additional_encryption_context, + json_extract_path_text(detail.Properties, 'AssociatedPortalArns') as associated_portal_arns, + json_extract_path_text(detail.Properties, 'BrowserPolicy') as browser_policy, + json_extract_path_text(detail.Properties, 'BrowserSettingsArn') as browser_settings_arn, + json_extract_path_text(detail.Properties, 'CustomerManagedKey') as customer_managed_key, + json_extract_path_text(detail.Properties, 'Tags') as tags + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND detail.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND listing.region = 'us-east-1' + browser_settings_list_only: + name: browser_settings_list_only + id: aws.workspacesweb.browser_settings_list_only + x-cfn-schema-name: BrowserSettings + x-cfn-type-name: AWS::WorkSpacesWeb::BrowserSettings + x-identifiers: + - BrowserSettingsArn + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + region, + JSON_EXTRACT(Properties, '$.BrowserSettingsArn') as browser_settings_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + region, + json_extract_path_text(Properties, 'BrowserSettingsArn') as browser_settings_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND region = 'us-east-1' + browser_settings_tags: + name: browser_settings_tags + id: aws.workspacesweb.browser_settings_tags + x-cfn-schema-name: BrowserSettings + x-cfn-type-name: AWS::WorkSpacesWeb::BrowserSettings + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.AdditionalEncryptionContext') as additional_encryption_context, + JSON_EXTRACT(detail.Properties, '$.AssociatedPortalArns') as associated_portal_arns, + JSON_EXTRACT(detail.Properties, '$.BrowserPolicy') as browser_policy, + JSON_EXTRACT(detail.Properties, '$.BrowserSettingsArn') as browser_settings_arn, + JSON_EXTRACT(detail.Properties, '$.CustomerManagedKey') as customer_managed_key + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND detail.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'AdditionalEncryptionContext') as additional_encryption_context, + json_extract_path_text(detail.Properties, 'AssociatedPortalArns') as associated_portal_arns, + json_extract_path_text(detail.Properties, 'BrowserPolicy') as browser_policy, + json_extract_path_text(detail.Properties, 'BrowserSettingsArn') as browser_settings_arn, + json_extract_path_text(detail.Properties, 'CustomerManagedKey') as customer_managed_key + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND detail.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + AND listing.region = 'us-east-1' + data_protection_settings: + name: data_protection_settings + id: aws.workspacesweb.data_protection_settings + x-cfn-schema-name: DataProtectionSettings + x-cfn-type-name: AWS::WorkSpacesWeb::DataProtectionSettings + x-identifiers: + - DataProtectionSettingsArn + x-type: cloud_control + methods: + create_resource: + config: + requestBodyTranslate: + algorithm: naive_DesiredState + operation: + $ref: '#/paths/~1?Action=CreateResource&Version=2021-09-30&__DataProtectionSettings&__detailTransformed=true/post' request: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::WorkSpacesWeb::BrowserSettings" + "TypeName": "AWS::WorkSpacesWeb::DataProtectionSettings" } response: mediaType: application/json @@ -1836,7 +2385,7 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::WorkSpacesWeb::BrowserSettings" + "TypeName": "AWS::WorkSpacesWeb::DataProtectionSettings" } response: mediaType: application/json @@ -1848,18 +2397,18 @@ components: mediaType: application/x-amz-json-1.0 base: |- { - "TypeName": "AWS::WorkSpacesWeb::BrowserSettings" + "TypeName": "AWS::WorkSpacesWeb::DataProtectionSettings" } response: mediaType: application/json openAPIDocKey: '200' sqlVerbs: insert: - - $ref: '#/components/x-stackQL-resources/browser_settings/methods/create_resource' + - $ref: '#/components/x-stackQL-resources/data_protection_settings/methods/create_resource' delete: - - $ref: '#/components/x-stackQL-resources/browser_settings/methods/delete_resource' + - $ref: '#/components/x-stackQL-resources/data_protection_settings/methods/delete_resource' update: - - $ref: '#/components/x-stackQL-resources/browser_settings/methods/update_resource' + - $ref: '#/components/x-stackQL-resources/data_protection_settings/methods/update_resource' config: views: select: @@ -1870,12 +2419,15 @@ components: data__Identifier, JSON_EXTRACT(Properties, '$.AdditionalEncryptionContext') as additional_encryption_context, JSON_EXTRACT(Properties, '$.AssociatedPortalArns') as associated_portal_arns, - JSON_EXTRACT(Properties, '$.BrowserPolicy') as browser_policy, - JSON_EXTRACT(Properties, '$.BrowserSettingsArn') as browser_settings_arn, + JSON_EXTRACT(Properties, '$.CreationDate') as creation_date, JSON_EXTRACT(Properties, '$.CustomerManagedKey') as customer_managed_key, + JSON_EXTRACT(Properties, '$.DataProtectionSettingsArn') as data_protection_settings_arn, + JSON_EXTRACT(Properties, '$.Description') as description, + JSON_EXTRACT(Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(Properties, '$.InlineRedactionConfiguration') as inline_redaction_configuration, JSON_EXTRACT(Properties, '$.Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::DataProtectionSettings' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "sqlite3" @@ -1884,16 +2436,19 @@ components: detail.region, JSON_EXTRACT(detail.Properties, '$.AdditionalEncryptionContext') as additional_encryption_context, JSON_EXTRACT(detail.Properties, '$.AssociatedPortalArns') as associated_portal_arns, - JSON_EXTRACT(detail.Properties, '$.BrowserPolicy') as browser_policy, - JSON_EXTRACT(detail.Properties, '$.BrowserSettingsArn') as browser_settings_arn, + JSON_EXTRACT(detail.Properties, '$.CreationDate') as creation_date, JSON_EXTRACT(detail.Properties, '$.CustomerManagedKey') as customer_managed_key, + JSON_EXTRACT(detail.Properties, '$.DataProtectionSettingsArn') as data_protection_settings_arn, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(detail.Properties, '$.InlineRedactionConfiguration') as inline_redaction_configuration, JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' - AND detail.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::DataProtectionSettings' + AND detail.data__TypeName = 'AWS::WorkSpacesWeb::DataProtectionSettings' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" && requiredParams == [ data__Identifier ] @@ -1903,12 +2458,15 @@ components: data__Identifier, json_extract_path_text(Properties, 'AdditionalEncryptionContext') as additional_encryption_context, json_extract_path_text(Properties, 'AssociatedPortalArns') as associated_portal_arns, - json_extract_path_text(Properties, 'BrowserPolicy') as browser_policy, - json_extract_path_text(Properties, 'BrowserSettingsArn') as browser_settings_arn, + json_extract_path_text(Properties, 'CreationDate') as creation_date, json_extract_path_text(Properties, 'CustomerManagedKey') as customer_managed_key, + json_extract_path_text(Properties, 'DataProtectionSettingsArn') as data_protection_settings_arn, + json_extract_path_text(Properties, 'Description') as description, + json_extract_path_text(Properties, 'DisplayName') as display_name, + json_extract_path_text(Properties, 'InlineRedactionConfiguration') as inline_redaction_configuration, json_extract_path_text(Properties, 'Tags') as tags - FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' - AND data__Identifier = '' + FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::DataProtectionSettings' + AND data__Identifier = '' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -1917,24 +2475,27 @@ components: detail.region, json_extract_path_text(detail.Properties, 'AdditionalEncryptionContext') as additional_encryption_context, json_extract_path_text(detail.Properties, 'AssociatedPortalArns') as associated_portal_arns, - json_extract_path_text(detail.Properties, 'BrowserPolicy') as browser_policy, - json_extract_path_text(detail.Properties, 'BrowserSettingsArn') as browser_settings_arn, + json_extract_path_text(detail.Properties, 'CreationDate') as creation_date, json_extract_path_text(detail.Properties, 'CustomerManagedKey') as customer_managed_key, + json_extract_path_text(detail.Properties, 'DataProtectionSettingsArn') as data_protection_settings_arn, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, + json_extract_path_text(detail.Properties, 'InlineRedactionConfiguration') as inline_redaction_configuration, json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region - WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' - AND detail.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::DataProtectionSettings' + AND detail.data__TypeName = 'AWS::WorkSpacesWeb::DataProtectionSettings' AND listing.region = 'us-east-1' - browser_settings_list_only: - name: browser_settings_list_only - id: aws.workspacesweb.browser_settings_list_only - x-cfn-schema-name: BrowserSettings - x-cfn-type-name: AWS::WorkSpacesWeb::BrowserSettings + data_protection_settings_list_only: + name: data_protection_settings_list_only + id: aws.workspacesweb.data_protection_settings_list_only + x-cfn-schema-name: DataProtectionSettings + x-cfn-type-name: AWS::WorkSpacesWeb::DataProtectionSettings x-identifiers: - - BrowserSettingsArn + - DataProtectionSettingsArn x-type: cloud_control_view methods: {} sqlVerbs: @@ -1948,22 +2509,22 @@ components: ddl: |- SELECT region, - JSON_EXTRACT(Properties, '$.BrowserSettingsArn') as browser_settings_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + JSON_EXTRACT(Properties, '$.DataProtectionSettingsArn') as data_protection_settings_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::DataProtectionSettings' AND region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" ddl: |- SELECT region, - json_extract_path_text(Properties, 'BrowserSettingsArn') as browser_settings_arn - FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + json_extract_path_text(Properties, 'DataProtectionSettingsArn') as data_protection_settings_arn + FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::DataProtectionSettings' AND region = 'us-east-1' - browser_settings_tags: - name: browser_settings_tags - id: aws.workspacesweb.browser_settings_tags - x-cfn-schema-name: BrowserSettings - x-cfn-type-name: AWS::WorkSpacesWeb::BrowserSettings + data_protection_settings_tags: + name: data_protection_settings_tags + id: aws.workspacesweb.data_protection_settings_tags + x-cfn-schema-name: DataProtectionSettings + x-cfn-type-name: AWS::WorkSpacesWeb::DataProtectionSettings x-type: cloud_control_view methods: {} sqlVerbs: @@ -1981,16 +2542,19 @@ components: JSON_EXTRACT(json_each.value, '$.Value') as tag_value, JSON_EXTRACT(detail.Properties, '$.AdditionalEncryptionContext') as additional_encryption_context, JSON_EXTRACT(detail.Properties, '$.AssociatedPortalArns') as associated_portal_arns, - JSON_EXTRACT(detail.Properties, '$.BrowserPolicy') as browser_policy, - JSON_EXTRACT(detail.Properties, '$.BrowserSettingsArn') as browser_settings_arn, - JSON_EXTRACT(detail.Properties, '$.CustomerManagedKey') as customer_managed_key + JSON_EXTRACT(detail.Properties, '$.CreationDate') as creation_date, + JSON_EXTRACT(detail.Properties, '$.CustomerManagedKey') as customer_managed_key, + JSON_EXTRACT(detail.Properties, '$.DataProtectionSettingsArn') as data_protection_settings_arn, + JSON_EXTRACT(detail.Properties, '$.Description') as description, + JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, + JSON_EXTRACT(detail.Properties, '$.InlineRedactionConfiguration') as inline_redaction_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) - WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' - AND detail.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::DataProtectionSettings' + AND detail.data__TypeName = 'AWS::WorkSpacesWeb::DataProtectionSettings' AND listing.region = 'us-east-1' fallback: predicate: sqlDialect == "postgres" @@ -2001,16 +2565,19 @@ components: json_extract_path_text(json_each.value, 'Value') as tag_value, json_extract_path_text(detail.Properties, 'AdditionalEncryptionContext') as additional_encryption_context, json_extract_path_text(detail.Properties, 'AssociatedPortalArns') as associated_portal_arns, - json_extract_path_text(detail.Properties, 'BrowserPolicy') as browser_policy, - json_extract_path_text(detail.Properties, 'BrowserSettingsArn') as browser_settings_arn, - json_extract_path_text(detail.Properties, 'CustomerManagedKey') as customer_managed_key + json_extract_path_text(detail.Properties, 'CreationDate') as creation_date, + json_extract_path_text(detail.Properties, 'CustomerManagedKey') as customer_managed_key, + json_extract_path_text(detail.Properties, 'DataProtectionSettingsArn') as data_protection_settings_arn, + json_extract_path_text(detail.Properties, 'Description') as description, + json_extract_path_text(detail.Properties, 'DisplayName') as display_name, + json_extract_path_text(detail.Properties, 'InlineRedactionConfiguration') as inline_redaction_configuration FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier AND detail.region = listing.region ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) - WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' - AND detail.data__TypeName = 'AWS::WorkSpacesWeb::BrowserSettings' + WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::DataProtectionSettings' + AND detail.data__TypeName = 'AWS::WorkSpacesWeb::DataProtectionSettings' AND listing.region = 'us-east-1' identity_providers: name: identity_providers @@ -2079,7 +2646,8 @@ components: JSON_EXTRACT(Properties, '$.IdentityProviderDetails') as identity_provider_details, JSON_EXTRACT(Properties, '$.IdentityProviderName') as identity_provider_name, JSON_EXTRACT(Properties, '$.IdentityProviderType') as identity_provider_type, - JSON_EXTRACT(Properties, '$.PortalArn') as portal_arn + JSON_EXTRACT(Properties, '$.PortalArn') as portal_arn, + JSON_EXTRACT(Properties, '$.Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::IdentityProvider' AND data__Identifier = '' AND region = 'us-east-1' @@ -2092,7 +2660,8 @@ components: JSON_EXTRACT(detail.Properties, '$.IdentityProviderDetails') as identity_provider_details, JSON_EXTRACT(detail.Properties, '$.IdentityProviderName') as identity_provider_name, JSON_EXTRACT(detail.Properties, '$.IdentityProviderType') as identity_provider_type, - JSON_EXTRACT(detail.Properties, '$.PortalArn') as portal_arn + JSON_EXTRACT(detail.Properties, '$.PortalArn') as portal_arn, + JSON_EXTRACT(detail.Properties, '$.Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2110,7 +2679,8 @@ components: json_extract_path_text(Properties, 'IdentityProviderDetails') as identity_provider_details, json_extract_path_text(Properties, 'IdentityProviderName') as identity_provider_name, json_extract_path_text(Properties, 'IdentityProviderType') as identity_provider_type, - json_extract_path_text(Properties, 'PortalArn') as portal_arn + json_extract_path_text(Properties, 'PortalArn') as portal_arn, + json_extract_path_text(Properties, 'Tags') as tags FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::IdentityProvider' AND data__Identifier = '' AND region = 'us-east-1' @@ -2123,7 +2693,8 @@ components: json_extract_path_text(detail.Properties, 'IdentityProviderDetails') as identity_provider_details, json_extract_path_text(detail.Properties, 'IdentityProviderName') as identity_provider_name, json_extract_path_text(detail.Properties, 'IdentityProviderType') as identity_provider_type, - json_extract_path_text(detail.Properties, 'PortalArn') as portal_arn + json_extract_path_text(detail.Properties, 'PortalArn') as portal_arn, + json_extract_path_text(detail.Properties, 'Tags') as tags FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -2162,6 +2733,59 @@ components: json_extract_path_text(Properties, 'IdentityProviderArn') as identity_provider_arn FROM aws.cloud_control.resources WHERE data__TypeName = 'AWS::WorkSpacesWeb::IdentityProvider' AND region = 'us-east-1' + identity_provider_tags: + name: identity_provider_tags + id: aws.workspacesweb.identity_provider_tags + x-cfn-schema-name: IdentityProvider + x-cfn-type-name: AWS::WorkSpacesWeb::IdentityProvider + x-type: cloud_control_view + methods: {} + sqlVerbs: + insert: [] + delete: [] + update: [] + config: + views: + select: + predicate: sqlDialect == "sqlite3" + ddl: |- + SELECT + detail.region, + JSON_EXTRACT(json_each.value, '$.Key') as tag_key, + JSON_EXTRACT(json_each.value, '$.Value') as tag_value, + JSON_EXTRACT(detail.Properties, '$.IdentityProviderArn') as identity_provider_arn, + JSON_EXTRACT(detail.Properties, '$.IdentityProviderDetails') as identity_provider_details, + JSON_EXTRACT(detail.Properties, '$.IdentityProviderName') as identity_provider_name, + JSON_EXTRACT(detail.Properties, '$.IdentityProviderType') as identity_provider_type, + JSON_EXTRACT(detail.Properties, '$.PortalArn') as portal_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags')) + WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::IdentityProvider' + AND detail.data__TypeName = 'AWS::WorkSpacesWeb::IdentityProvider' + AND listing.region = 'us-east-1' + fallback: + predicate: sqlDialect == "postgres" + ddl: |- + SELECT + detail.region, + json_extract_path_text(json_each.value, 'Key') as tag_key, + json_extract_path_text(json_each.value, 'Value') as tag_value, + json_extract_path_text(detail.Properties, 'IdentityProviderArn') as identity_provider_arn, + json_extract_path_text(detail.Properties, 'IdentityProviderDetails') as identity_provider_details, + json_extract_path_text(detail.Properties, 'IdentityProviderName') as identity_provider_name, + json_extract_path_text(detail.Properties, 'IdentityProviderType') as identity_provider_type, + json_extract_path_text(detail.Properties, 'PortalArn') as portal_arn + FROM aws.cloud_control.resources listing + LEFT OUTER JOIN aws.cloud_control.resource detail + ON detail.data__Identifier = listing.Identifier + AND detail.region = listing.region + ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags')) + WHERE listing.data__TypeName = 'AWS::WorkSpacesWeb::IdentityProvider' + AND detail.data__TypeName = 'AWS::WorkSpacesWeb::IdentityProvider' + AND listing.region = 'us-east-1' ip_access_settings: name: ip_access_settings id: aws.workspacesweb.ip_access_settings @@ -2663,6 +3287,7 @@ components: JSON_EXTRACT(Properties, '$.BrowserType') as browser_type, JSON_EXTRACT(Properties, '$.CreationDate') as creation_date, JSON_EXTRACT(Properties, '$.CustomerManagedKey') as customer_managed_key, + JSON_EXTRACT(Properties, '$.DataProtectionSettingsArn') as data_protection_settings_arn, JSON_EXTRACT(Properties, '$.DisplayName') as display_name, JSON_EXTRACT(Properties, '$.InstanceType') as instance_type, JSON_EXTRACT(Properties, '$.IpAccessSettingsArn') as ip_access_settings_arn, @@ -2692,6 +3317,7 @@ components: JSON_EXTRACT(detail.Properties, '$.BrowserType') as browser_type, JSON_EXTRACT(detail.Properties, '$.CreationDate') as creation_date, JSON_EXTRACT(detail.Properties, '$.CustomerManagedKey') as customer_managed_key, + JSON_EXTRACT(detail.Properties, '$.DataProtectionSettingsArn') as data_protection_settings_arn, JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, JSON_EXTRACT(detail.Properties, '$.InstanceType') as instance_type, JSON_EXTRACT(detail.Properties, '$.IpAccessSettingsArn') as ip_access_settings_arn, @@ -2726,6 +3352,7 @@ components: json_extract_path_text(Properties, 'BrowserType') as browser_type, json_extract_path_text(Properties, 'CreationDate') as creation_date, json_extract_path_text(Properties, 'CustomerManagedKey') as customer_managed_key, + json_extract_path_text(Properties, 'DataProtectionSettingsArn') as data_protection_settings_arn, json_extract_path_text(Properties, 'DisplayName') as display_name, json_extract_path_text(Properties, 'InstanceType') as instance_type, json_extract_path_text(Properties, 'IpAccessSettingsArn') as ip_access_settings_arn, @@ -2755,6 +3382,7 @@ components: json_extract_path_text(detail.Properties, 'BrowserType') as browser_type, json_extract_path_text(detail.Properties, 'CreationDate') as creation_date, json_extract_path_text(detail.Properties, 'CustomerManagedKey') as customer_managed_key, + json_extract_path_text(detail.Properties, 'DataProtectionSettingsArn') as data_protection_settings_arn, json_extract_path_text(detail.Properties, 'DisplayName') as display_name, json_extract_path_text(detail.Properties, 'InstanceType') as instance_type, json_extract_path_text(detail.Properties, 'IpAccessSettingsArn') as ip_access_settings_arn, @@ -2834,6 +3462,7 @@ components: JSON_EXTRACT(detail.Properties, '$.BrowserType') as browser_type, JSON_EXTRACT(detail.Properties, '$.CreationDate') as creation_date, JSON_EXTRACT(detail.Properties, '$.CustomerManagedKey') as customer_managed_key, + JSON_EXTRACT(detail.Properties, '$.DataProtectionSettingsArn') as data_protection_settings_arn, JSON_EXTRACT(detail.Properties, '$.DisplayName') as display_name, JSON_EXTRACT(detail.Properties, '$.InstanceType') as instance_type, JSON_EXTRACT(detail.Properties, '$.IpAccessSettingsArn') as ip_access_settings_arn, @@ -2869,6 +3498,7 @@ components: json_extract_path_text(detail.Properties, 'BrowserType') as browser_type, json_extract_path_text(detail.Properties, 'CreationDate') as creation_date, json_extract_path_text(detail.Properties, 'CustomerManagedKey') as customer_managed_key, + json_extract_path_text(detail.Properties, 'DataProtectionSettingsArn') as data_protection_settings_arn, json_extract_path_text(detail.Properties, 'DisplayName') as display_name, json_extract_path_text(detail.Properties, 'InstanceType') as instance_type, json_extract_path_text(detail.Properties, 'IpAccessSettingsArn') as ip_access_settings_arn, @@ -3356,7 +3986,8 @@ components: JSON_EXTRACT(Properties, '$.PrintAllowed') as print_allowed, JSON_EXTRACT(Properties, '$.Tags') as tags, JSON_EXTRACT(Properties, '$.UploadAllowed') as upload_allowed, - JSON_EXTRACT(Properties, '$.UserSettingsArn') as user_settings_arn + JSON_EXTRACT(Properties, '$.UserSettingsArn') as user_settings_arn, + JSON_EXTRACT(Properties, '$.DeepLinkAllowed') as deep_link_allowed FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::UserSettings' AND data__Identifier = '' AND region = 'us-east-1' @@ -3377,7 +4008,8 @@ components: JSON_EXTRACT(detail.Properties, '$.PrintAllowed') as print_allowed, JSON_EXTRACT(detail.Properties, '$.Tags') as tags, JSON_EXTRACT(detail.Properties, '$.UploadAllowed') as upload_allowed, - JSON_EXTRACT(detail.Properties, '$.UserSettingsArn') as user_settings_arn + JSON_EXTRACT(detail.Properties, '$.UserSettingsArn') as user_settings_arn, + JSON_EXTRACT(detail.Properties, '$.DeepLinkAllowed') as deep_link_allowed FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3403,7 +4035,8 @@ components: json_extract_path_text(Properties, 'PrintAllowed') as print_allowed, json_extract_path_text(Properties, 'Tags') as tags, json_extract_path_text(Properties, 'UploadAllowed') as upload_allowed, - json_extract_path_text(Properties, 'UserSettingsArn') as user_settings_arn + json_extract_path_text(Properties, 'UserSettingsArn') as user_settings_arn, + json_extract_path_text(Properties, 'DeepLinkAllowed') as deep_link_allowed FROM aws.cloud_control.resource WHERE data__TypeName = 'AWS::WorkSpacesWeb::UserSettings' AND data__Identifier = '' AND region = 'us-east-1' @@ -3424,7 +4057,8 @@ components: json_extract_path_text(detail.Properties, 'PrintAllowed') as print_allowed, json_extract_path_text(detail.Properties, 'Tags') as tags, json_extract_path_text(detail.Properties, 'UploadAllowed') as upload_allowed, - json_extract_path_text(detail.Properties, 'UserSettingsArn') as user_settings_arn + json_extract_path_text(detail.Properties, 'UserSettingsArn') as user_settings_arn, + json_extract_path_text(detail.Properties, 'DeepLinkAllowed') as deep_link_allowed FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3494,7 +4128,8 @@ components: JSON_EXTRACT(detail.Properties, '$.PasteAllowed') as paste_allowed, JSON_EXTRACT(detail.Properties, '$.PrintAllowed') as print_allowed, JSON_EXTRACT(detail.Properties, '$.UploadAllowed') as upload_allowed, - JSON_EXTRACT(detail.Properties, '$.UserSettingsArn') as user_settings_arn + JSON_EXTRACT(detail.Properties, '$.UserSettingsArn') as user_settings_arn, + JSON_EXTRACT(detail.Properties, '$.DeepLinkAllowed') as deep_link_allowed FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3521,7 +4156,8 @@ components: json_extract_path_text(detail.Properties, 'PasteAllowed') as paste_allowed, json_extract_path_text(detail.Properties, 'PrintAllowed') as print_allowed, json_extract_path_text(detail.Properties, 'UploadAllowed') as upload_allowed, - json_extract_path_text(detail.Properties, 'UserSettingsArn') as user_settings_arn + json_extract_path_text(detail.Properties, 'UserSettingsArn') as user_settings_arn, + json_extract_path_text(detail.Properties, 'DeepLinkAllowed') as deep_link_allowed FROM aws.cloud_control.resources listing LEFT OUTER JOIN aws.cloud_control.resource detail ON detail.data__Identifier = listing.Identifier @@ -3715,6 +4351,48 @@ paths: schema: $ref: '#/components/x-cloud-control-schemas/ProgressEvent' description: Success + /?Action=CreateResource&Version=2021-09-30&__DataProtectionSettings&__detailTransformed=true: + parameters: + - $ref: '#/components/parameters/X-Amz-Content-Sha256' + - $ref: '#/components/parameters/X-Amz-Date' + - $ref: '#/components/parameters/X-Amz-Algorithm' + - $ref: '#/components/parameters/X-Amz-Credential' + - $ref: '#/components/parameters/X-Amz-Security-Token' + - $ref: '#/components/parameters/X-Amz-Signature' + - $ref: '#/components/parameters/X-Amz-SignedHeaders' + post: + operationId: CreateDataProtectionSettings + parameters: + - description: Action Header + in: header + name: X-Amz-Target + required: false + schema: + default: CloudApiService.CreateResource + enum: + - CloudApiService.CreateResource + type: string + - in: header + name: Content-Type + required: false + schema: + default: application/x-amz-json-1.0 + enum: + - application/x-amz-json-1.0 + type: string + requestBody: + content: + application/x-amz-json-1.0: + schema: + $ref: '#/components/schemas/CreateDataProtectionSettingsRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/x-cloud-control-schemas/ProgressEvent' + description: Success /?Action=CreateResource&Version=2021-09-30&__IdentityProvider&__detailTransformed=true: parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' diff --git a/providers/src/aws/v00.00.00000/services/xray.yaml b/providers/src/aws/v00.00.00000/services/xray.yaml index efddbafe..568cdfb8 100644 --- a/providers/src/aws/v00.00.00000/services/xray.yaml +++ b/providers/src/aws/v00.00.00000/services/xray.yaml @@ -445,6 +445,15 @@ components: - GroupARN x-required-properties: - GroupName + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - xray:TagResource + - xray:UntagResource x-required-permissions: create: - xray:CreateGroup @@ -536,6 +545,15 @@ components: - SamplingRule/Version x-read-only-properties: - RuleARN + x-tagging: + taggable: true + tagOnCreate: true + tagUpdatable: true + cloudFormationSystemTags: true + tagProperty: /properties/Tags + permissions: + - xray:TagResource + - xray:UntagResource x-required-permissions: create: - xray:CreateSamplingRule